Analysis Date2014-11-08 04:15:03
MD52b98434421a70ff0dd91018c3cd5a2c7
SHA101f0c78d200c0b5b7b541daa29f40bd4b4c6d510

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 856b32eb77dfd6fb67f21d6543272da5 sha1: 6597c511c2ee72f68f5246460f0683dae16dcade size: 24064
Section.rdata md5: dc77f8a1e6985a4361c55642680ddb4f sha1: 3d397ee25b2dd83ab741c67375880151cae94ed8 size: 5120
Section.data md5: 7922d4ce117d7d5b3ac2cffe4b0b5e4f sha1: 4e56bb1994226ae0285c7adee470777262de2c99 size: 1024
Section.ndata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 5bbb5ebe643d9f1b3752be1397bb0a39 sha1: abdfbf91d0f3f6e57088128e99d25f61b4a156cc size: 299008
Timestamp2009-12-05 22:50:52
VersionLegalCopyright: 北京清华紫光软件股份有限公司
FileVersion: 版本:Build 2014.10.27
创建:Engine黑闪工作室
CompanyName: Hesung Studio
Comments: 紫光拼音输入法迷你版
基于紫光拼音3.0创建,
具有除因特网搜索之外
紫光拼音原版全部功能,清华紫光软件版权所有。黑闪工作室成员Engine 编写迷你版策略和脚本。
ProductName: 紫光拼音 3.0 迷你版
ProductVersion: 清华紫光拼音输入法
引擎版本3.0.0.3045
FileDescription: Hesung Tools
OriginalFilename: Hsunispim.exe
PackerNullsoft PiMP Stub -> SFX
PEhash3a88fad633c6514ced388c9c3abd90d2937bacf4
IMPhash7fa974366048f9c551ef45714595665e
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)no_virus
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)NSIS/TrojanDownloader.Chindo.F
AVFortinetno_virus
AVFrisk (f-prot)no_virus
AVF-Secureno_virus
AVGrisoft (avg)Luhe.Fiha.A
AVIkarusno_virus
AVK7no_virus
AVKasperskyno_virus
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVNormanno_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Fileletvsetup.exe
Creates Filesetup_001.exe
Creates FileBaiduPlayerNetSetup_472.exe
Creates FileIQIYIsetup_l_spl004@kb010.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsy2.tmp\NsProcess.dll
Creates Fileins1256858.exe
Creates Filebdbrowser_setup-40000060-6_5_0_50185-6624.exe
Creates File2345Explorer_329242_silence.exe
Creates File\Device\Afd\Endpoint
Creates File9377mycs_Y_mgaz2_01.exe
Creates FileG0828_s_70988.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsy2.tmp\3.ico
Creates Filesetup_3386.exe
Creates FileWanDouJia_runk4_kb.exe
Creates FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Creates File\Device\Afd\AsyncConnectHlp
Creates FileF0916_s_30911.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsy2.tmp\NSISdl.dll
Creates FileBDWallpaper_Setup_10000009.exe
Creates FileOfficeAssist.0195.80.1056.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsy2.tmp\1.ico
Creates FileBrowser_V3.0.1644.0_r_4272_(Build14101116).exe
Creates FileC:\Documents and Settings\Administrator\Desktop\Intrenet Explorer.lnk
Creates FileQQBrowser_Setup_Hk_78653.exe
Creates Fileyx_dts.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsy2.tmp\System.dll
Deletes Fileletvsetup.exe
Deletes Filesetup_001.exe
Deletes FileBaiduPlayerNetSetup_472.exe
Deletes FileIQIYIsetup_l_spl004@kb010.exe
Deletes Fileins1256858.exe
Deletes Filebdbrowser_setup-40000060-6_5_0_50185-6624.exe
Deletes File2345Explorer_329242_silence.exe
Deletes File9377mycs_Y_mgaz2_01.exe
Deletes FileG0828_s_70988.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsy2.tmp\3.ico
Deletes Filesetup_3386.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsx1.tmp
Deletes FileWanDouJia_runk4_kb.exe
Deletes FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Deletes FileF0916_s_30911.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsy2.tmp\NSISdl.dll
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsy2.tmp\1.ico
Deletes FileBDWallpaper_Setup_10000009.exe
Deletes FileOfficeAssist.0195.80.1056.exe
Deletes FileBrowser_V3.0.1644.0_r_4272_(Build14101116).exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsy2.tmp
Deletes FileQQBrowser_Setup_Hk_78653.exe
Deletes Fileyx_dts.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsy2.tmp\System.dll
Creates Process
Creates Mutex211916

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutex_SHuassist.mtx
Creates MutexShell.CMruPidlList

Process
↳ Pid 0

Network Details:

DNSxn--sesz3ik91bknc.xn--fiqs8s
Type: A
222.186.60.68
DNSxn--sesz3ik91bknc.xn--fiqs8s
Type: A
222.186.60.69
DNSxn--sesz3ik91bknc.xn--fiqs8s
Type: A
222.186.60.70
DNSxn--sesz3ik91bknc.xn--fiqs8s
Type: A
222.186.60.2
DNSdownload036.rdb.cnc.ccgslb.com.cn
Type: A
139.209.89.140
DNSdownload036.rdb.cnc.ccgslb.com.cn
Type: A
113.5.250.148
DNSaaa.163vv.com
Type: A
222.186.60.23
DNSaaa.163vv.com
Type: A
222.186.60.60
DNSaaa.163vv.com
Type: A
222.186.60.18
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.5
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.6
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.234.3
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.234.4
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.2
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.3
DNSshadu.n.shifen.com
Type: A
123.125.65.162
DNSswwx.n.shifen.com
Type: A
123.125.65.175
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.212
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.217
DNSdl.p2sp.n.shifen.com
Type: A
61.135.185.123
DNSg.quwen320.com
Type: A
219.238.237.210
DNSdownload.pps.tv.webscache.com
Type: A
119.188.40.81
DNSc01.i06.arnic.hadns.net
Type: A
121.10.117.139
DNSc01.i06.arnic.hadns.net
Type: A
222.186.20.122
DNSc01.i06.arnic.hadns.net
Type: A
14.17.97.112
DNSsoft.lvbaoranshiye.com
Type: A
222.186.60.68
DNSsoft.lvbaoranshiye.com
Type: A
222.186.60.69
DNSdl.wandoujia.com
Type: A
125.39.216.11
DNSdownload.2345.com
Type: A
61.160.245.14
DNSdownload.2345.com
Type: A
122.228.248.3
DNSdownload.2345.com
Type: A
218.75.155.244
DNSdownload.2345.com
Type: A
60.191.187.15
DNSdownload.2345.com
Type: A
60.191.223.2
DNSdownload.2345.com
Type: A
60.191.223.4
DNSdownload.2345.com
Type: A
60.191.223.15
DNSdownload.2345.com
Type: A
61.147.127.202
DNSdownload.2345.com
Type: A
61.147.127.203
DNSdownload.2345.com
Type: A
61.160.245.8
DNSdownload.2345.com
Type: A
61.160.245.11
DNScoop.gslb.leletv.net
Type: A
115.182.51.55
DNSdown.gtm.ucweb.com
Type: A
123.150.188.48
DNSdown.gtm.ucweb.com
Type: A
121.14.161.99
DNSs.lllsoo.com
Type: A
42.120.61.139
DNSwdl1.cache.wps.cn
Type: A
DNSdown.yinyue.fm
Type: A
DNSxiazai.9377.com
Type: A
DNSshadu.baidu.com
Type: A
DNSw.x.baidu.com
Type: A
DNSdldir1.qq.com
Type: A
DNSdl.p2sp.baidu.com
Type: A
DNSdl.static.iqiyi.com
Type: A
DNSd.qq66699.com
Type: A
DNSdownload.2345.cn
Type: A
DNSleju.down.letv.com
Type: A
DNSdown2.uc.cn
Type: A
HTTP GEThttp://xn--sesz3ik91bknc.xn--fiqs8s/1.ico
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://wdl1.cache.wps.cn/wps/download/OfficeAssist.0195.80.1056.exe
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://down.yinyue.fm/open/setup_3386.exe
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://xiazai.9377.com/20140928/9377mycs_Y_mgaz2_01.exe
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://shadu.baidu.com/index/fulldownload/30911
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://w.x.baidu.com/go/full/1/70988
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_Hk_78653.exe
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://dl.p2sp.baidu.com/BaiduPlayerContent/BaiduPlayerNetSetup_472.exe
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://g.quwen320.com/d/ins1256858.exe
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://dl.static.iqiyi.com/hz/IQIYIsetup_l_spl004@kb010.exe
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://d.qq66699.com/yx/dts/sqcs/916631/yx_dts.exe
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://soft.lvbaoranshiye.com/SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.rar
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://dl.wandoujia.com/files/inst/WanDouJia_runk4_kb.exe
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://download.2345.cn/silence/2345Explorer_329242_silence.exe
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://leju.down.letv.com/pcweb/version/7.1.2.327/client_lianmeng7-09/letvsetup.exe
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://w.x.baidu.com/go/full/8/40000060
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://down2.uc.cn/pcbrowser/down.php?pid=4272
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://w.x.baidu.com/go/full/11/10000009
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://s.lllsoo.com/click/66947
User-Agent: NSISDL/1.2 (Mozilla)
Flows TCP192.168.1.1:1031 ➝ 222.186.60.68:80
Flows TCP192.168.1.1:1032 ➝ 139.209.89.140:80
Flows TCP192.168.1.1:1033 ➝ 222.186.60.23:80
Flows TCP192.168.1.1:1034 ➝ 8.37.235.5:80
Flows TCP192.168.1.1:1035 ➝ 123.125.65.162:80
Flows TCP192.168.1.1:1036 ➝ 123.125.65.175:80
Flows TCP192.168.1.1:1037 ➝ 174.35.56.212:80
Flows TCP192.168.1.1:1038 ➝ 61.135.185.123:80
Flows TCP192.168.1.1:1039 ➝ 219.238.237.210:80
Flows TCP192.168.1.1:1040 ➝ 119.188.40.81:80
Flows TCP192.168.1.1:1041 ➝ 121.10.117.139:80
Flows TCP192.168.1.1:1042 ➝ 222.186.60.68:80
Flows TCP192.168.1.1:1043 ➝ 125.39.216.11:80
Flows TCP192.168.1.1:1044 ➝ 61.160.245.14:80
Flows TCP192.168.1.1:1045 ➝ 115.182.51.55:80
Flows TCP192.168.1.1:1046 ➝ 123.125.65.175:80
Flows TCP192.168.1.1:1047 ➝ 123.150.188.48:80
Flows TCP192.168.1.1:1048 ➝ 123.125.65.175:80
Flows TCP192.168.1.1:1049 ➝ 42.120.61.139:80

Raw Pcap
0x00000000 (00000)   47455420 2f312e69 636f2048 5454502f   GET /1.ico HTTP/
0x00000010 (00016)   312e300d 0a486f73 743a2078 6e2d2d73   1.0..Host: xn--s
0x00000020 (00032)   65737a33 696b3931 626b6e63 2e786e2d   esz3ik91bknc.xn-
0x00000030 (00048)   2d666971 7338730d 0a557365 722d4167   -fiqs8s..User-Ag
0x00000040 (00064)   656e743a 204e5349 53444c2f 312e3220   ent: NSISDL/1.2 
0x00000050 (00080)   284d6f7a 696c6c61 290d0a41 63636570   (Mozilla)..Accep
0x00000060 (00096)   743a202a 2f2a0d0a 0d0a                t: */*....

0x00000000 (00000)   47455420 2f777073 2f646f77 6e6c6f61   GET /wps/downloa
0x00000010 (00016)   642f4f66 66696365 41737369 73742e30   d/OfficeAssist.0
0x00000020 (00032)   3139352e 38302e31 3035362e 65786520   195.80.1056.exe 
0x00000030 (00048)   48545450 2f312e30 0d0a486f 73743a20   HTTP/1.0..Host: 
0x00000040 (00064)   77646c31 2e636163 68652e77 70732e63   wdl1.cache.wps.c
0x00000050 (00080)   6e0d0a55 7365722d 4167656e 743a204e   n..User-Agent: N
0x00000060 (00096)   53495344 4c2f312e 3220284d 6f7a696c   SISDL/1.2 (Mozil
0x00000070 (00112)   6c61290d 0a416363 6570743a 202a2f2a   la)..Accept: */*
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f6f7065 6e2f7365 7475705f   GET /open/setup_
0x00000010 (00016)   33333836 2e657865 20485454 502f312e   3386.exe HTTP/1.
0x00000020 (00032)   300d0a48 6f73743a 20646f77 6e2e7969   0..Host: down.yi
0x00000030 (00048)   6e797565 2e666d0d 0a557365 722d4167   nyue.fm..User-Ag
0x00000040 (00064)   656e743a 204e5349 53444c2f 312e3220   ent: NSISDL/1.2 
0x00000050 (00080)   284d6f7a 696c6c61 290d0a41 63636570   (Mozilla)..Accep
0x00000060 (00096)   743a202a 2f2a0d0a 0d0a284d 6f7a696c   t: */*....(Mozil
0x00000070 (00112)   6c61290d 0a416363 6570743a 202a2f2a   la)..Accept: */*
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f323031 34303932 382f3933   GET /20140928/93
0x00000010 (00016)   37376d79 63735f59 5f6d6761 7a325f30   77mycs_Y_mgaz2_0
0x00000020 (00032)   312e6578 65204854 54502f31 2e300d0a   1.exe HTTP/1.0..
0x00000030 (00048)   486f7374 3a207869 617a6169 2e393337   Host: xiazai.937
0x00000040 (00064)   372e636f 6d0d0a55 7365722d 4167656e   7.com..User-Agen
0x00000050 (00080)   743a204e 53495344 4c2f312e 3220284d   t: NSISDL/1.2 (M
0x00000060 (00096)   6f7a696c 6c61290d 0a416363 6570743a   ozilla)..Accept:
0x00000070 (00112)   202a2f2a 0d0a0d0a 6570743a 202a2f2a    */*....ept: */*
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782f66 756c6c64   GET /index/fulld
0x00000010 (00016)   6f776e6c 6f61642f 33303931 31204854   ownload/30911 HT
0x00000020 (00032)   54502f31 2e300d0a 486f7374 3a207368   TP/1.0..Host: sh
0x00000030 (00048)   6164752e 62616964 752e636f 6d0d0a55   adu.baidu.com..U
0x00000040 (00064)   7365722d 4167656e 743a204e 53495344   ser-Agent: NSISD
0x00000050 (00080)   4c2f312e 3220284d 6f7a696c 6c61290d   L/1.2 (Mozilla).
0x00000060 (00096)   0a416363 6570743a 202a2f2a 0d0a0d0a   .Accept: */*....
0x00000070 (00112)   202a2f2a 0d0a0d0a 6570743a 202a2f2a    */*....ept: */*
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f676f2f 66756c6c 2f312f37   GET /go/full/1/7
0x00000010 (00016)   30393838 20485454 502f312e 300d0a48   0988 HTTP/1.0..H
0x00000020 (00032)   6f73743a 20772e78 2e626169 64752e63   ost: w.x.baidu.c
0x00000030 (00048)   6f6d0d0a 55736572 2d416765 6e743a20   om..User-Agent: 
0x00000040 (00064)   4e534953 444c2f31 2e322028 4d6f7a69   NSISDL/1.2 (Mozi
0x00000050 (00080)   6c6c6129 0d0a4163 63657074 3a202a2f   lla)..Accept: */
0x00000060 (00096)   2a0d0a0d 0a70743a 202a2f2a 0d0a0d0a   *....pt: */*....
0x00000070 (00112)   202a2f2a 0d0a0d0a 6570743a 202a2f2a    */*....ept: */*
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f486b5f   rowser_Setup_Hk_
0x00000020 (00032)   37383635 332e6578 65204854 54502f31   78653.exe HTTP/1
0x00000030 (00048)   2e300d0a 486f7374 3a20646c 64697231   .0..Host: dldir1
0x00000040 (00064)   2e71712e 636f6d0d 0a557365 722d4167   .qq.com..User-Ag
0x00000050 (00080)   656e743a 204e5349 53444c2f 312e3220   ent: NSISDL/1.2 
0x00000060 (00096)   284d6f7a 696c6c61 290d0a41 63636570   (Mozilla)..Accep
0x00000070 (00112)   743a202a 2f2a0d0a 0d0a743a 202a2f2a   t: */*....t: */*
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f426169 6475506c 61796572   GET /BaiduPlayer
0x00000010 (00016)   436f6e74 656e742f 42616964 75506c61   Content/BaiduPla
0x00000020 (00032)   7965724e 65745365 7475705f 3437322e   yerNetSetup_472.
0x00000030 (00048)   65786520 48545450 2f312e30 0d0a486f   exe HTTP/1.0..Ho
0x00000040 (00064)   73743a20 646c2e70 3273702e 62616964   st: dl.p2sp.baid
0x00000050 (00080)   752e636f 6d0d0a55 7365722d 4167656e   u.com..User-Agen
0x00000060 (00096)   743a204e 53495344 4c2f312e 3220284d   t: NSISDL/1.2 (M
0x00000070 (00112)   6f7a696c 6c61290d 0a416363 6570743a   ozilla)..Accept:
0x00000080 (00128)   202a2f2a 0d0a0d0a                      */*....

0x00000000 (00000)   47455420 2f642f69 6e733132 35363835   GET /d/ins125685
0x00000010 (00016)   382e6578 65204854 54502f31 2e300d0a   8.exe HTTP/1.0..
0x00000020 (00032)   486f7374 3a20672e 71757765 6e333230   Host: g.quwen320
0x00000030 (00048)   2e636f6d 0d0a5573 65722d41 67656e74   .com..User-Agent
0x00000040 (00064)   3a204e53 4953444c 2f312e32 20284d6f   : NSISDL/1.2 (Mo
0x00000050 (00080)   7a696c6c 61290d0a 41636365 70743a20   zilla)..Accept: 
0x00000060 (00096)   2a2f2a0d 0a0d0a44 4c2f312e 3220284d   */*....DL/1.2 (M
0x00000070 (00112)   6f7a696c 6c61290d 0a416363 6570743a   ozilla)..Accept:
0x00000080 (00128)   202a2f2a 0d0a0d0a                      */*....

0x00000000 (00000)   47455420 2f687a2f 49514959 49736574   GET /hz/IQIYIset
0x00000010 (00016)   75705f6c 5f73706c 30303440 6b623031   up_l_spl004@kb01
0x00000020 (00032)   302e6578 65204854 54502f31 2e300d0a   0.exe HTTP/1.0..
0x00000030 (00048)   486f7374 3a20646c 2e737461 7469632e   Host: dl.static.
0x00000040 (00064)   69716979 692e636f 6d0d0a55 7365722d   iqiyi.com..User-
0x00000050 (00080)   4167656e 743a204e 53495344 4c2f312e   Agent: NSISDL/1.
0x00000060 (00096)   3220284d 6f7a696c 6c61290d 0a416363   2 (Mozilla)..Acc
0x00000070 (00112)   6570743a 202a2f2a 0d0a0d0a 6570743a   ept: */*....ept:
0x00000080 (00128)   202a2f2a 0d0a0d0a                      */*....

0x00000000 (00000)   47455420 2f79782f 6474732f 73716373   GET /yx/dts/sqcs
0x00000010 (00016)   2f393136 3633312f 79785f64 74732e65   /916631/yx_dts.e
0x00000020 (00032)   78652048 5454502f 312e300d 0a486f73   xe HTTP/1.0..Hos
0x00000030 (00048)   743a2064 2e717136 36363939 2e636f6d   t: d.qq66699.com
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a204e53   ..User-Agent: NS
0x00000050 (00080)   4953444c 2f312e32 20284d6f 7a696c6c   ISDL/1.2 (Mozill
0x00000060 (00096)   61290d0a 41636365 70743a20 2a2f2a0d   a)..Accept: */*.
0x00000070 (00112)   0a0d0a3a                              ...:

0x00000000 (00000)   47455420 2f536f48 7556415f 342e332e   GET /SoHuVA_4.3.
0x00000010 (00016)   302e312d 63323034 39303030 30332d6e   0.1-c204900003-n
0x00000020 (00032)   672d6e74 692d732d 782e7261 72204854   g-nti-s-x.rar HT
0x00000030 (00048)   54502f31 2e300d0a 486f7374 3a20736f   TP/1.0..Host: so
0x00000040 (00064)   66742e6c 7662616f 72616e73 68697965   ft.lvbaoranshiye
0x00000050 (00080)   2e636f6d 0d0a5573 65722d41 67656e74   .com..User-Agent
0x00000060 (00096)   3a204e53 4953444c 2f312e32 20284d6f   : NSISDL/1.2 (Mo
0x00000070 (00112)   7a696c6c 61290d0a 41636365 70743a20   zilla)..Accept: 
0x00000080 (00128)   2a2f2a0d 0a0d0a0a 20557302            */*..... Us.

0x00000000 (00000)   47455420 2f66696c 65732f69 6e73742f   GET /files/inst/
0x00000010 (00016)   57616e44 6f754a69 615f7275 6e6b345f   WanDouJia_runk4_
0x00000020 (00032)   6b622e65 78652048 5454502f 312e300d   kb.exe HTTP/1.0.
0x00000030 (00048)   0a486f73 743a2064 6c2e7761 6e646f75   .Host: dl.wandou
0x00000040 (00064)   6a69612e 636f6d0d 0a557365 722d4167   jia.com..User-Ag
0x00000050 (00080)   656e743a 204e5349 53444c2f 312e3220   ent: NSISDL/1.2 
0x00000060 (00096)   284d6f7a 696c6c61 290d0a41 63636570   (Mozilla)..Accep
0x00000070 (00112)   743a202a 2f2a0d0a 0d0a6365 70743a20   t: */*....cept: 
0x00000080 (00128)   2a2f2a0d 0a0d0a0a 20557302            */*..... Us.

0x00000000 (00000)   47455420 2f73696c 656e6365 2f323334   GET /silence/234
0x00000010 (00016)   35457870 6c6f7265 725f3332 39323432   5Explorer_329242
0x00000020 (00032)   5f73696c 656e6365 2e657865 20485454   _silence.exe HTT
0x00000030 (00048)   502f312e 300d0a48 6f73743a 20646f77   P/1.0..Host: dow
0x00000040 (00064)   6e6c6f61 642e3233 34352e63 6e0d0a55   nload.2345.cn..U
0x00000050 (00080)   7365722d 4167656e 743a204e 53495344   ser-Agent: NSISD
0x00000060 (00096)   4c2f312e 3220284d 6f7a696c 6c61290d   L/1.2 (Mozilla).
0x00000070 (00112)   0a416363 6570743a 202a2f2a 0d0a0d0a   .Accept: */*....
0x00000080 (00128)   2a2f2a0d 0a0d0a0a 20557302            */*..... Us.

0x00000000 (00000)   47455420 2f706377 65622f76 65727369   GET /pcweb/versi
0x00000010 (00016)   6f6e2f37 2e312e32 2e333237 2f636c69   on/7.1.2.327/cli
0x00000020 (00032)   656e745f 6c69616e 6d656e67 372d3039   ent_lianmeng7-09
0x00000030 (00048)   2f6c6574 76736574 75702e65 78652048   /letvsetup.exe H
0x00000040 (00064)   5454502f 312e300d 0a486f73 743a206c   TTP/1.0..Host: l
0x00000050 (00080)   656a752e 646f776e 2e6c6574 762e636f   eju.down.letv.co
0x00000060 (00096)   6d0d0a55 7365722d 4167656e 743a204e   m..User-Agent: N
0x00000070 (00112)   53495344 4c2f312e 3220284d 6f7a696c   SISDL/1.2 (Mozil
0x00000080 (00128)   6c61290d 0a416363 6570743a 202a2f2a   la)..Accept: */*
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f676f2f 66756c6c 2f382f34   GET /go/full/8/4
0x00000010 (00016)   30303030 30363020 48545450 2f312e30   0000060 HTTP/1.0
0x00000020 (00032)   0d0a486f 73743a20 772e782e 62616964   ..Host: w.x.baid
0x00000030 (00048)   752e636f 6d0d0a55 7365722d 4167656e   u.com..User-Agen
0x00000040 (00064)   743a204e 53495344 4c2f312e 3220284d   t: NSISDL/1.2 (M
0x00000050 (00080)   6f7a696c 6c61290d 0a416363 6570743a   ozilla)..Accept:
0x00000060 (00096)   202a2f2a 0d0a0d0a 4167656e 743a204e    */*....Agent: N
0x00000070 (00112)   53495344 4c2f312e 3220284d 6f7a696c   SISDL/1.2 (Mozil
0x00000080 (00128)   6c61290d 0a416363 6570743a 202a2f2a   la)..Accept: */*
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f706362 726f7773 65722f64   GET /pcbrowser/d
0x00000010 (00016)   6f776e2e 7068703f 7069643d 34323732   own.php?pid=4272
0x00000020 (00032)   20485454 502f312e 300d0a48 6f73743a    HTTP/1.0..Host:
0x00000030 (00048)   20646f77 6e322e75 632e636e 0d0a5573    down2.uc.cn..Us
0x00000040 (00064)   65722d41 67656e74 3a204e53 4953444c   er-Agent: NSISDL
0x00000050 (00080)   2f312e32 20284d6f 7a696c6c 61290d0a   /1.2 (Mozilla)..
0x00000060 (00096)   41636365 70743a20 2a2f2a0d 0a0d0a4e   Accept: */*....N
0x00000070 (00112)   53495344 4c2f312e 3220284d 6f7a696c   SISDL/1.2 (Mozil
0x00000080 (00128)   6c61290d 0a416363 6570743a 202a2f2a   la)..Accept: */*
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f676f2f 66756c6c 2f31312f   GET /go/full/11/
0x00000010 (00016)   31303030 30303039 20485454 502f312e   10000009 HTTP/1.
0x00000020 (00032)   300d0a48 6f73743a 20772e78 2e626169   0..Host: w.x.bai
0x00000030 (00048)   64752e63 6f6d0d0a 55736572 2d416765   du.com..User-Age
0x00000040 (00064)   6e743a20 4e534953 444c2f31 2e322028   nt: NSISDL/1.2 (
0x00000050 (00080)   4d6f7a69 6c6c6129 0d0a4163 63657074   Mozilla)..Accept
0x00000060 (00096)   3a202a2f 2a0d0a0d 0a2f2a0d 0a0d0a4e   : */*..../*....N
0x00000070 (00112)   53495344 4c2f312e 3220284d 6f7a696c   SISDL/1.2 (Mozil
0x00000080 (00128)   6c61290d 0a416363 6570743a 202a2f2a   la)..Accept: */*
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f636c69 636b2f36 36393437   GET /click/66947
0x00000010 (00016)   20485454 502f312e 300d0a48 6f73743a    HTTP/1.0..Host:
0x00000020 (00032)   20732e6c 6c6c736f 6f2e636f 6d0d0a55    s.lllsoo.com..U
0x00000030 (00048)   7365722d 4167656e 743a204e 53495344   ser-Agent: NSISD
0x00000040 (00064)   4c2f312e 3220284d 6f7a696c 6c61290d   L/1.2 (Mozilla).
0x00000050 (00080)   0a416363 6570743a 202a2f2a 0d0a0d0a   .Accept: */*....
0x00000060 (00096)   3a202a2f 2a0d0a0d 0a2f2a0d 0a0d0a4e   : */*..../*....N
0x00000070 (00112)   53495344 4c2f312e 3220284d 6f7a696c   SISDL/1.2 (Mozil
0x00000080 (00128)   6c61290d 0a416363 6570743a 202a2f2a   la)..Accept: */*
0x00000090 (00144)   0d0a0d0a                              ....


Strings
 " ".E#$#
$%$$$%%##
*
080403a8
!1Aa
 3.0 
3.0.0.3045
#+3;CScs
Build 2014.10.27
Comments
CompanyName
Engine
Engine 
FileDescription
FileVersion
Hesung Studio
Hesung Tools
Hsunispim.exe
LegalCopyright
msctls_progress32
OriginalFilename
Please wait while Setup is loading...
ProductName
ProductVersion
StringFileInfo
SysListView32
Translation
VarFileInfo
VS_VERSION_INFO
|||||||
|{}{}{}{
({,{<{*;
{@/@']
*?|<>/":
\\\\\\
#######
0/&~>3m
0BV".v
0d?,gS:
0{iRwj
0Kr55|
.0p/|p'8y
<#\0v,
1399;;
1AH@7t
1f%g.VMH
`22#lF
(;2JYQ
2K[zmR
2l4<ix
2,{W?J
3[2oAL@j
3;9330
3-bh,j]
'3h.'.
3{l~Qm
3+uTm{OU
3XO<bF|8
4MO:In
4!s7hBf
4|S:;82
~4?]SO<
4tu:~5
55555*
59200Hc
5|=\-mF   FFv
	5nmMg
#$5@Qb
5[uV$r>
=6&[9#
6bV}xy
|=6k!y
/6Py1Od
6Ze!y.
6zfy*<nO
7\\\,)C.
7Ceffffe
7<k@P2
.7y0<5
:8`,1@-b
>8ibRFRN
8NCRCu
{8 <(S
9Oii@&ml2B
@9y$+ig:
9zq>Qk
9Z%xy0
A$\\\\\\\\\\\\\
a1IH#RjB
@a61A{
aaJ7Ja
+>:a|BlBb
AdjustTokenPrivileges
ADVAPI32
ADVAPI32.dll
a////fv]
(A%(KD
A^nZU=*n
$A,@o8
AppendMenuA
AQxTJZ
A`SdGao
		aX8'\
a$ZwZ_
B+28iD
BeginPaint
b[/,eSo
B<]f1|
bFUfoG
bo|dp`
?bqoZR
bV-OOU(ereFj
b/V\W5
by#v}1
CallWindowProcA
caWa|.
Cb	a!qq
Cc*=]cj}:<
Cc[pTc
CG'''''''''''
CharNextA
CharPrevA
CheckDlgButton
CLL.:A
CloseClipboard
CloseHandle
CoCreateInstance
COMCTL32.dll
CompareFileTime
Control Panel\Desktop\ResourceLocale
CopyFileA
CoTaskMemFree
covzn5
CreateBrushIndirect
CreateDialogParamA
CreateDirectoryA
CreateFileA
CreateFontIndirectA
CreatePopupMenu
CreateProcessA
CreateThread
CreateWindowExA
cs><_Y
CvycCvy
... %d%%
D$0+D$(P
@.data
D$(+D$ SSP
.DEFAULT\Control Panel\International
DefWindowProcA
DeleteFileA
DeleteObject
DestroyWindow
dHr,g3
DialogBoxParamA
DispatchMessageA
~>%d|J
D$$Ph,
DrawTextA
Ds@06F
D$(SPS
dwH&KG!6Y#.A9))
eEAiFy
<eeT1-
elWY`=;
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
$(&eOZ6i
Error launching installer
Error writing temporary file. Make sure your temp folder is valid.
E&TaMr%
e%uy%u
ExitProcess
ExitWindowsEx
ExpandEnvironmentStringsA
_f2E[^
f"5 yr
Fef\CNa-
Fh9(V2
FillRect
FindClose
FindFirstFileA
FindNextFileA
FindWindowExA
FreeLibrary
[+fT\]qK
f))))))<`~xU
f/y?\j
F>YLr=
g3Spro+
GDI32.dll
GetClassInfoA
GetClientRect
GetCommandLineA
GetCurrentProcess
GetDeviceCaps
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDlgItem
GetDlgItemTextA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFullPathNameA
GetLastError
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSysColor
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetTempFileNameA
GetTempPathA
GetTickCount
GetUserDefaultUILanguage
GetVersion
GetWindowLongA
GetWindowRect
GetWindowsDirectoryA
.G>-]fB
GGGGGG
GGGGGGGGGGGG
\g=;Jz
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GPfYZ.ZZ
]gviN>
gvVdGEz
gX>uMQ
g/z3\j
g.ZO||k[
H5DVS\\\\\\\\\\\\\\\\\\
H$:KEg
hk(S)>
	H- PVr
H#QS#y
http://nsis.sf.net/NSIS_Error
HtVHtHH
&hwEkmz
hy	&3x
i3	Zz@
I ,6!Z
iAo'\[
:>ibdP=
ii@@@@w
ij9H3K$ s
i~^kmyZkiyXcn
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
incomplete download and damaged media. Contact the
Installer integrity check has failed. Common causes include
installer's author to obtain a new copy.
Instu`
InvalidateRect
iomprOA
Ir1I*&7
:`i"Re
iRichu
IsWindow
IsWindowEnabled
IsWindowVisible
jas>oN|
JrBIK`=
jxz;0"
K`/,9#j
KC}KK+o
KERNEL32
KERNEL32.dll
kV7V65
L8dt?1
li.py 
l|L]}=;
LoadBitmapA
LoadCursorA
LoadImageA
LoadLibraryA
LoadLibraryExA
LookupPrivilegeValueA
^^^lp4
)l`-rcAA
l`r$D0b
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA
L`+U+=
m`Bj*Lz
MessageBoxIndirectA
/m=GKn
\Microsoft\Internet Explorer\Quick Launch
More information at:
MoveFileA
MoveFileExA
-m]qoOSW]
,\\\\\\\\\\\\\MR)
MulDiv
MultiByteToWideChar
^n--(+\
!N:@{@
N]]-0:
`N&(1}h8
n;ALpwR
.ndata
n>fe,X
$NH'.K
NHrCg@b	g
?N_]JK
/"n"n#
nNS+}IQ
nNS+}IQo
<<npQ$
NSIS Error
~nsu.tmp
NullsoftInst+M
NulluN	E
o7@-in
O(G1!N{
`OHrV{eu
ole32.dll
OleInitialize
OleUninitialize
/oNz67
OpenClipboard
OpenProcessToken
`|op_g
Ot-[zq
OXG>k]Sn
Ox^xI8(
^o`zh'
P3DD;>P
p5	Wr7	
p?{.8V
Pa._0b
Pbf	yz
PeekMessageA
PKG6Y19
pN+S(Fs
PostQuitMessage
PPPPPP
puAEIO
pUTy+B
.....PWv	(g$
q44ddddd
q4~y4>
q7	ut9	
qalJW@~
:Qel}AF
QP\X\Z
QP!Yh:
QS/:D=
{qSx,q
Q@w`=p
Q(YY[((*
;r!;%.
r6	Q}>
	rbz^O
`.rdata
-?/rE'4
([[re4t
ReadFile
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegisterClassA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RemoveDirectoryA
[Rename]
RichEd20
RichEd32
RichEdit
RichEdit20A
'r|I>_s2
ROL]g,e
'}r%PG^A
rrrj:wEp
rrrrr0
R:ssssssss1
r|TH&a
rv8	<s7	
S\\\\\\\\$
^S,36c
s7		}>
s8	$u:
[]s9@k
ScreenToClient
SearchPathA
SelectObject
SendMessageA
SendMessageTimeoutA
SeShutdownPrivilege
SetBkColor
SetBkMode
SetClassLongA
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetDlgItemTextA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetForegroundWindow
SetTextColor
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
SHAutoComplete
SHBrowseForFolderA
SHELL32.dll
ShellExecuteA
SHFileOperationA
SHFOLDER
SHGetFileInfoA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHLWAPI
ShowWindow
softuW
Software\Microsoft\Windows\CurrentVersion
SQSSSPW
<%'SS/
swwww77
SystemParametersInfoA
%\Szh"
> _?=t
|=/t,'
T6gG:o
t9	$w:
t}CUn"
!This program cannot be run in DOS mode.
TjkhV'
tk2#[*
_^[t	P
:#\t]r
TrackPopupMenu
tXTi#Gg
Tz#)"--
u8	Kx;
u8	x}?
u9	Hw;
"Uf8^3>
UfYz6C}
u[n.[	-}
{Un1==
*UR-Pc
USER32.dll
? uu`f.||||||
? uu@q,
%u.%u%s%s
uuu7,M
U? uuwf.
uxO%k-
V30ow6b`
v9	Z|>
<Vbq+!
verifying installer: %d%%
VerQueryValueA
VERSION.dll
%ve^Xm
vM:?I59|
VtbUjc
VtQ_+2
v#Vh;+@
w:	'}=
<W0+juS
w3w717
w9`Er	r
WaitForSingleObject
W{|dy:
wI]>yp
WiZURs
WriteFile
WritePrivateProfileStringA
wsprintfA
WVBfb.
ww@@ii
wwwwwwxw1p
WyOntw
=x0wZEa
x?2c|d
>+x	$4
xa~!.r
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
x?,nmQ
xXEpLN(IK
|xxxxxx
'xxxxxxxxx'
x@x@,Zn
x;	*y;
x:	!y<
x:	'y;
xZ3zgQ
=y?-[}
Y.......
Y0=Z*C
Y3U$k46FE2
Yc`aXo1
.Ymp,q
yoaVFk
~'y.tk
Z......|'2z
Za*<1c
Zc.7Nc
z[!KmT
<ZN08d
_zx.vg{^
ZZZZG\
ZZZZZtx
ZZZZZx