Analysis Date2015-01-11 21:12:36
MD51fa2951be7a12989dfea057004ee8fdc
SHA10a0e437daad32ab3dd2380a78ec296b408edca1e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 856b32eb77dfd6fb67f21d6543272da5 sha1: 6597c511c2ee72f68f5246460f0683dae16dcade size: 24064
Section.rdata md5: dc77f8a1e6985a4361c55642680ddb4f sha1: 3d397ee25b2dd83ab741c67375880151cae94ed8 size: 5120
Section.data md5: 7922d4ce117d7d5b3ac2cffe4b0b5e4f sha1: 4e56bb1994226ae0285c7adee470777262de2c99 size: 1024
Section.ndata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: d5ca23579f90b8f310d8d4f0c7897c3a sha1: 69cdd772e29ec33ddfbc37098720cd08cd888713 size: 7168
Timestamp2009-12-05 22:50:52
VersionLegalCopyright: BEARPC¾«Ñ¡Èí¼þ¼¯
ProductName: ·ßÅ­µÄСÄñ
FileDescription: ·ßÅ­µÄСÄñPCºº»¯°æ
FileVersion: 1.0.0
CompanyName: www.bearpc.net
PackerNullsoft PiMP Stub -> SFX
PEhash26348e64a2fc080bdb059aa79d370b4a84d3273e
IMPhash7fa974366048f9c551ef45714595665e
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)no_virus
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)no_virus
AVFortinetno_virus
AVFrisk (f-prot)no_virus
AVF-Secureno_virus
AVGrisoft (avg)no_virus
AVIkarusno_virus
AVK7no_virus
AVKasperskyno_virus
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileIQIYIsetup_l_spl004@kb010.exe
Creates FileBF-BFVCenter[[AB027]].exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileQQGame_setup_xzq_20006.exe
Creates Fileins1256858.exe
Creates FileOfficeAssist.0405.80.1119.exe
Creates File1.rar
Creates FileFile Not Found (404)
Creates File2345Explorer_329242_silence.exe
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates Fileyqtj019.exe
Creates FileC:\Program Files\3.ico
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsv2.tmp\System.dll
Creates FileC:\Program Files\1.ico
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsv2.tmp\Inetc.dll
Creates File9377mycs_Y_mgaz2_1201B.exe
Creates Filexueba_v2.1.0.0_1025.exe
Creates Filetqrl_169_88888.exe
Creates FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Creates File-2000_1_mp.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Filesetup_zjm0104.exe
Creates FileMM-liao8302.exe
Creates Filesetup_3c89.exe
Creates Fileyx_dts.exe
Creates Filesetup_95165069.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsv2.tmp\Base64.dll
Creates Fileguodou_137_777.exe
Deletes FileIQIYIsetup_l_spl004@kb010.exe
Deletes FileBF-BFVCenter[[AB027]].exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsl1.tmp
Deletes Fileins1256858.exe
Deletes FileOfficeAssist.0405.80.1119.exe
Deletes File1.rar
Deletes FileFile Not Found (404)
Deletes File2345Explorer_329242_silence.exe
Deletes Fileyqtj019.exe
Deletes FileC:\Program Files\3.ico
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsv2.tmp
Deletes File9377mycs_Y_mgaz2_1201B.exe
Deletes Filexueba_v2.1.0.0_1025.exe
Deletes FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Deletes Filetqrl_169_88888.exe
Deletes File-2000_1_mp.exe
Deletes Filesetup_zjm0104.exe
Deletes Filesetup_3c89.exe
Deletes FileMM-liao8302.exe
Deletes Fileyx_dts.exe
Deletes Filesetup_95165069.exe
Deletes Fileguodou_137_777.exe
Creates Process
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutex1.ico
Winsock DNSvip1.666.my
Winsock DNSdown.8476ddd.com
Winsock DNSdl.static.iqiyi.com
Winsock DNSdl.baofeng.com
Winsock DNSdl.xmlushengda.com
Winsock DNSxiazai.9377.com
Winsock DNSdl.nx5.com
Winsock DNSt.cn
Winsock DNSdownload.2345.cn
Winsock DNSmmliao.jianting.net
Winsock DNSwww.fengzhangyu.com
Winsock DNSmeipin.souxuncn.com
Winsock DNSg.quwen320.com
Winsock DNSd.qq66699.com
Winsock DNSdldir3.qq.com
Winsock DNSwww.yqtj.org
Winsock DNSint.dpool.sina.com.cn
Winsock DNSdown.tianyunxj.com
Winsock DNSsoftonline.b0.upaiyun.com
Winsock DNSg.dxipo.com
Winsock DNSwdl1.cache.wps.cn

Process
↳ Pid 0

Network Details:

DNSint.dpool.sina.com.cn
Type: A
180.149.136.250
DNSt.cn
Type: A
114.134.80.138
DNSmmliao.jianting.net
Type: A
122.227.42.227
DNSc01.i06.arnic.hadns.net
Type: A
58.220.2.5
DNSc01.i06.arnic.hadns.net
Type: A
113.17.184.10
DNSc01.i06.arnic.hadns.net
Type: A
121.10.117.139
DNSc01.i06.arnic.hadns.net
Type: A
183.56.172.47
DNSc01.i06.arnic.hadns.net
Type: A
222.186.20.122
DNSwcdn.verygslb.com
Type: A
202.111.173.104
DNSwcdn.verygslb.com
Type: A
220.170.193.201
DNSwww.fengzhangyu.com
Type: A
223.6.254.23
DNSdownload012.rdb.cnc.ccgslb.com.cn
Type: A
218.60.107.12
DNSdownload012.rdb.cnc.ccgslb.com.cn
Type: A
61.179.105.147
DNSna.b9.aicdn.com
Type: A
108.186.7.130
DNSna.b9.aicdn.com
Type: A
108.186.7.131
DNSna.b9.aicdn.com
Type: A
72.8.188.90
DNSna.b9.aicdn.com
Type: A
72.8.188.94
DNSna.b9.aicdn.com
Type: A
72.8.188.98
DNSna.b9.aicdn.com
Type: A
108.186.7.129
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.234.10
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.234.11
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.234.12
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.235.9
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.235.10
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.235.11
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.235.12
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.234.9
DNScdn.coop.baofeng.com
Type: A
218.60.99.66
DNScdn.coop.baofeng.com
Type: A
58.20.193.222
DNScdn.coop.baofeng.com
Type: A
119.188.72.240
DNScdn.coop.baofeng.com
Type: A
122.142.74.12
DNScdn.coop.baofeng.com
Type: A
182.18.51.104
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.6
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.234.3
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.234.4
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.2
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.3
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.5
DNSc06.i06.arnic.hadns.net
Type: A
183.57.148.246
DNSc06.i06.arnic.hadns.net
Type: A
183.61.10.249
DNSdownload.pps.tv.webscache.com
Type: A
119.188.40.81
DNSg.quwen320.com
Type: A
219.238.237.210
DNSdownload.2345.com
Type: A
60.191.187.15
DNSdownload.2345.com
Type: A
60.191.223.2
DNSdownload.2345.com
Type: A
60.191.223.4
DNSdownload.2345.com
Type: A
60.191.223.15
DNSdownload.2345.com
Type: A
61.147.127.202
DNSdownload.2345.com
Type: A
61.147.127.203
DNSdownload.2345.com
Type: A
61.160.245.8
DNSdownload.2345.com
Type: A
61.160.245.11
DNSdownload.2345.com
Type: A
61.160.245.14
DNSdownload.2345.com
Type: A
122.228.248.3
DNSdownload.2345.com
Type: A
218.75.155.244
DNSg.dxipo.com
Type: A
222.186.60.79
DNSdown-tt1215.band.glb0.ldcache.net
Type: A
202.97.174.82
DNSdown-tt1215.band.glb0.ldcache.net
Type: A
183.61.19.168
DNSmeipin.souxuncn.com
Type: A
113.200.251.3
DNSwww.yqtj.org
Type: A
58.218.211.243
DNSwww.yqtj.org
Type: A
122.226.102.211
DNSwww.yqtj.org
Type: A
123.249.26.59
DNSvip1.666.my
Type: A
113.106.70.163
DNSd.qq66699.com
Type: A
DNSdl.xmlushengda.com
Type: A
DNSwdl1.cache.wps.cn
Type: A
DNSsoftonline.b0.upaiyun.com
Type: A
DNSdl.nx5.com
Type: A
DNSdl.baofeng.com
Type: A
DNSxiazai.9377.com
Type: A
DNSdown.tianyunxj.com
Type: A
DNSdl.static.iqiyi.com
Type: A
DNSdownload.2345.cn
Type: A
DNSdown.8476ddd.com
Type: A
DNSdldir3.qq.com
Type: A
HTTP GEThttp://int.dpool.sina.com.cn/iplookup/iplookup.php
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://t.cn/RZfzJou
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://mmliao.jianting.net/mmliao/MM-liao8302.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://d.qq66699.com/yx/dts/sqft/905848/yx_dts.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.xmlushengda.com/d/setup_3c89.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://www.fengzhangyu.com/MGEwZTQzN2RhYWQzMmFiM2RkMjM4MGE3OGVjMjk2YjQwOGVkY2ExZS5leGU=/40.html
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://wdl1.cache.wps.cn/wps/download/OfficeAssist.0405.80.1119.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://softonline.b0.upaiyun.com/SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.rar
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.nx5.com/apk/20141222/setup_95165069.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.baofeng.com/BFVCenter/BF-BFVCenter[[AB027]].exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://xiazai.9377.com/20150105/9377mycs_Y_mgaz2_1201B.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://down.tianyunxj.com/tqrl_169_88888.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.static.iqiyi.com/hz/IQIYIsetup_l_spl004@kb010.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://g.quwen320.com/d/ins1256858.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://download.2345.cn/silence/2345Explorer_329242_silence.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://g.dxipo.com/guodou_137_777.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://down.8476ddd.com/hezi/jm/setup_zjm0104.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://meipin.souxuncn.com/meipin/affairs/-2000_1_mp.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://www.yqtj.org/baidu/yqtj019.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://vip1.666.my:99/xueba_v2.1.0.0_1025.exe
User-Agent: NSIS_Inetc (Mozilla)
Flows TCP192.168.1.1:1031 ➝ 180.149.136.250:80
Flows TCP192.168.1.1:1032 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1033 ➝ 122.227.42.227:80
Flows TCP192.168.1.1:1034 ➝ 58.220.2.5:80
Flows TCP192.168.1.1:1035 ➝ 202.111.173.104:80
Flows TCP192.168.1.1:1036 ➝ 223.6.254.23:80
Flows TCP192.168.1.1:1037 ➝ 218.60.107.12:80
Flows TCP192.168.1.1:1038 ➝ 108.186.7.130:80
Flows TCP192.168.1.1:1039 ➝ 8.37.234.10:80
Flows TCP192.168.1.1:1040 ➝ 218.60.99.66:80
Flows TCP192.168.1.1:1041 ➝ 8.37.235.6:80
Flows TCP192.168.1.1:1042 ➝ 183.57.148.246:80
Flows TCP192.168.1.1:1043 ➝ 119.188.40.81:80
Flows TCP192.168.1.1:1044 ➝ 219.238.237.210:80
Flows TCP192.168.1.1:1045 ➝ 60.191.187.15:80
Flows TCP192.168.1.1:1046 ➝ 222.186.60.79:80
Flows TCP192.168.1.1:1047 ➝ 202.97.174.82:80
Flows TCP192.168.1.1:1048 ➝ 113.200.251.3:80
Flows TCP192.168.1.1:1049 ➝ 58.218.211.243:80
Flows TCP192.168.1.1:1050 ➝ 113.106.70.163:99

Raw Pcap
0x00000000 (00000)   47455420 2f69706c 6f6f6b75 702f6970   GET /iplookup/ip
0x00000010 (00016)   6c6f6f6b 75702e70 68702048 5454502f   lookup.php HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   204e5349 535f496e 65746320 284d6f7a    NSIS_Inetc (Moz
0x00000040 (00064)   696c6c61 290d0a48 6f73743a 20696e74   illa)..Host: int
0x00000050 (00080)   2e64706f 6f6c2e73 696e612e 636f6d2e   .dpool.sina.com.
0x00000060 (00096)   636e0d0a 436f6e6e 65637469 6f6e3a20   cn..Connection: 
0x00000070 (00112)   4b656570 2d416c69 76650d0a 43616368   Keep-Alive..Cach
0x00000080 (00128)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f525a66 7a4a6f75 20485454   GET /RZfzJou HTT
0x00000010 (00016)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000020 (00032)   743a204e 5349535f 496e6574 6320284d   t: NSIS_Inetc (M
0x00000030 (00048)   6f7a696c 6c61290d 0a486f73 743a2074   ozilla)..Host: t
0x00000040 (00064)   2e636e0d 0a436f6e 6e656374 696f6e3a   .cn..Connection:
0x00000050 (00080)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x00000060 (00096)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x00000070 (00112)   61636865 0d0a0d0a 76650d0a 43616368   ache....ve..Cach
0x00000080 (00128)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f6d6d6c 69616f2f 4d4d2d6c   GET /mmliao/MM-l
0x00000010 (00016)   69616f38 3330322e 65786520 48545450   iao8302.exe HTTP
0x00000020 (00032)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000030 (00048)   3a204e53 49535f49 6e657463 20284d6f   : NSIS_Inetc (Mo
0x00000040 (00064)   7a696c6c 61290d0a 486f7374 3a206d6d   zilla)..Host: mm
0x00000050 (00080)   6c69616f 2e6a6961 6e74696e 672e6e65   liao.jianting.ne
0x00000060 (00096)   740d0a43 6f6e6e65 6374696f 6e3a204b   t..Connection: K
0x00000070 (00112)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x00000080 (00128)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000090 (00144)   68650d0a 0d0a0a                       he.....

0x00000000 (00000)   47455420 2f79782f 6474732f 73716674   GET /yx/dts/sqft
0x00000010 (00016)   2f393035 3834382f 79785f64 74732e65   /905848/yx_dts.e
0x00000020 (00032)   78652048 5454502f 312e310d 0a557365   xe HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 204e5349 535f496e   r-Agent: NSIS_In
0x00000040 (00064)   65746320 284d6f7a 696c6c61 290d0a48   etc (Mozilla)..H
0x00000050 (00080)   6f73743a 20642e71 71363636 39392e63   ost: d.qq66699.c
0x00000060 (00096)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x00000070 (00112)   4b656570 2d416c69 76650d0a 43616368   Keep-Alive..Cach
0x00000080 (00128)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f642f73 65747570 5f336338   GET /d/setup_3c8
0x00000010 (00016)   392e6578 65204854 54502f31 2e310d0a   9.exe HTTP/1.1..
0x00000020 (00032)   55736572 2d416765 6e743a20 4e534953   User-Agent: NSIS
0x00000030 (00048)   5f496e65 74632028 4d6f7a69 6c6c6129   _Inetc (Mozilla)
0x00000040 (00064)   0d0a486f 73743a20 646c2e78 6d6c7573   ..Host: dl.xmlus
0x00000050 (00080)   68656e67 64612e63 6f6d0d0a 436f6e6e   hengda.com..Conn
0x00000060 (00096)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000070 (00112)   76650d0a 43616368 652d436f 6e74726f   ve..Cache-Contro
0x00000080 (00128)   6c3a206e 6f2d6361 6368650d 0a0d0a61   l: no-cache....a
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f4d4745 775a5451 7a4e3252   GET /MGEwZTQzN2R
0x00000010 (00016)   68595751 7a4d6d46 694d3252 6b4d6a4d   hYWQzMmFiM2RkMjM
0x00000020 (00032)   344d4745 334f4756 6a4d6a6b 32596a51   4MGE3OGVjMjk2YjQ
0x00000030 (00048)   774f4756 6b593245 785a5335 6c654755   wOGVkY2ExZS5leGU
0x00000040 (00064)   3d2f3430 2e68746d 6c204854 54502f31   =/40.html HTTP/1
0x00000050 (00080)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000060 (00096)   4e534953 5f496e65 74632028 4d6f7a69   NSIS_Inetc (Mozi
0x00000070 (00112)   6c6c6129 0d0a486f 73743a20 7777772e   lla)..Host: www.
0x00000080 (00128)   66656e67 7a68616e 6779752e 636f6d0d   fengzhangyu.com.
0x00000090 (00144)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x000000a0 (00160)   702d416c 6976650d 0a436163 68652d43   p-Alive..Cache-C
0x000000b0 (00176)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000c0 (00192)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f777073 2f646f77 6e6c6f61   GET /wps/downloa
0x00000010 (00016)   642f4f66 66696365 41737369 73742e30   d/OfficeAssist.0
0x00000020 (00032)   3430352e 38302e31 3131392e 65786520   405.80.1119.exe 
0x00000030 (00048)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000040 (00064)   67656e74 3a204e53 49535f49 6e657463   gent: NSIS_Inetc
0x00000050 (00080)   20284d6f 7a696c6c 61290d0a 486f7374    (Mozilla)..Host
0x00000060 (00096)   3a207764 6c312e63 61636865 2e777073   : wdl1.cache.wps
0x00000070 (00112)   2e636e0d 0a436f6e 6e656374 696f6e3a   .cn..Connection:
0x00000080 (00128)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x00000090 (00144)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000a0 (00160)   61636865 0d0a0d0a 0a436163 68652d43   ache.....Cache-C
0x000000b0 (00176)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000c0 (00192)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f536f48 7556415f 342e332e   GET /SoHuVA_4.3.
0x00000010 (00016)   302e312d 63323034 39303030 30332d6e   0.1-c204900003-n
0x00000020 (00032)   672d6e74 692d732d 782e7261 72204854   g-nti-s-x.rar HT
0x00000030 (00048)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000040 (00064)   6e743a20 4e534953 5f496e65 74632028   nt: NSIS_Inetc (
0x00000050 (00080)   4d6f7a69 6c6c6129 0d0a486f 73743a20   Mozilla)..Host: 
0x00000060 (00096)   736f6674 6f6e6c69 6e652e62 302e7570   softonline.b0.up
0x00000070 (00112)   61697975 6e2e636f 6d0d0a43 6f6e6e65   aiyun.com..Conne
0x00000080 (00128)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x00000090 (00144)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000a0 (00160)   3a206e6f 2d636163 68650d0a 0d0a2d43   : no-cache....-C
0x000000b0 (00176)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000c0 (00192)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f61706b 2f323031 34313232   GET /apk/2014122
0x00000010 (00016)   322f7365 7475705f 39353136 35303639   2/setup_95165069
0x00000020 (00032)   2e657865 20485454 502f312e 310d0a55   .exe HTTP/1.1..U
0x00000030 (00048)   7365722d 4167656e 743a204e 5349535f   ser-Agent: NSIS_
0x00000040 (00064)   496e6574 6320284d 6f7a696c 6c61290d   Inetc (Mozilla).
0x00000050 (00080)   0a486f73 743a2064 6c2e6e78 352e636f   .Host: dl.nx5.co
0x00000060 (00096)   6d0d0a43 6f6e6e65 6374696f 6e3a204b   m..Connection: K
0x00000070 (00112)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x00000080 (00128)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000090 (00144)   68650d0a 0d0a6865 2d436f6e 74726f6c   he....he-Control
0x000000a0 (00160)   3a206e6f 2d636163 68650d0a 0d0a2d43   : no-cache....-C
0x000000b0 (00176)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000c0 (00192)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f424656 43656e74 65722f42   GET /BFVCenter/B
0x00000010 (00016)   462d4246 5643656e 7465725b 5b414230   F-BFVCenter[[AB0
0x00000020 (00032)   32375d5d 2e657865 20485454 502f312e   27]].exe HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204e   1..User-Agent: N
0x00000040 (00064)   5349535f 496e6574 6320284d 6f7a696c   SIS_Inetc (Mozil
0x00000050 (00080)   6c61290d 0a486f73 743a2064 6c2e6261   la)..Host: dl.ba
0x00000060 (00096)   6f66656e 672e636f 6d0d0a43 6f6e6e65   ofeng.com..Conne
0x00000070 (00112)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x00000080 (00128)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x00000090 (00144)   3a206e6f 2d636163 68650d0a 0d0a6f6c   : no-cache....ol
0x000000a0 (00160)   3a206e6f 2d636163 68650d0a 0d0a2d43   : no-cache....-C
0x000000b0 (00176)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000c0 (00192)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f323031 35303130 352f3933   GET /20150105/93
0x00000010 (00016)   37376d79 63735f59 5f6d6761 7a325f31   77mycs_Y_mgaz2_1
0x00000020 (00032)   32303142 2e657865 20485454 502f312e   201B.exe HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204e   1..User-Agent: N
0x00000040 (00064)   5349535f 496e6574 6320284d 6f7a696c   SIS_Inetc (Mozil
0x00000050 (00080)   6c61290d 0a486f73 743a2078 69617a61   la)..Host: xiaza
0x00000060 (00096)   692e3933 37372e63 6f6d0d0a 436f6e6e   i.9377.com..Conn
0x00000070 (00112)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000080 (00128)   76650d0a 43616368 652d436f 6e74726f   ve..Cache-Contro
0x00000090 (00144)   6c3a206e 6f2d6361 6368650d 0a0d0a6c   l: no-cache....l
0x000000a0 (00160)   3a206e6f 2d636163                     : no-cac

0x00000000 (00000)   47455420 2f747172 6c5f3136 395f3838   GET /tqrl_169_88
0x00000010 (00016)   3838382e 65786520 48545450 2f312e31   888.exe HTTP/1.1
0x00000020 (00032)   0d0a5573 65722d41 67656e74 3a204e53   ..User-Agent: NS
0x00000030 (00048)   49535f49 6e657463 20284d6f 7a696c6c   IS_Inetc (Mozill
0x00000040 (00064)   61290d0a 486f7374 3a20646f 776e2e74   a)..Host: down.t
0x00000050 (00080)   69616e79 756e786a 2e636f6d 0d0a436f   ianyunxj.com..Co
0x00000060 (00096)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x00000070 (00112)   6c697665 0d0a4361 6368652d 436f6e74   live..Cache-Cont
0x00000080 (00128)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000090 (00144)   0a3a206e 6f2d6361 6368650d 0a0d0a6c   .: no-cache....l
0x000000a0 (00160)   3a206e6f 2d636163                     : no-cac

0x00000000 (00000)   47455420 2f687a2f 49514959 49736574   GET /hz/IQIYIset
0x00000010 (00016)   75705f6c 5f73706c 30303440 6b623031   up_l_spl004@kb01
0x00000020 (00032)   302e6578 65204854 54502f31 2e310d0a   0.exe HTTP/1.1..
0x00000030 (00048)   55736572 2d416765 6e743a20 4e534953   User-Agent: NSIS
0x00000040 (00064)   5f496e65 74632028 4d6f7a69 6c6c6129   _Inetc (Mozilla)
0x00000050 (00080)   0d0a486f 73743a20 646c2e73 74617469   ..Host: dl.stati
0x00000060 (00096)   632e6971 6979692e 636f6d0d 0a436f6e   c.iqiyi.com..Con
0x00000070 (00112)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x00000080 (00128)   6976650d 0a436163 68652d43 6f6e7472   ive..Cache-Contr
0x00000090 (00144)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000a0 (00160)   3a206e6f 2d636163                     : no-cac

0x00000000 (00000)   47455420 2f642f69 6e733132 35363835   GET /d/ins125685
0x00000010 (00016)   382e6578 65204854 54502f31 2e310d0a   8.exe HTTP/1.1..
0x00000020 (00032)   55736572 2d416765 6e743a20 4e534953   User-Agent: NSIS
0x00000030 (00048)   5f496e65 74632028 4d6f7a69 6c6c6129   _Inetc (Mozilla)
0x00000040 (00064)   0d0a486f 73743a20 672e7175 77656e33   ..Host: g.quwen3
0x00000050 (00080)   32302e63 6f6d0d0a 436f6e6e 65637469   20.com..Connecti
0x00000060 (00096)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x00000070 (00112)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x00000080 (00128)   6f2d6361 6368650d 0a0d0a43 6f6e7472   o-cache....Contr
0x00000090 (00144)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000a0 (00160)   3a206e6f 2d636163                     : no-cac

0x00000000 (00000)   47455420 2f73696c 656e6365 2f323334   GET /silence/234
0x00000010 (00016)   35457870 6c6f7265 725f3332 39323432   5Explorer_329242
0x00000020 (00032)   5f73696c 656e6365 2e657865 20485454   _silence.exe HTT
0x00000030 (00048)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000040 (00064)   743a204e 5349535f 496e6574 6320284d   t: NSIS_Inetc (M
0x00000050 (00080)   6f7a696c 6c61290d 0a486f73 743a2064   ozilla)..Host: d
0x00000060 (00096)   6f776e6c 6f61642e 32333435 2e636e0d   ownload.2345.cn.
0x00000070 (00112)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x00000080 (00128)   702d416c 6976650d 0a436163 68652d43   p-Alive..Cache-C
0x00000090 (00144)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000a0 (00160)   0d0a0d0a 2d636163                     ....-cac

0x00000000 (00000)   47455420 2f67756f 646f755f 3133375f   GET /guodou_137_
0x00000010 (00016)   3737372e 65786520 48545450 2f312e31   777.exe HTTP/1.1
0x00000020 (00032)   0d0a5573 65722d41 67656e74 3a204e53   ..User-Agent: NS
0x00000030 (00048)   49535f49 6e657463 20284d6f 7a696c6c   IS_Inetc (Mozill
0x00000040 (00064)   61290d0a 486f7374 3a20672e 64786970   a)..Host: g.dxip
0x00000050 (00080)   6f2e636f 6d0d0a43 6f6e6e65 6374696f   o.com..Connectio
0x00000060 (00096)   6e3a204b 6565702d 416c6976 650d0a43   n: Keep-Alive..C
0x00000070 (00112)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x00000080 (00128)   2d636163 68650d0a 0d0a6163 68652d43   -cache....ache-C
0x00000090 (00144)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000a0 (00160)   0d0a0d0a 2d636163                     ....-cac

0x00000000 (00000)   47455420 2f68657a 692f6a6d 2f736574   GET /hezi/jm/set
0x00000010 (00016)   75705f7a 6a6d3031 30342e65 78652048   up_zjm0104.exe H
0x00000020 (00032)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000030 (00048)   656e743a 204e5349 535f496e 65746320   ent: NSIS_Inetc 
0x00000040 (00064)   284d6f7a 696c6c61 290d0a48 6f73743a   (Mozilla)..Host:
0x00000050 (00080)   20646f77 6e2e3834 37366464 642e636f    down.8476ddd.co
0x00000060 (00096)   6d0d0a43 6f6e6e65 6374696f 6e3a204b   m..Connection: K
0x00000070 (00112)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x00000080 (00128)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000090 (00144)   68650d0a 0d0a3a20 6e6f2d63 61636865   he....: no-cache
0x000000a0 (00160)   0d0a0d0a 2d636163                     ....-cac

0x00000000 (00000)   47455420 2f6d6569 70696e2f 61666661   GET /meipin/affa
0x00000010 (00016)   6972732f 2d323030 305f315f 6d702e65   irs/-2000_1_mp.e
0x00000020 (00032)   78652048 5454502f 312e310d 0a557365   xe HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 204e5349 535f496e   r-Agent: NSIS_In
0x00000040 (00064)   65746320 284d6f7a 696c6c61 290d0a48   etc (Mozilla)..H
0x00000050 (00080)   6f73743a 206d6569 70696e2e 736f7578   ost: meipin.soux
0x00000060 (00096)   756e636e 2e636f6d 0d0a436f 6e6e6563   uncn.com..Connec
0x00000070 (00112)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x00000080 (00128)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x00000090 (00144)   206e6f2d 63616368 650d0a0d 0a636865    no-cache....che
0x000000a0 (00160)   0d0a0d0a 2d636163                     ....-cac

0x00000000 (00000)   47455420 2f626169 64752f79 71746a30   GET /baidu/yqtj0
0x00000010 (00016)   31392e65 78652048 5454502f 312e310d   19.exe HTTP/1.1.
0x00000020 (00032)   0a557365 722d4167 656e743a 204e5349   .User-Agent: NSI
0x00000030 (00048)   535f496e 65746320 284d6f7a 696c6c61   S_Inetc (Mozilla
0x00000040 (00064)   290d0a48 6f73743a 20777777 2e797174   )..Host: www.yqt
0x00000050 (00080)   6a2e6f72 670d0a43 6f6e6e65 6374696f   j.org..Connectio
0x00000060 (00096)   6e3a204b 6565702d 416c6976 650d0a43   n: Keep-Alive..C
0x00000070 (00112)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x00000080 (00128)   2d636163 68650d0a 0d0a6e74 726f6c3a   -cache....ntrol:
0x00000090 (00144)   206e6f2d 63616368 650d0a0d 0a636865    no-cache....che
0x000000a0 (00160)   0d0a0d0a 2d636163                     ....-cac

0x00000000 (00000)   47455420 2f787565 62615f76 322e312e   GET /xueba_v2.1.
0x00000010 (00016)   302e305f 31303235 2e657865 20485454   0.0_1025.exe HTT
0x00000020 (00032)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000030 (00048)   743a204e 5349535f 496e6574 6320284d   t: NSIS_Inetc (M
0x00000040 (00064)   6f7a696c 6c61290d 0a486f73 743a2076   ozilla)..Host: v
0x00000050 (00080)   6970312e 3636362e 6d793a39 390d0a43   ip1.666.my:99..C
0x00000060 (00096)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x00000070 (00112)   416c6976 650d0a43 61636865 2d436f6e   Alive..Cache-Con
0x00000080 (00128)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x00000090 (00144)   0d0a6f2d 63616368 650d0a0d 0a636865   ..o-cache....che
0x000000a0 (00160)   0d0a0d0a 2d636163                     ....-cac


Strings
 " ".E

080404e4
1.0.0
!1Aa
#+3;CScs
BEARPC
CompanyName
FileDescription
FileVersion
LegalCopyright
msctls_progress32
MS Shell Dlg
ProductName
StringFileInfo
SysListView32
Translation
VarFileInfo
VS_VERSION_INFO
www.bearpc.net
-:~\,_
@!*'!(
*?|<>/":
03ARg8m
"}09 >P
0B7Qw}
0.eIP:$
0G74!;c
0GXW/O*t;
0HQ}D/
	0i:c}
0[jejrk
0JirKL
0.^:KG
0mkqU-
_0n4n1
(0?o}"q
`<0qjE
0q*<P+
0RV0ff'
0sIK?4
$0t:	}g&
0V00AX
0&wez5
0w#p\]
0],XD|
0}xyN5
12.qjD
1*!5".
1/5>uqk
&17o>j
1AH@7t
1A]: X
1~^b~6
1>biDe
1F:w3+
*(1hfPV
>1hsD!
|1ixQ5
1^>J~'r
)1_[)}K
1K6Fd*[M
1K%(Ge
+^1mU\O@
,_1n6co[
 1Ng}<ay
1N`npBu
1}?|,O
1pvn:j_
)1R3?z
1-/t`tV
1_Uo v
1vP-d~i
%1VR'ma
1@}Y=Z
20P4%[#
!22fPT
24A*!P
24`.kLD*L[
25";[%
='"2.6
2&60:<
266;hX
/2}aL 
:2Azc	
{2@b@o
!2!@Bz
2c N*&
2EES7{
)_2f<s
?2g	`'
2g=@QI
2iavRQ
'_;2iCtQ
2J9V9I
2jE=8rlf
2~_jFk
2KEZ's
2kH(eb8=
2M/^3a
2N?q+h
2%O7[%W
;{2OCJj
+2oe0Es}hr
2O#];j
2rRkDA6
2`sN<0
{2_[tow
|2)$@V
%2X?u3
_3	^$	\
3?1+C=W
32=h\8g
:!)<39
"3!a6r
3aVM:9
3-|/bab
3;c^	c
];3dbp6H
3E ]."
]~3E/5
3iu H{%
?3+=jX
3%m/D%
_3Njhz
3;:*$p
3!PR%A
3~qMgk
3$Q;R`
{|~3~s
3sI\+/rE
*3$TFD
3W&m'7
45|++B
4^ a^0
4abM(N
4b#!"twS
4cJ	6N
4~,-@`:DF
[4E4<:
4G,o?I
4}},h_
4h!sR2
4Iw})#
4kr&D;
!4o?,:
4O6f[U7
4*o|;o
4oYP*#
&4P.N2	p
|4p=S"
4U?gEo
_*4v~E
4;v{Hg
;4|y3]#v$
4&yLw{
4^=ZGy_
^~ >5^
=5^);[
5*:%296	
52O#)s%
5[2sFr
	;55DbyQ
55RPS8
|5-63n
57)U`>
5+>	7x0c
59B_n/
5Aa5`m/
5}ABf=
5Ay5j,i
5-$}b"	
`5:@?B
5_cMm/
5=Dl6Mg
[5E''01
5=#!e]%7_f
5e%kse
5iG-a{
5-JE.P
\5Mwj,d0B
5n%!J[
*5P"xz
5rf;F/
5Sl^V%
!5tN%F
5v)9a8
5]w{E}
63B6%'
_64wOAnC
67K8@^^
6(d1}i
6DY0AM
6 k*Zy
6lIfz.
6>:lLXM
6,%lzXqXY
6n6>n|
6n\Fves6
6n`mV%
6[[o?6
/6,O,q
6 |rV\q
\6"vfP
6vN^N^m
6Wd*D0
!6WLR8
6ydB1-
=-/+;:7
71yP* 
73n}x=2
}76ad=
77$Q/&=M
*78:YU
79c'&;8
]'7*a6
7~a<f<n<e
7cPHY)
7D1'KP
7[D	osR^
7F6mYm
$7%!g(
]7^GA&
7	jhbs+#
7.\K3E
7P0@ip
7p<*hn
=7r6I8
7+]@RA^
7R S3J/'xD
7t='i/
+=&7u_(a-
|7uQ3yBG
<7[v5#
\7Vhy@
#(7X06
8|;4>r
*89jE;
)'8C{p
+:8"Ff
8.~F#V
>]8:GG
8gk|JU
/8HxelH
8/jtw9
8`j%Z_
8NCRCu
8&oG2nr
8$%PAU
8RBx?\"\
8	_s%o
8W ^XN
8ybsbl
8Y/"ZS
8zXOx-
<98=xz
%%9:9E
%9a]hg
(9@%C|(!
9#eX#5Y
9I'<)fmZ
9(k?rV
9NCo[Ns
"9o|R${
9qy1VnnF
9<,&U_
9u.<v0KY
	;9#_vX
&9Y4wz{(!
@9y$+ig:
9yIuJ_A
.a ` =
`\A`?(
a_1JR-Q.
a1<!vT
)a6{;	)~
A	7	@@
'[a8 NK
aa@j&`EQg
,}@ab?
[acXw>
AdjustTokenPrivileges
a`ds&2U
ADVAPI32
ADVAPI32.dll
a_e5;*
AfU"I3
A'H}J[gy-t
A'\|ius
A:-j06*
*a}j4F
AJ9~\_F
a+Jp*{0:It
aKz3'5
AM1i]x
aM1Q$	a
A]mJ1F
ANn8f?f
an~y$ 
	Ao94w
ao.TO-
(aplOt
aP;<ML
AppendMenuA
AQB}%=
a]q(u:C
AqZhAdE
aT+"b?#
A[TNgk
aTNQ,!
AU	CU!v+
a]u;t'
]awDPhk
[A'=wp
^aWR-$
!^@~AY
A-Z%[g
AZIFvP
AZ>ke{^
^*:*"@b
;.B!>0j@ 
b1l^Q[
B_<?\4q
b.6}=,J
B'|7C8
b7(+pDJ
b>;af{
:B$a{S|
Bc^)R8
B+DswV
BeginPaint
$BGKwa
B.gx^F
b%{/|H
bh)F5sA
"B jh+> #
)bkVBh
bk!=<Z
blAO0;
b|L|O0
BloUUy
bmBu)!
%B`:MO
Bm&x7n
+)*"BN
~BnNy(
Bpq>RE
:B}q.1
b'ROB~
bRxnp?j;QRxd
,BSJ_8%
)BsS'd
/B>T<:|
!Bt!%Fc.
b(tvIK
~$ b!u0
.bu=QY
+{B+Ww
B%x,@p
B^Y#(~
BZR!M4p
/^`'C0$
c?06?(
c-^{2<
C2a2N2q
C2ftuQ
'-c2]j
c3\&Km
c4}^9)
c4k0/dw;6
C\9lU.W
].c>aH
CallWindowProcA
$c\?bgy/
ccrL8W
cE/08N
Cf>1iJD
cF3Z.V
cGD}A:Y
CharNextA
CharPrevA
|C +`HC
CheckDlgButton
,Ch`GKo!
:CjBh3+
'C[J[~N
C|"]K!
 Cl~(*
CloseClipboard
CloseHandle
cL"pUq
c=moM*
CN>T@e
cn<Xs|
CoCreateInstance
COMCTL32.dll
CompareFileTime
Control Panel\Desktop\ResourceLocale
CopyFileA
CoTaskMemFree
\c$q?e
CreateBrushIndirect
CreateDialogParamA
CreateDirectoryA
CreateFileA
CreateFontIndirectA
CreatePopupMenu
CreateProcessA
CreateThread
CreateWindowExA
CR.XKyu
cSMz5w
}C^&TE
CtW'h2
cUl~2W
C<"u#Ta
cvsc3-5
]CVxNR
c~!<W!
c*w~,{9ma
cX"DL9
) C=ym
c{=\ZI
... %d%%
D]=0%2
D$0+D$(P
.d0[XG
d&,2oo4
)#d7b/
D?8Q\Kh
D9Zy}\
D=A|5y>
@.data
d)|{d@?
D$(+D$ SSP
DD=V8CAE
<dd:w;
.DEFAULT\Control Panel\International
DefWindowProcA
DeleteFileA
DeleteObject
DestroyWindow
"Df0j"[\%
dfm={b%
dfT&Yj
Dg%8o\om
|D@gAR
DialogBoxParamA
DispatchMessageA
DKGReMU
(D"KN	
dlVbB;
@]<D"m
dmu Pa!
,{.d'/n'
d~|%_-O
Do-?[q
'dp5yZ
Dpf|o5
D$$Ph,
d PR?=
DrawTextA
dRUZ?Sg
dS@l6m
D$(SPS
du!oX<
d*UV..
D`VVhu_9
dxb$fJ
d.x)Q#.
<dz2)Ut
-*!$%d:ZU1N
\/"E@:
E<20ee
e2A6Ex
&e3?~j
@e3VzPU
 ~e$6Up
E8n>AY#l
E[A;5*N
e:a/>M
EDX!H+,V
E,E0/B
Ef]<	,
e{*fB,Rr
eGLS;d
&[E"h8
eHf!GE]E
ehpN_@
	EH;t&'
EIQ@-H
|e[k_~
}ek@C&y
EmptyClipboard
E<_'N3$f
EnableMenuItem
EnableWindow
EndDialog
EndPaint
]!EOpo|rr{
_EO	'X
E]/``;p
Error launching installer
Error writing temporary file. Make sure your temp folder is valid.
eRxTDF?
ESA&78
esD@N83
\;<eT&
EtdY\(
EtjF2]
e%uy%u
(EW@jBQ
ExitProcess
ExitWindowsEx
ExpandEnvironmentStringsA
@>@(`f
@f`-){
;:`^F,
f^]0+I\]
f0> klkil$Q
f+3zn=
f=7\k2
F]8,[_E
F9gt<)
f9x>Has
[FD/{F((
fe85-H
Ff&R`:^
FillRect
FindClose
FindFirstFileA
FindNextFileA
FindWindowExA
Fj7(-"ASY4
f/J7TF
Fjg:%@_
<FK^Mn
FL?9S%
F.*mk_
F=n<^%a9
FN]}dW^
fnG*CiPvY
Fn}.[W-
$FOy8)W
-,fP32
[fPFEh
fQT'yqt
FreeLibrary
fS8QfKX[
;FtvPj
!fv7Y0
.	Fvpd%
FVtsDE
f??vU%C
Fv,)uq
fwA[&M
/FWF}[
/~{F@x
^F[]X2
!f$XBo
Fx[JZK
F*Y<fY q/
&fZ/	I
FZU/yw
@\.Fzy
G1gT(Y
]g3}%OV
G.5hR'
g5/k6il
G5:mbu
G6Oc-B
G6o(_Cd
}g7PAA
) gaFa
}.GAN\
GA +Ufv
]G(b5\
@%gB,k
gBp-]\7P
GDI32.dll
gdsok[[\
G>]E}'
GetClassInfoA
GetClientRect
GetCommandLineA
GetCurrentProcess
GetDeviceCaps
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDlgItem
GetDlgItemTextA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFullPathNameA
GetLastError
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSysColor
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetTempFileNameA
GetTempPathA
GetTickCount
GetUserDefaultUILanguage
GetVersion
GetWindowLongA
GetWindowRect
GetWindowsDirectoryA
G>fjys
%|g@Gf:~-
GGK7L<
gICc4M
g"}IPN
G)=j?A
gkc!S}& )
-gkX-F
GL^$N[Lq
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
	GNASsN
%,GNw%
#"g]o5
@g^oc7
G[os84\^
g\P2ftJ
g<P_l9
GPTayC
gpx@rba7
G(Qjva
gs4{0c
g @T_\3P
@GT]u8
GUJM"i
gvUrwB 
G@x-%n
&g&x]U
>>gY	e
gye'w^
gZdgSd
g.ZO||k[
G[zWAy
:~#	h'
H1LH\I0
H{26:*
H3B>(/
$H3 :JpSx?
h4g2+y
'=h6p*:
$H7Db@
`,h  9
H9B{6x$
HbiIuH
[	hbWv=
h$(Cg12
hD09F9
HET['O@
{_HFlJJ
h+G%CG
.hg>,F
-hg~-k
hIE4g&
H!j#9[
Hj_!gW|
hJy]8b
hMGU,+
hN_6%q
{_hnE$
H)nhyx\
HN.%W>
H( &N$X
%ho9Rl
hOeFv0
)h.OzL
HQ(n^rJ
hqq_F|]
H<qTjQ
H@Rfg[
h)S^{lw.8
>h%t|<:
[htA_v
hts_h&
http://nsis.sf.net/NSIS_Error
HtVHtHH
h&.W>~-
hW6J%9
 _,_h+{X2A
h% y+.
`hY}y!;FV
HZ|zf"~
I!2Z~f
i4ONg6
I5rc\b
}i944R
I:a/Wg"ea
)I]b}f(
{i|C,!/
|ickp5
I%=e:y
IFl8gw
I`^<G'
 IG/$2
igD$k=
IH`3%&V
+IH<#?MB
I?"I]/
I#jO+K
ik9E%iuM
Iknc$u
IK@xWa_
iL;E]=
i+L*T,
%_iL[uM
iL@X? 
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
incomplete download and damaged media. Contact the
i@Nn; 
i@npFg%~
Installer integrity check has failed. Common causes include
installer's author to obtain a new copy.
Instu`
InvalidateRect
ioRp``u
Io_z^z
:iPa{=
@I%PG7+
}iQ%F$
i(QT`S
:`i"Re
iRichu
ISJ-")
IS/{Ux
IsWindow
IsWindowEnabled
IsWindowVisible
IUQ	%<
IV5M?k
I&vK4a
IvuHXj
iX:4ZRv}
iy0"sJF
_^I`Yd
Iyi4_8p
IY><KR
Iy?pI5O
J0'`fp
J&',/3
?J5".d
J>,:5vU
j6]D0Wn
]j852*
	J87g=%6Z
'\j89v=
j8;Rgm&
J9P}'cV
J!b~k|s
+@JB!>rtc
JCz#.i`G
jd$1wb
J	`|`E
+J(ejEI
Jen?TT
-*!JEqfi
#Jey|`
jHg^?K
Jil~,S0
~JI#mdt
J=i?XU
#]<Jj#
jj4k4/j^
>JjC	E
JJ'<Q+
\jJ%xi
JKTis+
JLJ$/{
jlXA4S
jlz#p4
j$m*#+
'jM:4K
=jm*+	8
 JR1Ud0
JRA&1q
jR :wy
J.}sS>
js^}UN:
J.u5`|
J.U+A)oe
J UqPc
Jv3+9s`
,!#JvG<|Z
JX>+Ok
jYQ=3Z@
J/yvq{
-]JyVs
]k06&n
>K0dCU@
K0whu~
-k2!^2
^k3nL3S
k5:GZ&9@
]^k 5v
K6-D	n
]"	k7 
K_,9Bpx
k{9	y{
KbN/iv
|^kBWx
_k:C??
K cBbv
-kC %O
k<d<a<kl6
_[ kDn
KERNEL32
KERNEL32.dll
khQ6\S
k_hRv-aaE
``kk	9X
KK%d%`
kNj~D[
#KOgSr
k&O&p't_
!kP?	J
Kp+VT\
['%ks2B
=Kt@mb;
Ktm>f"G(
=ku_htm1
kV7V65
kv&e@J
kvjlGv
\k<w[z:@60
|Kx-=e
?K?%`y
\kyFP>)u
kY^#iaYGS
kYkv$Oz;
k(%ze,
kZ{:@l*
K!Zl<9
^)('?L
l]01dK%'
-L2ex|H,
L4^xVq
l ~8FU
laAQn2
La dsE
lb SG8
LD_rtr
&LEh%%
	L+f9A?Cq,
LF.nrCn
LG4(/#
lg}Oh 
L?)hMjx
l$!hR[M
lJ$fS"3
^lJKNe
LJ<	Uy
lKd<_xh
L_l(dB
lLg#JN
LLYT]T/
lmv]L!R#P
,=:	*lN
lN?8C>q
LoadBitmapA
LoadCursorA
LoadImageA
LoadLibraryA
LoadLibraryExA
LOe}%"
LookupPrivilegeValueA
lp0g<3`
l><p(zI
]<L.Qi
l;r*,*
.,lRXn
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA
lT	!VmX
L,u3Fq
L,UO;#{W3
L{vgFD2u@'mE
L}v<G\:]G0
lv~OZF;sa
'lYm-4Z"w
>Lzjd~
LZKy/5
M(_	|@
m1&(!hZ
m$)>2,H
*m*2S<6
@|M5ssT($
~	m6@Jn
m72RTj
M7rR[*R
M7:tvNS
m_89Xm
m#|9P4
m`Bj*Lz
{m*>bo
m^C1qN
M(cI?\
mcK\;F
\)MdO/
}?	mDX<V
#<MeB	
m\ECdX
MessageBoxIndirectA
Mf8kFK
<@>*mg
-}M_GAR\
/m=GKn
<M>go\\(
Mgv|#7
MIcn{V
\Microsoft\Internet Explorer\Quick Launch
\&mji2
MK)" $
Mkc,9{
Mmla^G
m N\"J'
	!M/-nS
|<@m]O
More information at:
MoveFileA
MoveFileExA
M%QFBI(7
MQJ~W$
mrf^ivl
./MrQ>
m,%+S*
[MSaC'KiP
%#m`*u
MulDiv
MultiByteToWideChar
%Mv.;De
M?wf{6
)m,WO'
~MXOuy
MxPEOm
 mZ`eu
N\,+@+|
N]]-0:
N1c*cIpd
=;:N27
N'2BVq
)?+N3bN3
n3oo&K:
%n8QJ<
^N9y~b&
n>)~-Aa
NAa?D`
(NAEpkz
n#cmE$1
NcNoQh?
ND75/=
.ndata
\n)\Dr\
$"nDVm
nE[b \
Nf2QN	
N[F%@vVt1}
Ng2u\Q
n=g+4j
Nicb*Uj
_$NJ6G*m
Nj,R^r
'/?(N&kj
nm6Oa+
nM=J>q
/"n"n#
n nP9Ru
nPke!R
N@q;4qg
<+N^Qb
NQ	Yz:]s)
Nrdk5p
NrNc0[
N^{s;d
Ns+G45 
NSIS Error
~nsu.tmp
|nS@yy
NtNoDY
_	n{uc
NullsoftInstVp
NulluN	E
nUy^XZ
NUZ,%U
nvE:wY
nVh"Qc
nVp|7"
Nwb(iY
NWV:U1}{Fh
N@XaEj
nX$-~s
]Ny?dt
NYtl8`
nYUQ>S 6
N&yU-vo
}(\_o?
`%^-&O
o$0z:Q
O\1ew+
o%5*8]2v
o@5w	Ft1
~*~o76Av
(O8QRd
O'@-]As~
\oB7V5P0
OB9.#V
?o#ebM
&o	* F
Of^caZ(
OF	GvQ"
]o&G=:6
(OG$w*/
Oh_%s0
o+"i0>=
=o+k~t
ole32.dll
OleInitialize
OleUninitialize
OMB&xr
o|MNO.
)ON@BG
oP0vnB
OpenClipboard
OpenProcessToken
oQ][I>
or$>H)}|
?oSB/mIR
Oser(2Cn
os/Pss
O&`T6]
 !OU17L
o_U?"n
	.`ow&
Ow~9)w
oW@"DjNX
/O@y1'
"oy2#%
Oyg.p 
#;}p:+
P0L[*q
p0V+XK
p(3zGq
\P3zUkP
:%?P(5
|p^6Z1
>p8e7a
P8xYa}
?|+Pae
'> p`c
PC|GS#
pD7JW08
PeekMessageA
pepmpnp
Phj{p*
P=,"i+
.P="In
P^I^vh
Pl:1Fr
PN8$#b
PostQuitMessage
PoV]]:
PPPPPP
p=pZJ9
/P*QCM
pqUz	a
pq<wAq^
pR~21!
#PS2dj
p}:t'-'gp
pv@a<T
pv?]ct/
pV\YSn
P'w%+ ;g
PWlY= 
^&/PW^)V 
 ?p yn[
#.py?s
pz- t_
q00Tng
q0(~s,
%#q[>1I
Q2=l]1
Q3<uWDw
%q3wya
{q4U =
(Q6_MM
}^Q7 1
 q}~9J
qb1>+9
Q{B,RC
;Q<=b_x
(qdw")
,Q*eMV`
;qfGS)-
qfqk!Z
Q&g4JK
Qg9	MD9
QIMx8k
#qJ!/]
&-"Q\j
q<J9N!
}Qk1[<Nr
qKqd`S
Qk:Y.<pu
)$=-qM
/qMqfC
@qO^#E
	^ Qo"T
q/P#H;
qpo.7@
QP\X\Z
QqAl5R\
`Qqi\6)
|qQl5:
q;@q	}z2
q@Rd+j
q@SVIf9
q$tTBo
".q$X-R
:.]r+_;
r3!?cH
}r4Ao\
R6	uk^#
;r74O&S
R8/V[*d
=rCz~0
r/;<D-
r(@ d0
`.rdata
@.rDEO%M6
R>-DYL
R}=DZ4
ReadFile
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegisterClassA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RemoveDirectoryA
[Rename]
"r"&ET
Reu`*#2m1
R-[*FC
`r.!GR#
=R-]H*%=
RichEd20
RichEd32
RichEdit
RichEdit20A
R]IlQ 
RiN-	qv
;+Rkb*
rla#EB
)rlYe}
RmE=0I5
R;N{Gq*
:\/r:O
'}r%PG^A
.rRNNp
RrQ9@p
`|"}rT^
rT*)#)
r|TH&a
RtJt~NT
rt<N;{DSA
:rufP[~
ruum&c#H
=Rv2!Q_
'{rWvW
R{?X,W
R=;yJA
Rzed{\
'+\S?+
S0C~zH
s2{$48D
}s7uA3
|"S,?a
SAG\5tm
ScreenToClient
S{`Czgu
SearchPathA
SelectObject
SendMessageA
SendMessageTimeoutA
SeShutdownPrivilege
SetBkColor
SetBkMode
SetClassLongA
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetDlgItemTextA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetForegroundWindow
SetTextColor
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
sF:\=AT|
s^@F%V
s#f(X]
s<&Gg=
SHAutoComplete
SHBrowseForFolderA
SHELL32.dll
ShellExecuteA
SHFileOperationA
SHFOLDER
SHGetFileInfoA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHLWAPI
sH|N^pS
ShowWindow
	sHRL!<B0
Si8@Wh
S{IUut
sI$Xo!
S+jT+:
S$,jVbI
SkR--D:
SkwJ{B
s`M>i&
SO8Dj6
softuW
Software\Microsoft\Windows\CurrentVersion
sOM,~<*Q
so>(Tw
sQ<_|n7
SQSSSPW
ssR~+%9
[S_Tq}n
sv_@?a
SVrC4<
^SW}il^b
S$XaEv
sye0o$
SystemParametersInfoA
> _?=t
*}T.<\
]T2	|1
	t4igF
t#5{e*
T6!~{@
t7>]$MT
t8jv>G
\}(,t9
T9~=>[
=t+9p3
=]t'>A
T:AFUO
TdiQe)?&
TE^"N*
;Tf^5J$$d
t/F\:l
Tf=y{.@L
:tGOt:
!){tGPB
!This program cannot be run in DOS mode.
TIIA)R
T(iN,XG
TJ43|]
t#K#|Z
t,m9ii
_tmAlnM 
t;Mb89T
tmw00V
tNJ.7O
TO/[1C
@tOh?k
T><ovP
_^[t	P
>T-}Pf',
tPJgd(@
,TpM)z
t].pn`r
:-tQhM
tr2A6Wgb.'.9T
TrackPopupMenu
tRi77a
T`+>w0`'
+T]wnj
TWRL/dN
Tx=$y|
t^xYc_
\u0~h/^&R>W
]U16?]R
U1zKueN
u3^`*P
U3sw /
U5 ru{#
[@=U[7G
^=>U8C
*u8VZ{
U8yK.2
_uaZS*
>,u<BN1
?	Uc4xwo 
uC{7Qi
u	;crIH
U<_eG_
u>elZ5
>U,eTK
+`Ug3>
u&>G<E
UgThtV
|]U<i;
U/'I%bT
ujgBx9xl=
?,UJgcK
&Ukb|< 
uKJxA^
U]}L_{
Ul).FV
%U><MO
un,nqW
UoAqTXh
uP3Iy~
upm/hWQ
u@Q<)H
USER32.dll
U@tScd
u}u}&!
uU4v81
%u.%u%s%s
UvFn\}
`uX\%M
`U`Xr{
uy3O>=9T'
U^Yd2'
%Uzbpc
="~v'1
*:v50[2
v7Q#zR
V}8rY.
vBcT8.
Vbr~jN
(VCgNCRq
[&vEfW
verifying installer: %d%%
VerQueryValueA
VERSION.dll
%ve^Xm
v|	G2b
v#gvI$
v#`[hS
VhusA3
vHx~:]
VijPL%
}V>kkK
VlYb{@
voHa\~
VO;-`Q
VpgZy]
~'Vp&qy|
V.S6)[
VS8'g2US
#{VSF#
"+vt|)-;
,>VT>}
VTz;qP
?Vv1zW
VVCcFj
v#Vh;+@
#)VW<|#
vwc"Ef
VwtF n
&VwYdy
v!x/{1
vx6S8j7{
VXPsz5_
V'/z!b
V$zSqm
"vZZ,?d
:	}:-W
W04g0R
W2BqAf
w3=YF;
)}W4);
W566cP
W6{pUjL
/$w9rV
Wa5m8}4
WaitForSingleObject
wat7?SE5
	=/Wb02
W<b^x >1}
w[dw!7
WE8gu$
weoR2h2
|w;erK
W|FeRs>0E
W*-Gf4
WiNgDB
'.WJkP
wk"4+4[5
wKtrv3:
:^Wlb[
`Wlfd-&
@"wm2gY
WN>Y$__iL
w;};?O
W,:ON4
|wOpT+M@
wQ=9C]
W"R?46
WRB3XU
WriteFile
WritePrivateProfileStringA
wRO?D)
W?rYg~#
w=@/ s
&W"s/^
:/wSM97
wsprintfA
wT3QeH
]w,u@=
#<W[U'*
}WuB5'
wVB-{L
[W^{V{~oJ
W?vT>\y
><W"Wl
Wx}})u7M/
w/?y@AIQ
;wYU@U/
%{X2373y
'X2ZEd
'x(3K=<
x5fkE0
X5GEnPw
|Xa1Xh
XAofw1
`.xBk&^hS
&X[]=cOy
<>X%d"
-x%eu-X
^xFvdI
x<GBV;H
Xh ;]TH
X<I*2kr
X;I@b?
XJ,S,S
xKGFN?
:.(XKkv
 XKLPW:eR
	XkZXRw=
X^Lu^-
 x}[MFG
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
,`*X"nB
~*Xp.F>
x/P"u?
,x(RI:
X!s8|E
xu"b0w 
#x)uC;t
	!^X[V>
xv^lUO4
x+v xQ
XX7d5;
XXkm?1wVb
xzl8,q
%[y"\ "
]?Y1_C@
`>!y4}
&Y4WH:
&|y{-b
yBrs,z
:;y>BU|
yd^	d (
)ydvuZV
yecE%h
y FdT\
Yf@VWZ
yg7!a+
%@^	yH
&YiMNb
Y>I>Q(
yiQCG1zB=
	Y^J9@
.YJ)z?K
YKhYp'
Y}k:Tl
Yl_SP	
y'{LXr
Y?nDT	
_:ynM(z_
Ynt3Y!
=YNvTjZ
)YOD=AXerX=
YpQJiB<vG
YPU,>#
^Yqo].
Y+Q*w|
Yr5h#	
yRPCL>
Y%	&S6
y@sZ38dFHM
Yt$a1[
Yt&cDrQ
yV_ZE``O
Y<=WCP3;.DP
y*WIy2n
\YYHdp}
YYiokX`G
y{z.3[
/$z_}_
$	?)Z'
Z=;0-?
z0wI#f
z0WX?cQ
<Z1gq 
z+4/Ax
&}Z4l]3
Z_|5'6
Z6`FV\
)z]8~R
&_za<{
_*-/ZA=
#^ZA\A
Zae.ItgM
}?&ZB.
;ZB`I,
Zd|E(-:2?
Z@Eo@b
zf,{we
#ZG}#&
z+gpVo
zh4?0J
ZHmD~G
-Z\I^n
Z<KIrc
)zKSH`(qU
zK=Zuz
zl>MA5
z$}L-v
_'=zm$_
(zMjDA2
 '{Zn>
znP{g&
z\N?S$|
Z[}~(?>O<
^ZO!3?
Zo|`5G#
Z}o;8%
	"zOCY
Z@].OV
Zt+1!#
zT7D[+
ZV	1w^
]z.*-V{A
zv%;-U8
Z@?W~9z
&;ZXND
ZX@XoY
zz#f.<
_z,@zj