Analysis Date2015-02-02 01:54:12
MD58c789c5d3594eb14b8f5415771b87bf0
SHA15ef9e276a19e7e498a3c78a2919697a97e1591d2

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 856b32eb77dfd6fb67f21d6543272da5 sha1: 6597c511c2ee72f68f5246460f0683dae16dcade size: 24064
Section.rdata md5: dc77f8a1e6985a4361c55642680ddb4f sha1: 3d397ee25b2dd83ab741c67375880151cae94ed8 size: 5120
Section.data md5: 7922d4ce117d7d5b3ac2cffe4b0b5e4f sha1: 4e56bb1994226ae0285c7adee470777262de2c99 size: 1024
Section.ndata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 4dd3a2dca746c1aee8cd6c010fa9480d sha1: 6203bcf7e44822e1ae2b5eae6f387a0c070219dd size: 77824
Timestamp2009-12-05 22:50:52
VersionLegalCopyright: BEARPC¾«Ñ¡Èí¼þ¼¯
ProductName: ·ßÅ­µÄСÄñ
FileDescription: ·ßÅ­µÄСÄñPCºº»¯°æ
FileVersion: 1.0.0
CompanyName: www.bearpc.net
PackerNullsoft PiMP Stub -> SFX
PEhashd2165bdeb0b9c65d94c8331049b87ec2a9f61ddd
IMPhash7fa974366048f9c551ef45714595665e

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileIQIYIsetup_l_spl004@kb010.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileBF-BFVCenter[[AB005]].exe
Creates File1
Creates File1.rar
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates Fileyx_cqby.exe
Creates File\Device\Afd\Endpoint
Creates Filezhezi_setup_Z7FE.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsl2.tmp\inetc.dll
Creates FileQQGame_setup_wb_20007.EXE
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsl2.tmp\ExecCmd.dll
Creates File9377mycs_Y_mgaz2_1201B.exe
Creates FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsl2.tmp\Base64.dll
Creates FileMM-liao8302.exe
Creates FileC:\Program Files\2.ico
Creates Filesetup_95165069.exe
Creates FileOfficeAssist.0405.80.1122.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsl2.tmp\System.dll
Creates FileC:\Program Files\4.ico
Deletes FileQQGame_setup_wb_20007.EXE
Deletes FileIQIYIsetup_l_spl004@kb010.exe
Deletes File9377mycs_Y_mgaz2_1201B.exe
Deletes FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Deletes FileBF-BFVCenter[[AB005]].exe
Deletes File1.rar
Deletes File1
Deletes FileMM-liao8302.exe
Deletes Filesetup_95165069.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsl2.tmp
Deletes FileOfficeAssist.0405.80.1122.exe
Deletes FileC:\Program Files\4.ico
Deletes Fileyx_cqby.exe
Deletes Filezhezi_setup_Z7FE.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsv1.tmp
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\QQGame_setup_wb_20007.EXE /S" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\QQGame_setup_wb_20007.EXE /S"
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\MM-liao8302.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\MM-liao8302.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\OfficeAssist.0405.80.1122.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\OfficeAssist.0405.80.1122.exe"
Creates Processzhezi_setup_Z7FE.exe
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\zhezi_setup_Z7FE.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\zhezi_setup_Z7FE.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\9377mycs_Y_mgaz2_1201B.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\9377mycs_Y_mgaz2_1201B.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\yx_cqby.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\yx_cqby.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\BF-BFVCenter[[AB005]].exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\BF-BFVCenter[[AB005]].exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\setup_95165069.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\setup_95165069.exe"
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex2.ico
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSint.dpool.sina.com.cn
Winsock DNSt.cn
Winsock DNSmmliao.jianting.net

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\MM-liao8302.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\MM-liao8302.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\QQGame_setup_wb_20007.EXE /S" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\QQGame_setup_wb_20007.EXE /S"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\yx_cqby.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\yx_cqby.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\BF-BFVCenter[[AB005]].exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\BF-BFVCenter[[AB005]].exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\zhezi_setup_Z7FE.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\zhezi_setup_Z7FE.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\OfficeAssist.0405.80.1122.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\OfficeAssist.0405.80.1122.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\setup_95165069.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\setup_95165069.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\9377mycs_Y_mgaz2_1201B.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\9377mycs_Y_mgaz2_1201B.exe"

Process
↳ zhezi_setup_Z7FE.exe

Network Details:

DNSint.dpool.sina.com.cn
Type: A
180.149.136.250
DNSt.cn
Type: A
114.134.80.138
DNSmmliao.jianting.net
Type: A
122.227.42.227
DNS37w.xdwscache.glb0.lxdns.com
Type: A
183.136.208.114
DNSdldir3.tcdn.qq.com
Type: A
182.118.37.13
DNSwww.bangshijz.com
Type: A
42.121.255.144
DNSdownload012.e.chinacache.com.cn
Type: A
61.179.105.147
DNSdownload012.e.chinacache.com.cn
Type: A
61.179.105.148
DNSna.b9.aicdn.com
Type: A
72.8.188.94
DNSna.b9.aicdn.com
Type: A
108.186.7.129
DNSna.b9.aicdn.com
Type: A
108.186.7.130
DNSna.b9.aicdn.com
Type: A
108.186.7.131
DNSna.b9.aicdn.com
Type: A
72.8.188.90
DNSc01.i06.arnic.hadns.net
Type: A
183.56.172.47
DNSc01.i06.arnic.hadns.net
Type: A
222.186.20.122
DNSc01.i06.arnic.hadns.net
Type: A
58.220.2.5
DNSc01.i06.arnic.hadns.net
Type: A
113.17.184.10
DNSc01.i06.arnic.hadns.net
Type: A
121.10.117.139
DNScdn.coop.baofeng.com
Type: A
119.188.72.240
DNScdn.coop.baofeng.com
Type: A
122.142.74.12
DNScdn.coop.baofeng.com
Type: A
182.18.51.104
DNScdn.coop.baofeng.com
Type: A
218.60.99.66
DNScdn.coop.baofeng.com
Type: A
58.20.193.222
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.3
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.5
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.6
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.234.3
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.234.4
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.2
DNSna.b9.aicdn.com
Type: A
72.8.188.90
DNSna.b9.aicdn.com
Type: A
72.8.188.94
DNSna.b9.aicdn.com
Type: A
108.186.7.129
DNSna.b9.aicdn.com
Type: A
108.186.7.130
DNSna.b9.aicdn.com
Type: A
108.186.7.131
DNSdownload.pps.tv.webscache.com
Type: A
119.188.40.81
DNSd.14yaa.com
Type: A
DNSdldir3.qq.com
Type: A
DNSwdl1.cache.wps.cn
Type: A
DNSpubliclist.b0.upaiyun.com
Type: A
DNSdl.nx5.com
Type: A
DNSdl.baofeng.com
Type: A
DNSxiazai.9377.com
Type: A
DNSdownload.t.zhezi.com
Type: A
DNSdl.static.iqiyi.com
Type: A
HTTP GEThttp://int.dpool.sina.com.cn/iplookup/iplookup.php
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://t.cn/RZIvNie
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://mmliao.jianting.net/mmliao/MM-liao8302.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://d.14yaa.com/yx/cqby/sqft/905848/yx_cqby.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dldir3.qq.com/minigamefile/QQGame_setup_wb_20007.EXE
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://www.bangshijz.com/NWVmOWUyNzZhMTllN2U0OThhM2M3OGEyOTE5Njk3YTk3ZTE1OTFkMi5leGU=/40.html
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://wdl1.cache.wps.cn/wps/download/OfficeAssist.0405.80.1122.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.nx5.com/apk/20141222/setup_95165069.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.baofeng.com/BFVCenter/BF-BFVCenter[[AB005]].exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://xiazai.9377.com/20150105/9377mycs_Y_mgaz2_1201B.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://download.t.zhezi.com/setup/Z7/zhezi_setup_Z7FE.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.static.iqiyi.com/hz/IQIYIsetup_l_spl004@kb010.exe
User-Agent: NSIS_Inetc (Mozilla)
Flows TCP192.168.1.1:1031 ➝ 180.149.136.250:80
Flows TCP192.168.1.1:1032 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1033 ➝ 122.227.42.227:80
Flows TCP192.168.1.1:1034 ➝ 183.136.208.114:80
Flows TCP192.168.1.1:1035 ➝ 182.118.37.13:80
Flows TCP192.168.1.1:1036 ➝ 42.121.255.144:80
Flows TCP192.168.1.1:1037 ➝ 61.179.105.147:80
Flows TCP192.168.1.1:1038 ➝ 72.8.188.94:443
Flows TCP192.168.1.1:1039 ➝ 72.8.188.94:443
Flows TCP192.168.1.1:1040 ➝ 72.8.188.94:443
Flows TCP192.168.1.1:1041 ➝ 72.8.188.94:443
Flows TCP192.168.1.1:1042 ➝ 183.56.172.47:80
Flows TCP192.168.1.1:1043 ➝ 119.188.72.240:80
Flows TCP192.168.1.1:1044 ➝ 8.37.235.3:80
Flows TCP192.168.1.1:1045 ➝ 72.8.188.90:80
Flows TCP192.168.1.1:1046 ➝ 119.188.40.81:80

Raw Pcap
0x00000000 (00000)   47455420 2f69706c 6f6f6b75 702f6970   GET /iplookup/ip
0x00000010 (00016)   6c6f6f6b 75702e70 68702048 5454502f   lookup.php HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   204e5349 535f496e 65746320 284d6f7a    NSIS_Inetc (Moz
0x00000040 (00064)   696c6c61 290d0a48 6f73743a 20696e74   illa)..Host: int
0x00000050 (00080)   2e64706f 6f6c2e73 696e612e 636f6d2e   .dpool.sina.com.
0x00000060 (00096)   636e0d0a 436f6e6e 65637469 6f6e3a20   cn..Connection: 
0x00000070 (00112)   4b656570 2d416c69 76650d0a 43616368   Keep-Alive..Cach
0x00000080 (00128)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f525a49 764e6965 20485454   GET /RZIvNie HTT
0x00000010 (00016)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000020 (00032)   743a204e 5349535f 496e6574 6320284d   t: NSIS_Inetc (M
0x00000030 (00048)   6f7a696c 6c61290d 0a486f73 743a2074   ozilla)..Host: t
0x00000040 (00064)   2e636e0d 0a436f6e 6e656374 696f6e3a   .cn..Connection:
0x00000050 (00080)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x00000060 (00096)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x00000070 (00112)   61636865 0d0a0d0a 76650d0a 43616368   ache....ve..Cach
0x00000080 (00128)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f6d6d6c 69616f2f 4d4d2d6c   GET /mmliao/MM-l
0x00000010 (00016)   69616f38 3330322e 65786520 48545450   iao8302.exe HTTP
0x00000020 (00032)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000030 (00048)   3a204e53 49535f49 6e657463 20284d6f   : NSIS_Inetc (Mo
0x00000040 (00064)   7a696c6c 61290d0a 486f7374 3a206d6d   zilla)..Host: mm
0x00000050 (00080)   6c69616f 2e6a6961 6e74696e 672e6e65   liao.jianting.ne
0x00000060 (00096)   740d0a43 6f6e6e65 6374696f 6e3a204b   t..Connection: K
0x00000070 (00112)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x00000080 (00128)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000090 (00144)   68650d0a 0d0a0a                       he.....

0x00000000 (00000)   47455420 2f79782f 63716279 2f737166   GET /yx/cqby/sqf
0x00000010 (00016)   742f3930 35383438 2f79785f 63716279   t/905848/yx_cqby
0x00000020 (00032)   2e657865 20485454 502f312e 310d0a55   .exe HTTP/1.1..U
0x00000030 (00048)   7365722d 4167656e 743a204e 5349535f   ser-Agent: NSIS_
0x00000040 (00064)   496e6574 6320284d 6f7a696c 6c61290d   Inetc (Mozilla).
0x00000050 (00080)   0a486f73 743a2064 2e313479 61612e63   .Host: d.14yaa.c
0x00000060 (00096)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x00000070 (00112)   4b656570 2d416c69 76650d0a 43616368   Keep-Alive..Cach
0x00000080 (00128)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f6d696e 6967616d 6566696c   GET /minigamefil
0x00000010 (00016)   652f5151 47616d65 5f736574 75705f77   e/QQGame_setup_w
0x00000020 (00032)   625f3230 3030372e 45584520 48545450   b_20007.EXE HTTP
0x00000030 (00048)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000040 (00064)   3a204e53 49535f49 6e657463 20284d6f   : NSIS_Inetc (Mo
0x00000050 (00080)   7a696c6c 61290d0a 486f7374 3a20646c   zilla)..Host: dl
0x00000060 (00096)   64697233 2e71712e 636f6d0d 0a436f6e   dir3.qq.com..Con
0x00000070 (00112)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x00000080 (00128)   6976650d 0a436163 68652d43 6f6e7472   ive..Cache-Contr
0x00000090 (00144)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000a0 (00160)                                         

0x00000000 (00000)   47455420 2f4e5756 6d4f5755 794e7a5a   GET /NWVmOWUyNzZ
0x00000010 (00016)   684d546c 6c4e3255 304f5468 684d324d   hMTllN2U0OThhM2M
0x00000020 (00032)   334f4745 794f5445 354e6a6b 3359546b   3OGEyOTE5Njk3YTk
0x00000030 (00048)   335a5445 314f5446 6b4d6935 6c654755   3ZTE1OTFkMi5leGU
0x00000040 (00064)   3d2f3430 2e68746d 6c204854 54502f31   =/40.html HTTP/1
0x00000050 (00080)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000060 (00096)   4e534953 5f496e65 74632028 4d6f7a69   NSIS_Inetc (Mozi
0x00000070 (00112)   6c6c6129 0d0a486f 73743a20 7777772e   lla)..Host: www.
0x00000080 (00128)   62616e67 7368696a 7a2e636f 6d0d0a43   bangshijz.com..C
0x00000090 (00144)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000a0 (00160)   416c6976 650d0a43 61636865 2d436f6e   Alive..Cache-Con
0x000000b0 (00176)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000c0 (00192)   0d0a                                  ..

0x00000000 (00000)   47455420 2f777073 2f646f77 6e6c6f61   GET /wps/downloa
0x00000010 (00016)   642f4f66 66696365 41737369 73742e30   d/OfficeAssist.0
0x00000020 (00032)   3430352e 38302e31 3132322e 65786520   405.80.1122.exe 
0x00000030 (00048)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000040 (00064)   67656e74 3a204e53 49535f49 6e657463   gent: NSIS_Inetc
0x00000050 (00080)   20284d6f 7a696c6c 61290d0a 486f7374    (Mozilla)..Host
0x00000060 (00096)   3a207764 6c312e63 61636865 2e777073   : wdl1.cache.wps
0x00000070 (00112)   2e636e0d 0a436f6e 6e656374 696f6e3a   .cn..Connection:
0x00000080 (00128)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x00000090 (00144)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000a0 (00160)   61636865 0d0a0d0a 61636865 2d436f6e   ache....ache-Con
0x000000b0 (00176)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000c0 (00192)   0d0a                                  ..

0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   802b01                                .+.

0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   802b01                                .+.

0x00000000 (00000)   47455420 2f61706b 2f323031 34313232   GET /apk/2014122
0x00000010 (00016)   322f7365 7475705f 39353136 35303639   2/setup_95165069
0x00000020 (00032)   2e657865 20485454 502f312e 310d0a55   .exe HTTP/1.1..U
0x00000030 (00048)   7365722d 4167656e 743a204e 5349535f   ser-Agent: NSIS_
0x00000040 (00064)   496e6574 6320284d 6f7a696c 6c61290d   Inetc (Mozilla).
0x00000050 (00080)   0a486f73 743a2064 6c2e6e78 352e636f   .Host: dl.nx5.co
0x00000060 (00096)   6d0d0a43 6f6e6e65 6374696f 6e3a204b   m..Connection: K
0x00000070 (00112)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x00000080 (00128)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000090 (00144)   68650d0a 0d0a7472 6f6c3a20 6e6f2d63   he....trol: no-c
0x000000a0 (00160)   61636865 0d0a0d0a 61636865 2d436f6e   ache....ache-Con
0x000000b0 (00176)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000c0 (00192)   0d0a                                  ..

0x00000000 (00000)   47455420 2f424656 43656e74 65722f42   GET /BFVCenter/B
0x00000010 (00016)   462d4246 5643656e 7465725b 5b414230   F-BFVCenter[[AB0
0x00000020 (00032)   30355d5d 2e657865 20485454 502f312e   05]].exe HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204e   1..User-Agent: N
0x00000040 (00064)   5349535f 496e6574 6320284d 6f7a696c   SIS_Inetc (Mozil
0x00000050 (00080)   6c61290d 0a486f73 743a2064 6c2e6261   la)..Host: dl.ba
0x00000060 (00096)   6f66656e 672e636f 6d0d0a43 6f6e6e65   ofeng.com..Conne
0x00000070 (00112)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x00000080 (00128)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x00000090 (00144)   3a206e6f 2d636163 68650d0a 0d0a2d63   : no-cache....-c
0x000000a0 (00160)   61636865 0d0a0d0a 61636865 2d436f6e   ache....ache-Con
0x000000b0 (00176)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000c0 (00192)   0d0a                                  ..

0x00000000 (00000)   47455420 2f323031 35303130 352f3933   GET /20150105/93
0x00000010 (00016)   37376d79 63735f59 5f6d6761 7a325f31   77mycs_Y_mgaz2_1
0x00000020 (00032)   32303142 2e657865 20485454 502f312e   201B.exe HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204e   1..User-Agent: N
0x00000040 (00064)   5349535f 496e6574 6320284d 6f7a696c   SIS_Inetc (Mozil
0x00000050 (00080)   6c61290d 0a486f73 743a2078 69617a61   la)..Host: xiaza
0x00000060 (00096)   692e3933 37372e63 6f6d0d0a 436f6e6e   i.9377.com..Conn
0x00000070 (00112)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000080 (00128)   76650d0a 43616368 652d436f 6e74726f   ve..Cache-Contro
0x00000090 (00144)   6c3a206e 6f2d6361 6368650d 0a0d0a63   l: no-cache....c
0x000000a0 (00160)   61636865 0d0a0d0a                     ache....

0x00000000 (00000)   47455420 2f736574 75702f5a 372f7a68   GET /setup/Z7/zh
0x00000010 (00016)   657a695f 73657475 705f5a37 46452e65   ezi_setup_Z7FE.e
0x00000020 (00032)   78652048 5454502f 312e310d 0a557365   xe HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 204e5349 535f496e   r-Agent: NSIS_In
0x00000040 (00064)   65746320 284d6f7a 696c6c61 290d0a48   etc (Mozilla)..H
0x00000050 (00080)   6f73743a 20646f77 6e6c6f61 642e742e   ost: download.t.
0x00000060 (00096)   7a68657a 692e636f 6d0d0a43 6f6e6e65   zhezi.com..Conne
0x00000070 (00112)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x00000080 (00128)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x00000090 (00144)   3a206e6f 2d636163 68650d0a 0d0a0a63   : no-cache.....c
0x000000a0 (00160)   61636865 0d0a0d0a                     ache....

0x00000000 (00000)   47455420 2f687a2f 49514959 49736574   GET /hz/IQIYIset
0x00000010 (00016)   75705f6c 5f73706c 30303440 6b623031   up_l_spl004@kb01
0x00000020 (00032)   302e6578 65204854 54502f31 2e310d0a   0.exe HTTP/1.1..
0x00000030 (00048)   55736572 2d416765 6e743a20 4e534953   User-Agent: NSIS
0x00000040 (00064)   5f496e65 74632028 4d6f7a69 6c6c6129   _Inetc (Mozilla)
0x00000050 (00080)   0d0a486f 73743a20 646c2e73 74617469   ..Host: dl.stati
0x00000060 (00096)   632e6971 6979692e 636f6d0d 0a436f6e   c.iqiyi.com..Con
0x00000070 (00112)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x00000080 (00128)   6976650d 0a436163 68652d43 6f6e7472   ive..Cache-Contr
0x00000090 (00144)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000a0 (00160)   61636865 0d0a0d0a                     ache....


Strings
 " ".E
....
...
.
080404e4
1.0.0
!1Aa
#+3;CScs
9C';k
BEARPC
CompanyName
FileDescription
FileVersion
LegalCopyright
msctls_progress32
MS Shell Dlg
ProductName
StringFileInfo
SysListView32
Translation
VarFileInfo
VS_VERSION_INFO
www.bearpc.net
 *;#&~
-:~\,_
@&\;_[
*?|<>/":
*.,=']
@02!'5N
	0=2[U"
039%a5M
/07g\dx
08eVg9
09h_eH
`!0A6/{3
0B7Qw}
!0C&87
0|e/H5
0.eIP:$
%0EqaX
_' 0GWQ
0!hr1q
0hx>8!
0i8"G[
0|'k!:
@0%KA&
0$]-L	
_0^LZ4
0M$F?K$
0MfzxW
`<0mLM
_0n4n1
0_	p6P
0Qi|+o7
)0R3\S
0RV0ff'
0+Su$Y
0#tcKJe
&[|%0X
0~x6:9
	,0XfB
0}xyN5
0@zT04
=10z:4 e7
1/5>uqk
1AH@7t
1>biDe
1BXYxZ,
 1/f'aBA
1GGVG{
1$-H%B
*(1hfPV
1+?hp.
>1hsD!
1~}mq$
1}?|,O
1OC[`0W
1Qz(bW
1RJbtu
1xzq6.
1|z!;K
'1zn6L
=24nT9b(
25<VOn#
2'="%7
28F[y=P
2/8mrY
2b/?H2
2c N*&
2EES7{
2Ei.8o
2GDW	ER9>
_2gxci
2iavRQ
2I|vOa
2J9V9I
$2_	kPE
2K=QJl`
|2>	kR
|2ku[;
2k\wer
@2ljemH
.%:2mp
2|mPIg
;{2OCJj
2q{k4)
2R]#6a
2@&rTo
[2S\zp;
"2T+64
.2u,O4e 
2V>+i$
2w$&1s
 2wtJN
2x45<P
2XhJBh
2<y\`]
(2Z,2C
 30-+V
322$.Z
$32c?\r(
32=h\8g
]32#l,
3;/66j
36I-F'
37Af.xeP
<-39^G
39\?/P
!@3!% apB>WO
3Be6/y
3D$COI~{
~3eJUa
?3?F+2
3gT8'N
3?j+u5
,&]=?3K
3Kz>Lu
3(L/'	
3lCwn "2@
3$lzdA>
3{neZ,{n
3p||&kJ
3~qMgk
3UeAh6
3Y12{7
}3^Z_W
43mPv	
4}59`F
46l {x
474\!9
486cW"l+
48Qe;$*
"=?]4/b
4>C:qz
4EA9QL
4F%)	]
4GK6CB
4}},h_
)]4I`T
4iv]gL
?4@^L'
4'n>gJ
4O|]}9
4oLli5
4;P]2\
$4PEz|_
|4'rLa
'4RQ]9*
4TUSL'9&
4W3i\(
;4|y3]#v$
5;)]0p
50*<"ph
5~1pW>
]+"54c
<54fgf
56a0tq
*5`-"7
57)U`>
5+>	7x0c
(<58ZuZ
59RAoG
5a:bN?
$5bf:Y
5`C&kh
>-5.CsV++v
[5E''01
5}.e4j
5=#!e]%7_f
5eWTJ_
^*5Fe=
	%5fUD
5G-8,h
#_;#5I
5^jdyw
"5j'kU
5kPM;`
5l2nsh
 5M)`Z8
5n~Tz-&
5o4	ve
5(O;zb
5pfieni
5~Q\3D
5rnPCy
5St}_;
=5``TJ
5@tlH[
~[5T&Q
5v^oTfl!
"5V}z;d
]/5w<}:}
(5w!JU
5W<<-[%*K	
	',5wP
5xK*kv0
5Y5:RUZ
5YXHLZ
/6~#0)a
)61/W_
@ 62M%P
6}4];*&
%65<=c
6)	5ote%
#<_=665
66bo}m
67|>8H
;67wln^
6*9F8@
6blrP`
6FoL[c
]6gi`p.
6HHxn3
6,i.hK
6KM-nlp
6>:lLXM
6lV<	F
6,%lzXqXY
6n6>n|
^6ocyT
6'>~p+
6p]	NE	1
6r!NB4
6 |rV\q
6SPr:4'
=6uZhz
6w5siQ
6Wd*D0
6>X|Q3
6y]C&!G
=-/+;:7
72c~7`
7>3+;D
74*qOA
!7.4s<
>+)7!6
7@6%?3
76zxaOVz
77$Q/&=M
*78:YU
7,([A<
7AB}uV
7~a<f<n<e
7g/m~|
*7h fi%yDD
7\HX&D:9Q
7lq E|H}6
,7LW!\N
!7LzI=
&7n022
]7ogKY$2
7p%0Ee
7p<*hn
7rSiS|
7tGpo3
|7TYW4
7uGwK@
?7-Uw^
<7[v5#
7/v$Ag{
7w+$l%~
7xak42
7xt&6_B
!7xT8R
	7ZPg}+
8208o0
8	-2K&y#$
,82x<a
83b.u.L
)83vH?q
%8[5cq
8+8:S8~
-8ESPs
8[_f++
(+8)F!s
~8h I('
8H/RY`
/8HxelH
[8Iyu4
8jYC]sG
8K1I..$
8L/,,'
8maX_U
8NCRCu
\8nd_k
/& 8Qo
8RBx?\"\
"_8w;D
8Wuxme
_8wyhw
 -9<#;
!&%9`%
*-:9$=
=91`s`
['92""
97A|m|
<98=xz
9/9UDk
9aAE93f!
^9dQ=$
#9e2r-)
9.e`%9
9G|GM%+q=
9#I@8@
9>i9Z7,
9IDl8`
9\-	J?
9_%,Jp
9Mprt]
/*9N&1
9NCo[Ns
@9p]^Vl
9QaaMZ
+/9Q;D[
9q	!FG
]9,&QL
9uL.sN
9=UN[~
9{U$PqI
9vyu/)
9$X2;=
9X$VqAK
!!9&-y
&9Y4wz{(!
9Y?'_5
@9y$+ig:
*9Z_H(9
 ,}<A&
a1B48/
	A2|Ih
_&~ A3
a:44;kX
A:6O2b#
A7gGDvi
a!7O"l
A88Duw
A8Z8//
Aao!{7RN?
Aa~yR<Z
A`,B}?
,>^a?DB
AdjustTokenPrivileges
a`ds&2U
ADVAPI32
ADVAPI32.dll
AG|,Is
aGn{1yI
A-H*6c!
Ahk7EcEh
a=I7Wt
aj~2-[/
|aJ%-b
A#JB)o>A2
algy:d0
alh0>Cfd
(~a+lk
	Ao94w
apo8]'
AppendMenuA
APWi+:x
aq\/_G&#
;A}QTMM
#a'T-.
A[TNgk
AUJ`Dt
a^Uq=TM
a]u;t'
a&UWT X
\AV~C 
.<a~Vi!e
avk]Og
`}AVvO,w
AVyU@X%
=avz<R
]awDPhk
&Ax5<C
aX[u%+
aYh''[
_AY;\y
 $+b*_
b0*j;'Dpo
{b0m67
b1l^Q[
B"4-ac0A
B782A%
B#}8+%
b8DZE>
B9{3<v
?bA37}
b>;af{
B{Ar;B
B#+C4k
bcerd[
BcR!"G
bd9&1L
BeginPaint
/bg&kr
)BGTMr
BH 7y}
bh)F5sA
bH,.FX
b+hIQ0`H
"B,'JS
BK9RC+.s
)bkVBh
`bl\\;
BLF0]Y
!bLh4>
bM:,|X
+':bNRJP
B~$O,.
%Bp87<
Bp&r9W
b"Q)]k
:[B@r!
&BR{b2}
BRm!cyC
b'ROB~
BRY3&P
b@[tx]
\BuH"+
bWl; b$
b&xo{()
>+B"}Y
B&y4Ld
b^Y	+W
/^`'C0$
&C 0?C Py
C0t|j^#
C24;rD
C2a2N2q
*C|(358
c3\&Km
C4iJ\f
`c5o	 
	C,@+^5Oj#(
|'C7Hd&
c=7+s#
?&C97v
CallWindowProcA
 _cAUKA
;,CbCg
|cbN>w
C,b$tR
!C.%}c
C \,[c
|ccDqX
/C ~D$
|Cd^3l
$cddyBt
cd-oR;
CdV^27uJ
cE/08N
CeE8|H
CexbYW
CE{.Y,
Cf&C}8N}
:c^Fh "
'c+FP9@L
{/cG\e*
CGS~U[o
CgUY"^Y
C"hAp3'
CharNextA
CharPrevA
CheckDlgButton
}cI>k`
#cJY]L
c_Ks"6
/![CKt
C`)k/U<
})cLe'
-.C#l<nf(
CloseClipboard
CloseHandle
_<_\Cm
cm+0w$2=
cM1t?b
CMjZAC
C`M/O~
Cnn[&[T?
Cnw}p?
CoCreateInstance
COMCTL32.dll
CompareFileTime
Control Panel\Desktop\ResourceLocale
CopyFileA
CoTaskMemFree
C~,/P{
Cp|7Vn
+CpGY4
cpTaD,
cp;u>oz}F
crbS]h
CreateBrushIndirect
CreateDialogParamA
CreateDirectoryA
CreateFileA
CreateFontIndirectA
CreatePopupMenu
CreateProcessA
CreateThread
CreateWindowExA
cr_Jr;
c]rsll
+cs=f*
c/SJC*Y
.C$; t
\c(=T\O-
cTS	Vc3
#]C~Uy,
C.uZay
cv9gl&
@};cVkNJ
(/cW:&
<$cW[5`
C)W7UJ
Cwkg5_
c''Y&/e
... %d%%
;]{^"D
D$0+D$(P
d0Xya>
]d1:3I,
D4gU7u
d6vau/.k
*D9@`3b_
%$DaH&
@.data
d}(.'aV
daVT#}
DB>5	 =)
d;B-AZHH
DB#\=s
db_XD@
dc1'{g
d,#cmOA
d)|{d@?
D$(+D$ SSP
de27Z#
DEbWyb
.DEFAULT\Control Panel\International
DefWindowProcA
DeleteFileA
DeleteObject
DestroyWindow
d-eZ5gU
;D:f.!
>Df[5t
dfT&Yj
dgb.r5
>dg-L 
dg+Y(4$
DialogBoxParamA
D)ih;l.
DispatchMessageA
d:(J}F
dj+vH$
Dku wy
D.KWA<7
dl|"2d3
dm5M5	~
,Dm]C!
$D]]nS_(t
DNTSM#
Do-?[q
d?orcnM
DoUFWo%
D$$Ph,
dQp`+~
D r&&9O
DrawTextA
drhyoD0
drm%}B
{D!Ruo
{DSC<x
D$(SPS
#|dSWV
d]VWzN
dWAl|=
dw	r{qs=
(}){:dxI
d+z+,,
DzSj5k
-*!$%d:ZU1N
e~~|()
E0$^'g
e1 [b_q_
<E`1mR
e~29R(
E2x;y	5N
E3ygBD5
e5Jqpx
@e6hrL
,E6[VGf
E`8'Bc
e)^8ZxY/
}E\(/9
e9H:)9
e?&9>P
E[A;5*N
Ea;h5 
($e$%b?
{:EB@#
$!EB>a&
EBFF_c6c
=e@EdP$
e%Ep*p
E?,[eu
E~F\iK6
EfYe,Y
eGLS;d
	E_G~N
ei]3~LS
ekK63j
(?E.,L
'eLD-@
EmptyClipboard
E<_'N3$f
EnableMenuItem
EnableWindow
EndDialog
EndPaint
E)N=$WV
e=:>o]
Eo|,e24	
_EO	'X
 EPj4P
(EPJ@I
epS=.N
#er2Kg!*
Error launching installer
Error writing temporary file. Make sure your temp folder is valid.
(E*Rt2
_es&k`_
ES|t6?Y<
Et$.}?
EtjF2]
E.u,,Nd
e%uy%u
e"v=$7E.ua
evk+mJ#
ExitProcess
ExitWindowsEx
E[XK.= 
ExpandEnvironmentStringsA
E|&`Xr
ex=x,Tz
eYU_UM
e*z]/r%)
f0q`#}7
f:1iI|V
(F#3uA%
f+3zn=
?F48$:d
F"'4i<A
	f=~6(
/F68x5
f6+ o&`i
f8FT*9
&|f:8rZ
F(!9lq
$fA~P)h
:F}%c:
(%Fd)a
F|"&e-
fer-Tf
],>f	f
F&F&&F
!Fff}W
Ff&R`:^
@F"gLU
*&fGO-
\fgst/
FHCUTO-
fH]t?zM
@\fi!E
FillRect
FindClose
FindFirstFileA
FindNextFileA
FindWindowExA
Fj7(-"ASY4
fKN[ZT
fLufgjv
F;L~\X
FM!|G%N(
[|=f<N2b
f:OcyA
Fp.[6i
^fPqgO
$Fpum_
{f;_,qe&
F$QWzr,
FQZZ[B
FreeLibrary
fs94W!*
Ft76-o
F/%t_c
Ftk3a'
	`ftSP
F%TT\Bn)
ftyK!'w
Fu@)8-
(F[uMg
@F.!uPJ
f{utdJ
FVtsDE
-:FvyLu
;	fW0v
Fw\<3 
FX8!J"
fXIPpF
@Fy?+'gk
Fy# Vu
fZt}=P
,={g|(
["g,.;
G >#1^=
G25(/'][
G2a*M2jk
g(\}2R
g5/k6il
g&6FTFs|
g!7{[_y
G,&"8eG
^gaGB@$
GAiKDAJ
}.GAN\
GA +Ufv
/GB4r]
{gB,{H
Gb.(nJ
gBp-]\7P
gbV=WG
G[b%=Z K
+;g/'c
gCF@x{`$
G%CS_g
GDI32.dll
'G/EF#+.iz
GetClassInfoA
GetClientRect
GetCommandLineA
GetCurrentProcess
GetDeviceCaps
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDlgItem
GetDlgItemTextA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFullPathNameA
GetLastError
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSysColor
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetTempFileNameA
GetTempPathA
GetTickCount
GetUserDefaultUILanguage
GetVersion
GetWindowLongA
GetWindowRect
GetWindowsDirectoryA
GfB;U4hU
~ggTEo
Gh#5eJ
g`).HQlG
<GhV6]
ghwU2(n
~Gi{~e-
g"}IPN
Gi}Ren
gI)[X5
-gkX-F
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
gl<U(rNJ
G}&>-M
gmZ3xT
]gN/{b
%,GNw%
g+}o>=
G[os84\^
.G)o~u!
GO{~YH 
gq!(e?0
G(Qjva
GSHvD6N
G}.Tfy^
\gt&x]p
guAIR!]
gU]%.x
Gv}-i$
Gvi:]I
gvQ'o(S
|g^ \X5
gx9C7oF
(GxqA;a
g.ZO||k[
&_h>'|_
H;,16G
h'	<2 
H3	sF P
h4g2+y
h4mcb[/
$H7Db@
H7M.s9w
h7{Of}
HAJwf]E
hA,z='
HB9}lF
hB*tJB
Hbv.xfs
HC9+CS
h;(CiHd
h\?}dm
('h<`e
he#gp#
HF``4_
HF8MW^
#Hf,#D
{_HFlJJ
{h*(}fqg
hH+}7v
%hII5	K
H:JrX\s'
hJy]8b
H@k>j@#c
HKmq6|6(+
HLDUTpUK
hmNHsq
HmRfCr
)H}NT-|R
H( &N$X
_h#%'o
ho0gJL
hOeFv0
&HOE]V
hO<;l:MqUU
/H^OV8
hQ5KpJ
 HQs	;
hq~VGN
H\RBWf
H]sdhQ
h.SgSLD&
Ht]`8q
HT-a al
[htA_v
H&T}ayE
HT.DREt
http://nsis.sf.net/NSIS_Error
HtVHtHH
hT%v&L2
H[u.Z|
hvk0]Z
h&.W>~-
hW6J%9
HwR"d7
}'H\X $~
`hY}y!;FV
i0R>R)
i!!0_x
`I3[1n]@L
I3RjSk
i6L2bi
i>@6m/
.i7V']k
-I!=8)
>i9ZxK
 Ia46,a,
IAWrv9
^ia{@.y
i-b{qS
{i|C,!/
icn'mE
i&DTDF
I@'eOX
i*fJ";
IH`3%&V
I@$HT;
iIw#eG
ii.y75U
i_KO'&
ILfi=^
i)loA"
?&$I|lug
IL~Y:_
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
	in6>n
in"$a#
incomplete download and damaged media. Contact the
IniJH"
Installer integrity check has failed. Common causes include
installer's author to obtain a new copy.
Instu`
InvalidateRect
Io0z|g
i,o26O
Iom0Gh
$ IOY#$
IP0roY$
Ip=9J]n
:iPa{=
	iqmLI
i(QT`S
:`i"Re
iRichu
i"R>R&R
"irY.VSg
IsWindow
IsWindowEnabled
IsWindowVisible
/]Iu)*c
I`uCMf2
IUmeSc5
IV!62\/fA
i#>w2GI
`IwBD{
"i]wS6
i	x![=
ix@z(t
iy0"sJF
i.YF@0
iy@VSt
	}</=j
-J1Ihbl
j$-|(3
J!4T\`;
j8;Rgm&
j9HdOG{{
j%A5<q
jArp",
".jau?
J;*BDbe
 jbR:O
#JCgV<
JCz#.i`G
j\{D$'
jEE${E
Jen?TT
-*!JEqfi
j f3k"?
J{fm_|B
J$fTc[d
@j#gHs
JGx9HXY
jHl]#.
JhWX$g=
"JH_^Z
#j'I:^
J=i?XU
jj4k4/j^
JJ;8Nn
"]JK?q
`/:jku
Jo9Xrf
?J+oc.T
(JO|"G
{;^[jp
j%$Puij&
 J+~*q
j?qg^VI
""J@QX
j}R|ZWzO
JstL_C
j*su>g3}
JSXR.:
J^*tU;
=Jty`w
J<uab#
J.U+A)oe
j~\u)M
jvgWHu
jVH2~Y
Jw07_a
>JW/O_x
};jy=^
JYNv}Q
j!z00Zf
#JzGe_
}>_<~k
-*-,&K
,?$K-_
!k0DmZ1
k3ggMcV
k3S*Sc)X
k'3xcZ#0`
K!44k7r
K4pH%"
KA&kB4
kBEO2`
_k:C??
kc"-{9
K%CE|%
]k!ch;i
KCleDi
K]$Da&H
k<d<a<kl6
kDDVND{`
kecxBX
KERNEL32
KERNEL32.dll
kf8-Rz
k!F|J-
kg7DeKJ1)
K},g|C6
KG/S#J	
K}hRbI
^k,iR}
KIvcRG
}KjyLw
``kk	9X
KKJ<r2
,kL^$0
"kL)cRP
k"lXaA
kmwnd3
#($k&n
KNfe^e
kNj~D[
:K_O@C
.KoXJ<*
K`P(2&
kpk ~u\
KqJO]f
Kqz8Z[
.|:k=r
&KrbLk=@
ksj|oD{ht
ksNiUc(
K(`su9
ksYupH
;&k,tc
kV7V65
kv\@jF
(K}W8S
kw>t]#I
kwxKRl5
 ==*kXA
kXO&aJ'
?K?%`y
?kY#fk
\kyFP>)u
"]k=yw
kZ{:@l*
;k,Zvc_h*
['/},L
>\L1D#.lu
L4R+X0
l ~8FU
l}8mt8
_L]9 s
L9W9HvhD
l;'.Aa
laAQn2
lBa\'M
LCjWQM"N^`x
l	Dq8e
lDra_+
LD_rtr
LeAS{U.
?.#lEp5
	Lf](<
LG dgl
LgM`|	
lHcdd2
l$!hR[M
LI1qzZ
LIn=@I
@-_lj=]
lJ$fS"3
LLYT]T/
!LlZ/V
LmiyC	
LoadBitmapA
LoadCursorA
LoadImageA
LoadLibraryA
LoadLibraryExA
LOe}%"
l?@OL9-
l)O[m(
LookupPrivilegeValueA
LoWB3V_
lOZ8z"
&LpKz.v
l;r*,*
`lR[Ks
L-:Rm-
> L~RP
.,lRXn
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA
{'L_$Vn
lvo]J7x
lweY7m
LwO L0
`?'_lY
Ly4[mNs;
*LzBP|
>Lzjd~
lzkcB~
M07p"/
~M\0@X?
m1&(!hZ
m3E}q+7 
m*3p!n
	!}M46u
M5KjzNY
@|M5ssT($
m\6cq0
M6{gyk
m72RTj
m`Bj*Lz
:mbjwl
M`~#C#
))<mcvF
=)m]Dn
m}dz*:
:me9D(
mE-'LJ
m EReM
MessageBoxIndirectA
:?(M_F
mFn0:a
-}M_GAR\
/m=GKn
*MH~Rb
\Microsoft\Internet Explorer\Quick Launch
mjA}k$
mj^e<e-
~^mk9|
`? mlm
M`m&aR
M*Mltc
mm{#MC
M?no)&
+_<mo"
$[mO~7$
More information at:
MoveFileA
MoveFileExA
?MP[#|PfPaU
mq-`9.
_@mQILb
M/	qU"6K
&-mrF1
mrf^ivl
:M#%rG
~:[MrH
?mS=GU
& m'U6~
MulDiv
MultiByteToWideChar
MUmM8Iv
MvPyA	
M,V+/V
m]vvlD
mWz|qi
MY{3o!P
M'*y{6t~
My6xlW
#mYiW9
~\m}yP
)MYx5V
MZXDr^
N]]-0:
N%_"~~2
N'2BVq
N\&	414H
n>4yxo
n59=^]
<N6'N>yF
n`6_\t`
|n6,>xLAEGX
N@7$w@
N8>k8:oX,}Z
|%n[9hqBsh
NaKY+-
nAyYv._
N=`bAy
nbw$9m
NC|]\DtZ
$nCt]5
-Nd]$8(
.ndata
:N_FdU
NGIa>K
n$:gs~
N`[?j.
~/NJ M+Gc
Nj,R^r
N$]!JXp
_/+nl;
Nm0&bwF
N-M;gH
nM=J>q
/"n"n#
NObXT*	9
%nPi#%
N P]xQ
)n/q[G
N"r>"e
N>rO\6q
-N-sb1
NSIS Error
NsSXvT
~nsu.tmp
N sWyp@}
N(SXIR
Nt*H=.
n.u0c,*?9=DqX
n%-uE,
NullsoftInstlq
NulluN	E
#'nu@U
Nwb(iY
n!$WUP
NWV:U1}{Fh
nXCVU7
NXn>8UgP
NYtl8`
Nytx>!
NZ:8iq
NZaPpW
N~ZB'1
nZJd`}
}(\_o?
_#~\}O
!o4RS'|
o@5w	Ft1
O.62E]J
*	o6$kj
(O8QRd
O9e<x$
]O9J.H
OANLF2
oB`_1g
o^BiZk
	O'CKc
ocOj/??
}&oc_r
O/|\+cx	
<oD$h~
;oDnZ6%
O|dpHh9e
@"Od?tk
?o#ebM
OEP\jm
o-FPaz
]o&G=:6
oG'hcx
oghh.u
Oh,Ahp
$~oi{2j
OJ	:Dz
o_jG)P
o%JH.?
ole32.dll
OleInitialize
OleUninitialize
>*}Olr|$
(O!|!m}
>OMH)>5$
oMljz{Th0{@
|oM-o[
oM-}qT
O)MS;9
omwjPHQ
Onn^-c
? OnYN
ONz|nVn
OpenClipboard
OpenProcessToken
'oPk4|d
$OPOK`
{	<#O`Q`
or$>H)}|
ORL.SL/
OR`P.mG
!oT5H9
oTE:7#
`]O<u8
ouMV)~
-,o=V_
[)ov2Tj
oW@"DjNX
"oy2#%
O^ZaSi
ozD.At
oZs9H'@
oZ.TJ&P
}@/%<p
p0h)C{
p0Y#_tZ
p2wyo'j
p3nz	ds
\P3zUkP
p{_4aw9d
:p4T|'
P4T#pM
P)5/o!
P6$oHt!
p`80p\
<p\a3(
('p(b9I
"_'PcE
PC|GS#
Pd&#2k
PeekMessageA
pepmpnp
PEZ|.I
pf\>azq'
PFo:<%
Phj{p*
PHwh?RW
P=,"i+
"-%Pij
~p~iO$e!
P!IS^DY
Pi{Zg.
P.J!l-
=PJn|KX
p[K9Pv
PK_Bu`-
P KcG_
pke9xkb
$Pk{R0
&pL=i)
 pm+b^
$P*nxk
#{POc{]1
PostQuitMessage
	PPp@@
PPPPPP
 }<#'pq
pq{\JV
p.(Qk|
pq<wAq^
pRumZd~Y
pSSI$1
{[%psv
psY"xf
pT,w#&
p*WCh2Uc,
pX<1'|
PxXaa"
]p}z .
?Q3./v
Q=|4hT
~Q4NH*H
Q524[,K
 ~Q5@6
/Q}8=Ox
Q9[(qD
qa2sIn
?q~bl{
Qc+a~y5
~Q{d8<
q#@EJ	X
,Q*eMV`
Q(#',F
{QFCO3
/QFPnR[
QG!F*p=
.QG;]%V
QHBha1
!Q%?H#k
*q<j=#
q_J"$|sx
>q\}k4
qK?&d(
=qL:s\
/qMqfC
Q,N(0A,#
QNA)j0K
QNyw.6
qpEHfEHZE
QP\X\Z
QqAl5R\
qQ>Cwu
QR*k-z_
)qS7=Dn}(
*&QszE
qT]T[1
%QTVo6
qvA2W>fN{
QvkLg6
qXC4mt
Qx}c'f?
Q	X:oW
QXtDI[
q<.?xTY
Qxx;Re
$QY-|}
QyOg\t
q}+yy=K
"!)r`*
*@ #[R
;r0H%j
R1J"@ 
~r2.-$ei
r3!?cH
R3$!R9R
R()4uc
r5?JPJ
}R6YL'
R7q0K|
r8?!7H,
r@A]2<+
(	rA3,M
r:BbyT
rB:mu5
RC8MR~
`.rdata
Rd#F}I
r^E4y`fnZ
R?E>6	o
ReadFile
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegisterClassA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RemoveDirectoryA
[Rename]
"r"&ET
rf)ivT
RG!2Hc
`r.!GR#
rG[U{0dZ;
.rh\CX
	rH`*Gs'
RichEd20
RichEd32
RichEdit
RichEdit20A
+%RiG!, 
R]IlQ 
RKm5I%
Rm@HG'F'
R	n1g}
Rn(4&b6
R/o:9!
roB1o'
ROq0tN
'}r%PG^A
:*R{/Q
r	Q+kT
]Rr^Q%
:>&rst
rT*)#)
r|TH&a
R<T!N&
rt<N;{DSA
r*=-U&'
=rU4WY
:rufP[~
R'uu`~
}^&/rv
`Rvxl#
r~:zAt
r\zay"m.
@r(>`Zc
S0C~zH
s1UnVC
s4KANlio
S%4-T!
s@5d6)
S5uHe!|X
~S8;{u
|"S,?a
SA?:Fz
s_aH!M
SA$kOc
SA	Ue~
sB,%~0H
SB 	QC)
SbX'^3
{Sc1ZI-
%s!c)gM
ScreenToClient
sC+s\2
sDjSzl
sd'zjO*\2
SearchPathA
SelectObject
SendMessageA
SendMessageTimeoutA
SeShutdownPrivilege
SetBkColor
SetBkMode
SetClassLongA
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetDlgItemTextA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetForegroundWindow
SetTextColor
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
SGG-aL
SHAutoComplete
SHBrowseForFolderA
sh%??c
SHELL32.dll
ShellExecuteA
SHFileOperationA
SHFOLDER
SHGetFileInfoA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHLWAPI
ShowWindow
sH^r}Z
;*sj0>
S+jT+:
s`JT[+m:
S$,jVbI
SkYa%P
sl/BlYD
sL[s|@
=sL>X7F{'
]sM`;8
S&;m$UX
_;$S$N
softuW
Software\Microsoft\Windows\CurrentVersion
sOirNp{!
@SOtT-
`S?`Pe
s<p>#t
*;/&S?q
S]Q@Ms
s;Qnbt
SQSSSPW
	.sq},u
St1JE%
[S_Tq}n
!\St}w
s ]u>3p$
Su9k)x
(s<u,Y
 $%sV/
\s'wL<Q
||SYgit-
SystemParametersInfoA
)'\,sz
(s=zOL
.szVwK+
~#t;;=
> _?=t
t \} ^
T0d1i'
	T%0?O
t][1k6
T=1<l<
t#5{e*
T_6X$%
t6z@!n
T\@7@8
T&!7IE
t7>]$MT
=t+9p3
T9q:,MS
t#*a8A
t-atY	
TbzdS/_
T%cR,H
@Td#Zr
TE^"N*
?t|F&C
#.T*FQ-
<T}[FR
t)fRQs
TGBJyi
`T)g$J
!This program cannot be run in DOS mode.
Th#%r?i
TI3M44
TjD6I,w
tk+>Iu]
T~\,kp3
TLTfLj
%~TndZ
tNJ.7O
t*!NNEH
t%o&'D
TodbX:
ToHTts
t#}OrN
_^[t	P
>tpk^nN
}tpTaQ
t}Pt)B
/T&Q=	
:-tQhM
TQK95SY.
+Tq<~XW
TrackPopupMenu
trE!\*
T rrVs
?TSM9A@
'ts<Qb
tstMsu
Tt2~^-0	+~
tTgvVa
TU{%xQ
TVT)^Mm
-tv^Y5
TWRL/dN
TW:r]R
tXK;cl
T!XO~}
T]Y,Hm
tYxxx6
#tZBW69<
?u#&=^
(~U<>'<
/=U0_G2
u1]2L<
U1S'i&
='#u1ze
}U,!30
'~*u]5,,,
"|-u5&
U52Fx^
%U#6S<[
u9(aLR
uaBYAD
UAJg*`
u>aN:Jp
Uat8V|%
ub^!-Ubd
uC{7Qi
uDaNoc
#uDhv&
u#D~!O
U~dUelY
ueEhwG+<
UE|v*M
UE(\XE
u!~f`P
UG}b~u
;Ugw5-
!UhAw:
UHlm;]
U}h-M};
??Uiij
U.iNBtY$
 `^^uj
Uje^ApU
uK6od^}*
uKfQ*,
Ul%4#p
ulp7@]o2
um\%mA
:'U)MO2
um*@=>P
-U	mw"
un,nqW
(?]UN~YP
-uOo6_
UOqYF1Bw
_uqCa}
;urPQ}
USER32.dll
#|'UtA
."UTOy
,uTTx>@?
UU1A_d
uU4v81
UuowOw
%u.%u%s%s
+&UU,)yy|^
{uv-&p
uW}2={;F
,U(Wc%X
uwkO?h$]a
(%uWyH
U!]&xb
uXG.)+
`uX\%M
{u{x	V$%
*uYd6F
uY"t)=
UY%VkI
uY!x^<
UY!Xdz
u<z?E!
,<];{v
>V\/		
\v?(1O
v2}k5j
V2$Ny<K
{:V2[=P
V}`))2z
v;/6V4
)V7>&(
V84\,M
vaFM ;
vA<t b
#V'}b^^
Vbn-il
vCL;QCC
verifying installer: %d%%
VerQueryValueA
VERSION.dll
%ve^Xm
vF!FpD
V>F)@J
VFjV,]
_&vGq*
vh\|uK@~E
VhusA3
}vIL2!
ViW|ZW
v i.xF
VJ*U/Z
Vk^cO:
"vL|yY
"v|Mn9
VN8jRBN
VO.>j_
	|voMLP
VpgZy]
Vq2$zk
>/v=QBg
v*_QpYF
?vrGF]J
vrj]sCG
V.S6)[
vTe#!M3
@v<.TL
VT(r5d
Vt:v-l
VTz;qP
vU>,t+
v%V09S|
VVCcFj
v#Vh;+@
*~VV:J
VW31Cz
V}w)Bu
V:WeWdFJ
vWFOl:5
(*v-W=j
vx6S8j7{
v;X-a,d
:vxt	+
v_`_\Z
VZ":@{
|w}\"_
:	}:-W
w1h_];
}]w5/)w
w6Px;.+
!w@=7N
wa	@HF
WaitForSingleObject
Watk[r
	=/Wb02
w"b<-m
W<b^x >1}
wCgJA1
wC}&Jf3
 wCxOM|
$wdOvHw
@We^1gX^
We)8SiH
wEEZ^lV
|w;erK
Wez.CbG^
(w<f#A
#w_fL$
~W/G1+"
W.GIlU
WGkaCw]Zo
w^g*r+
|W^H4,
w]<H-p
WIB],V
wI*z2;
Wj!22m5
w%_{^jHZZAz!
`Wk&'}
wk"4+4[5
w{K<)o#
WKq2o6
wKtrv3:
wKyZ[g	
W@lD[&
w,mhJ2
WNna! 
wN{Wb^
w,@_o+
|wOpT+M@
]wPt)0
w<ql$7@
WqQ>0P
WqTaIo
W"R?46
WriteFile
WritePrivateProfileStringA
wro?A4G<T
wRO?D)
W?rYg~#
@>wSKF:
wsprintfA
wT3QeH
W,trgJ
wTzk%c
"WUk PG
)W:}~V+
[{#Ww=
^w'W.w
  ,!#'{Wx
W<x8~Iz
w`Xq_z4O
Wx}})u7M/
WyE'*l8;
w[Z}gY
W.zI}/l
~-x?/}
{*)|	x
"x/0e`Y
<x0r@5
x2	Ar,
X2_)?%g
X%2ga.W>
 X^2Nee
x3D%&%AO$6
<-X$4.6
x4[cNq
X~4@d>
x4gpCz
x4K0z(|
]X7(z'?
x9}'\]
xC.5.-
X'.[cGw
X'c'p]
%('@_=$Xd
Xd'lN]
]-x!g,
:.XG0'
X@gf;0
X<I*2kr
X;I@b?
%XiDJ(Gj
 xiR&s
XJ>K_t
xk8uS3({J?j
@	&x_Lf
xLi~8u4
xLU	!0
x M7xX
;xM{CW
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
,`*X"nB
\xpaRz
x/P"u?
XQ{L+~
X!s8|E
xu/{At
#x)uC;t
xv8E1}
xvA4TT
/)]XVV
Xw|`.a$)
:xxL -
Xy-> s4
xZ\U'F
 |>y<}
"*y ('
y/2,2Z
Y5%KJJ
=	Y-7)
YA>`?=
;yAb?9
+;^-%y.Aee
YaFHn3
'Y]C=AT
y cDuC~
Yd0=A\
yd^	d (
`ydph#
[y@E7&~|V
^y]{Ev@m&`l=
)Y`~*F	
Y*-+gF
YG:Y+U
Yh)i	t
[YI%]i[
yI*u?R
y!_jcw
+yl6[C`
'ylnuf
yM30'HF
(Y(MEu
yOjffE
Y&oU0R
y/{-Ozh|%
y&|q	`
^Yqo].
y,/.QV
Y>\r;_
Y&R0p)
yRPCL>
|Y)'S'
#;YSmnR%
y@sZ38dFHM
Ytt(g*
Y+U}os
/yvc'`
$YvKA&
:yvZ,o
/){YW0p
Y<=WCP3;.DP
Yw<me=E+q
?|=Yx*
{|^yY/
YYiokX`G
YYY%OVt'
{y$ZhF
/$z_}_
Z0ti}-@
z5oEiv
},z6ta
Z7kcvG
Z84Ir"
{&=z8q
Z :9G~
&z9ix_
&Z9 }|m(
ZAhq$$
.z+aoF,8
=z$B7lMiP
}z+-BQ\
zbzank
${^zC/
z[cJ{<
)#Z#D=
Zd>?A8-
zDF3l]
?zd}~^n
Z<DSrX9^x2
~zE-4y
z,eitc
Zf0YyY
(+zFBk!
#ZG}#&
;*;zGw
zh@7|s
ZHFk?o
ZHmD~G
zicJI{
z[K:l6$xY
zk`@" Yl@
zlt*.+
(zMjDA2
$Zm>QU
 '{Zn>
z=Nk9D
.zo3{hq
Z}o;8%
Z\_OjM
z>qTeR
z,*[^'S
!;Z>:}U
zu(AE"
zvD_oy@
zy33"2r9
z-ycAm
+	ZYkN
zz#f.<