Analysis Date2018-04-05 08:41:29
MD5cf670ebf4121f1099844a57cde2267f0
SHA1635053a4e0a3e24af9f469b3bf0700502d4e4aa7

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: edf99746478ec4f22d3f839540b0378e sha1: 6579bdabbcefb92499f5f3bdae72d024a0a907c6 size: 24064
Section.rdata md5: e1b381c03cad2ee5a1d8b8d88a277d84 sha1: c21648f1e6265be80abc949953b2cdeca76832bc size: 5120
Section.data md5: 72224490b487b215a4fcfaa7237504f6 sha1: d920a0be03a5735543506cd69d318e8f1a629453 size: 1024
Section.ndata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 7d59a3a09624609fd0ee31bb00f336e0 sha1: 34d0357a85ed0c762943c067b0ee563eab0f8f5f size: 16384
Timestamp2009-06-18 21:33:32
PackerNullsoft PiMP Stub -> SFX
PEhash4ca789a88e5b58324f897860c9fdbeb5d7fda5de
IMPhash7fa974366048f9c551ef45714595665e
AV360 Safeno_virus
AV360 Safeno_virus
AVAd-Awareno_virus
AVAd-Awareno_virus
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Trojan.Pasta.Exr
AVArcabit (arcavir)Trojan.Pasta.Exr
AVAuthentiumW32/Zlob.AF.gen!Eldorado
AVAuthentiumW32/Zlob.AF.gen!Eldorado
AVAvira (antivir)no_virus
AVAvira (antivir)no_virus
AVCA (E-Trust Ino)no_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVClamAVno_virus
AVDr. Webno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEmsisoftno_virus
AVEset (nod32)no_virus
AVEset (nod32)no_virus
AVFortinetno_virus
AVFortinetno_virus
AVFrisk (f-prot)W32/Zlob.AF.gen!Eldorado (generic, not disinfectable)
AVFrisk (f-prot)W32/Zlob.AF.gen!Eldorado (generic, not disinfectable)
AVF-Secureno_virus
AVF-Secureno_virus
AVGrisoft (avg)no_virus
AVGrisoft (avg)no_virus
AVIkarusno_virus
AVIkarusno_virus
AVKasperskyDownloader.NSIS.FangPlay.ae
AVKasperskyDownloader.NSIS.FangPlay.ae
AVMalwareBytesTrojan.StartPage
AVMalwareBytesTrojan.StartPage
AVMcafeeno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVMicroWorld (escan)no_virus
AVNormanwin32:winpe/Startpage.WTF
AVNormanwin32:winpe/Startpage.WTF
AVRisingno_virus
AVRisingno_virus
AVSophosno_virus
AVSophosno_virus
AVSymantecno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\635053a4e0a3e24af9f469b3bf0700502d4e4aa7.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\Desktop\desktop.ini

Process
↳ C:\Users\Phil\AppData\Local\Temp\635053a4e0a3e24af9f469b3bf0700502d4e4aa7.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\Desktop\desktop.ini

Process
↳ C:\Windows\explorer.exe

Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OnlineInstall
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Creates FileC:\
Creates FileC:\ProgramData
Creates FileC:\ProgramData\Microsoft\desktop.ini
Creates FileC:\ProgramData\Microsoft
Creates FileC:\ProgramData\Microsoft\Windows
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Public\desktop.ini
Creates FileC:\Users\Public
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility

Network Details:

DNSint.dpool.sina.com.cn
Type: A
123.125.29.252
HTTP GEThttp://int.dpool.sina.com.cn/iplookup/iplookup.php
User-Agent: NSIS_Inetc (Mozilla)
Flows TCP192.168.1.1:1031 ➝ 123.125.29.252:80

Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f69706c 6f6f6b75 702f6970   GET /iplookup/ip
0x00000010 (00016)   6c6f6f6b 75702e70 68702048 5454502f   lookup.php HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   204e5349 535f496e 65746320 284d6f7a    NSIS_Inetc (Moz
0x00000040 (00064)   696c6c61 290d0a48 6f73743a 20696e74   illa)..Host: int
0x00000050 (00080)   2e64706f 6f6c2e73 696e612e 636f6d2e   .dpool.sina.com.
0x00000060 (00096)   636e0d0a 436f6e6e 65637469 6f6e3a20   cn..Connection: 
0x00000070 (00112)   4b656570 2d416c69 76650d0a 43616368   Keep-Alive..Cach
0x00000080 (00128)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   504f5354 202f3365 31363236 34372d63   POST /3e162647-c
0x00000010 (00016)   3364382d 34346333 2d393937 622d3061   3d8-44c3-997b-0a
0x00000020 (00032)   63396135 66363838 33322f20 48545450   c9a5f68832/ HTTP
0x00000030 (00048)   2f312e31 0d0a4361 6368652d 436f6e74   /1.1..Cache-Cont
0x00000040 (00064)   726f6c3a 206e6f2d 63616368 650d0a43   rol: no-cache..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2043 6c6f7365   onnection: Close
0x00000060 (00096)   0d0a5072 61676d61 3a206e6f 2d636163   ..Pragma: no-cac
0x00000070 (00112)   68650d0a 436f6e74 656e742d 54797065   he..Content-Type
0x00000080 (00128)   3a206170 706c6963 6174696f 6e2f736f   : application/so
0x00000090 (00144)   61702b78 6d6c0d0a 55736572 2d416765   ap+xml..User-Age
0x000000a0 (00160)   6e743a20 57534441 50490d0a 436f6e74   nt: WSDAPI..Cont
0x000000b0 (00176)   656e742d 4c656e67 74683a20 3733330d   ent-Length: 733.
0x000000c0 (00192)   0a486f73 743a2031 39322e31 36382e31   .Host: 192.168.1
0x000000d0 (00208)   30302e31 34383a35 3335370d 0a0d0a3c   00.148:5357....<
0x000000e0 (00224)   3f786d6c 20766572 73696f6e 3d22312e   ?xml version="1.
0x000000f0 (00240)   30222065 6e636f64 696e673d 22757466   0" encoding="utf
0x00000100 (00256)   2d38223f 3e3c736f 61703a45 6e76656c   -8"?><soap:Envel
0x00000110 (00272)   6f706520 786d6c6e 733a736f 61703d22   ope xmlns:soap="
0x00000120 (00288)   68747470 3a2f2f77 77772e77 332e6f72   http://www.w3.or
0x00000130 (00304)   672f3230 30332f30 352f736f 61702d65   g/2003/05/soap-e
0x00000140 (00320)   6e76656c 6f706522 20786d6c 6e733a77   nvelope" xmlns:w
0x00000150 (00336)   73613d22 68747470 3a2f2f73 6368656d   sa="http://schem
0x00000160 (00352)   61732e78 6d6c736f 61702e6f 72672f77   as.xmlsoap.org/w
0x00000170 (00368)   732f3230 30342f30 382f6164 64726573   s/2004/08/addres
0x00000180 (00384)   73696e67 2220786d 6c6e733a 6c6d733d   sing" xmlns:lms=
0x00000190 (00400)   22687474 703a2f2f 73636865 6d61732e   "http://schemas.
0x000001a0 (00416)   6d696372 6f736f66 742e636f 6d2f7769   microsoft.com/wi
0x000001b0 (00432)   6e646f77 732f6c6d 732f3230 30372f30   ndows/lms/2007/0
0x000001c0 (00448)   38223e3c 736f6170 3a486561 6465723e   8"><soap:Header>
0x000001d0 (00464)   3c777361 3a546f3e 75726e3a 75756964   <wsa:To>urn:uuid
0x000001e0 (00480)   3a336531 36323634 372d6333 64382d34   :3e162647-c3d8-4
0x000001f0 (00496)   3463332d 39393762 2d306163 39613566   4c3-997b-0ac9a5f
0x00000200 (00512)   36383833 323c2f77 73613a54 6f3e3c77   68832</wsa:To><w
0x00000210 (00528)   73613a41 6374696f 6e3e6874 74703a2f   sa:Action>http:/
0x00000220 (00544)   2f736368 656d6173 2e786d6c 736f6170   /schemas.xmlsoap
0x00000230 (00560)   2e6f7267 2f77732f 32303034 2f30392f   .org/ws/2004/09/
0x00000240 (00576)   7472616e 73666572 2f476574 3c2f7773   transfer/Get</ws
0x00000250 (00592)   613a4163 74696f6e 3e3c7773 613a4d65   a:Action><wsa:Me
0x00000260 (00608)   73736167 6549443e 75726e3a 75756964   ssageID>urn:uuid
0x00000270 (00624)   3a343436 37313964 642d6632 35632d34   :446719dd-f25c-4
0x00000280 (00640)   3239312d 61343962 2d643335 37346464   291-a49b-d3574dd
0x00000290 (00656)   62336337 373c2f77 73613a4d 65737361   b3c77</wsa:Messa
0x000002a0 (00672)   67654944 3e3c7773 613a5265 706c7954   geID><wsa:ReplyT
0x000002b0 (00688)   6f3e3c77 73613a41 64647265 73733e68   o><wsa:Address>h
0x000002c0 (00704)   7474703a 2f2f7363 68656d61 732e786d   ttp://schemas.xm
0x000002d0 (00720)   6c736f61 702e6f72 672f7773 2f323030   lsoap.org/ws/200
0x000002e0 (00736)   342f3038 2f616464 72657373 696e672f   4/08/addressing/
0x000002f0 (00752)   726f6c65 2f616e6f 6e796d6f 75733c2f   role/anonymous</
0x00000300 (00768)   7773613a 41646472 6573733e 3c2f7773   wsa:Address></ws
0x00000310 (00784)   613a5265 706c7954 6f3e3c77 73613a46   a:ReplyTo><wsa:F
0x00000320 (00800)   726f6d3e 3c777361 3a416464 72657373   rom><wsa:Address
0x00000330 (00816)   3e75726e 3a757569 643a3930 35616561   >urn:uuid:905aea
0x00000340 (00832)   61642d64 3665382d 34393835 2d616338   ad-d6e8-4985-ac8
0x00000350 (00848)   332d3439 31646336 32663136 31333c2f   3-491dc62f1613</
0x00000360 (00864)   7773613a 41646472 6573733e 3c2f7773   wsa:Address></ws
0x00000370 (00880)   613a4672 6f6d3e3c 6c6d733a 4c617267   a:From><lms:Larg
0x00000380 (00896)   654d6574 61646174 61537570 706f7274   eMetadataSupport
0x00000390 (00912)   2f3e3c2f 736f6170 3a486561 6465723e   /></soap:Header>
0x000003a0 (00928)   3c736f61 703a426f 64792f3e 3c2f736f   <soap:Body/></so
0x000003b0 (00944)   61703a45 6e76656c 6f70653e            ap:Envelope>

0x00000000 (00000)   47455420 2f7a7879 322e6a70 67204854   GET /zxy2.jpg HT
0x00000010 (00016)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000020 (00032)   6e743a20 4e534953 5f496e65 74632028   nt: NSIS_Inetc (
0x00000030 (00048)   4d6f7a69 6c6c6129 0d0a486f 73743a20   Mozilla)..Host: 
0x00000040 (00064)   736f6674 70686f74 6f2e616e 63686961   softphoto.anchia
0x00000050 (00080)   6f2e636e 0d0a436f 6e6e6563 74696f6e   o.cn..Connection
0x00000060 (00096)   3a204b65 65702d41 6c697665 0d0a4361   : Keep-Alive..Ca
0x00000070 (00112)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x00000080 (00128)   63616368 650d0a0d 0a3a206e 6f2d6361   cache....: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....


Strings
 " ".E
.
.

!1Aa
#+3;CScs
msctls_progress32
Please wait while Setup is loading...
SysListView32
*?|<>/":
075kmn
090815030201Z
<0kac}
0RV0ff'
121018000000Z
121221000000Z
140604052110Z0#
190813030201Z0
1AH@7t
>1hsD!
&1'MOS5
1u2u3m0m!5
201229235959Z0b1
201230235959Z0^1
?~28DeG:
!/45km
6n6>n|
702+Lf
828AhG
8NCRCu
=%99RRLL
AdjustTokenPrivileges
a`ds&2U
ADVAPI32
ADVAPI32.dll
!aKB !
A^nZU=*n
AppendMenuA
a]u;t'
BeginPaint
BeiJing1
C2a2N2q
CallWindowProcA
ca@zndev.com
ca@zndev.com0
CDE*&&'
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CloseHandle
CoCreateInstance
COMCTL32.dll
CompareFileTime
Control Panel\Desktop\ResourceLocale
CopyFileA
CoTaskMemFree
CreateBrushIndirect
CreateDialogParamA
CreateDirectoryA
CreateFileA
CreateFontIndirectA
CreatePopupMenu
CreateProcessA
CreateThread
CreateWindowExA
=$,C?v
... %d%%
D$0+D$(P
@.data
DdEBA@@@@=
D$(+D$ SSP
.DEFAULT\Control Panel\International
DefWindowProcA
DeleteFileA
DeleteObject
Dept. CodeSign CA1.0,
DestroyWindow
DialogBoxParamA
DispatchMessageA
Do-?[q
D$$Ph(
DrawTextA
DriverDevelop.com1
DriverDevelop.com CA1
%DriverDevelop.com Signtools Test cert1
D$(SPS
Durbanville1
eApA#d
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
eRE]sVww
Error launching installer
Error writing temporary file. Make sure your temp folder is valid.
e%uy%u
ExitProcess
ExitWindowsEx
ExpandEnvironmentStringsA
fffffox
FillRect
FindClose
FindFirstFileA
FindNextFileA
FindWindowExA
FreeLibrary
GDI32.dll
GetClassInfoA
GetClientRect
GetCommandLineA
GetCurrentProcess
GetDeviceCaps
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDlgItem
GetDlgItemTextA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFullPathNameA
GetLastError
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSysColor
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetTempFileNameA
GetTempPathA
GetTickCount
GetUserDefaultUILanguage
GetVersion
GetWindowLongA
GetWindowRect
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
%,GNw%
g(sQpr
hpppiffT
.http://crl.thawte.com/ThawteTimestampingCA.crl0
http://nsis.sf.net/NSIS_Error
http://ocsp.thawte.com0
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
incomplete download and damaged media. Contact the
Installer integrity check has failed. Common causes include
installer's author to obtain a new copy.
Instu`
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
I(%%Y1
KERNEL32
KERNEL32.dll
kZ{:@l*
lHZ'#N
LoadBitmapA
LoadCursorA
LoadImageA
LoadLibraryA
LoadLibraryExA
LookupPrivilegeValueA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA
`}meMzIAImiiiC
MessageBoxIndirectA
\Microsoft\Internet Explorer\Quick Launch
More information at:
MoveFileA
MoveFileExA
MulDiv
MultiByteToWideChar
(*MXob
N]]-0:
n#-1b#?
.ndata
NJl~7R
&+,Nlo
/"n"n#
Nrr47dr
NSIS Error
~nsu.tmp
NullsoftInst
NullsoftInstDh
NulluN	E
NWV:U1}{Fh
NX\kqphZUQ3,
ole32.dll
OleInitialize
OleUninitialize
O_mcs]0
OpenClipboard
OpenProcessToken
OpenSSL Generated Certificate0
O}_P}Qk
P;?@@?
P;?@@@@?
PeekMessageA
pi?'\C
PostQuitMessage
PPPPPP
pssMMYYn
punqq974.
puqqqqq<770
QqAl5R\
`.rdata
ReadFile
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegisterClassA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RemoveDirectoryA
[Rename]
"r"&ET
RichEd20
RichEd32
RichEdit
RichEdit20A
Richu)
rlbA?4)
r|TH&a
RYjgfW2+*
{{{s<.
S0C~zH
ScreenToClient
SearchPathA
SelectObject
SendMessageA
SendMessageTimeoutA
SeShutdownPrivilege
SetBkColor
SetBkMode
SetClassLongA
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetDlgItemTextA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetForegroundWindow
SetTextColor
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
SHAutoComplete
SHBrowseForFolderA
SHELL32.dll
ShellExecuteA
SHFileOperationA
SHFOLDER
SHGetFileInfoA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHLWAPI
ShowWindow
softuW
Software\Microsoft\Windows\CurrentVersion
SQSSSPW
{ssuBBs@@@<4
Symantec Corporation100.
Symantec Corporation1402
'Symantec Time Stamping Services CA - G2
'Symantec Time Stamping Services CA - G20
+Symantec Time Stamping Services Signer - G40
SystemParametersInfoA
s"(_.z
> _?=t
.t.|}+
t9^P.C
TestCer 0
Thawte1
Thawte Certification1
Thawte Timestamping CA0
!This program cannot be run in DOS mode.
TimeStamp-2048-10
TimeStamp-2048-20
_^[t	P
TrackPopupMenu
USER32.dll
%u.%u%s%s
VA#@>v
verifying installer: %d%%
VerQueryValueA
VERSION.dll
VhusA3
V.S6)[
_VTTPPI
VTz;qP
V_VPTPIG
(/v*([	X
vx6S8j7{
?Vx*{Y
WaitForSingleObject
Western Cape1
WriteFile
WritePrivateProfileStringA
wsprintfA
wwwwww
wwwwwwp
wwwwwwwx
wwwwwx
wxwwwwww
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
^xt#90.
yd^	d (
)-.Yln
%yyy?0r
ZaZaZXKJ
z"ghmC
zj%x^8
z#""Neff
Z_ZT_PI
zzz||||
z}z}z{v