Analysis Date2015-01-11 14:01:10
MD5f618c3815bbdc5a9d4f2443a0679343b
SHA165acfc0f08c1ca0e50ef83c758db8c938babc36c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 856b32eb77dfd6fb67f21d6543272da5 sha1: 6597c511c2ee72f68f5246460f0683dae16dcade size: 24064
Section.rdata md5: dc77f8a1e6985a4361c55642680ddb4f sha1: 3d397ee25b2dd83ab741c67375880151cae94ed8 size: 5120
Section.data md5: 7922d4ce117d7d5b3ac2cffe4b0b5e4f sha1: 4e56bb1994226ae0285c7adee470777262de2c99 size: 1024
Section.ndata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 3147ef4fdcd8f42cb23698af93649ed3 sha1: 5c0d0b4dea5deee23a766caaa0e92123a61d8a42 size: 173568
Timestamp2009-12-05 22:50:52
PackerNullsoft PiMP Stub -> SFX
PEhashfc0a38afd9a198ed38e2c1f553c1095ee7b1ea5c
IMPhash7fa974366048f9c551ef45714595665e
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)no_virus
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Trojan.IMSY-6722
AVAvira (antivir)no_virus
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftApplication.Downloader
AVEset (nod32)NSIS/TrojanDownloader.Chindo.E
AVFortinetW32/Chindo.B!tr.dldr
AVFrisk (f-prot)no_virus
AVF-Secureno_virus
AVGrisoft (avg)no_virus
AVIkarusno_virus
AVK7Trojan-Downloader ( 004af0161 )
AVKasperskyHEUR:Downloader.NSIS.Feasu.heur
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security EssentialsSoftwareBundler:Win32/Chindo
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecTrojan.Gen
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates Filesetup_001.exe
Creates FileBaiduPlayerNetSetup_472.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\nsProcess.dll
Creates Fileins1256858.exe
Creates FilePIPE\wkssvc
Creates File9377mycs_Y_mgaz2_01.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\System.dll
Creates FileG0828_s_70987.exe
Creates Filesetup_3386.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\Inetc.dll
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\3.ico
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\i.rar
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\NSISdl.dll
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\YinsuStart\uninst.lnk
Creates FileIQIYIsetup_l_spl004@kb010.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\1.ico
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates File2345Explorer_329242_silence.exe
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FilePIPE\srvsvc
Creates FileWanDouJia_runk4_kb.exe
Creates FileBrowser_V3.0.1167.3_r_4279_(Build14091614).exe
Creates FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Creates FileC:\Program Files\YinsuStart\Uninstall.exe
Creates FileF0916_s_30911.exe
Creates FileBaiduBrowserOnlineSetupSilent-494-ftn_30000046.exe
Creates FileC:\Documents and Settings\Administrator\Desktop\Intrenet Explorer.lnk
Creates FileQQBrowser_Setup_Hk_78653.exe
Deletes Filesetup_001.exe
Deletes FileBaiduPlayerNetSetup_472.exe
Deletes FileIQIYIsetup_l_spl004@kb010.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsb1.tmp
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\1.ico
Deletes Fileins1256858.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp
Deletes File2345Explorer_329242_silence.exe
Deletes File9377mycs_Y_mgaz2_01.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\System.dll
Deletes FileG0828_s_70987.exe
Deletes Filesetup_3386.exe
Deletes FileWanDouJia_runk4_kb.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\Inetc.dll
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\3.ico
Deletes FileBrowser_V3.0.1167.3_r_4279_(Build14091614).exe
Deletes FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Deletes FileF0916_s_30911.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\NSISdl.dll
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsh2.tmp\i.rar
Deletes FileBaiduBrowserOnlineSetupSilent-494-ftn_30000046.exe
Deletes FileQQBrowser_Setup_Hk_78653.exe
Creates Process
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexYinsuStart
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSxiazai.9377.com
Winsock DNSdown.yinyue.fm
Winsock DNSpconline.org.cn
Winsock DNSshadu.baidu.com

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutex_SHuassist.mtx
Creates MutexShell.CMruPidlList

Process
↳ Pid 0

Network Details:

DNSint.dpool.sina.com.cn
Type: A
180.149.136.250
DNSpconline.org.cn
Type: A
222.186.60.69
DNSpconline.org.cn
Type: A
222.186.60.70
DNSpconline.org.cn
Type: A
222.186.60.2
DNSpconline.org.cn
Type: A
222.186.60.68
DNSaaa.163vv.com
Type: A
222.186.60.23
DNSaaa.163vv.com
Type: A
222.186.60.60
DNSaaa.163vv.com
Type: A
222.186.60.18
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.234.3
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.234.4
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.2
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.3
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.5
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.6
DNSshadu.n.shifen.com
Type: A
123.125.65.162
DNSswwx.n.shifen.com
Type: A
123.125.65.175
DNSdl.p2sp.n.shifen.com
Type: A
61.135.185.123
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.83
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.205
DNSg.quwen320.com
Type: A
219.238.237.210
DNSdown.gtm.ucweb.com
Type: A
211.103.82.247
DNSdown.gtm.ucweb.com
Type: A
120.196.208.98
DNSna.b9.aicdn.com
Type: A
72.8.188.90
DNSna.b9.aicdn.com
Type: A
72.8.188.94
DNSna.b9.aicdn.com
Type: A
72.8.188.98
DNSna.b9.aicdn.com
Type: A
108.186.7.129
DNSna.b9.aicdn.com
Type: A
108.186.7.130
DNSna.b9.aicdn.com
Type: A
108.186.7.131
DNSdownload.pps.tv.webscache.com
Type: A
119.188.40.81
DNSdownload.2345.com
Type: A
61.160.245.8
DNSdownload.2345.com
Type: A
61.160.245.11
DNSdownload.2345.com
Type: A
61.160.245.14
DNSdownload.2345.com
Type: A
122.228.248.3
DNSdownload.2345.com
Type: A
218.75.155.244
DNSdownload.2345.com
Type: A
60.191.187.15
DNSdownload.2345.com
Type: A
60.191.223.2
DNSdownload.2345.com
Type: A
60.191.223.4
DNSdownload.2345.com
Type: A
60.191.223.15
DNSdownload.2345.com
Type: A
61.147.127.202
DNSdownload.2345.com
Type: A
61.147.127.203
DNSdl.wandoujia.com
Type: A
125.39.216.11
DNSs.lllsoo.com
Type: A
42.120.61.139
DNSdown.yinyue.fm
Type: A
DNSxiazai.9377.com
Type: A
DNSshadu.baidu.com
Type: A
DNSw.x.baidu.com
Type: A
DNSdl.p2sp.baidu.com
Type: A
DNSdldir1.qq.com
Type: A
DNSdown2.uc.cn
Type: A
DNSsoft.lvbaoranshiye.com
Type: A
DNSdl.static.iqiyi.com
Type: A
DNSdownload.2345.cn
Type: A
HTTP GEThttp://int.dpool.sina.com.cn/iplookup/iplookup.php
User-Agent: NSISDL/1.2 (Mozilla)
HTTP GEThttp://pconline.org.cn/1.ico
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://down.yinyue.fm/open/setup_3386.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://xiazai.9377.com/20140928/9377mycs_Y_mgaz2_01.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://shadu.baidu.com/index/fulldownload/30911
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://w.x.baidu.com/go/full/1/70987
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.p2sp.baidu.com/BaiduPlayerContent/BaiduPlayerNetSetup_472.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_Hk_78653.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://g.quwen320.com/d/ins1256858.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://down2.uc.cn/pcbrowser/down.php?pid=4279
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://soft.lvbaoranshiye.com/SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.rar
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://w.x.baidu.com/go/mini/8/30000046
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.static.iqiyi.com/hz/IQIYIsetup_l_spl004@kb010.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://download.2345.cn/silence/2345Explorer_329242_silence.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.wandoujia.com/files/inst/WanDouJia_runk4_kb.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://s.lllsoo.com/click/66947
User-Agent: NSIS_Inetc (Mozilla)
Flows TCP192.168.1.1:1031 ➝ 180.149.136.250:80
Flows TCP192.168.1.1:1032 ➝ 222.186.60.69:80
Flows TCP192.168.1.1:1033 ➝ 222.186.60.23:80
Flows TCP192.168.1.1:1034 ➝ 8.37.234.3:80
Flows TCP192.168.1.1:1035 ➝ 123.125.65.162:80
Flows TCP192.168.1.1:1036 ➝ 123.125.65.175:80
Flows TCP192.168.1.1:1037 ➝ 61.135.185.123:80
Flows TCP192.168.1.1:1038 ➝ 174.35.56.83:80
Flows TCP192.168.1.1:1039 ➝ 219.238.237.210:80
Flows TCP192.168.1.1:1040 ➝ 211.103.82.247:80
Flows TCP192.168.1.1:1041 ➝ 72.8.188.90:80
Flows TCP192.168.1.1:1042 ➝ 123.125.65.175:80
Flows TCP192.168.1.1:1043 ➝ 119.188.40.81:80
Flows TCP192.168.1.1:1044 ➝ 61.160.245.8:80
Flows TCP192.168.1.1:1045 ➝ 125.39.216.11:80
Flows TCP192.168.1.1:1046 ➝ 42.120.61.139:80

Raw Pcap
0x00000000 (00000)   47455420 2f69706c 6f6f6b75 702f6970   GET /iplookup/ip
0x00000010 (00016)   6c6f6f6b 75702e70 68702048 5454502f   lookup.php HTTP/
0x00000020 (00032)   312e300d 0a486f73 743a2069 6e742e64   1.0..Host: int.d
0x00000030 (00048)   706f6f6c 2e73696e 612e636f 6d2e636e   pool.sina.com.cn
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a204e53   ..User-Agent: NS
0x00000050 (00080)   4953444c 2f312e32 20284d6f 7a696c6c   ISDL/1.2 (Mozill
0x00000060 (00096)   61290d0a 41636365 70743a20 2a2f2a0d   a)..Accept: */*.
0x00000070 (00112)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f312e69 636f2048 5454502f   GET /1.ico HTTP/
0x00000010 (00016)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000020 (00032)   204e5349 535f496e 65746320 284d6f7a    NSIS_Inetc (Moz
0x00000030 (00048)   696c6c61 290d0a48 6f73743a 2070636f   illa)..Host: pco
0x00000040 (00064)   6e6c696e 652e6f72 672e636e 0d0a436f   nline.org.cn..Co
0x00000050 (00080)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x00000060 (00096)   6c697665 0d0a4361 6368652d 436f6e74   live..Cache-Cont
0x00000070 (00112)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f6f7065 6e2f7365 7475705f   GET /open/setup_
0x00000010 (00016)   33333836 2e657865 20485454 502f312e   3386.exe HTTP/1.
0x00000020 (00032)   310d0a55 7365722d 4167656e 743a204e   1..User-Agent: N
0x00000030 (00048)   5349535f 496e6574 6320284d 6f7a696c   SIS_Inetc (Mozil
0x00000040 (00064)   6c61290d 0a486f73 743a2064 6f776e2e   la)..Host: down.
0x00000050 (00080)   79696e79 75652e66 6d0d0a43 6f6e6e65   yinyue.fm..Conne
0x00000060 (00096)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x00000070 (00112)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x00000080 (00128)   3a206e6f 2d636163 68650d0a 0d0a       : no-cache....

0x00000000 (00000)   47455420 2f323031 34303932 382f3933   GET /20140928/93
0x00000010 (00016)   37376d79 63735f59 5f6d6761 7a325f30   77mycs_Y_mgaz2_0
0x00000020 (00032)   312e6578 65204854 54502f31 2e310d0a   1.exe HTTP/1.1..
0x00000030 (00048)   55736572 2d416765 6e743a20 4e534953   User-Agent: NSIS
0x00000040 (00064)   5f496e65 74632028 4d6f7a69 6c6c6129   _Inetc (Mozilla)
0x00000050 (00080)   0d0a486f 73743a20 7869617a 61692e39   ..Host: xiazai.9
0x00000060 (00096)   3337372e 636f6d0d 0a436f6e 6e656374   377.com..Connect
0x00000070 (00112)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x00000080 (00128)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000090 (00144)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f696e64 65782f66 756c6c64   GET /index/fulld
0x00000010 (00016)   6f776e6c 6f61642f 33303931 31204854   ownload/30911 HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 4e534953 5f496e65 74632028   nt: NSIS_Inetc (
0x00000040 (00064)   4d6f7a69 6c6c6129 0d0a486f 73743a20   Mozilla)..Host: 
0x00000050 (00080)   73686164 752e6261 6964752e 636f6d0d   shadu.baidu.com.
0x00000060 (00096)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x00000070 (00112)   702d416c 6976650d 0a436163 68652d43   p-Alive..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a 61636865 0d0a0d0a            ....ache....

0x00000000 (00000)   47455420 2f676f2f 66756c6c 2f312f37   GET /go/full/1/7
0x00000010 (00016)   30393837 20485454 502f312e 310d0a55   0987 HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a204e 5349535f   ser-Agent: NSIS_
0x00000030 (00048)   496e6574 6320284d 6f7a696c 6c61290d   Inetc (Mozilla).
0x00000040 (00064)   0a486f73 743a2077 2e782e62 61696475   .Host: w.x.baidu
0x00000050 (00080)   2e636f6d 0d0a436f 6e6e6563 74696f6e   .com..Connection
0x00000060 (00096)   3a204b65 65702d41 6c697665 0d0a4361   : Keep-Alive..Ca
0x00000070 (00112)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x00000080 (00128)   63616368 650d0a0d 0a6f2d63 61636865   cache....o-cache
0x00000090 (00144)   0d0a0d0a 61636865 0d0a0d0a            ....ache....

0x00000000 (00000)   47455420 2f426169 6475506c 61796572   GET /BaiduPlayer
0x00000010 (00016)   436f6e74 656e742f 42616964 75506c61   Content/BaiduPla
0x00000020 (00032)   7965724e 65745365 7475705f 3437322e   yerNetSetup_472.
0x00000030 (00048)   65786520 48545450 2f312e31 0d0a5573   exe HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a204e53 49535f49   er-Agent: NSIS_I
0x00000050 (00080)   6e657463 20284d6f 7a696c6c 61290d0a   netc (Mozilla)..
0x00000060 (00096)   486f7374 3a20646c 2e703273 702e6261   Host: dl.p2sp.ba
0x00000070 (00112)   6964752e 636f6d0d 0a436f6e 6e656374   idu.com..Connect
0x00000080 (00128)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x00000090 (00144)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000a0 (00160)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f486b5f   rowser_Setup_Hk_
0x00000020 (00032)   37383635 332e6578 65204854 54502f31   78653.exe HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   4e534953 5f496e65 74632028 4d6f7a69   NSIS_Inetc (Mozi
0x00000050 (00080)   6c6c6129 0d0a486f 73743a20 646c6469   lla)..Host: dldi
0x00000060 (00096)   72312e71 712e636f 6d0d0a43 6f6e6e65   r1.qq.com..Conne
0x00000070 (00112)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x00000080 (00128)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x00000090 (00144)   3a206e6f 2d636163 68650d0a 0d0a3a20   : no-cache....: 
0x000000a0 (00160)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f642f69 6e733132 35363835   GET /d/ins125685
0x00000010 (00016)   382e6578 65204854 54502f31 2e310d0a   8.exe HTTP/1.1..
0x00000020 (00032)   55736572 2d416765 6e743a20 4e534953   User-Agent: NSIS
0x00000030 (00048)   5f496e65 74632028 4d6f7a69 6c6c6129   _Inetc (Mozilla)
0x00000040 (00064)   0d0a486f 73743a20 672e7175 77656e33   ..Host: g.quwen3
0x00000050 (00080)   32302e63 6f6d0d0a 436f6e6e 65637469   20.com..Connecti
0x00000060 (00096)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x00000070 (00112)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x00000080 (00128)   6f2d6361 6368650d 0a0d0a6e 74726f6c   o-cache....ntrol
0x00000090 (00144)   3a206e6f 2d636163 68650d0a 0d0a3a20   : no-cache....: 
0x000000a0 (00160)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f706362 726f7773 65722f64   GET /pcbrowser/d
0x00000010 (00016)   6f776e2e 7068703f 7069643d 34323739   own.php?pid=4279
0x00000020 (00032)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000030 (00048)   4167656e 743a204e 5349535f 496e6574   Agent: NSIS_Inet
0x00000040 (00064)   6320284d 6f7a696c 6c61290d 0a486f73   c (Mozilla)..Hos
0x00000050 (00080)   743a2064 6f776e32 2e75632e 636e0d0a   t: down2.uc.cn..
0x00000060 (00096)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x00000070 (00112)   2d416c69 76650d0a 43616368 652d436f   -Alive..Cache-Co
0x00000080 (00128)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x00000090 (00144)   0a0d0a6f 2d636163 68650d0a 0d0a3a20   ...o-cache....: 
0x000000a0 (00160)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f536f48 7556415f 342e332e   GET /SoHuVA_4.3.
0x00000010 (00016)   302e312d 63323034 39303030 30332d6e   0.1-c204900003-n
0x00000020 (00032)   672d6e74 692d732d 782e7261 72204854   g-nti-s-x.rar HT
0x00000030 (00048)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000040 (00064)   6e743a20 4e534953 5f496e65 74632028   nt: NSIS_Inetc (
0x00000050 (00080)   4d6f7a69 6c6c6129 0d0a486f 73743a20   Mozilla)..Host: 
0x00000060 (00096)   736f6674 2e6c7662 616f7261 6e736869   soft.lvbaoranshi
0x00000070 (00112)   79652e63 6f6d0d0a 436f6e6e 65637469   ye.com..Connecti
0x00000080 (00128)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x00000090 (00144)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000a0 (00160)   6f2d6361 6368650d 0a0d0a              o-cache....

0x00000000 (00000)   47455420 2f676f2f 6d696e69 2f382f33   GET /go/mini/8/3
0x00000010 (00016)   30303030 30343620 48545450 2f312e31   0000046 HTTP/1.1
0x00000020 (00032)   0d0a5573 65722d41 67656e74 3a204e53   ..User-Agent: NS
0x00000030 (00048)   49535f49 6e657463 20284d6f 7a696c6c   IS_Inetc (Mozill
0x00000040 (00064)   61290d0a 486f7374 3a20772e 782e6261   a)..Host: w.x.ba
0x00000050 (00080)   6964752e 636f6d0d 0a436f6e 6e656374   idu.com..Connect
0x00000060 (00096)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x00000070 (00112)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000080 (00128)   6e6f2d63 61636865 0d0a0d0a 76650d0a   no-cache....ve..
0x00000090 (00144)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000a0 (00160)   6f2d6361 6368650d 0a0d0a              o-cache....

0x00000000 (00000)   47455420 2f687a2f 49514959 49736574   GET /hz/IQIYIset
0x00000010 (00016)   75705f6c 5f73706c 30303440 6b623031   up_l_spl004@kb01
0x00000020 (00032)   302e6578 65204854 54502f31 2e310d0a   0.exe HTTP/1.1..
0x00000030 (00048)   55736572 2d416765 6e743a20 4e534953   User-Agent: NSIS
0x00000040 (00064)   5f496e65 74632028 4d6f7a69 6c6c6129   _Inetc (Mozilla)
0x00000050 (00080)   0d0a486f 73743a20 646c2e73 74617469   ..Host: dl.stati
0x00000060 (00096)   632e6971 6979692e 636f6d0d 0a436f6e   c.iqiyi.com..Con
0x00000070 (00112)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x00000080 (00128)   6976650d 0a436163 68652d43 6f6e7472   ive..Cache-Contr
0x00000090 (00144)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000a0 (00160)   6f2d6361 6368650d 0a0d0a              o-cache....

0x00000000 (00000)   47455420 2f73696c 656e6365 2f323334   GET /silence/234
0x00000010 (00016)   35457870 6c6f7265 725f3332 39323432   5Explorer_329242
0x00000020 (00032)   5f73696c 656e6365 2e657865 20485454   _silence.exe HTT
0x00000030 (00048)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000040 (00064)   743a204e 5349535f 496e6574 6320284d   t: NSIS_Inetc (M
0x00000050 (00080)   6f7a696c 6c61290d 0a486f73 743a2064   ozilla)..Host: d
0x00000060 (00096)   6f776e6c 6f61642e 32333435 2e636e0d   ownload.2345.cn.
0x00000070 (00112)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x00000080 (00128)   702d416c 6976650d 0a436163 68652d43   p-Alive..Cache-C
0x00000090 (00144)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000a0 (00160)   0d0a0d0a 6368650d 0a0d0a              ....che....

0x00000000 (00000)   47455420 2f66696c 65732f69 6e73742f   GET /files/inst/
0x00000010 (00016)   57616e44 6f754a69 615f7275 6e6b345f   WanDouJia_runk4_
0x00000020 (00032)   6b622e65 78652048 5454502f 312e310d   kb.exe HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 204e5349   .User-Agent: NSI
0x00000040 (00064)   535f496e 65746320 284d6f7a 696c6c61   S_Inetc (Mozilla
0x00000050 (00080)   290d0a48 6f73743a 20646c2e 77616e64   )..Host: dl.wand
0x00000060 (00096)   6f756a69 612e636f 6d0d0a43 6f6e6e65   oujia.com..Conne
0x00000070 (00112)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x00000080 (00128)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x00000090 (00144)   3a206e6f 2d636163 68650d0a 0d0a6865   : no-cache....he
0x000000a0 (00160)   0d0a0d0a 6368650d 0a0d0a              ....che....

0x00000000 (00000)   47455420 2f636c69 636b2f36 36393437   GET /click/66947
0x00000010 (00016)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000020 (00032)   4167656e 743a204e 5349535f 496e6574   Agent: NSIS_Inet
0x00000030 (00048)   6320284d 6f7a696c 6c61290d 0a486f73   c (Mozilla)..Hos
0x00000040 (00064)   743a2073 2e6c6c6c 736f6f2e 636f6d0d   t: s.lllsoo.com.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x00000060 (00096)   702d416c 6976650d 0a436163 68652d43   p-Alive..Cache-C
0x00000070 (00112)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000080 (00128)   0d0a0d0a 61636865 2d436f6e 74726f6c   ....ache-Control
0x00000090 (00144)   3a206e6f 2d636163 68650d0a 0d0a6865   : no-cache....he
0x000000a0 (00160)   0d0a0d0a 6368650d 0a0d0a              ....che....


Strings
 " ".E..
!1Aa
1E+-/#
#+3;CScs
msctls_progress32
MS Shell Dlg
Please wait while Setup is loading...
SysListView32
! !!!!
!!!"! " 
!"&" "%" 
/,&)))&*
///*'/*&"&&&
"!"!"!"!!!!"!!!!!!
*?|<>/":
&""&&"  "&
&&&,&&##"
%*&"#&&&#
%%**%!! "!""""%"%
+*%*/&"!"&"&%&
	_=		^=
	_=		_>
..00044
0%0*0D0U0
0(020<0F0P0Z0`0o0w0
0#070@0
0+0B0S0X0^0k0p0}0
0?0S0_0}0
0$141O1y1
?0666262
> >*>0>6><>B>P>]>k>x>
<)<0<6<?<F<O<]<h<
0E2e2j2u2
?*?0???G?Q?W?c?n?t?~?
0x000C
0x0030
1,)!)$
+1!	+1"	+1"
+1"	+1!	+1!
1 1&121@1M1T1Z1j1v1
&&118>NNNN>818&&"
1@1H1O1W1n1v1}1
1&1I1t1
:1:7:?:J:R:a:}:
>1>8>Y>o>
1989s{y{
 (1 hour remaining)
\1.ico
!$!1kik
 (1 minute remaining)
1S1Y1b1g1
 (1 second remaining)
////,*/1)&'v
&*,,,2*&
22,,))&
,,,2222
2%2,242;2G2O2T2^2f2m2u2{2
2&2>2R2X2d2q2}2
2!24292A2K2
2/252H2P2
2!252N2X2a2j2
2$2B2Q2l2s2~2
2"3/3C3P3d3q3
2$3a3~3
293D3K3Q3i3o3v3|3
<2<A<O<V<v<
2D3O3V3a3h3|3
>#>2>D>J>`>
#32770
!"!"&%&*&/,///3/3/3///,**&&&""!!!
3$3/3>3F3Z3`3f3n3
3"3=3F3Q3`3r3}3
3"3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3E3b3k3
.3FFMFFFE
4/11F3/34.
4204631j>;:
430000
4!41474B4H4S4`4l4r4
4'424<4F4P4Z4d4n4
4 4+404n4w4
4"4(4:4T4e4
4#4:4D4I4O4U4_4f4q4
4"4C4M4[4a4
=#=4=<=G=y=
[=(&))4K
?"?(?5?
5+(" ~
5%51575<5Q5W5a5t5}5
5!5*505=5C5K5\5b5
5%5+525?5G5N5Z5f5r5~5
5"5)5.555:5A5F5M5R5Y5^5e5j5r5
5!5+595H5U5\5
5$61686
576Q6X6v6|6
>$>/>5>=>C>I>T>Z>b>l>r>}>
5Z6a6n6y6
6'606G6O6X6`6f6o6w6
6%6-626\6d6
666K6t6
<"=6=c=
$6}}}}}}}q
717F7Q7s7x7
742P2/-
742z/-+
754~964
757T7h7
7$70777B7N7c7j7
7'747<7J7O7T7Y7d7q7{7
7*7S7~7
7(8/878B8H8V8[8h8v8
;$;,;7;>;T;];h;o;
'8'11'.
838:9A9J9P9X9^9c9h9m9r9w9
8/8H8b8n8
=8=A=W=m=
8NCRCu
8/ugj=P
929B9H9d9j9z9
)989ccec
<98~CA?
9	909J9k9
9$9-9?9y9
9*9V9o9
<"</<9<?<U<g<
A><,631
A>=81.,~964
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Accept: */*
Access Forbidden (403)
`aDDa=
$aDD_pp
_adjust_fdiv
AdjustTokenPrivileges
ADVAPI32
ADVAPI32.dll
:/:A:G:S:Y:
< &Antauxe
< &Anterior
AppendMenuA
Are you sure that you want to stop download?
/ASYNC
Authorization: Basic 
Authorization: basic %s
aY/TYT/
B0!!J8)
)()B141Z141c!$!c
Bad response status.
/banner
bb``bd``\\Y
bd^`ddddY
BeginPaint
bel carregar: 
bel escreber: 
Bt=IIt
b_\[[YMW
b`_[[YT
} b^\@ZVTZWTQvVSP
C9B2+()
callback%d
CallWindowProcA
cancel
Cancelar
Cancelled
/canceltext
/caption
Cartafol de destino: 
CB62+4aZZh
CB72+(=
!?=CDCClp~
Celota dosierujo: 
CharNextA
CharPrevA
CheckDlgButton
{ckU9k
Clique en Abortar para abortar a instalaci
Clique en 'Seguinte' para continuar.
CloseClipboard
CloseHandle
CLSIDFromString
c_\nkgd
CoCreateInstance
COMCTL32.dll
\Common Files
CommonFilesDir
CompareFileTime
ComSpec
Conclu
Connecting
Connecting ...
connecting to host
connecting to host (calling select())
Connection Error
content-length:
Content-Length: %d
Content-Type: application/x-www-form-urlencoded
Content-Type: octet-stream
Control Panel\Desktop\ResourceLocale
Copiar detalles para a 
Copiar para 
copy /b "
CopyFileA
CoTaskMemFree
could not create connection object
C:\Program Files
cQ9Rs]B9
CreateBrushIndirect
CreateDialogParamA
CreateDirectoryA
CreateFileA
CreateFontIndirectA
CreatePopupMenu
CreateProcessA
CreateThread
CreateThread Error
CreateToolhelp32Snapshot
CreateWindowExA
creating socket
Criando atallo: 
Criando diret
{cs]B)
{cs]BB
c!ZI1)
... %d%%
%d:%02d:%02d
D$0+D$(P
D8;66x
@.data
dd``dd^
__d_ddddddddTD
D$(+D$ SSP
.DEFAULT\Control Panel\International
DefWindowProcA
DeleteFileA
DeleteObject
DestroyWindow
dhtpac
DialogBoxParamA
Dialog Error
digo de operaci
DispatchMessageA
%dkB (%d%%) of %dkB @ %d.%01dkB/s
#~~Dlp~
download
download incomplete
Downloading
Downloading %s
Downloading timed out.
download_quiet
D$$Ph,
DrawTextA
D$(SPS
 (%d %s%s remaining)
DYYYYYYYJ
eJ9kU99
Eliminando ficheiro: 
Eliminar ao reiniciar: 
Eltirado: eraro dum skribo de dosiero 
Eltiri: 
EmptyClipboard
empty hostname
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumWindows
Eraro dum kreo de lancxilo: 
Eraro dum malfermo de dosiero por skribi: 
Eraro dum malkompaktigo de datumaro! Cxu misrompita instalilo?
 (Err=%d)
Erro ao abrir ficheiro para escrita: 
Erro ao criar atallo: 
Erro ao descomprimir dados! Instalador corrompido?
error allocating memory
Error! Can't initialize plug-ins directory. Please try again later.
Error FTP path (550)
Error launching installer
Error writing temporary file. Make sure your temp folder is valid.
<-<E<X<
\ExecCmd.dll
ExecCmd.dll
ExecShell: 
Executando: 
Executando polo Shell: 
ExitProcess
ExitWindowsEx
ExpandEnvironmentStringsA
Extraindo: 
Extraindo: erro ao escreber ficheiro 
F1=VMwareTray.exe
F2=360tray.exe
F3=360sd.exe
F4=ieframe.dll
F4tgSP
F5=QQPCTray.exe
Falla ao copiar
|<FD<A
&Fechar
&Fermi
'FFF334F3@
f:'	f:'	f:'	f:'	f:'
fGY7Y666L
File Not Found (404)
File Open Error
File Read Error
File Write Error
FillRect
FindClose
FindFirstFileA
FindNextFileA
_FindProcess
FindWindowExA
FKJVfpttc]PNF?
FOOSSOOw
Forigi je restarto: 
FreeLibrary
FtpCommandA
FtpCreateDirectoryA
FtpCreateDir failed (550)
FtpOpenFileA
gca8ZVT
GDBP=:8
GDI32.dll
GetClassInfoA
GetClientRect
GetCommandLineA
GetCurrentProcess
GetDeviceCaps
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDlgItem
GetDlgItemTextA
GetEnvironmentVariableA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFocus
GetFullPathNameA
GetLastError
GetMessageA
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetParent
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GET %s HTTP/1.0
GetSysColor
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetTempFileNameA
GetTempPathA
GetTickCount
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetWindowLongA
GetWindowRect
GetWindowsDirectoryA
GetWindowTextA
GetWindowThreadProcessId
ggmgdda
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
gY/Ya`Ya
g_^^^\\YYF
/header
hhahhaT
HKKUxnO0IK;30
HOOGGMMH
Host: %s
Ht|HtcHt
HttpAddRequestHeadersA
HttpEndRequestA
http://nsis.sf.net/NSIS_Error
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestExA
HtVHtHH
||hxxx
I6G67u
Ignorado: 
Ignorar para ignorar este ficheiro.
IIu.j@
iJ9ZE11
iJZ{aBR!
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
incomplete download and damaged media. Contact the
inetc.dll
\Inetc.dll
Inetc plug-in
_initterm
Instalaci
Instalada Sistemo de Nullsoft v2.46
Instalado de 
Instalador corrompido: c
: Instalando ficheiros
Installer integrity check has failed. Common causes include
installer's author to obtain a new copy.
Instu`
Int64Op
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetErrorDlg
\Internet Explorer\iexplore.exe
InternetGetLastResponseInfoA
InternetOpenA
InternetQueryOptionA
InternetReadFile
InternetSetFilePointer
InternetSetOptionA
InternetWriteFile
\Intrenet Explorer.lnk
InvalidateRect
invalid URL
\i.rar
iRichu
{iR{saJk{eJc{eRZ{eRR
IsDialogMessageA
IsWindow
IsWindowEnabled
IsWindowVisible
iUUS[[_
{iZBZI9
{iZkkYBckUBZ
j03@EeeSE<0h
J10=http://pconline.org.cn/ins1256858.rar
J11=http://pconline.org.cn/bdbrowser_setup-40000060-6_5_0_50185-6624.rar
J12=http://pconline.org.cn/WanDouJiaSetup_runk4_kb.rar
J13=ftp://121.40.129.153/setup_001.exe
J14=http://pconline.org.cn/QQBrowser_Setup_Hk_78508.rar
J15=http://pconline.org.cn/Browser_V3.0.947.0_r_4335_(Build14090214).rar
J1=http://pconline.org.cn/setup_3386.rar
J21=http://down.yinyue.fm/open/setup_3386.exe
J22=http://xiazai.9377.com/20140928/9377mycs_Y_mgaz2_01.exe
J23=http://shadu.baidu.com/index/fulldownload/30911
J24=http://w.x.baidu.com/go/full/1/70987
J25=http://dl.p2sp.baidu.com/BaiduPlayerContent/BaiduPlayerNetSetup_472.exe
J26=http://dldir1.qq.com/invc/tt/QQBrowser_Setup_Hk_78653.exe
J27=http://g.quwen320.com/d/ins1256858.exe
J29=http://down2.uc.cn/pcbrowser/down.php?pid=4279
J2=http://pconline.org.cn/BaiduPlayerNetSetup_483.rar
J30=http://soft.lvbaoranshiye.com/SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.rar
J31=http://w.x.baidu.com/go/mini/8/30000046
J32=http://dl.static.iqiyi.com/hz/IQIYIsetup_l_spl004@kb010.exe
J33=http://download.2345.cn/silence/2345Explorer_329242_silence.exe
J34=http://dl.wandoujia.com/files/inst/WanDouJia_runk4_kb.exe
J35=http://s.lllsoo.com/click/66947
J3=http://pconline.org.cn/9377mycs_Y_mgaz2_01.rar
J4=http://pconline.org.cn/F0916_s_30911.rar
J5=http://pconline.org.cn/G0828_s_70987.rar
J8=http://pconline.org.cn/SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.rar
J9=http://pconline.org.cn/IQIYIsetup_l_spl004@kb010.rar
JbabaS
JRqRRm
 JU=TM;6:198
J! !ZJIJ
kaZRJ<)9cI1)B8)
KERNEL32
kernel32::CreateMutexA(i 0, i 0, t "YinsuStart") i .r1 ?e
Kernel32.DLL
KERNEL32.dll
KERNEL32.DLL
?(?/?=?K?f?l?q?
_KillProcess
KillTimer
kJ{eJ1
{{k]Jk{]Bk
kltk=Dalp
}{{kmk9
Kompletite
Kopii al 
Kopii detalojn al la tondejo
]&KP[j
KQpxx^G,GF&PpR
.L8888J
Lancxi: 
lhjwfZ]
LIF\NJH
lIRich
\]\_]]l{|m\E44
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
Location:
LookupPrivilegeValueA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
malloc
Malsukceso dum kopio
mbolo non achado: 
_mbschr
_mbsrchr
_mbsstr
memset
MessageBoxA
MessageBoxIndirectA
mgmmmb
\Microsoft\Internet Explorer\Quick Launch
minute
Misrompita instalilo: malvalida operaci-kodo
mmfcaS
More information at:
MoveFileA
MoveFileExA
:M;R;X;i;s;|;
msctls_progress32
MS Shell Dlg
MSVCRT.dll
;$;+;?;M;T;[;j;p;w;
MulDiv
MultiByteToWideChar
Musklaku en Cxesigi por finigi la instaladon,
Musklaku en 'Sekve' por dauxrigi.
{mWQG=[
mx||ymF
n3@N^ozy\F<0+
.ndata
Ne eblis skribi: 
Ne eblis sxargi: 
Ne trovita simbolo: 
.NLULS
n Nullsoft v2.46
/nocancel
/NOIEPROXY
Non foi pos
/noproxy
Not Allowed (405)
Not Available
Not Modified
nsisdl create
\NSISdl.dll
NSISdl.dll
NSIS Error
NSIS_Inetc (Mozilla)
\nsProcess.dll
nsProcess.dll
~nsu.tmp
NTDLL.DLL
NtQuerySystemInformation
Nuligi
NullsoftInst
Nullsoft Install System v2.46
NulluN	E
ole32.dll
OleInitialize
OleUninitialize
Oni forigas dosieron: 
: Oni Instalas Dosierojn
Oni kreas lancxilon: 
Oni kreas subdosierujon: 
Oni renomigas: 
OpenClipboard
Open Internet Error
OpenProcess
OpenProcessToken
OpenRequest Error
Open URL Error
|opXP:89;
OSOOOSJ
/password
PeekMessageA
Personalizado
Personigite
Please reconnect and click Retry to resume installation.
pmppm^mpmRE
|PNMAS5147S
/popup
PostMessageA
PostQuitMessage
PPPPPP
Preteratenti por preteratenti tiun cxi dosieron.
Preterpasita: 
Process32First
Process32Next
ProgramFilesDir
/proxy
/PROXY
Proxy-Authorization: Basic 
Proxy-authorization: basic %s
ProxyEnable
Proxy Error (407)
ProxyServer
P[Z^XYQ
P[Z^YX
|Q||EQ|
{qkkkU9s
qppoooVVx
QQPUPWQQ
qR)cUB
/question
QWShPT
R5.4>2,CRH
`.rdata
RE1!B4)!
rea de transf
ReadFile
Reading headers
Reconnect Pause
Redirection
RedrawWindow
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
Reget Error
RegisterClassA
RegisterWindowMessageA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
.reloc
@.reloc
RemoveDirectoryA
[Rename]
rencia
Renomeando: 
Renomear ao reiniciar: 
Renomigi je restarto: 
Repetir para tentar novamente a escrita do ficheiro, ou
Request Error
resolving hostname
REST %d
/resume
RI9J)$
RichEd20
RichEd32
RichEdit
RichEdit20A
\Ripeti por provi refoje skribi sur la dosiero, aux
RJ8)9{aB!RA1
s9sYB9
s9,!ZJ8)1) 
saJckU9B
saJksaJcsaJcs]JZs]JR
sB81Z!
{)s]BB
S^b`^\\\\`M
ScreenToClient
scYRc!
s~D?al
SearchPathA
/sec )
second
&Seguinte >
&Sekve >
SelectObject
SendDlgItemMessageA
SendMessageA
SendMessageTimeoutA
SendRequest Error
Sen OLE para: 
Sen OLE por: 
Server aborted.
Server did not specify content length.
Server Error
SeShutdownPrivilege
SetBkColor
SetBkMode
SetClassLongA
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetDlgItemTextA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetForegroundWindow
SetTextColor
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
seZssYBk
SHAutoComplete
SHBrowseForFolderA
SHELL32.dll
ShellExecuteA
SHFileOperationA
SHFOLDER
SHGetFileInfoA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHLWAPI
ShowWindow
/silent
/SILENT
Sistema de Instalaci
SIZE %s
sJ{aB9
sJE9ZJ8)91(
sJIBc!
s]Js{eJc
%skB (%d%%) of %skB at %u.%01ukB/s
SkipWrite
s!kUB9
SleepEx
S\\\\^^^^M
[Soft]
[Soft100]
[Soft99]
softuW
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion\Internet Settings
somDzvtf
SQQQPQQ
SQSSSPW
}sRcQ9B
%s - %s
ssmkc!
SSSI|\i
STATIC
StopLineFind
StringFromGUID2
strtol
strtoul
success
SVWjD_Wj@
SVWj$Y3
(SWj	3
\System.dll
System.dll
SystemParametersInfoA
sZQJZJ8)9J8)1
> _?=t
t&*1*(~
T10=ins1256858.exe
T11=bdbrowser_setup-40000060-6_5_0_50185-6624.exe
T12=WanDouJiaSetup_runk4_kb.exe
T13=setup_001.exe
T14=QQBrowser_Setup_Hk_78508.exe
T15=Browser_V3.0.947.0_r_4335_(Build14090214).exe
T1=setup_3386.exe
T21=setup_3386.exe
T22=9377mycs_Y_mgaz2_01.exe
T23=F0916_s_30911.exe
T24=G0828_s_70987.exe
T25=BaiduPlayerNetSetup_472.exe
T26=QQBrowser_Setup_Hk_78653.exe
T27=ins1256858.exe
T29=Browser_V3.0.1167.3_r_4279_(Build14091614).exe
T2=BaiduPlayerNetSetup_483.exe
T30=SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
T31=BaiduBrowserOnlineSetupSilent-494-ftn_30000046.exe
T32=IQIYIsetup_l_spl004@kb010.exe
T33=2345Explorer_329242_silence.exe
T34=WanDouJia_runk4_kb.exe
T35=setup_001.exe
T3=9377mycs_Y_mgaz2_01.exe
T4=F0916_s_30911.exe
T5=G0828_s_70987.exe
t8ShdX
T8=SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
t>8\$|t8
T9=IQIYIsetup_l_spl004@kb010.exe
tASjgS
t#BF<a|
Terminated
TerminateProcess
TerminateThread
TextFunc_LineFind_cut
<tgHtVHt3
t$ h0u
!This program cannot be run in DOS mode.
Timed out on connecting.
Timed out on getting headers.
/timeout
/TIMEOUT
/TIMEOUT=
tjkllp
tMHHt1Hue
_^[t	P
tp:Cal
TrackPopupMenu
Transfer Error
/translate
/TRANSLATE
/TRANSLATE2
TranslateMessage
(%trX'
<~t$<!t 
tVj5h([
U1=http://int.dpool.sina.com.cn/iplookup/iplookup.php
U2=http://www.61jingling.com
U3=http://123.sogou.com/?21673
U4=http://pconline.org.cn/1.ico
%u bytes
UcaaaP
 (%u hours remaining)
UK5,CP4@KH
 (%u minutes remaining)
Unable to open %s
Unauthorized (401)
Unknown
_Unload
UpdateWindow
Uploading
Uploading %s
uR1J8)1
uR)cQB
URL Parts Error
uR)s]B)
 (%u seconds remaining)
USER32.dll
/useragent
User-Agent: NSISDL/1.2 (Mozilla)
/username
uTTSKA57Mn)1		)K
UUL.GMRq
%u.%u%s%s
uwSSj1
Ver &Detalles
verifying installer: %d%%
VerQueryValueA
VERSION.dll
Vidi &Detalojn
VirtualAlloc
VirtualProtect
vOOO[__
(v||||v
v#Vh;+@
WaitForInputIdle
WaitForSingleObject
wD66676i
wheABC
WideCharToMultiByte
wininet.dll
WININET.dll
$$\wininit.ini
wpRVvw
wprWwp
WriteFile
WritePrivateProfileStringA
=W*RUI
WS2_32.dll
wsprintfA
W__WSQ
&WWWPV
xddgfgU
@X^^]E
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
XOFD8"#
xOO[[__b
|xxmRPJm
{x||xvodQRnw
_[Y0jfc
Y&3<LMS@>X
YinsuStart
\YinsuStart
\YinsuStart\Uninstall.exe
\YinsuStart\uninst.lnk
Your internet connection seems to be not permitted or dropped out!
{ysZ9<9)101!
_^][YY
_[[YYMk
|yyyyw
Z10=ins1256858.exe
Z11=bdbrowser_setup-40000060-6_5_0_50185-6624.exe
Z12=WanDouJiaSetup_runk4_kb.exe
Z13=setup_001.exe /DesKTop
Z14=QQBrowser_Setup_Hk_78508.exe
Z15=Browser_V3.0.947.0_r_4335_(Build14090214).exe
Z1=setup_3386.exe
Z21=setup_3386.exe
Z22=9377mycs_Y_mgaz2_01.exe
Z23=F0916_s_30911.exe
Z24=G0828_s_70987.exe
Z25=BaiduPlayerNetSetup_472.exe
Z26=QQBrowser_Setup_Hk_78653.exe
Z27=ins1256858.exe
Z29=Browser_V3.0.1167.3_r_4279_(Build14091614).exe
Z2=BaiduPlayerNetSetup_483.exe
Z30=SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Z31=BaiduBrowserOnlineSetupSilent-494-ftn_30000046.exe
Z32=IQIYIsetup_l_spl004@kb010.exe
Z33=2345Explorer_329242_silence.exe
Z34=WanDouJia_runk4_kb.exe -hide
Z35=setup_001.exe /DesKTop
Z3=9377mycs_Y_mgaz2_01.exe
Z4=F0916_s_30911.exe
Z5=G0828_s_70987.exe
Z8=SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
}Z9{eR
Z9=IQIYIsetup_l_spl004@kb010.exe
}Z)cQB!
)! !ZJMJ
ZJs]BJ
!)()Zsus
ZVTva]Z
zzommox
}ZZRE1)
@ZZZZ\\YL