MD5: 048d1d4e44e7dca78bbeea90e2704a7c
SHA1: a59201c7008ddec82fcd8e4e9d8bcbb23e67c542
SHA256: aa38fd9a2ef1ceaea0b074b64675c61e9ecd5c4de3d025028d8c98ae7103b3a5
SSDeep: 49152:7uxRM/pcl8vInH5xpXXa9AGZmzItim5gfcGM3KPnNPxGpf:67M/py8veH5xAvZ5gzPNPY
Size: 1614760 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: Muhe
Created at: 1992-06-20 01:22:17
Analyzed on: Windows7 SP1 32-bit

Summary:

Installer. An installation package.

Payload

No specific payload has been found.

Process activity

The Installer creates the following process(es):

rsLggr.exe:3564
bytefence-installer-3.18.0.0.exe:2404
ByteFenceService.exe:2480

The Installer injects its code into the following process(es):

ByteFence.exe:3348
ByteFenceService.exe:2204
%original file name%.exe:2224

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process rsLggr.exe:3564 makes changes in the file system.
The Installer creates and/or writes to the following file(s):

%Program Files%\ByteFence\Logs\000002.dbtmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab126D.tmp (54 bytes)
%Program Files%\ByteFence\Logs\MANIFEST-000002 (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF6EE.tmp (53 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar126E.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF700.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (54 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (1760 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF6FF.tmp (53 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF6EF.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416 (348 bytes)
%Program Files%\ByteFence\Logs\000001.dbtmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416 (1 bytes)

The Installer deletes the following file(s):

%Program Files%\ByteFence\Logs\CURRENT (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF6EE.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab126D.tmp (0 bytes)
%Program Files%\ByteFence\Logs\MANIFEST-000001 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar126E.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF700.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF6FF.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF6EF.tmp (0 bytes)

The process ByteFence.exe:3348 makes changes in the file system.
The Installer creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4EA555947766F67C3BB52DEDFD509C5 (312 bytes)
%Program Files%\ByteFence\rsEngine.dll (291 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5 (1302 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_3FD623D81F01CC7158ABFAD4F5E4B368 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_3FD623D81F01CC7158ABFAD4F5E4B368 (756 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware\ByteFence Anti-Malware.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_D972FCCAD85272E817C08B889541B920 (1480 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4EA555947766F67C3BB52DEDFD509C5 (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ECF3006D44DA211141391220EE5049F4 (52 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_D972FCCAD85272E817C08B889541B920 (1 bytes)
C:\Users\"%CurrentUserName%"\Desktop\ByteFence Anti-Malware.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0E506CEBBC8B162CFB2D72DB4891DCAE (364 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB (432 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab7225.tmp (53 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0E506CEBBC8B162CFB2D72DB4891DCAE (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE (398 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar7226.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB (712 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4 (412 bytes)

The Installer deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar7226.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab7225.tmp (0 bytes)

The process bytefence-installer-3.18.0.0.exe:2404 makes changes in the file system.
The Installer creates and/or writes to the following file(s):

%Program Files%\ByteFence\ByteFenceService.exe.config (383 bytes)
%Program Files%\ByteFence\rsEngineHelper.exe (6573 bytes)
%Program Files%\ByteFence\ByteFenceScan.exe.config (147 bytes)
%Program Files%\ByteFence\rsEngineHelper.exe.config (383 bytes)
%Program Files%\ByteFence\websocket-sharp.dll (10676 bytes)
%Program Files%\ByteFence\Signatures.dat (22262 bytes)
%Program Files%\ByteFence\RsMessages.dll (8157 bytes)
%Program Files%\ByteFence\rsLggr.dll (3498 bytes)
%Program Files%\ByteFence\x86\lz4_x86.dll (3629 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\nsExec.dll (14 bytes)
%Program Files%\ByteFence\ByteFence.exe.config (147 bytes)
%Program Files%\ByteFence\EULA.txt (28 bytes)
%Program Files%\ByteFence\ByteFence.exe (108352 bytes)
%Program Files%\ByteFence\ByteFenceGUI.dll (18782 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns19FB.tmp (14 bytes)
%Program Files%\ByteFence\WhiteList.dat (11709 bytes)
%Program Files%\ByteFence\ByteFenceService.exe (5549 bytes)
%Program Files%\ByteFence\Uninstall.exe (1867 bytes)
%Program Files%\ByteFence\x64\System.Data.SQLite.dll (30244 bytes)
%Program Files%\ByteFence\rsEngine.dll (104521 bytes)
%Program Files%\ByteFence\x86\System.Data.SQLite.dll (22599 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns1BC1.tmp (14 bytes)
%Program Files%\ByteFence\x64\lz4_x64.dll (5223 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\nsisdl.dll (30 bytes)
%Program Files%\ByteFence\Microsoft.Win32.TaskScheduler.dll (5936 bytes)
%Program Files%\ByteFence\rsUtils.dll (8332 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns1AD6.tmp (14 bytes)
%Program Files%\ByteFence\ByteFenceScan.exe (6226 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns1835.tmp (14 bytes)
%Program Files%\ByteFence\rsMessages-license.txt (13 bytes)
%Program Files%\ByteFence\rsLggr.exe (9075 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns1C9D.tmp (14 bytes)
%Program Files%\ByteFence\protobuf-net.dll (6755 bytes)

The Installer deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\nsisdl.dll (0 bytes)
%Program Files%\ByteFence\dummy.dat (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns1AD6.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi15B4.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns1835.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns19FB.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns1BC1.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns1C9D.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\nsExec.dll (0 bytes)

The process ByteFenceService.exe:2480 makes changes in the file system.
The Installer creates and/or writes to the following file(s):

%Program Files%\ByteFence\ByteFenceService.InstallState (196 bytes)
C:\Windows\System32\config\SYSTEM (3195 bytes)
%Program Files%\ByteFence\InstallUtil.InstallLog (640 bytes)
%Program Files%\ByteFence\ByteFenceService.InstallLog (675 bytes)
C:\Windows\System32\config\SYSTEM.LOG1 (4459 bytes)
C:\Windows\System32\config (1152 bytes)

The process %original file name%.exe:2224 makes changes in the file system.
The Installer creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\browse.css (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Progress.png (104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\locale\ES.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\in0AFF35B9\3892337C_stp.dat.tmp (689450 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Quick_Specs_m.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\images\button-bg.png (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\progress-bar.css (506 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\in0AFF35B9\631DC650_stp.dat.tmp (70472 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0082B8A6.log (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Icon_Generic.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\bg1.png (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Grey_Button.png (187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Close.png (468 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Color_Button_Hover.png (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Pause_Button.png (577 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\sponsored.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\main.css (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\bg_m.png (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\D920752866331.dat (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Color_Button.png (186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\ProgressBar.png (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0082B684.log (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Resume_Button.png (718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\images\progress-bg2.png (978 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\Lolosobeken[1].jpg (3794 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Close_Hover.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\csshover3.htc (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\images\progress-bg.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\in0AFF35B9\631DC650_stp.dat.part (1686 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Loader.gif (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Quick_Specs_s.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\00830ED1.log (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\in0AFF35B9\631DC650_stp\bytefence-installer-3.18.0.0.exe (1746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\Rampage - Through Time[1].jpg (1264 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\ie6_main.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\D920752866332.dat (82061 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\bootstrap_50524.html (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\checkbox.css (190 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Quick_Specs.png (221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0082B897.log (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\button.css (417 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\locale\PT.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\bg2.png (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\in0AFF35B9\3892337C_stp.dat.part (5146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\locale\EN.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Grey_Button_Hover.png (187 bytes)

The Installer deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0082B8A6.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0082B684.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0082B897.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\00830ED1.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\bootstrap_50524.html (0 bytes)

Registry activity

The process rsLggr.exe:3564 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\66\52C64B7E]
"LanguageList" = "en-US, en"

The process ByteFence.exe:3348 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\ByteFence]
"CLNG" = "en"
"EWICEABLD" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32]
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\ByteFence]
"U" = "9712d8e3-9378-4a28-901b-d41a97ff520d"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"UH" = "C98F28A1A2BDBBF3D3AACA16D76E99BB"

[HKCR\*\shell\ByteFence File Scan\command]
"(Default)" = "%Program Files%\ByteFence\ByteFenceScan.exe /scan:%1"

[HKLM\SOFTWARE\ByteFence]
"DelayRTP" = "636535275471985394"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"ScheduleScanEnabled" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32]
"EnableFileTracing" = "0"
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"DNFMFG" = "5wn9CCwOy7G22V LTVuCfQ=="

[HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\ByteFence]
"LMBLDH" = "60ta4/FetA8mEhIuZN8s6Q=="

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"DelayRTP" = "636535275471985394"

[HKLM\SOFTWARE\ByteFence]
"IPISICD" = "1"

[HKCR\Directory\shell\ByteFence Folder Scan]
"Position" = "Middle"

[HKCR\*\shell\ByteFence File Scan]
"Icon" = "%Program Files%\ByteFence\ByteFence.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"PSSET" = ""

[HKLM\SOFTWARE\ByteFence]
"idt" = "1517930144"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"IPICUID" = "tDtDyDtDyDyCtAzzyEyE0CyE0FyB0E0D"

[HKLM\SOFTWARE\ByteFence]
"PSSET" = ""

[HKCR\*\shell\ByteFence File Scan]
"(Default)" = "Scan with ByteFence Anti-Malware..."

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"LMBLDH" = "60ta4/FetA8mEhIuZN8s6Q=="

[HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\ByteFence]
"ScheduleScanMode" = "2"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"IPISICD" = "1"
"DUBLD" = "10"

[HKLM\SOFTWARE\ByteFence]
"FirstRun" = "2/6/2018 3:15:34 PM"
"IPIDTA" = "xRxYBnyNj13Qc3c XmwFCWAaBLzSnBuUaj5Y1r1sn70jIAjHBq53TAEpAUjzavDCqCqcSPu 0re66IYWqw5hvnw4MvMMH2BQh HYDn81A0lrMBdfE6Emc YqX2uLdT3spjBv U0xcfCHHZi21ACIqbBbHM pjjODb3gyAYI3T4SIE3IkVwZGS0I9ALyXrMGoyUkrgyC0ulktV6YJmCO9fEB63G65P/UhpuvRRjYgZlSbrUIS9EU0HfwidJ29cMuKCELef3zgmZdgyU41LxRRvkbQa KF8Zph/Q4sNOWV2luETM9PC/qETrwmZvx7qyjSJ9toe2hay/t/A4FT/RbcrMcApCX1JbWVzG7hZakNumuSLMT8rx9Wd8mhpaqO3NNq8ncwRsSjBLcv3w2A9BnoMYKOaXhQRTBAwMJgnEr7tMX2M3FiJoOCgr5uWtdoxBaVSm8RwKq865B4lMhfTSoOOyBXVdyUPjZvS1Cduu/p4eYBY FCcZsjy1Ry8Qtu9Mo2glHtDvY/SAmkSKZluk/d3Cx3D2VCdUAk/kxPDKn cyPuz5Zjh9opPeyXi8VD5dcl5R7Ax2jPw8pK3lGdjIG/tRnSFxCfy7czSvZsgfyoUYJSX9qgoAlkYBKK33CQAQgWcx6z0fSnPr7207zEHNbC1Q=="

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"TFNBLD" = "1"
"FirstRun" = "2/6/2018 3:15:34 PM"
"U" = "9712d8e3-9378-4a28-901b-d41a97ff520d"
"EWICEABLD" = "1"
"ScheduleScanMode" = "2"

[HKLM\SOFTWARE\ByteFence]
"InstallDate" = "2/6/2018 3:15:43 PM"
"INSSRTS" = "1"

[HKCU\Software\Classes\Local Settings\MuiCache\66\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\SOFTWARE\ByteFence]
"IPICUID" = "tDtDyDtDyDyCtAzzyEyE0CyE0FyB0E0D"

[HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKCR\Directory\shell\ByteFence Folder Scan\command]
"(Default)" = "%Program Files%\ByteFence\ByteFenceScan.exe /scan:%1"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"IPIDTA" = "xRxYBnyNj13Qc3c XmwFCWAaBLzSnBuUaj5Y1r1sn70jIAjHBq53TAEpAUjzavDCqCqcSPu 0re66IYWqw5hvnw4MvMMH2BQh HYDn81A0lrMBdfE6Emc YqX2uLdT3spjBv U0xcfCHHZi21ACIqbBbHM pjjODb3gyAYI3T4SIE3IkVwZGS0I9ALyXrMGoyUkrgyC0ulktV6YJmCO9fEB63G65P/UhpuvRRjYgZlSbrUIS9EU0HfwidJ29cMuKCELef3zgmZdgyU41LxRRvkbQa KF8Zph/Q4sNOWV2luETM9PC/qETrwmZvx7qyjSJ9toe2hay/t/A4FT/RbcrMcApCX1JbWVzG7hZakNumuSLMT8rx9Wd8mhpaqO3NNq8ncwRsSjBLcv3w2A9BnoMYKOaXhQRTBAwMJgnEr7tMX2M3FiJoOCgr5uWtdoxBaVSm8RwKq865B4lMhfTSoOOyBXVdyUPjZvS1Cduu/p4eYBY FCcZsjy1Ry8Qtu9Mo2glHtDvY/SAmkSKZluk/d3Cx3D2VCdUAk/kxPDKn cyPuz5Zjh9opPeyXi8VD5dcl5R7Ax2jPw8pK3lGdjIG/tRnSFxCfy7czSvZsgfyoUYJSX9qgoAlkYBKK33CQAQgWcx6z0fSnPr7207zEHNbC1Q=="

[HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"ELINSF" = "2/6/2018 3:15:44 PM"

[HKLM\SOFTWARE\ByteFence]
"UH" = "C98F28A1A2BDBBF3D3AACA16D76E99BB"
"OINSTP" = "mhhnS8G9/aOaHaDJKpbfeOpHnc9l0hbD00CzRB8JRawEh yLmljv2GVsGkaezdjqkPy8ZaQSPZ3kKCuRETGJ0itEITpVoJFy9ni/n tG7DVNko/MPFf857fWW0Tntf9Zb q9 Wjk6D8RoCa6bPgkRLi3YAlHVyVN/doys8EI1QgeZyxYh5i4SHU/yut0OfuDIRe rAuTE1f4Ovu5cfL5skJHxw11lvu1ULwxCGFfoyQJjPnWQqJSxwB8RL3rjgXee0j3OAR4awbjaLhwz1sEozS9rBzcKHnLAsPZalRa2uE2L285v1L5K2Oe79naEfI5kC2cS5be9up6j3frtH7pMLlmeGPwcBdxgdf/eLvhS9/jE3NDFmXBIST4 euFci8pbMkcs/p2Q5NumJfi/BuYfG18soqOkJBFIyTFXmmnDxTmpWb tV O5kwwb3kkSky hCfsl/WnkyO3N5qBVPZNiuNk0duSe9wtzrA xEPqx9wZYlrcYIdzdzHyW69D/087ZFLTrf//tO94O1fGZdOcL7I7g6qLaW07LGSRjMw7TjjMO9jqJdiX1xAW9H3uTKHaTa7IKIKInMw1irjnrpD7x I7ZxIt6PISwkfLhDxCp9C0RhgwRnQzQndvEXIH2Jxg8mWbFIPLGfz0O/vw9 rgNq I7hskWfB52LnY1w uKzfAiOYK4SPjusPmAm5OCI5Yujo1H86U8nZBGGRlzPWmyh2LgsnkJ FR5Cz2cGE/ukJWt/BM8d9tjRopSIURXDn9jX9cC/OcNPAYGktCqz5Fl37EU0FtwE5sj9gbLgy j3bP D6G6r8Vv ItlMk6bJrUw/ y Yni5ykLc88wxoDbtg=="

[HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"INSSRTS" = "1"

[HKLM\SOFTWARE\ByteFence]
"TFNBLD" = "1"

[HKCR\*\shell\ByteFence File Scan]
"Position" = "Middle"

[HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\ByteFence]
"URGCC" = "KX/CPMxn71JdipCokiE7 A=="

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"InstallDate" = "2/6/2018 3:15:43 PM"

[HKLM\SOFTWARE\ByteFence]
"FETRSI" = "1075847394"
"ScheduleScanEnabled" = "1"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"LMBLD" = "3"

[HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"FETRSI" = "1075847394"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence]
"DisplayIcon" = "msiexec.exe"

[HKLM\SOFTWARE\ByteFence]
"PMASS" = "1"
"DUBLD" = "10"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"EVLSRC" = "1"
"OINSTP" = "mhhnS8G9/aOaHaDJKpbfeOpHnc9l0hbD00CzRB8JRawEh yLmljv2GVsGkaezdjqkPy8ZaQSPZ3kKCuRETGJ0itEITpVoJFy9ni/n tG7DVNko/MPFf857fWW0Tntf9Zb q9 Wjk6D8RoCa6bPgkRLi3YAlHVyVN/doys8EI1QgeZyxYh5i4SHU/yut0OfuDIRe rAuTE1f4Ovu5cfL5skJHxw11lvu1ULwxCGFfoyQJjPnWQqJSxwB8RL3rjgXee0j3OAR4awbjaLhwz1sEozS9rBzcKHnLAsPZalRa2uE2L285v1L5K2Oe79naEfI5kC2cS5be9up6j3frtH7pMLlmeGPwcBdxgdf/eLvhS9/jE3NDFmXBIST4 euFci8pbMkcs/p2Q5NumJfi/BuYfG18soqOkJBFIyTFXmmnDxTmpWb tV O5kwwb3kkSky hCfsl/WnkyO3N5qBVPZNiuNk0duSe9wtzrA xEPqx9wZYlrcYIdzdzHyW69D/087ZFLTrf//tO94O1fGZdOcL7I7g6qLaW07LGSRjMw7TjjMO9jqJdiX1xAW9H3uTKHaTa7IKIKInMw1irjnrpD7x I7ZxIt6PISwkfLhDxCp9C0RhgwRnQzQndvEXIH2Jxg8mWbFIPLGfz0O/vw9 rgNq I7hskWfB52LnY1w uKzfAiOYK4SPjusPmAm5OCI5Yujo1H86U8nZBGGRlzPWmyh2LgsnkJ FR5Cz2cGE/ukJWt/BM8d9tjRopSIURXDn9jX9cC/OcNPAYGktCqz5Fl37EU0FtwE5sj9gbLgy j3bP D6G6r8Vv ItlMk6bJrUw/ y Yni5ykLc88wxoDbtg=="

[HKLM\SOFTWARE\ByteFence]
"DNFMFG" = "5wn9CCwOy7G22V LTVuCfQ=="

[HKCR\Directory\shell\ByteFence Folder Scan]
"(Default)" = "Scan with ByteFence Anti-Malware..."

[HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"idt" = "1517930144"

[HKLM\SOFTWARE\ByteFence]
"ELINSF" = "2/6/2018 3:15:44 PM"
"LMBLD" = "3"
"EVLSRC" = "1"

[HKLM\SOFTWARE\Microsoft\IdentityStore\Cache]
"TracingSink" = "1018790147"

[HKCR\Directory\shell\ByteFence Folder Scan]
"Icon" = "%Program Files%\ByteFence\ByteFence.exe,0"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"PMASS" = "1"
"URGCC" = "KX/CPMxn71JdipCokiE7 A=="

The Installer deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\WOW6432Node\ByteFence]
"PINSTP"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\ByteFence]
"PINSTP"

The process bytefence-installer-3.18.0.0.exe:2404 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence]
"NoRepair" = "1"
"NoModify" = "1"
"DisplayName" = "ByteFence Anti-Malware"
"InstallSource" = "%Program Files%\ByteFence\"
"Publisher" = "Byte Technologies LLC"
"URLInfoAbout" = "https://www.bytefence.com"
"UninstallString" = "%Program Files%\ByteFence\uninstall.exe"

[HKLM\SOFTWARE\ByteFence]
"PINSTP" = "/S /IU=tDtDyDtDyDyCtAzzyEyE0CyE0FyB0E0D /i_data=2StR1L1R1V2Y1L1QtRzxtRtDtDyDtDyDyCtAzzyEyE0CyE0FyB0E0DtRtHtR1T1O1I2ZtRzxtR0C1F1F1I0R0O0MtRtHtR1L1R1V1O1I1T2X1F2Y1CtRzxtR0B2U2Z1P0F1P1G1R1P1V1B1F1I1L1J1FtRtHtR1F1B2X1P1C1B1L1F1GtRzxtRyCtFtCtRtHtR1B1L1QtRzxtRtBtDtCzztDtBtDyCtCyDtCyEtBtByEyCyCtR2Q /LM=3 /DU=10 /TFN /WICEA"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence]
"DisplayVersion" = "3.18.0.0"
"DisplayIcon" = "%Program Files%\ByteFence\Uninstall.exe"

The process ByteFenceService.exe:2480 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\Eventlog\Application]
"AutoBackupLogFiles" = "0"

[HKLM\System\CurrentControlSet\services\eventlog\Application\ByteFenceService]
"EventMessageFile" = "C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"

The process %original file name%.exe:2224 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\048d1d4e44e7dca78bbeea90e2704a7c_RASAPI32]
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\csastats\ic\b19a128d061d9a8d62548133ffdbb162585596e57cd61e0a883cb927afe6da1d]
"advertisers_ids" = "b4ff530f28"

[HKLM\SOFTWARE\Microsoft\Tracing\048d1d4e44e7dca78bbeea90e2704a7c_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\048d1d4e44e7dca78bbeea90e2704a7c_RASMANCS]
"EnableFileTracing" = "0"

[HKCU\Software\csastats\ic\b19a128d061d9a8d62548133ffdbb162585596e57cd61e0a883cb927afe6da1d]
"install_time_client" = "20180206151422466"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "708992537"

[HKLM\SOFTWARE\Microsoft\Tracing\048d1d4e44e7dca78bbeea90e2704a7c_RASAPI32]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\048d1d4e44e7dca78bbeea90e2704a7c_RASMANCS]
"EnableConsoleTracing" = "0"

[HKCU\Software\csastats\ic\b19a128d061d9a8d62548133ffdbb162585596e57cd61e0a883cb927afe6da1d]
"install_id" = "b19a128d061d9a8d62548133ffdbb162585596e57cd61e0a883cb927afe6da1d"

[HKCU\Software\Classes\Local Settings\MuiCache\66\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\csastats\ic\b19a128d061d9a8d62548133ffdbb162585596e57cd61e0a883cb927afe6da1d]
"publisher_id" = "63616a555d"
"vendor_id" = "ic"

[HKLM\SOFTWARE\Microsoft\Tracing\048d1d4e44e7dca78bbeea90e2704a7c_RASMANCS]
"FileTracingMask" = "4294901760"

[HKCU\Software\csastats\ic\b19a128d061d9a8d62548133ffdbb162585596e57cd61e0a883cb927afe6da1d]
"channel" = "b14db6aee0ef0bbc1830a0dfb237c7de3c046d4b40547f0f20860ad08dfa9baa"

[HKLM\SOFTWARE\Microsoft\Tracing\048d1d4e44e7dca78bbeea90e2704a7c_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\csastats\ic\b19a128d061d9a8d62548133ffdbb162585596e57cd61e0a883cb927afe6da1d]
"hmac_sha256_validation" = "59bb82a95868fc11a59fd8286aaafe9420c1ec8010fffde72c0d0701aaec2475"

[HKLM\SOFTWARE\Microsoft\Tracing\048d1d4e44e7dca78bbeea90e2704a7c_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\048d1d4e44e7dca78bbeea90e2704a7c_RASAPI32]
"FileTracingMask" = "4294901760"
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\048d1d4e44e7dca78bbeea90e2704a7c_RASMANCS]
"MaxFileSize" = "1048576"

[HKCU\Software\csastats\ic\b19a128d061d9a8d62548133ffdbb162585596e57cd61e0a883cb927afe6da1d]
"install_time_server" = "20180206081429799"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Installer deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Muhe
Product Name: Fitalefahi
Product Version: 2.0
Legal Copyright: Software
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description: Fitalefahi Setup
Comments: This installation was built with Inno Setup.
Language: German (Germany)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://rp.comococolor.com/	54.76.13.179
hxxp://info.comococolor.com/?xeh=0	176.34.130.130
hxxp://os.comococolor.com/CoolROM/	52.19.171.110
hxxp://coolrom.com/screenshots_small/psx/Rampage - Through Time.jpg	199.231.226.44
hxxp://cdneu.comococolor.com/ofr/Tefenece/Tefenece_3_18_0_080118.cis	85.159.237.103
hxxp://dfw.coolrom.com/dl/39828/FMZq_zql39vkaFz1sF01Lw/1511122270/	199.231.226.43
hxxp://img.comococolor.com/ofr/Tefenece/Tefenece_3_18_0_080118.cis	199.58.87.110
hxxp://logs-bytefence-com-1135692724.us-east-1.elb.amazonaws.com/event?Eventname=Installer&status=ICStart&Product=ByteFence&i_data=2StR1L1R1V2Y1L1QtRzxtRtDtDyDtDyDyCtAzzyEyE0CyE0FyB0E0DtRtHtR1T1O1I2ZtRzxtR0C1F1F1I0R0O0MtRtHtR1L1R1V1O1I1T2X1F2Y1CtRzxtR0B2U2Z1P0F1P1G1R1P1V1B1F1I1L1J1FtRtHtR1F1B2X1P1C1B1L1F1GtRzxtRyCtFtCtRtHtR1B1L1QtRzxtRtBtDtCzztDtBtDyCtCyDtCyEtBtByEyCyCtR2Q&ruserid=&tag=2.0.50727&OSVersion=6.1.0.0&version=3.18.0.0
hxxp://logs-bytefence-com-1135692724.us-east-1.elb.amazonaws.com/event?Eventname=Installer&status=ICFinish&Product=ByteFence&i_data=2StR1L1R1V2Y1L1QtRzxtRtDtDyDtDyDyCtAzzyEyE0CyE0FyB0E0DtRtHtR1T1O1I2ZtRzxtR0C1F1F1I0R0O0MtRtHtR1L1R1V1O1I1T2X1F2Y1CtRzxtR0B2U2Z1P0F1P1G1R1P1V1B1F1I1L1J1FtRtHtR1F1B2X1P1C1B1L1F1GtRzxtRyCtFtCtRtHtR1B1L1QtRzxtRtBtDtCzztDtBtDyCtCyDtCyEtBtByEyCyCtR2Q&ruserid=&tag=2.0.50727&OSVersion=6.1.0.0&version=3.18.0.0
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir/SSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW+VUAg=
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt+lGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAztJjptShv7XNqq865y+Kw=
hxxp://cs9.wac.phicdn.net/sha2-assured-cs-g1.crl
hxxp://rvip1.ue.cachefly.net/sha2-assured-cs-g1.crl
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141/l2SWCyYX308B7Khio=
crl4.digicert.com	66.225.197.197
logs.bytefence.com	35.168.219.122
ocsp.digicert.com	93.184.220.29
s2.symcb.com	23.46.123.27
cdnus.comococolor.com	199.58.87.110
crl3.digicert.com	93.184.220.29

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /sha2-assured-cs-g1.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl3.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=172800

Content-Type: application/x-pkcs7-crl

Date: Tue, 06 Feb 2018 13:15:16 GMT

Etag: "3053996106"

Expires: Thu, 08 Feb 2018 13:15:16 GMT

Last-Modified: Mon, 05 Feb 2018 17:15:12 GMT

Server: ECS (vie/F3AD)

X-Cache: HIT

Content-Length: 15899
0.>.0.<....0...*.H........0r1.0...U....US1.0...U....DigiCert Inc
1.0...U....VVV.digicert.com110/..U...(DigiCert SHA2 Assured ID Code Si
gning CA..180205164527Z..180212170000Z0.;.0!...'~F.F.UD.........131022
120001Z0!...F..D.....A4...q..131031134730Z0!.....C5...v.........131104
065045Z0!......'...2...b.[...131111081914Z0!.......f[:t.....P...131111
081914Z0!....<.....i5i....[..131111081914Z0!...B.*.Y\T..........131
127000001Z0!...........3a.......131230172332Z0!......v7.*.....G....140
110211632Z0!....>$,.^v.2..X.4...140123133200Z0!.....3.....Q.>2.a
e..140128165227Z0!....L.....b..D...M..140128214342Z0!.....JR....zU.|q.
h..140203225616Z0!....?....}D.........140203225616Z0!......-/...3.U...
M..140203225616Z0!........*..~..N.XW..140203225616Z0!...;).?.5..c#FM."
Z..140203225616Z0!.........cif*...m...140207094008Z0!.....i..hs....n.~
 ..140207094008Z0!...1Q...b..o.g..(...140207094008Z0!...Z............E
...140207094008Z0!.....=...<.!........140212000001Z0!.....L.T_.....
.N.o..140327181117Z0!.......V.` ....G.^..140403000001Z0!....i..]..$.`.
9.1...140424213723Z0!.....E=.n.....k.....140506083000Z0!....;~:P.,.p..
..c...140513001311Z0!...4.Lc....}jB*.A...140514153453Z0!....0p..E.=..g
".,Q..140516193605Z0!......2hT........\..140617000001Z0!.........X|Pu.
..A2..140625110835Z0!...C.=.......$..^...140703094904Z0!...i[...Kt...L
......140708000001Z0!...@i.........'.p1..140715201841Z0!...{..'b.Y....
......140721123757Z0!......f....\.G.*....140721123900Z0!......o.....T4
......140723000001Z0!......2/4..,....i)..140723000001Z0!.....n.<
<<< skipped >>>

GET /screenshots_small/psx/Rampage - Through Time.jpg HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: coolrom.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.6.2

Date: Tue, 06 Feb 2018 13:14:29 GMT

Content-Type: image/jpeg

Content-Length: 22290

Last-Modified: Sun, 14 Jan 2018 05:44:48 GMT

Connection: keep-alive

ETag: "5a5aee50-5712"

Accept-Ranges: bytes
......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62),
 quality = 100....C...................................................
.................C....................................................
...................x....".............................................
...............}........!1A..Qa."q.2....#B...R..$3br........%&'()*4567
89:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...................................
......................................................................
.....................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&
'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz............................
........................................................?...u..w3....i
..0...dg..... ...U...p .^.w$.....I$...I.9...B..........^..xY..q..Y....
&e.. .p .....|.rzc..v73..|..1..*IB. ....^.8.4..{.....{.sQ..MF/.?o..oK.
.........oy*.0dH.X.r..%s...]...q.E{.....f......J...0...c.a.... E....\.
y..E.t.aZV..saN7.2X..(fb....u4....S5.,..tv...YH ....$.....s.C...T....U
..-gt.jSQ....i.~....a.a...T....c%......4.......In.....1]..4.VH..."#..q
...`...wg. u5.....i4...`.>..VX....f$....... fB.._C._..C.w..1.?.X.].
..~ ..1..!.......C.i.qJ@h^...$W|...H.....s....U..?....i.....4._..~..S.
..........>'..t5..=R..txm..B...d....\.1X...0.....A.\ ..$...d.....,.
.r..0...f.. ...S.....s.q....rt....)P.U....3.G4..^>...x.`.b..St.....
...V..;s_.iiv~.x/A.n.e|.B...f.0.[z.......d. *...........n.....C..u.y..
.....c...$.D.)1...U......o..j....q....1./..u..G..d..J.../......C.;.~..
...J....h!k......Z_...M.K......_.....|~_..........H. .w.j...5.....
<<< skipped >>>

HEAD /dl/39828/FMZq_zql39vkaFz1sF01Lw/1511122270/ HTTP/1.1

Accept: */*

Host: dfw.coolrom.com

User-Agent: ironSource

Content-Length: 0

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx/1.6.3

Date: Tue, 06 Feb 2018 13:14:39 GMT

Content-Type: application/x-7z-compressed

Content-Length: 207397316

Last-Modified: Mon, 19 Nov 2012 13:57:00 GMT

Connection: close

Set-Cookie: PHPSESSID=r6sr4scl6hsn8eg4q1nkdq7gj2; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Content-Disposition: attachment; filename="Rampage - Through Time.7z"

ETag: "50aa3aac-c5ca1c4"

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET, PUT, POST, OPTIONS

Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,Referer,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since

Accept-Ranges: bytes

GET /dl/39828/FMZq_zql39vkaFz1sF01Lw/1511122270/ HTTP/1.1

Accept: */*

Host: dfw.coolrom.com

User-Agent: ironSource

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.6.3

Date: Tue, 06 Feb 2018 13:14:40 GMT

Content-Type: application/x-7z-compressed

Content-Length: 207397316

Last-Modified: Mon, 19 Nov 2012 13:57:00 GMT

Connection: close

Set-Cookie: PHPSESSID=73h17pqph2h328os56bk6ghep6; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Content-Disposition: attachment; filename="Rampage - Through Time.7z"

ETag: "50aa3aac-c5ca1c4"

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET, PUT, POST, OPTIONS

Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,Referer,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since

Accept-Ranges: bytes
7z..'...aX....\.....%.........d...?...Bo../o.Ti..F..)<u....~.P...jc
.q;,......mm....P]M1S.....n@........I.Sb..I.......C..x......@|=.......
.S......._....XP.A....{.=n....o...w.0.R../...g....z~.P(d.....i.c.W..i.
.....j:~7.....li!.e...(T...&...KbH... W...3~.2m1{[x-.'b..4.P..e..L....
....ili..[.[t.le>T.lnr?.......*.B3..`.....t...hrb...t..4..f.h.1.3.~
.zZC%n>M).r.<!^..2.1r.?..|-...2.. L/q........k..11.2.........,%a
.hpb.....P/x..jhvZ.`...G..q......S.f.y.WX_..0.Dd....Z<... .G..f..[.
.*kTM.0E.ZU{...:zm.s..55...Sk.........h...q...H...)...wS<6.......gZ
...tN3.{.:..?(....;..(.:H...|j.D!...r#.b.....<..r.7!..Z..9.XK6.9..4
0...@...[e.V.@l8...c....dM...1B....c..p0.z...<.&.Ze.. ...k......X..
\..Q-g@.h3...|....B...e..e.Gw.".UK.<t8.V........j..9.....T...R=....
...j....gr.g-)....1Xt.*...}/.b|..%<(..\_NO. ...dcr.Py.<.`.?5....
.7o.!8.0..4.0..6.W....HS^N.mr.X..!...x2&;.6Z-:......V.e.C...).b.......
..Gi.g):.2....lea...T..2g<.m.uM..p.>0&...=.i..N.D...8B.-.....'bp
..._9g.....x...a_.J4.A9....G[.@...X...e......6.w.s28.......4|G.@..$.d.
.<.D..,._.^I......'.:.=7...N.`o;..D"....../..{..].>x...?....... 
...0k.......;V.~..p..M).0...)y...5.b..B....%...P.m...11.w.A...nnR....!
..> .C.Q..q.PY.jh.k..c..!.)........r....$1..|...X...]~.....IX.a....
.9\.zKZ....... ...99.8..h..z..8.."\...y...8k.@..M...e..p8nK......,J..%
.h.M&....S@..g..k.....".........?.q1]...A]..nq*..P...7....R....w..d...
SP...X....L...H..".Xx.fR.!.g.c2...9...IZ..L|...s"......u..e.d.'.Dh.o.G
..:x.j/.............Ow..|}w.y.~.F.u[.._..?.....(L.,.6..g.....h....
<<< skipped >>>

GET /sha2-assured-cs-g1.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl4.digicert.com

HTTP/1.1 200 OK

Date: Tue, 06 Feb 2018 13:15:23 GMT

Content-Type: application/x-pkcs7-crl

Content-Length: 15899

Connection: keep-alive

Cache-Control: max-age=172800

Expires: Thu, 08 Feb 2018 13:15:23 GMT

X-CFHash: "299076feed051b3cfe412090c32dfeac"

X-CFF: B

Last-Modified: Mon, 05 Feb 2018 17:15:12 GMT

X-CF3: H

CF4Age: 227

x-cf-tsc: 1517851510

CF4ttl: 31536000.000

X-CF2: H

Server: CFS 0215

X-CF1: 13483:fC.fra2:cf:cacheN.fra2-01:H

Accept-Ranges: bytes
0.>.0.<....0...*.H........0r1.0...U....US1.0...U....DigiCert Inc
1.0...U....VVV.digicert.com110/..U...(DigiCert SHA2 Assured ID Code Si
gning CA..180205164527Z..180212170000Z0.;.0!...'~F.F.UD.........131022
120001Z0!...F..D.....A4...q..131031134730Z0!.....C5...v.........131104
065045Z0!......'...2...b.[...131111081914Z0!.......f[:t.....P...131111
081914Z0!....<.....i5i....[..131111081914Z0!...B.*.Y\T..........131
127000001Z0!...........3a.......131230172332Z0!......v7.*.....G....140
110211632Z0!....>$,.^v.2..X.4...140123133200Z0!.....3.....Q.>2.a
e..140128165227Z0!....L.....b..D...M..140128214342Z0!.....JR....zU.|q.
h..140203225616Z0!....?....}D.........140203225616Z0!......-/...3.U...
M..140203225616Z0!........*..~..N.XW..140203225616Z0!...;).?.5..c#FM."
Z..140203225616Z0!.........cif*...m...140207094008Z0!.....i..hs....n.~
 ..140207094008Z0!...1Q...b..o.g..(...140207094008Z0!...Z............E
...140207094008Z0!.....=...<.!........140212000001Z0!.....L.T_.....
.N.o..140327181117Z0!.......V.` ....G.^..140403000001Z0!....i..]..$.`.
9.1...140424213723Z0!.....E=.n.....k.....140506083000Z0!....;~:P.,.p..
..c...140513001311Z0!...4.Lc....}jB*.A...140514153453Z0!....0p..E.=..g
".,Q..140516193605Z0!......2hT........\..140617000001Z0!.........X|Pu.
..A2..140625110835Z0!...C.=.......$..^...140703094904Z0!...i[...Kt...L
......140708000001Z0!...@i.........'.p1..140715201841Z0!...{..'b.Y....
......140721123757Z0!......f....\.G.*....140721123900Z0!......o.....T4
......140723000001Z0!......2/4..,....i)..140723000001Z0!.....n.<
<<< skipped >>>

POST / HTTP/1.1

Accept: */*

Host: rp.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Content-Length: 1328

Cache-Control: no-cache

...3E.Q)_l.y...K.x5 
..HRGb..y..:.S...../.}...F....vI....O..xf..H..A*....S.....8......Z.:....MG...|./p......J.(..%.7.U.3.;...k........o...".Gc.'........-.\G.%.J.G..

......"&..QL.......M&.B..L..R1..M.v..k?}E...-p... .

.V...-..hn5......~@.KK.

b.{.K?CW..~AY.r...a.M.x.&.(..).....G.(?.......J.T..MSq".O...$.4....b.U...8...jl...1fr..S...
.h..M..J.8..!...]....38....g....%f..f..R .....q..,.
jVS..L.R....6.....
Q....B... |A&....=8.n...#.7*6....Q...A..........#....Wv1Q=..).L.A..D.P....^.B.{.....5....Fm..y.....AQ0..*m.\..H.`.r.!..H..i....0.....m4.p.......-...l.R.....ipns.r.i-....c.....BB.....h........n...G).........<..@.tY.:.s.5}.........9{.b...G>".`...V...=}.$&A...V....a.?..K.:#F.3....R...F........v]....Z$p......R3....U..H..5.jn9.....5.......`.n;.n...?.......7.g...I....%..J&. w...:d..ag....D.{.C....@PvT..(e...yl.o..#.I...6.).....2*..\.'....@..n._.2.rl..X.:......f.Fa7..#t......r...;.|(..R..H...(...... .J.9.v...9.Mp.09..tz.E(D.Opu).=...{.
..c.q..P|....k..Ir.qv...v.h....8...4.}......t.s$.92A})...Q.

Q...3=..\.3=A?._JV..% .........@FYK.......2).............8].U<]..P-".dF....b...rx..P|V...a.B.< .-.f....vH.2.*..U..^I.m>j.<.Y

.<Ab......$...L[.._...,...!...SH...-.Sg..y...:..{H.D.....#z.&...X..b...DI.^%-.8#..kA........$..Ve..d..<.Bt.oE../w...{.h.........P..

.....B.....S.D...:..*.....z..U.
.G..-b.}R
(.v

..>.[..x.G
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Feb 2018 13:14:29 GMT

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Tue, 06
 Feb 2018 13:14:29 GMT..Content-Length: 0..Connection: keep-alive..ont>....


POST / HTTP/1.1

Accept: */*

Host: rp.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Content-Length: 1632

Cache-Control: no-cache

...4.....>.K..~........O.,y......M..K.4....;Cf..'.mk*J.....!..J[..%..n.._...n./......&..k

...(..:EA..O.$
.......G.A...5..]..[.....w^Eo=;Yp....X.K[U8iM./......9.A59.>.An....wT...T
_...8....i..NGX`.e...../i.l6E.....q>..

#.J....f....8~..:.X}.z..n...2.h....C.@1nc.......WKpm...yo...Td.U%..o.7....b.&"M....B..KA...q.>B..>.2bf.....s.'.?.\.R[..H.SO........N.`.&..s.H"2...7..........

.5...#4...R...O........<.z.th..n....,.....a...&.2...
.]j!c.."%vf)!...5[U0.)X.M)S....
:......a.'a..'........>..Gj..OS../....fS=1.e..f....c....f6..'.<.r.^..nTY.=..B....M..lM(........W&.C..@t..Jqy. .....,R.B..P...>..%8..i.[..l...Co...`..I..P-*.nqIL<#./-.4..4
.v.T].....g..f..;_......Az...7&.{.#...F......M..Z.b.s3W1.[..'J..c............H..f Ss......xd....h.s........J.......~..#..Xcw.v.....>........n.DU1>.;.l.....~
;oiH(.....o..a..(..s}~.jm.W..h.y..<
3.D..j.......g..}.M.m?m.;8.q .
?.sq.g...z\...y...._q

.VB..O.x...5...=..p.C>.D.|=.9w..q..%.<.EM...............!............L.......u.K..^ ]G...........F....x%M..r.....*....5JJ.....E......Yaa..
...._.(X;...:N.........;.-U
.....E!.GOK.....x.e..a....9.....MR."......_~. u..PAX.x.t...S6.]N.........?s4.4`!............Q....D..}An.u..<}..^z.l<Y.."....te...)....!.....Q.c.5J.....@Y^..<..h......yo.....HCl!.& .`.D.e
^*.Y.f.&D...g8.H..OL...U.7C.
.._....yQ..N..F....$....I.s.}.
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Feb 2018 13:14:29 GMT

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Tue, 06
 Feb 2018 13:14:29 GMT..Content-Length: 0..Connection: keep-alive..ont>....


POST / HTTP/1.1

Accept: */*

Host: rp.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Content-Length: 1056

Cache-Control: no-cache

....V.....2$....J............z)^..b\.q......b.....hk......8.[...`|K........;..(.......EIhkWi2..<.........>....*u.....B.]. .Z|M.Y.3L.?............./..].....I.
_vw.z&/8....au....t..[...=...J..5..mv..o&d..B..............\...V...,/.....#M.9e.sZ..A.!o..b.T...|...N. .Q2...1 ..xg../.m..*W...$.......:..8....a.....\-.....F.......p;l>.......,....Q!fl....\..:.O...fH....CM^..kqu...g^qi.rNf...........p....W.._H0'hO...v.eM.N).".Z.~@.M"..c....f.g....U....../P....2.3./h...@.E.rg...h.t.....y..4.........^.9..^.t).|..p.....En.U...}(...$....a...].....<0.n.........G.....

...f.X.)4}h.....U.=."..!..3..."=7.`b..[...%.....
...%..o...WO.lp.0...L~. $..?.q.).L.lt..6.s?J..
%
.=.......w.s".S...v..\=4.A..z.o5....}..n.l..0..Z.. ...........W.?jm.....47..s.}.o....b...y;.......~}CG`..V
.pQB...f..*8aw.g..r......Ym7b..$*..3I..=<.VB..3[.A...r.......C.D..!.m..|...C.{/"Q...l......".ss.(I

..V&L)}.ON...,....Yd`...:[..%_..g...{.;
..^..A3.C...2.:^W..>*.g..8Q.=4..K.i..B.Y..m.GJ...8..3..1oO...I........UY....}...l....Gl.NOT......r...@l.........Wo..... 6.oI...

........#.[.

...$1.
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Feb 2018 13:14:38 GMT

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Tue, 06
 Feb 2018 13:14:38 GMT..Content-Length: 0..Connection: keep-alive..ont>....


POST / HTTP/1.1

Accept: */*

Host: rp.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Content-Length: 1056

Cache-Control: no-cache

.I..G.)E..,(D-... ..igd...Y.(P.h.p{.`.|..z!....(.(t.........~..o...P...C. .)......H......J..8...W.g.T.q.w7...6/,.w...B..H...1..R4..`....>..$t.sW>......4.......(#..c..0........ \.`.....p.&......$...x...HJ..............:/d.Ud..dy..}...s..uCT..`....B..}.BW.....6........c..|N.G....o'1.P..@.w=.....e:............k........:..pb@.hK.4.x...
Q.7>w)h..u......F..}F_.J.... ].H.tp/..?...W....=9..F...E...../...-.J..7E.G..`..).

tR....d..Y.#6.c.N._........_`...}...;."l...A,'.>.&@Y..P.R............W2*...5#..;.........o.f.|q'CG.f(.4E...@EBs/wXa...X...^...O..}.....\...5.v ...W./...}ku.."."....;.c7..AT.... ..%..
..^..c...L...O..p......~P56..?`.!*w.X./N......9.t.w..........6g.4....:.....G..RPn..?....~&...C. .q....V.2de.....cm"K.M..S....[n.......<.g'F....K...v

.F....=.vp..E..t..Fc/N.*....vW3j.g....b....l..F..'..E...D.......}{.'......T.;...

..v..u..T.......N........ ..GI......).a...A.>mp..9....#F.K'....D..........n...$..>...|FQRrZ8.%.......kGv.. ..bu/.F.G....h.wc..pDE 72..?[....e

..<C.a>C.....;m.7H.Y.z

$!.kQ.
.<g.e.M..|.R..H9...=.c(...<.;k

...A.o..|*....
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Feb 2018 13:14:39 GMT

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Tue, 06
 Feb 2018 13:14:39 GMT..Content-Length: 0..Connection: keep-alive..ont>....


POST / HTTP/1.1

Accept: */*

Host: rp.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Content-Length: 3024

Cache-Control: no-cache

I'.........a.o.~.[......*..Ef.i. ..%..^....!.~u.........J!.@{:E.1w.....j.CW.H.(..PQp.....kX.....sw....#kWN................w......4.....o.^..]@..!d. W<|S......?.)=.n...6..5.....68....Kp}.,J...F...7.&....&#....u_.*......@2......y..9.o.G ..^=......Qy@........W..Z...6..YJ[u.I?y.|yo8

#....{1.f...m.......H.e....f..-Rd.ZTF..Um.....C."...&.M.8............,?..k..xp.;...Y.......a..<.b(......#;..^{z!.....8.S.....-U....5i....].u.....-C.....Z....V...T.....X..|..).O`.^..^\..2."/?..AVE.9..M...G..q.*R..{..i..rck.. ...m......{%.CsS>-q8I5.;/V|..}.s.l..%Ow....k......1..)...v.d.U..C4X...dc1...".ae.c}....I'.tX.Fq..0G...s<<. ..#...L
._
.
O..G.m....zF.......8o.r.UDu..^.....p..[...R...2..m. ....B..'%.oD.R.....sS
.r
QLY}....b.i..R>..!......ue......<H.bq.T.....h.....U.x.9....vv..".......... LnN...:... ..W..U........].!..o`.C..W4....=....6..b.........w.`r&. .u.....=....1]..X....'......|n..)..9E...08..5<.?{...*~.. .4Cs..A.`7{.-...J...B..69q.}IcO.c\.*..V.Y:..G".Z.......a.0D..$...... "........j.Y..|...i...S.c.......B>;v.. J6..*.o.GN-W..._..B...-....R[Q..SnwJ..C.].(.nh.i_....................5...],o*..q..p...c..<..Hh.B.....sR..

/.*b.)pW.(g7...3e.E...g.G....I..0k..].@...po.UF.8...B.|.34...k..8......!...r[<..7.]..i......`$. ...a2`....D..,..s2.....>(......q....pk.P........._........C..0r.}=.....(....7.z.i..W..j....e
..,...
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Feb 2018 13:14:51 GMT

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Tue, 06
 Feb 2018 13:14:51 GMT..Content-Length: 0..Connection: keep-alive..

POST /CoolROM/ HTTP/1.1

Accept: */*

Host: os.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Content-Length: 2880

Cache-Control: no-cache

.I..~...$$........T.h..$...4z.k.0.`fL./V$.O

..N|t!..G..*|..bfw..........|.y.7`....r.....{..Y?j..n`.g.f/.....E=.....dM.......F..Q>...i....@DB/...5}..l.~. |.e`f>#?......G....n.{Uw.....jC.....@=.U..-.9 ...."Y.I...^6...P..)..Ld.].....,......A.O.=P?.0....I?.%s..@..8d.....^.}t.5...........OG.z.4.....P.@5.GC..J.n...(....,]......P..zvr.@..)=....%...Ij....\.[..........Aq.l_..Y..."..Q.i..Q...I.$.nG...!....@.I.ypk..4.y.!A. =#....h.....b.....d_.#....W.....) .A.Em.rj......#..l..X.rv>.N|v\...$.8..}8..(8....y7k....aoB.S..a.TF......AB....qk..F....h.....l..._...5...C$...qN.......{X..~m.d.Hl......ZJ:e.\C.rm..72.j....&........ .PPFW..Pup..

=.[.].DD.TT|"v...U...[(...
......m.B...".$7.M>...i%...g.........=x..i.......`... ..b.y..."ph.v..V........Z.dr4..}.M.u..Y'F....v. ...3.....h&3(.^nf.....nZ..".s.''./.e
V...dWiuU..Jx...~..QnL.fC............g.=4.......Bh.Y.~|~E.............|....s..!....4.z.......].)2;V..
.2.......F`P...1.xE..q...&...s.T..y49.5{.};".U.A...>........3.....Z.i..e..........p.W..z.r.|u.w........u:{..

I1.?.Kf.. bM....D./..y.....Xc.8.v..hj...OyL..lW..s.m.3...v.rL.a..l*tg."...D..D..-..E.._G....~..Y....w.k....F......f.)z)....p.K....l.3...R...tK..M-..2.....~..N'..S1.....).t
..Ez

?..G.z.K.}.R?:....C...0.%.x....5.....$...y...N.-.k.k...^U@R......s.....1X.......N..cc..q.?V....2.q.Y.F.l]..c7..a.FD..O.u..Z......h.....T
HTTP/1.1 200 OK

Cache-Control: no-cache

Content-Type: text/plain

Date: Tue, 06 Feb 2018 13:14:29 GMT

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Server: nginx

X-ICSCT-CC: UA

X-ICSCT-GICSET: 310458

X-ICSCT-IP: 194.242.96.226

X-ICSCT-ISP: Pitline Ltd

X-ICSCT-ORGANIZATION: Pitline Ltd

X-ICSCT-SERVER-NAME: ads-slave-1111-production-eu-west-1-i-093f67919566cb4eb

X-ICSCT-TIMESTAMP: 20180206081429799

X-ICSCT-VERSION: 1.11.1

X-ICSCT-XC: 1f3cfb072bc5ded412eb0f20eaa0b3fa349c056a

X-ICSCT-XS: 4eb2a71f144207bedf4780e5a4e4f0d4c17ad472

X-Powered-By: PHP/5.5.38

X-Robots-Tag: none

transfer-encoding: chunked

Connection: keep-alive
6e9b...u........B....:..&NNQ..}5`.....]..x..n..o...U..e?.c.......Q.&..
.....%{].3.....j.8..1..*....M=.-n.....Pv}....A.ct.`J..a..............C
v/MI5p....{...s..HvyaB.GW...^..^~....."...<-`.}..).7....1..7.>b0
7..)\.6.g.j....U.fk!..^....=...../j...u.i.oSl1.HZ..2.N........W[A-.../
...l...,.......y....r..&ty.I......r..$.i.....k.v.C4.*k.K.T...p...g....
.`.#..j5|.v........)....IW..:.$.T.J.zI...8........V.........dXv ..mpF.
.. .....7$.(<GC<w3..9h..6I.Q.....*..1V.u../...h...C|w<)..s?Qg
D9.....%..OI7./..DYH<~...........a.u.b.C.|I.y... 3>.I..'....V.7.
.1D.o5{K.S(6.smhe4]J.g.9(I....v.K.&|..".3.6........uh..X..~...........
.Y..&$.^...[..._Rh^.W.4m..x..y......e,s..-.]s.g.....?X....r......m.i.b
8.?<.2^.......d....\P........x.......".<%.x.Hvt... .sWo..OP..|p.
*eq#.'0X.Q.[..co.a.g....~....^ .<D.r.M.....m_.s....<..CM...R..C.
....V6w.1B..... ......F{..L]t.;.S.....D..6...._cAW...yH..(...A...!.z.P
.....Y.Q.^.....A.\-..r.<.^9Q...Y4^...v.R.^...U...w.....T.1...H...~O
.v..I.[....n.4h.N.D1Q..g.T.D..^9Q...3.Z.W...^...R..Zb...&.W.U._.....C.
U.Q.N.=.YEQ...Q.....V1Q.....|.P.^]Q.~.S.\...~.m,\.P.N.P._...qs......[.
Sl_..m!.Q..._LZ.Q..vQ...A.....h~.S...N..e......Z6%....L]_.......F.....
....h.W$.}.@:F[..-..Z....:3...=.n.......GAS*.~..}"..h...(OR.^O..[1Q...
V,\.Qr.`J.^.\...u.\...nn#.].P.>. $.*.wsL....n......GU.jl]z.'v.w.#.x
!vc7N.>........7....!..... Q^.......6..q=.N|............t......K$..
...r...:..8...........^....0#..q..}..V.[.JI._....8...L...X..j.{x ..8Q.
..7... :.2....3.9..U9......{..#.YE......O.P.......@...E.....wi@. .
<<< skipped >>>

GET /event?Eventname=Installer&status=ICStart&Product=ByteFence&i_data=2StR1L1R1V2Y1L1QtRzxtRtDtDyDtDyDyCtAzzyEyE0CyE0FyB0E0DtRtHtR1T1O1I2ZtRzxtR0C1F1F1I0R0O0MtRtHtR1L1R1V1O1I1T2X1F2Y1CtRzxtR0B2U2Z1P0F1P1G1R1P1V1B1F1I1L1J1FtRtHtR1F1B2X1P1C1B1L1F1GtRzxtRyCtFtCtRtHtR1B1L1QtRzxtRtBtDtCzztDtBtDyCtCyDtCyEtBtByEyCyCtR2Q&ruserid=&tag=2.0.50727&OSVersion=6.1.0.0&version=3.18.0.0 HTTP/1.0

Host: logs.bytefence.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

content-type: application/octet-stream

Date: Tue, 06 Feb 2018 13:14:51 GMT

Content-Length: 0

Connection: Close

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141/l2SWCyYX308B7Khio= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: s2.symcb.com

HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1754

content-transfer-encoding: binary

Cache-Control: max-age=485694, public, no-transform, must-revalidate

Last-Modified: Mon, 5 Feb 2018 04:07:44 GMT

Expires: Mon, 12 Feb 2018 04:07:44 GMT

Date: Tue, 06 Feb 2018 13:15:27 GMT

Connection: keep-alive
0..........0..... .....0......0...0...........8&.h....GE.......2018020
5040744Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...3
13..=x..vI`.a}.....*....20180205040744Z....20180212040744Z0...*.H.....
.........?....Sb..ci.<....Y...Z.U.....$..u....1.p.......I.&.V.9.<
;0-.f..y..-............2a.............f...X.@...S.Y........Z..l...1...
...>..|.8..b.K8../...{...\..:....>x......av..Wp.b..Ih.....mu.x).
...P.. .... 0...I.s..N.(>L'...i!......v. .g;..7mS...S.......8...:..
...0...0...0..........enJ..S.. ...h..a0...*.H........0..1.0...U....US1
.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c
) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign 
Class 3 Public Primary Certification Authority - G50...161213000000Z..
211231235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U...
.Symantec Trust Network1604..U...-Symantec Class 3 PCA - G5 SHA1 OCSP 
Responder0.."0...*.H.............0.........8..=...n.....T.p..{.. ..m..
...F.t.....4..._....fC..........f0..HTe....W..".q../.g6....E....{.....
Z .....[.I..S....O...eD".^_7~...ip...Q.-....<>n........V.I..O..t
..v]f...^.MN........?uVCj..b...\%i.W.s........V.......C.k.n...B.....B'
..L.......g.......[...K..........0...0...U.......0.0l..U. .e0c0a..`.H.
..E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...http:
//VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0.
.....0"..U....0...0.1.0...U....TGV-OFF-680...U...........8&.h....GE...
..0...U.#..0.....e......0..C9...3130...*.H..............b..N.).. .
<<< skipped >>>

GET /event?Eventname=Installer&status=ICFinish&Product=ByteFence&i_data=2StR1L1R1V2Y1L1QtRzxtRtDtDyDtDyDyCtAzzyEyE0CyE0FyB0E0DtRtHtR1T1O1I2ZtRzxtR0C1F1F1I0R0O0MtRtHtR1L1R1V1O1I1T2X1F2Y1CtRzxtR0B2U2Z1P0F1P1G1R1P1V1B1F1I1L1J1FtRtHtR1F1B2X1P1C1B1L1F1GtRzxtRyCtFtCtRtHtR1B1L1QtRzxtRtBtDtCzztDtBtDyCtCyDtCyEtBtByEyCyCtR2Q&ruserid=&tag=2.0.50727&OSVersion=6.1.0.0&version=3.18.0.0 HTTP/1.0

Host: logs.bytefence.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*

HTTP/1.1 200 OK

content-type: application/octet-stream

Date: Tue, 06 Feb 2018 13:14:55 GMT

Content-Length: 0

Connection: Close

GET /ofr/Tefenece/Tefenece_3_18_0_080118.cis HTTP/1.1

Accept: */*

Host: cdnus.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 06 Feb 2018 13:14:40 GMT

Content-Type: application/octet-stream

Content-Length: 9322222

Connection: keep-alive

x-amz-id-2: IBjhAmcCPAXYVPbsneVaKi4I0Quhk6Zv7RW0KILE1W 8iOLTDzcov05YghngI1AlPuV4KZ9fVl8=

x-amz-request-id: 660B6420EDFE1258

Last-Modified: Mon, 08 Jan 2018 15:22:04 GMT

ETag: "0b8bb38d4b4285ff492687db18d9233e"

x-amz-meta-cb-modifiedtime: Mon, 08 Jan 2018 15:20:48 GMT

x-amz-version-id: bhLsPvSbAYFTzG4aBgEEAYda20ZQTI.W

Accept-Ranges: bytes
CIS.........................>......P.......A..m.d...X.a.uE4H.5@.. &
....E..1<J.F.".S...,....-DQ..w....<{T..B...~.=.%k=. b..G..L(..V4
.K.v..q4g.eYUU.fb...J..f!{]..u6G.....9.?..yc...<.:ZC...(..........\
^S..A.$.;...Sg.AgH..Wy.bEe.........1,...[$..p...rZb1>...<.......
,..jp..X^*...uS/`(L.-.IyD.DA%...`O..n...$.~.P...a-..k...p.].X..o.>.
S8...yot.~.K51u..T...M.s.F.....G....: Y.<w...ji..=^q.3...`4A.s.'.5.
..i...v..dj.(KG.A.-4.i1..uK..h "..}....-...>D.>f0.'.......|...iX
>.-,...v.E/r..Dt|...$.A8^>W.]..d..).6.|.i'O.s...X.d.b%-..C{.'.!k
.q..?.f.p..Tzur.......Z.....3.td..a.d.....A.>.9.G.h-.knQ?.6.FT<.
sw.J..$......H@E..=O..K%V.rWm\.u.irr.>Q...ls.O....T...XW".n.~.5Y.qO
..@>...p..Hh.o...6.g=..[.......E...y...9N..35MFx.~cC|/Z:...q...=.d.
O...:...^....7.#g....'..O..I.C(2tj..U.5.Awn.Ec..E......OW:..Lp[.^.6.x$
8...m.j]....H...H....#a ........).;Z".!.R.Fc.ju.....A........S.s.)....
.............=.e.P...n.;F..[c)E..,^....6Y..;.[K..0#.J.y......J?5Mx...5
8s....R|;B..'.... f...4.!? ........i......y..z...(..!.7......^H..h.M.V
\..HB..e.<...LQ6e...c..g{_.] .nq.p..= ..|3*8.xf............Vg..^.M.
...&..u..[....8... ...x......\3...)m...@.F.A.L..7.c..1.3 ....,?1V.<
.^........OJ..>...B..M..;.-..p$'Q..,>.#.....bW.z;....~..?...xC..
...Jc,...1U..~ny..u.J.*....de.p...........~...XH..Z.A$|.....Yc...$T...
d...U....vO.4(...j..u.....M.1E..u....I;....wT.%.nQ..o.....u.*j....(...
r$..5X...........V...^.....;...Y.T.o.tF...3=$.b%.$.f.w. .s.6..B..Y....
.........H.Ct..$.[ZM..9.d.....2h.ec..f.h.:pG.......`.y...@..i...e.
<<< skipped >>>

GET /dl/39828/FMZq_zql39vkaFz1sF01Lw/1511122270/ HTTP/1.1

Range: bytes=103699000-207397315

Accept: */*

Host: dfw.coolrom.com

User-Agent: ironSource

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.3

Date: Tue, 06 Feb 2018 13:14:41 GMT

Content-Type: application/x-7z-compressed

Content-Length: 103698316

Last-Modified: Mon, 19 Nov 2012 13:57:00 GMT

Connection: close

Set-Cookie: PHPSESSID=662cph60fh8r0kjme1n0325gq1; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Content-Disposition: attachment; filename="Rampage - Through Time.7z"

ETag: "50aa3aac-c5ca1c4"

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET, PUT, POST, OPTIONS

Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,Referer,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since

Content-Range: bytes 103699000-207397315/207397316
.0.AG.dyo..XmE.FE..T..[.#..P..`\..n.t_Q.[.':...".l...P)...wla.M.......
2.u...gNxI....a.)..j..w`0.Q..6..._.U.....3...,.9..>9!y.@...T.8...}.
.f...f...hp@.^.=..:.. ....d...Y..|L.$.Rcv-q...NC.L........2.....D...wr
.1ejd.@..@W..</fQ.....-q.s.F..R.b....1.!..30W ..(...d.\1i.J....r.l.
...L..6I<L...K..(....)...t.....V~....B....Z'..v.y[x}P...I....O..C..
.$... .G...P:.5.2=S..x`.;h...li#<.5.b.^.I..Li....N.yxO.%..]..@#....
..\...".g.ny.;=..r.m'....#....../...K..:...e....bF;.p...5X"......4.ta.
..l...!...*.ta..y......K....5.....?z...:F.u...t.6...n.._.."..Dd.....&.
...`M...y......y......d.....$WL...4J%.1!5d..U./....... ....R/..;`...}&
lt;@T..~.......#..]x...l..y9..^..0.a..`...O\>.K...?#(~i...a,.,...#.
....v...3.bR.uy.{9..g7..B..;...r.\.WR...>.Rz...u.U..n8...|/fRJ.'.W.
`...S......$.:f....?.fRu{N8.F0.AU.:...73.h..............{.C]...V......
.P..n.-8@.a..y.'u.....(#.!J..eb.....i1..A....q:A..3L.eBn..............
.%...T.......H.}...ud....a........a .....f.".z...y.....<$..k.y.....
....n.B....=t72........4..........uD.#...f\..3.#7....L..._....u.A...B.
....L.....:.Q.T.,..K..q...T...u.a....HA.8... .h....sn..R..0.C..&.qb..(
.3.s..fnftB#7..I...R...*|..s.&......5..k....\.X.....A........}:l..?1.a
.E.V..r...hSI...C.5a..k].$2..c0.o.....O..../l.1<G..Hp.|@...A.-7|..{
H...%......&-WGZ.:vR.eA.2...V......=...Z. .|.q.....x......'..a.U..Oh..
......I...-........].q...{\4.u...On.i....b.D....M.D.6..?.k.X..P..b.#.K
..|.8|.X...*.Q.y..y}k......o.{.-WC.[._......w....5....q^.....n..'.....
[J...T...g. ..UO,x....^.X........V..@..& ....."o.<.Js.........&
<<< skipped >>>

GET /ofr/Tefenece/Tefenece_3_18_0_080118.cis HTTP/1.1

Range: bytes=2969600-4812799

Accept: */*

Host: cdneu.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Connection: Keep-Alive

.....C.(.A.........(.7.~.*..$..Kd'..y.......3Q'i.h..r....@4".... 5....
%`r.....l................[.#l..]<u...cXj...."T.0"..Qi.....K.f....B-
..U.0..<..>..7.:..l......O.{M..gV.....h.........f.e3.......q....
..R..yg.Z.6(.........*..y..6c.\K...wI.L...Rje..?.$V.L.,9.B.$ .....e...
.;/.........@....3.?"..5.G!..".......F..g..>@c.....\J..}o78.;..3..V
............hd.6...e.....@YR..4.5.$.iq.O%.o..A5k....lX..-..}$...'...5}
...O..{.......$?Hs4.%U......~.......7lP..V^...T..E).........d^B.RV..2.
.........{?....w..k..F2h..u...(F..|.f...2d...[.&...S............&....J
9.....\..i........S2...........H.... .q.x6..>.........&.. #./...=.F
....:2..><>...hUl}.6'.......A..Y3....P....R.T.....#...*..RA..
.`#......4..3...-..xu.b4}... ...m..E...C.x$B.2O['.%.F..\....%...m.....
..}..Q.. E...".0y.[]=.wq..}m..!7...6 ...h8a]E5....g~..r.........k.Q..@
.GD.'o.J....F.5uQ.?9V..1%.\hL0...L..a.....Cj.....|...G.:X.......[-....
).89..D.Q.zzm_.`. ..:'..(.....=.|j..i..%....A).Ut.i...a........n*..%..
\.{......g.(A......5..../....loG>..`.. .].s...o......"Y.<.......
.e*..x..Bl..VC&.Z....C.....J."...X..S.F5.J.T......R...q.......G..(&{@`
..%.%.9.....*..o........{...q...i....[...j.3...7R..u.u.L..........XH..
.*....(.,...1..<n.....Ux...Swx.k..].pM.u.F.sP9.h...s...B..'...U>
..........C..9.'H.<kV1p.3....#........4..e....&.H...u.Z..*h.4..r..Z
....}U....X.*zh....X..#2R......8.R..9n.................[...w.)...8..{@
..=&N...L..Ll<.{X=...2J..8.V^4........t."q ..a.c..d.0..m\.L...vQ..e
.9].Xi.....*....s..|..H.../_P..hE.d...._......%.."'...tS...qz....V
<<< skipped >>>

GET /ofr/Tefenece/Tefenece_3_18_0_080118.cis HTTP/1.1

Range: bytes=2355200-2457599

Accept: */*

Host: cdneu.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.10.2

Date: Tue, 06 Feb 2018 13:14:45 GMT

Content-Type: application/octet-stream

Content-Length: 102400

Connection: keep-alive

x-amz-id-2: 53N8YsFuc8wgtmzEx1W4qhTV1p6n8SWCeR49MMST25QvuHDYJL8Z2yrl/6Qt4bzzw6iWL6Uj1ow=

x-amz-request-id: 1A13DEDD7DC2F502

Last-Modified: Mon, 08 Jan 2018 15:22:04 GMT

ETag: "0b8bb38d4b4285ff492687db18d9233e"

x-amz-meta-cb-modifiedtime: Mon, 08 Jan 2018 15:20:48 GMT

x-amz-version-id: bhLsPvSbAYFTzG4aBgEEAYda20ZQTI.W

Content-Range: bytes 2355200-2457599/9322222
.X.(w.....E.].....*.4.a....".#.<.xv.V.....%..F.'./.e...|.....SDL...
.e..E...;.w..#....E..m..Ge%1jJ..\$|...."....p.7....m4$.c~.m...i?.f../.
.L0>8.q..`.Z.{..yV..m.4.G..."b.B2.G?</...2.6s...P../.....-}.....
........,~..;x....J{.....:...$...i. ..-{YHP..<..X2....{.]....a....%
.{.......gq.c.`.d...b.M.^\........P.D0....9/..D..?..wH..OM..../.c:.,.g
i5}4...[..E.....s]....!.z..C.....L...g@.%...\..x....2..y...i.......Vb3
.k(.XR..A.iL.r....8..x.F......:d..o.f......O.ap...P...kjstK..........v
..-..y6.5.B..}.F.,.mc..cY.O.G-....,.s.....<..v&..Vgg.S..d.7.ef..I..
.pe.?*.>.:.e..A...G.......mZJb-9..o..f7XT.)yc.r......N..e..)p......
fx...N...]...h.T.t......v.9.........u.b..4R...X....:V...nP..{a.59.....
n.}....=I0B........4H................0H...[.....0[..l.m.p.wH..S..A..GI
f..../.0.3........: .....E...ua;...J.....P)...........sA9g..!.H.1..{[.
...>.....g........^.~P^d0..-X...S.b.K`J.....~..a...,B...f^)<....
[.k...\..AI.%$YP@..^....D.g...\.sh......d..y="...|.fX.W..Ds.r.UW....R.
5E..4Q..,.V..g.y......?..!wj.%. .Y..` .x....wAm...P..u.....q.o../<.
..GK.X....m..&...|Vmz..........I..............6.sa..gr...........b..e.
<.. ...;.R..B.r...q.a]......0.........9oh..hm..,$"4.d......*0R.u.x.
........wvm..=Rw6*:.....@.k.'..s./.e...Y.e.....\.I..q;..d....4.R.0.'.w
...:....LO.,...r/<.^,_........}.(.].1......A)L..&H....iS..:...y.:P.
of..K....w4D.l. ..Z....zN[.y..EQ......B..Vf..R...|.Ul0.r......_.."....
.iLS.)>...L<....$..)/.....Sx..F}/.,.^.z..@WN.aU<8..x..._&...M
......(.t../S08i...8sp<.T.N.jm.S4......Rpf...u.........G.M~....
<<< skipped >>>

HEAD /ofr/Tefenece/Tefenece_3_18_0_080118.cis HTTP/1.1

Accept: */*

Host: cdneu.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Content-Length: 0

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Tue, 06 Feb 2018 13:14:39 GMT

Content-Type: application/octet-stream

Content-Length: 9322222

Connection: keep-alive

x-amz-id-2: 53N8YsFuc8wgtmzEx1W4qhTV1p6n8SWCeR49MMST25QvuHDYJL8Z2yrl/6Qt4bzzw6iWL6Uj1ow=

x-amz-request-id: 1A13DEDD7DC2F502

Last-Modified: Mon, 08 Jan 2018 15:22:04 GMT

ETag: "0b8bb38d4b4285ff492687db18d9233e"

x-amz-meta-cb-modifiedtime: Mon, 08 Jan 2018 15:20:48 GMT

x-amz-version-id: bhLsPvSbAYFTzG4aBgEEAYda20ZQTI.W

Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: nginx/1.10.2..Date: Tue, 06 Feb 2018 13:14:39
 GMT..Content-Type: application/octet-stream..Content-Length: 9322222.
.Connection: keep-alive..x-amz-id-2: 53N8YsFuc8wgtmzEx1W4qhTV1p6n8SWCe
R49MMST25QvuHDYJL8Z2yrl/6Qt4bzzw6iWL6Uj1ow=..x-amz-request-id: 1A13DED
D7DC2F502..Last-Modified: Mon, 08 Jan 2018 15:22:04 GMT..ETag: "0b8bb3
8d4b4285ff492687db18d9233e"..x-amz-meta-cb-modifiedtime: Mon, 08 Jan 2
018 15:20:48 GMT..x-amz-version-id: bhLsPvSbAYFTzG4aBgEEAYda20ZQTI.W..
Accept-Ranges: bytes......


GET /ofr/Tefenece/Tefenece_3_18_0_080118.cis HTTP/1.1

Range: bytes=7168000-9322221

Accept: */*

Host: cdneu.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.10.2

Date: Tue, 06 Feb 2018 13:14:42 GMT

Content-Type: application/octet-stream

Content-Length: 2154222

Connection: keep-alive

x-amz-id-2: 53N8YsFuc8wgtmzEx1W4qhTV1p6n8SWCeR49MMST25QvuHDYJL8Z2yrl/6Qt4bzzw6iWL6Uj1ow=

x-amz-request-id: 1A13DEDD7DC2F502

Last-Modified: Mon, 08 Jan 2018 15:22:04 GMT

ETag: "0b8bb38d4b4285ff492687db18d9233e"

x-amz-meta-cb-modifiedtime: Mon, 08 Jan 2018 15:20:48 GMT

x-amz-version-id: bhLsPvSbAYFTzG4aBgEEAYda20ZQTI.W

Content-Range: bytes 7168000-9322221/9322222
..t....`.J.l...-.Eo..=.n.\U.k.#3.n.NS....c."...j.....!..q.............
.....-..i....p<.l.l...^.W.3.,.....{....gQ..N...b.E).F%.!.".......ho
Q1M.N:k8.......).*D..Nz.|}...rr.k.H.ome.......8..H...KV...C.;.;....~x.
..7L....b.D=y.Qh...... ......!e`6................c...6..%g.#m[v.g....q
..>'....`..p!..M..C.. D.9..n...Oe.Z2.@.L...9...K..Q...........Q=J..
8M7[K.........5...&*.xH...2.6...F...e.V.[.?}|.z.YT ..d.....v.I......FI
..y;..Q...-E....r.trg.......O.s...\<e.....eq..b.v>...eZ...<..
&.HZ.Q..kBD.@.W-$D..2P....t^.,.7%..h....:...@.-|nz.\....&.c...B.x!r..1
.K#.]...p0.^'W..0....)o.v.O..{...#E.0.Z...a.E.......,..,...i.x".......
> .$.k6.]..'.....`..9...x[qY$....].}.(.CW...r....3....&.... I..j..J
.1..wt.[@..j.w...w8.....T....Y......j..H.E..v..!"&O.!.D..Q~.*...".>
5...P.)P.....f......q........7..*.S_]...........W...D.z0.my......h..;.
%....1 .........Y..n...@.*..@e........D.XRx.#.X......RE.^Y.Rn[...J.{..
...:[.......X.>..h.zeY........s..7#q.........W.....G?..Z..l.,U.E.k.
.k.......Y.<-.<..G. _.J...j....T~.c.....z.e...0.!96[...L..&.v4..
v.s...e........_..&.~..U...!..u..7......,. ..G!*p.2.._.....p....4.....
........X.y......;>...R...x....R.......f......7 C..........eij.c...
]lhy[X.%....=4..Z.W.\8.J.l......4O.8.'....P......w..G.g.q..^.tj.R.o.'.
L*....af......kU `.sM.9.. o_.......(.P..r....C..i...g9x.1?..O..(>..
...|m.*C2L.s.......Gh.O..T...~C.3...Y@!X....- ..J.!...iM$.L]D.....3/..
.`..).e.....){..%.j.A=.........D............:.z...G`.._C ...NE8.'.[...
...........p.dya..VJ.....&....N.../....G.F$K.Yn.H.v.....b4./..NE."
<<< skipped >>>

GET /ofr/Tefenece/Tefenece_3_18_0_080118.cis HTTP/1.1

Range: bytes=6451200-7167999

Accept: */*

Host: cdneu.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.10.2

Date: Tue, 06 Feb 2018 13:14:44 GMT

Content-Type: application/octet-stream

Content-Length: 716800

Connection: keep-alive

x-amz-id-2: 53N8YsFuc8wgtmzEx1W4qhTV1p6n8SWCeR49MMST25QvuHDYJL8Z2yrl/6Qt4bzzw6iWL6Uj1ow=

x-amz-request-id: 1A13DEDD7DC2F502

Last-Modified: Mon, 08 Jan 2018 15:22:04 GMT

ETag: "0b8bb38d4b4285ff492687db18d9233e"

x-amz-meta-cb-modifiedtime: Mon, 08 Jan 2018 15:20:48 GMT

x-amz-version-id: bhLsPvSbAYFTzG4aBgEEAYda20ZQTI.W

Content-Range: bytes 6451200-7167999/9322222
.)K.w... ....WX......&_I...L.-w*W...EY.......lX.....A.ok"s.....4=...m.
.......]..7....jv.P30./.nt.....B..x[.Zg.........J.]7.}*.5.q=.!..S.H...
.g@..9....I.........r.R...Bk...i.O....`..l...&.6O....(U.....K...J.....
.Sg.........%...n.T.N....;h..W.WU...f.[..._.j_..:]..g...Ma.g..[>&.O
N.......=...mm\...iG.e.|.zO:..................%b.w.J.{'.'...:(..o....%
Mc....Z.h..r$l...j([m..^X%.!3../.e.<X`..jc\n)Q.F.E..O0#FA...w.^....
)..q.hE.%.......d../.jJ.s.....k....F.'.C5]7.I..w...g..]] 6...]<...?
 .D.l..F_`.........f.M.V.....p.....J.*Z.......i.q>}F$g..T.......H..
it......b{O.Q......RJ.KU..X(m.o.....Q....!Xq2..._a.w..r.$..M..d.X..(&g
t;.9..t..>..R....v.-.P...3f.....r.S.o...ws.......zn{i......~.....3.
.l....W....j!........X5.1...)..g.m.W......U~../.a).{..C".v....\w.9..].
....."....u!...E.......5A.....Ao.I9........f.j."BW........g.]....K.S..
w.zeF.......7.$|..)6.'......W.K(. ..V0.3m..kN...._....0..y...UU$z(..Mr
....eAl."....F..6....FI.....z........p.w.o.h....[m.n.<..c....;U..9z
.....o.... F.|....\g!.g.0I.m.M4B.;....6".n.?..Kn..Vw....,.Yx0.e!.T..O#
.......i.....8.e.eG...5..=_.B(.:.......0h.B.k....G.e'..(!...EfNB.....}
Za.y.......D.,G.._.....MH.....L..... ....<.\be.)...N..PA(&..Y.....T
k....vc.01\.>.."S.l.p..b..;/B..*.\..s...........o(;L;..`.O,X.y..Jq.
...&...4..4.h....X..Sg.....BE..>..v3xVa...8..1e....{...H'Lv.h$....%
.<.1&V......y..|V.;s[...j.f;Pv...b7.#2.O.N<.C../......4 y.......
 ....S.p..M....S.*.......x^.4.q.. _kkd.Q'...6-...A.?.T.@.,.C..k.0.~...
./..T@;..V....1.X...l.........$....hP...G`RC-...O@....{.%.jK=..!WS
<<< skipped >>>

GET /ofr/Tefenece/Tefenece_3_18_0_080118.cis HTTP/1.1

Range: bytes=2457600-2969599

Accept: */*

Host: cdneu.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.10.2

Date: Tue, 06 Feb 2018 13:14:45 GMT

Content-Type: application/octet-stream

Content-Length: 512000

Connection: keep-alive

x-amz-id-2: 53N8YsFuc8wgtmzEx1W4qhTV1p6n8SWCeR49MMST25QvuHDYJL8Z2yrl/6Qt4bzzw6iWL6Uj1ow=

x-amz-request-id: 1A13DEDD7DC2F502

Last-Modified: Mon, 08 Jan 2018 15:22:04 GMT

ETag: "0b8bb38d4b4285ff492687db18d9233e"

x-amz-meta-cb-modifiedtime: Mon, 08 Jan 2018 15:20:48 GMT

x-amz-version-id: bhLsPvSbAYFTzG4aBgEEAYda20ZQTI.W

Content-Range: bytes 2457600-2969599/9322222
.;.....$..E..A.o.......p..<..3....G....Y...R.;t...u...:M..,....8.l.
....O..;KK..>..C..6*..a.5.3.`...'....x.-......1S...X.L.9..L..<fX
........<f}...k...ApNC]{`j.. .k....#..Et..9......n.......G;.B.c.X..
Y........~.....t3s=.U.QU.8....E.....?`)..6N.&W.....k......=?..0'.0..U.
.ev!*.nN......g(.t.e..b..m{.....X. ;#J.,....x.-.f8...x.&...A5i........
Km...H..z..O.....66.".!#..c..H..y.._..{..0K*Y..@...N.h)..B........#..U
..%Mu.}mo..$|.... f.F.KpN..$?...b..H.......R.b....)..8s.f........l.*b.
.x....f...I..OVw.xI....\.......*.?.?.x.*..;W.2/.)........(....j.....Z&
lt;....9..p.j...R..........S.......D...$.I.F?.UI...K.#f....v....<..
......C..r.uOGJ.k@Ze....".}.gx....6NK[.bY ..A....wk.l..A.s.8.~.*N..^u.
.SoV.J.n]c.....L....6.}a.......Rt....^.k.W...5)..<.><!.8k&t..
i............2s[."!kjJ%..z.a.a..70..I. .P...]`...5..,!....#[..=U.D..N.
.uUI.....,= B.].p...Tw..;r.. Cb..x=c......sV......x........*^....A.S%.
...@...<..[.....5U.........P/..P.1.2.o..@....X...,(D&....7.........
.......65....].}.>./i..:5;..3..P...j..\ty...,mn...Asys..uo....B..!:
.J.....4(.^.w.1*..d9~...:....LV.:.).: .7...".]...:n.C......G...O!V..!.
..]..w.d[...3....!|.;Vl.....?.0.Q. ..)...Q.....u..........L2;f.w./....
.r....;-.b..l.....B&....%E.......o......wu..Rj>..eC.=Y.L.(..FI..R.Z
....x..Z..Y...BRqng.#..KZ..;..=.Q.j.N......*...'[SW. .S...v...K...CU..
...K..!...I=P0..........jU..H.Nv..4..]g......p.V..._.)./n.C.SSg.,..K:.
,m.. !  ..u..$w'D(m .`.>....G...w ..l]..m....f..v...vd. .n.1...k..e
........^XVY4..<...!......60}.7...$.m.!I........\....00\.....J.
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir/SSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW+VUAg= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=172800

Content-Type: application/ocsp-response

Date: Tue, 06 Feb 2018 13:15:05 GMT

Etag: "5a7991cd-1d7"

Expires: Thu, 08 Feb 2018 13:15:05 GMT

Last-Modified: Tue, 06 Feb 2018 11:30:21 GMT

Server: ECS (vie/F2AD)

X-Cache: HIT

Content-Length: 471
0..........0..... .....0......0...0......E.......1-Q...!..m....2018020
6000000Z0s0q0I0... ............@..D3=?..Mn8...Q..E.......1-Q...!..m...
....._..fuSC.o.P.....20180206000000Z....20180213000000Z0...*.H........
......9...-.su......MV...[....`.H..|eK$..C..Q].!o..'........t.=.......
............P....Ug..sV...a..LEx.&A.j..K.....i...Yk....0.....{.{..H...
..}=...%.$..?O&.4....~.@..N....Z.x.@1tdR..t..Q.o.~..cE....k......j.n..
..y.. ..h..!.U....b..W".....,..[,kM.(.........bp0.jHTTP/1.1 200 OK..Ac
cept-Ranges: bytes..Cache-Control: max-age=172800..Content-Type: appli
cation/ocsp-response..Date: Tue, 06 Feb 2018 13:15:05 GMT..Etag: "5a79
91cd-1d7"..Expires: Thu, 08 Feb 2018 13:15:05 GMT..Last-Modified: Tue,
 06 Feb 2018 11:30:21 GMT..Server: ECS (vie/F2AD)..X-Cache: HIT..Conte
nt-Length: 471..0..........0..... .....0......0...0......E.......1-Q..
.!..m....20180206000000Z0s0q0I0... ............@..D3=?..Mn8...Q..E....
...1-Q...!..m........_..fuSC.o.P.....20180206000000Z....20180213000000
Z0...*.H..............9...-.su......MV...[....`.H..|eK$..C..Q].!o..'..
......t.=...................P....Ug..sV...a..LEx.&A.j..K.....i...Yk...
.0.....{.{..H.....}=...%.$..?O&.4....~.@..N....Z.x.@1tdR..t..Q.o.~..cE
....k......j.n....y.. ..h..!.U....b..W".....,..[,kM.(.........bp0.jont>....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt+lGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAztJjptShv7XNqq865y+Kw= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=172800

Content-Type: application/ocsp-response

Date: Tue, 06 Feb 2018 13:15:11 GMT

Etag: "5a7953b3-1d7"

Expires: Thu, 08 Feb 2018 13:15:11 GMT

Last-Modified: Tue, 06 Feb 2018 07:05:23 GMT

Server: ECS (vie/F395)

X-Cache: HIT

Content-Length: 471
0..........0..... .....0......0...0......Z..{*....q..`.-.eu.X..2018020
6063120Z0s0q0I0... .........G.h...#......Vm.Q....Z..{*....q..`.-.eu.X.
...&:mJ..\....r......20180206063120Z....20180213054620Z0...*.H........
.......".!@Xwv....q.B....Z."O..]..@..4......H.T[...-..s......?x..z:.U.
..N.<2...p..v9....C...[8..y..\..Ap=Q.E...........|p.06..<.....m.
.(\?..]<...Tv..C..g_[...z.8....DW 8|}...)8I..5...Q........x.d.h....
.M._...........s..?...........4.tk.....m....3...hO.~...D...0HTTP/1.1 2
00 OK..Accept-Ranges: bytes..Cache-Control: max-age=172800..Content-Ty
pe: application/ocsp-response..Date: Tue, 06 Feb 2018 13:15:11 GMT..Et
ag: "5a7953b3-1d7"..Expires: Thu, 08 Feb 2018 13:15:11 GMT..Last-Modif
ied: Tue, 06 Feb 2018 07:05:23 GMT..Server: ECS (vie/F395)..X-Cache: H
IT..Content-Length: 471..0..........0..... .....0......0...0......Z..{
*....q..`.-.eu.X..20180206063120Z0s0q0I0... .........G.h...#......Vm.Q
....Z..{*....q..`.-.eu.X....&:mJ..\....r......20180206063120Z....20180
213054620Z0...*.H...............".!@Xwv....q.B....Z."O..]..@..4......H
.T[...-..s......?x..z:.U...N.<2...p..v9....C...[8..y..\..Ap=Q.E....
.......|p.06..<.....m..(\?..]<...Tv..C..g_[...z.8....DW 8|}...)8
I..5...Q........x.d.h.....M._...........s..?...........4.tk.....m....3
...hO.~...D...0..
<<< skipped >>>

GET /ofr/Tefenece/Tefenece_3_18_0_080118.cis HTTP/1.1

Range: bytes=4812800-9322221

Accept: */*

Host: cdnus.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.10.2

Date: Tue, 06 Feb 2018 13:14:41 GMT

Content-Type: application/octet-stream

Content-Length: 4509422

Connection: keep-alive

x-amz-id-2: IBjhAmcCPAXYVPbsneVaKi4I0Quhk6Zv7RW0KILE1W 8iOLTDzcov05YghngI1AlPuV4KZ9fVl8=

x-amz-request-id: 660B6420EDFE1258

Last-Modified: Mon, 08 Jan 2018 15:22:04 GMT

ETag: "0b8bb38d4b4285ff492687db18d9233e"

x-amz-meta-cb-modifiedtime: Mon, 08 Jan 2018 15:20:48 GMT

x-amz-version-id: bhLsPvSbAYFTzG4aBgEEAYda20ZQTI.W

Content-Range: bytes 4812800-9322221/9322222
.6S.e.a....fH!...6...!Yu..~.D.W..1.w8X&?...4........2....s.=,..4...N..
i.....?...f...rId....e..1.........H...-.............I=..[.:..RJ..D.$..
T.6.....o.Q...'/..Xi.{....{.`W.U.l...Z2V..6....r#.........w.j.....k.\.
...H.a.P.s...|...T.>.....u..._...5.o,. ..eiA..An._..B..te8...U.....
..>....h..(.....U... .gl .~...A.....O..g..W..@.kt...y...|...&0....c
B......;d..DE..L.n"..t.cx..2?!...]...G..g...s..q9...2...<.@......@h
..r..|a1...#.?'.Qy.i.!.! ...F....O[.. 7.;.j...L.?.,v....FC.Vyj&4..J...
.....t.......,.9U.@< ..^......D.&:7...}B...G........6e.V-<......
6.!.u...v...?}.....y.@...k;...yX<z...3....^..,.7.......e?...`..}...
.|..."*....7.....A.&o. n....<...).d>.9v.....7J..H...fwDCjk..nk).
J.L,LN|..e.....!C[..b.h4..@...........4n.s{. 8.}T.....*.}...Q=d..RH..C
....`...;/.Y9W...T........ .'.WJ.......k..%.A,......9...147.."{/...%o'
C...\.t..A...q....![......b..W(..\E.....-7.#n...~w.....[=...A^...5....
....^..j.............S........h..vU%........8.T0.......x>..........
.........i.$.....v...<.f.........)......cHg..FAw.!#.....J..GoK...tk
B.`.....b{.ij..2...e...V..J...1J......dC..BB..EA..Y8M........G.G.Hx...
......G8...7p.;.h....)...... .._.i;...jV........M.k...q. E.}vf.sLFG..P
<n..:..i.K....x.C..Z.n..5.3.YpUg.....9.9/.{.bQ....... .0iz..t.7Ko@.
...h.....*.BY?...S.P9&.y........@.*...mc....3.m.....:..G..COG...D..x..
.h}6. ...s>WW9.c~..oU._.........c..v.J..9k..i..0...B.2Xt. 3..@...!T
..e......b.'..#....s..3s.=S..]3.g......5&BM.......{..=F.....7V..W..f..
.bHE....z.'.--.6Yq...R...E...`"..4..%...N.h...`t.k.....\..;.......
<<< skipped >>>

POST /?xeh=0 HTTP/1.1

Accept: */*

Host: info.comococolor.com

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Content-Length: 176

Cache-Control: no-cache

.^.S...N)Tw?.G{&Q[..!KZ....f.[.Lx

a....o.O.3,...?.zBq.....5......%l9^.............e..*.a....(N.....W......4.k...bC..w..R..(.q..u.....D......... pX......

}..eGCo.z..CivS...
HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: text/plain; charset=utf-8

Date: Tue, 06 Feb 2018 13:14:29 GMT

Content-Length: 1112

Connection: keep-alive
LcqPUPZ5W/O7XvT/hGA4TXJwtQbLDGcb LK9XZLQgW6JqY7OMQrkk7jfTOy/BFAPa6NRyt
2Rby1HDHyxpVkZSd4dF3V0  VJ4gskQaBz81HqI sy3fFr6oYK3UU3V0qGrOmtgnfRM7VA
zJnFuFsTtzd0aMVO 6qTDrji7HYR3NcUeEEf/dhdNz FXzGicXfacQLwaTjTxVB9IsgQXr
ItqviEJAxNSJQ/JY3CmMHE3Iod1GyGuNiaN1jXBl7GbNvs4edMOggULaeLAqawT4lZE/xt
ewdy8bhAZaMGF5JNAxf2/aICirAHE2FfODrl6g9rEyzSzWVch8wmtq0zevv0/FmpB6XTYf
Pzw1UEbyOxYXR8EljsangRl7ENqNqPjGVBRjEf5IJG9JsEtOhxtwGB9YaaEYpdAF0H5Fe1
USAOPaTQaifVDupvehGcVZR058XhK0mVFbwt79VrGqemdznySHilSZbPdhR9as82lwkedJ
qm6AO39cjI3WaG1dxs6w2d2EzHPR5oARJvnOd2JeCOTkYcj6qsQcgw0XKXv5TNQnvTFLI6
ipnN3K5TV0og1D0sIPIkmR/k7snoMyHnux kNsM0w7EFKlNU5mjWEpzhWHPsk0EMaLc5RA
VUzc4H27thDl21aKvOUYosM4UV8aNBqYzmj0X0gThvsoApFP3iiFvpWZfwruhTCzhPN9eC
7pdITM3bgbhlYASqRvQhuQGZgfa1emRbDzzDoW7FiAz6nQff8393z oSPudfyDPBYBDlHh
dm041mdqsnNRXb64QRiyKUZQLH88njKiL1CH613CBq7SDaM72Y9huPt red4wnG1Yz p4W
yo4fJHzHnVo4EFAXdMNFjeFmYVVfPLGn8lnHOvG9QgNLr049dTfPwhCcIV5E3r/BegOy/B
Ahv5INakVbzYpkVoaVodFCGrZuA6sXF4X8F3i5 FEYZvC9u 0msuol4AUZXLrOEf1fhjCX
7lWZXtMBKxFdrSm AbqCCeyBAHzHqhV1rwXN9W99NqRJ2h0/Qo9u/dDORMdVW8vufA4EG4
tCx9bWSQTxfHHo4yf67eu83/bIinuwD5siZ3/ RmYajVTRSZAc27QFReIuVQ==HTTP/1.1
 200 OK..Access-Control-Allow-Origin: *..Content-Type: text/plain; cha
rset=utf-8..Date: Tue, 06 Feb 2018 13:14:29 GMT..Content-Length: 1112.
.Connection: keep-alive..LcqPUPZ5W/O7XvT/hGA4TXJwtQbLDGcb LK9XZLQgW6Jq
Y7OMQrkk7jfTOy/BFAPa6NRyt2Rby1HDHyxpVkZSd4dF3V0  VJ4gskQaBz81HqI sy3fF
r6oYK3UU3V0qGrOmtgnfRM7VAzJnFuFsTtzd0aMVO 6qTDrji7HYR3NcUeEEf/dhdNz FX
zGicXfacQLwaTjTxVB9IsgQXrItqviEJAxNSJQ/JY3CmMHE3Iod1GyGuNiaN1jXBl7
<<< skipped >>>

The Installer connects to the servers at the folowing location(s):

.idata

.rdata

P.reloc

P.rsrc

kernel32.dll

.DEFAULT\Control Panel\International

File I/O error %d

lzmadecompsmall: Compressed data is corrupted (%d)

lzmadecompsmall: %s

LzmaDecode failed (%d)

shell32.dll

/SUPPRESSMSGBOXES

/PASSWORD=password

Specifies the password to use.

For more detailed information, please visit hXXp://VVV.jrsoftware.org/ishelp/index.php?topic=setupcmdline

/SL5="$%x,%d,%d,

Inno Setup Setup Data (5.5.0)

Inno Setup Messages (5.5.3)

user32.dll

oleaut32.dll

advapi32.dll

RegOpenKeyExA

RegCloseKey

GetWindowsDirectoryA

MsgWaitForMultipleObjects

ExitWindowsEx

comctl32.dll

=...pyy

A?.lb

.blK*^Ak

name="JR.Inno.Setup"

version="1.0.0.0"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel level="asInvoker" uiAccess="false"/>

<windowsSettings>

<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

</windowsSettings>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted%Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'

Invalid variant operation"Variant method calls not supported

External exception %x

%original file name%.exe_2224_rwx_01240000_0010F000:

.gj}Q

%C{&Q

M3.zB

:.Mek3

h.wG1

RFa%s

.UOMD

w}.Mx

.ux`N

L_b.gSj

'.jkTff

L.tueR

 &s;%X

vW1%d

,~.We

.SxGD

ux.Wci

!Cs.MM

N:\yS

].ZH"N/

YD.lG

g'

dB%d-

"uv%F{

.Lb/D

udPg

.Oef6

h5.ri

H.Ac,f

tcPt

f.lfl

.VA"H

Ta,.lV

.jBZb

6%F'i%n

R'.pR

AB}.ti

A-1.TJ

.bFu;

L9%Fqm9:N

j.GQAF?m

>".KY

`53%XX

y%S1\

.gO1J

Vt9%d

%f>n4#

9'k.lD

C5%dG

Y -l}

o(9%d

zYx.rW

fT.eE$#

3&.LJn

e\.ie

e.wSv

@-Zn}

%uT}l

#%DqV

IN.CmH

|.ha&

Mc.ib

w`,

b.COik

M.ngM

.Mx 3}=

b.hg0

xv$%d

G?U%s

.hIaw

nigs%C

.iy33

Aýzu%

E~#.sJ}

m%7s\

>2Fs\\8

%f/t*

7ò2a

2HL.JG

;|D.xi

Ytph.wP4

.Wa{VT

I%xRR

QBu4%c

l.gq4$V

.jT]=

U;.rM6u

Xò(

c.EhV

!$t.Lz

'Fsi

y1S.lO

e.wh~

]#Z%x

%d}Ks

(5].CY

-'.mmP

%original file name%.exe_2224_rwx_01350000_0010E000:

%x1Ai

v%U:>

;%dW6

x%f.oo

),7%DS

@.SRA

V.yZr*

.mJjqo^

?U.rs

.eG21C

o.YMCZ}

@.yhxM~

G.SMO

Qd.jO

fj.AG

.ZNx<)

.xWdB<y

).Rcp

\Î?

tA?B%s

_'i.QZ

%d{F#

*.bpJ

K.ovi_

%U%8_

?u%Us^

s%FMl

x%u"Y2

.hI?H

:.wQS ?

4xr4%F

1'R%d'k

=[Ù

0.mgz
=v%.XpJ
eP(b%D
%uclAdq}
Esd.hM
V.JbF
x].Oo
Q)?.je
.smc3p
dLt.aD&
=.Bj#
t{!6h%czpz:
.Tko|X
ec.lCY
M%3xm
~3.hd`
ZeXe
(U.bA
3{%D@L
#&LvTk.dM
.dM!cbm
).su_'
.AMQx{(
{Ý| E
Shk)%CO
%s$o=
YL.Dp
aU%dj
}.zH37
1.hyt
*E/g@%u&
cTBm%U
|.LEq
.hcs]_
-%X#7
qX.xs
Ab.On^)O
r\.Kt
*xW%.X
2.xbJ
Yhk.Teb
`:.dM
G|.Rl
%xc E
p}.UgU
v.JwT}
wp.Gzi-
U.BnY
?.fhv
.np J
tSgxq%fR<e
AU%c~4>
%d#Uu
%fR51
Ref.gsU
saz%S
.CD##
.Rre>
7I[%CkD
)^Ÿ

rsLggr.exe_3564:


.text
`.rdata
@.data
.gfids
@.tls
.rsrc
@.reloc
t.hx3C
j.Yf;
_tcPVj@
.PjRW
Bv.SCv
operation not permitted
inappropriate io control operation
not supported
operation canceled
operation in progress
operation not supported
operation would block
protocol not supported
address family not supported
broken pipe
function not supported
InitOnceExecuteOnce
MaxPolicyElementKey
pExecutionResource
operator
operator ""
GetProcessWindowStation
Operation not permitted
Inappropriate I/O control operation
Broken pipe
?#%X.y
%S#[k
Ignoring error %s
Delete type=%d #%lld
%d missing files; e.g.
%s%s: dropping %d bytes; %s
Level-0 table #%llu: %lld bytes %s
Manual compaction at level-%d from %s .. %s; will stop at %s
Moved #%lld to level-%d %lld bytes %s: %s
Compaction error: %s
Generated table #%llu: %lld keys, %lld bytes
Compacted %d@%d   %d@%d files => %lld bytes
Compacting %d@%d   %d@%d files
compacted to: %s
=  %8.0f %9.0f %8.0f %9.0f
corrupted internal key in DBIter
' @ %llu : %d
leveldb.InternalKeyComparator
/llu.%s
/LOG.old
LOG.old
.dbtmp
unknown record type %u
corrupted key for
overlapping ranges in same level %s vs. %s
MANIFEST write: %s
files[ %d %d %d %d %d %d %d ]
Expanding@%d %d %d (%ld %ld bytes) to %d %d (%ld %ld bytes)
leveldb.BytewiseComparator
WinMmapFile.Append::UnmapCurrentRegion or MapNewRegion:
WinMmapFile.Close::UnmapCurrentRegion:
WinMmapFile.Close::SetFilePointer:
WinMmapFile.Close::CloseHandle:
WinMmapFile.Sync::FlushFileBuffers:
WinMmapFile.Sync::FlushViewOfFile:
d/d/d-d:d:d.d %llx
\xx
Unknown code(%d):
.Shb_
urls
urls.10K
house.jpg
mapreduce-osdi-1.pdf
cp.html
grammar.lsp
kennedy.xls
alice29.txt
asyoulik.txt
lcet10.txt
plrabn12.txt
geo.protodata
kppkn.gtb
%s (%.2f %%)
Event.wait() - Cannot wait on Event.
MailSlotReader.readMessage() - Cannot read message info
MailSlotReader.readMessage() - Cannot read message
Logger::sendLogs() - URLs list is empty
Invalid URL.
C:\Users\davidh\Desktop\Logger\cpp-logs-lib\winleveldb\Release\Logger.pdb
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.CRT$XCA
.CRT$XCAA
.CRT$XCC
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPB
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data
.data$r
.gfids$x
.gfids$y
.tls$
.tls$ZZZ
.rsrc$01
.rsrc$02
KERNEL32.dll
SHELL32.dll
SHLWAPI.dll
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WINHTTP.dll
GetCPInfo
GetProcessHeap
%C&c05
.?AVstl_critical_section_concrt@details@Concurrency@@
.?AVstl_condition_variable_concrt@details@Concurrency@@
.?AVunsupported_os@Concurrency@@
.?AVinvalid_scheduler_policy_key@Concurrency@@
.?AVinvalid_oversubscribe_operation@Concurrency@@
.?AVinvalid_operation@Concurrency@@
.?AUITopologyExecutionResource@Concurrency@@
.?AVExecutionResource@details@Concurrency@@
.?AUIExecutionResource@Concurrency@@
.?AUIExecutionContext@Concurrency@@
.?AULogReporter@?1??Recover@VersionSet@leveldb@@QAE?AVStatus@3@XZ@
.?AU_Crt_new_delete@std@@
.?AVInternalKeyComparator@leveldb@@
.?AULogReporter@?1??RecoverLogFile@DBImpl@leveldb@@AAE?AVStatus@3@_KPAVVersionEdit@3@PA_K@Z@
.?AVReporter@Reader@log@leveldb@@
.?AUWinHTTPTransporter@@
.?AVDebugWinHTTPTransporter@@
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
>!> >1>~>
3"4-444[4
2 2/2K2X2
5 52585\5
=!=$=)=-=
68n8
9%9X9c9h9m9
3,42484?4_4
7$8(8,808
< <$<(<,<
?kernel32.dll
combase.dll
advapi32.dll
mscoree.dll
Assertion failed: %Ts, file %Ts, line %d
ext-ms-win-ntuser-windowstation-l1-1-0
portuguese-brazilian
C:\Users\davidh\Desktop\Logger\cpp-logs-lib\winleveldb\packages\LevelDB.1.16.0.5\lib\native\include\leveldb/slice.h
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/dbformat.h
internal_key.size() >= 8
!rep_.empty()
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/builder.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/snapshot.h
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/version_set.h
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\util/arena.h
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/memtable.h
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/db_impl.cc
!writers_.empty()
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/db_iter.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/dbformat.cc
this->Compare(*key, tmp) < 0
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/filename.cc
contents.starts_with(dbname   "/")
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/log_writer.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/memtable.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/table_cache.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/version_set.cc
vset_->icmp_.Compare((*files)[files->size()-1]->largest, f->smallest) < 0
dummy_versions_.next_ == &dummy_versions_
!inputs.empty()
!c->inputs_[0].empty()
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/write_batch.cc
contents.size() >= kHeader
src->rep_.size() >= kHeader
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\port/port_win.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\table/block.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\table/block_builder.cc
buffer_.empty() || options_->comparator->Compare(key, last_key_piece) > 0
Slice(last_key_) == key
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\table/filter_block.cc
filter_index >= filter_offsets_.size()
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\table/format.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\table/iterator.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\table/iterator_wrapper.h
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\table/merger.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\table/table_builder.cc
r->options.comparator->Compare(key, Slice(r->last_key)) > 0
r->data_block.empty()
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\table/two_level_iterator.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\util/arena.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\util/cache.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\util/comparator.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\util/env_win.cc
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\util/status.cc
nc:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\leveldb.1.16.0.5\lib\native\src\db/skiplist.h
x == NULL || !Equal(key, x->key)
x == head_ || compare_(x->key, key) < 0
@C:\Users\davidh\Desktop\Logger\cpp-logs-lib\winleveldb\packages\Snappy.1.1.1.7\lib\native\include\snappy-internal.h
c:\users\davidh\desktop\logger\cpp-logs-lib\winleveldb\packages\snappy.1.1.1.7\lib\native\src\snappy.cc
\\.\mailslot\Znabulbul\Logger
t debug_url=
hXXps://
%Program Files%\ByteFence\rsLggr.exe

%original file name%.exe_2224_rwx_01680000_00101000:


UNVt.IX
.NZP9
W.sr0
-AX}~
.KQp[
>.AA,
'j%Sc
ÿ&K
.ZV3p
/%1%C
H.Vp1
!Z%FGa6
.ow.B
")H.jza]
8w%SC
.dl P
.NEGz
 .wc\
Rx|.gc;
1.mNu
:.nfeu
~TY.tyz
:M.czyu
V).vUw
-8S}*&
.wHWB
J880>.YU$
.OcjV
N|y|%X
}.zND
LtCPK
E@4.xa
.xFjf
a)0q%s
%ckwG
{<xMF%C
Wy.jy
S{`%s
B.UjK
\[{.DKV
)r^%Ul
Q,kEy
%x"[n
i..rs
mKGt.Eh
.gDN#
R52%1x
Q084%u
Km.ZG
G~.of
<5.qN
%dkh`
>p`j%C.
Z.xuR"@
=Z#%u
mSGb
iR.RA
-hN}bm
%cl"A,
O.Alu
/e.pa
)%XD1
d!.mqx
.RV0$
.cfQf
%Xb5x
T.bZm
Ep.vX
U^.yS
uza.FV
K.LZU
.Dd;tA
.ts3<T
7%U;<
?e}%d
-Zdf}X
<%dx(`"'^
%c?lY
n.Pw(
Crt7l
.zr@z
I0"^%CS
($%Si

%original file name%.exe_2224_rwx_018A1000_001D6000:


kernel32.dll
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
.Owner
EInvalidGraphicOperation
USER32.DLL
comctl32.dll
UrlMon
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
TKeyEvent
TKeyPressEvent
HelpKeyword
crSQLWait
%s (%s)
IMM32.DLL
AutoHotkeys
AutoHotkeys0
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState
OnKeyDown
OnKeyPress
OnKeyUp
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
te D'ivoire|CI=Cote D'ivoire (Ivory Coast)|CK=Cook Islands|CL=Chile|CM=Cameroon|CN=China|CO=Colombia|CR=Costa Rica|CS=Czechoslovakia (no longer exists)|CU=Cuba|CV=Cape Verde|CX=Christmas Island|CY=Cyprus|CZ=Czech Republic|DD=German Democratic Republic (no longer exists)|DE=Germany|DJ=Djibouti|DK=Denmark|DM=Dominica|DO=Dominican Republic|DZ=Algeria|EC=Ecuador|EE=Estonia|EG=Egypt|EH=Western Sahara|ER=Eritrea|ES=Spain|ET=Ethiopia|FI=Finland|FJ=Fiji|FK=Falkland Islands (Malvinas)|FM=Micronesia|FM=Micronesia, Federated States of|FO=Faroe Islands|FR=France|FX=France, Metropolitan|GA=Gabon|GB=United Kingdom|GB=United Kingdom (Great Britain)|GD=Grenada|GE=Georgia|GF=French Guiana|GH=Ghana|GI=Gibraltar|GL=Greenland|GM=Gambia|GN=Guinea|GP=Guadeloupe|GQ=Equatorial Guinea|GR=Greece|GS=South Georgia and the South Sandwich Islands|GT=Guatemala|GU=Guam|GW=Guinea-Bissau|GY=Guyana|HK=Hong Kong|HM=Heard & McDonald Islands|HN=Honduras|HR=Croatia|HT=Haiti|HU=Hungary|ID=Indonesia|IE=Ireland|IM=Isle of Man|IL=Israel|IN=India|IO=British Indian Ocean Territory|IQ=Iraq|IR=Iran, Islamic Republic of|IR=Iran|IR=Islamic Republic of Iran|IS=Iceland|IT=Italy|JM=Jamaica|JO=Jordan|JP=Japan|KE=Kenya|KG=Kyrgyzstan|KH=Cambodia|KI=Kiribati|KM=Comoros|KN=Saint Kitts and Nevis|KN=St. Kitts and Nevis|KP=South Korea|KP=Korea, Democratic People's Republic of|KR=Korea, Republic of|KW=Kuwait|KY=Cayman Islands|KZ=Kazakhstan|LA=Lao People's Democratic Republic|LB=Lebanon|LC=Saint Lucia|LI=Liechtenstein|LK=Sri Lanka|LR=Liberia|LS=Lesotho|LT=Lithuania|LU=Luxembourg|LV=Latvia|LY=Libyan Arab Jamahiriya|MA=Morocco|ME=Montenegro|MC=Monaco|MD=Moldova, Republic of|MG=Madagascar|MH=Marshall Islands|MK=Macedonia|ML=Mali|MM=Myanmar|MN=Mongolia|MO=Macau|MO=Macao|MP=Northern Mariana Islands|MQ=Martinique|MR=Mauritania|MS=Monserrat|MS=Montserrat|MT=Malta|MU=Mauritius|MV=Maldives|MW=Malawi|MX=Mexico|MY=Malaysia|MZ=Mozambique|NA=Nambia|NA=Namibia|NC=New Caledonia|NE=Niger|NF=Norfolk Island|NG=Nigeria|NI=Nicaragua|NL=Netherlands|NO=Norway|NP=Nepal|NR=Nauru|NT=Neutral Zone (no longer exists)|NU=Niue|NZ=New Zealand|OM=Oman|PA=Panama|PE=Peru|PF=French Polynesia|PG=Papua New Guinea|PH=Philippines|PK=Pakistan|PL=Poland|PM=St. Pierre & Miquelon|PM=Saint Pierre and Miquelon|PN=Pitcairn|PR=Puerto Rico|PS=Palestinian Territory|PT=Portugal|PW=Palau|PY=Paraguay|QA=Qatar|RE=Reunion|RO=Romania|RS=Serbia|RU=Russia|RU=Russian Federation|RW=Rwanda|SA=Saudi Arabia|SB=Solomon Islands|SC=Seychelles|SD=Sudan|SE=Sweden|SG=Singapore|SH=St. Helena|SI=Slovenia|SJ=Svalbard & Jan Mayen Islands|SK=Slovakia|SL=Sierra Leone|SM=San Marino|SN=Senegal|SO=Somalia|SR=Suriname|ST=Sao Tome & Principe|ST=Sao Tome and Principe|SU=Union of Soviet Socialist Republics (no longer exi|SV=El Salvador|SY=Syrian Arab Republic|SZ=Swaziland|TC=Turks & Caicos Islands|TC=Turks and Caicos Islands|TD=Chad|TF=French Southern Territories|TG=Togo|TH=Thailand|TJ=Tajikistan|TK=Tokelau|TM=Turkmenistan|TN=Tunisia|TO=Tonga|TP=East Timor|TR=Turkey|TT=Trinidad & Tobago|TT=Trinidad and Tobago|TV=Tuvalu|TW=Taiwan, Republic of China|TW=Taiwan, Province of China|TZ=Tanzania, United Republic of|UA=Ukraine|UG=Uganda|UM=United States Minor Outlying Islands|US=United States|US=United States of America|UY=Uruguay|UZ=Uzbekistan|VA=Vatican City State (Holy See)|VA=Holy See (Vatican City State)|VC=Saint Vincent and The Grenadines|VC=St. Vincent & the Grenadines|VE=Venezuela|VG=Virgin Islands, British|VG=British Virgin Islands|VI=Virgin Islands, U.S.|VI=United States Virgin Islands|VN=VietNam|VN=Viet Nam|VU=Vanuatu|WF=Wallis and Futuna|WF=Wallis & Futuna Islands|WS=Samoa|YD=Democratic Yemen (no longer exists)|YE=Yemen|YT=Mayotte|YU=Yugoslavia|ZA=South Africa|ZM=Zambia|ZR=Zaire|ZW=Zimbabwe|
Yy-4,dd-4,e.xH
C-2,wbhgbc.Na
Ljhc.EP
Kmvybyhksb.AA
Adotk-4,vldi`.LU
ZkkdDocjn^g-4,o.ye
^ioM-3,iiziGmwItI.cG
\h-2,Jfal\`dgxj-4.DZ
,-\ T,/.Om
hcl.sf
webqskv`T-Y
]@MYYNYHRBbn-1,`xbh-0,WZgaoby-1- ,CZSHx-12,nczYn-42,fdc.Vy
oj-2,`ac<<*kcb.jo
ak-2,`ob<< T,jcb.je
IN]JVN]K]KJ]B]F^UF@@]\v-2,ujbRBjazsnc^s`lkr-1,`-1,].jl
7Teah P,Ckh`-3,fkgo-2,7*NNYO.uh
A`bng`@ikc-4,uUxlxs-4,Ht.HA
Vh-0,Cd`jiVhlxwd-0,tLcibD.ZP
_RCEWVMQF]Aj`scplgx_Thbglv-4,_@t-3,qfoxUfs-4,jloPBsq,,Sbudp_hi-0,smcqf/i-0,f]< C
Khdj.nI
1.2.3
 P,=3/.sY
Gx-21,\igh]ixyj-42,M.DJ
A`qjz``-0,ZkdkNgij.pc
Kcqjpc`-0,Aaj-1,gEdafa`.pM
[cjnbh, xa,-xiz,--4,dk,-BBZHYBKYTC^YBC@RFMVRHC@CXS^HYS]HYZK_, zoa-3,i,.yd,,.FY
o-4,xFUCD.EA
Kf`, -1 W,hefc,.cxb`,,juoocbz,,.I,x
Mb`)z S-2,kz S,`ajf,.xoo-0,k,.,.,.\k`kgxfj,.fb`jbf,.g-2 S,`az S,jkhj`kj.i,>
Ecezcb-4 S,Tmeic6.fA
sQl9g7al
Bc/K-33,`-1.jG
Jbhblnrefc V,H-0,bv-1,li.AT
Uju-0,c-2 W,Ht-2,h-4.Rq
Ijv-1,h-0,jm Q,Jq-1,n-2,/,.u`l,.lnmw Q,ll`oj`zh`m-2 Q,xjzi`vz Q,kbz`.^l
Q-0,iznjib Q,`u,.tgu-0,qyi-1,ulb.a-F
Ob-4,/dcdzfe, kh-3,`/r-2,jld.vL
V-1,ns-4-.,hx V,lmdeehea,.mdhi Q,hi`onezhdh-2f.a
ebP-3,dLfnda`-4,`yj-4.PL
Gakqgnnltflb,.-0,j`,.Ljp`dq U,Cnr,  PQ,R.y
Lgvjgx`-0,mj U,f-3,kwei-3,u`fi U,jg`klkzlff-2,))oalgo,.qf(mdgkki)g``) P-J.c
 WP.Bi
Nlyeim, -2--,pieh`x)of-42--,pc-14,`i)ob-4,li S,cg,-Omzy,.Afijj`hg P,)jlegj S,xf,-qiet S,cg,-pc-14,`iz,-qm-2,hp R-Q,=
@jw-1,a-1,vgk/qzili,.lfqmgyg-1,mk RS,(-0,ma(cm`o/ug-1,gm-01,/lk-4,/aafagm-1,fm` V,/Eaaae,.-1,` R-1,m-1,voz-0 R,z`j R,jgxlbgnf PVQ.]s
Doi T,s,.rpb,.skb,.jbw RW,gfzf S,cabpi)s S,jos`o P,7.b
 TQ,/ Q.lx
,.g-3,z,.gm,..f-C
 VP ,-02,ueah,,mhneb/njxj-2-,4,cji-1 Q.wJ
 S,yf,..dN
Aglbbb U,yuoqk W,rj,.f V,cgkc),.ptlzsck4 W.`,g
,.dy-3-.,dj0,.-a.9
Vog-3,h`i*ga-1,*ufk*bo`idb,.xd-40,orz,.-3,n,.lo Q,alfhikn Q,lw*`bb*va-1,ad-12 T,/ P-c.\
Ggwelxatfj T,`jbahbca V,j` T,Ek-0,jmp,.Igs RT,dvz T,rkk T,`jba V,map V,fvmuw-2 T  S,gchl-1,ab SV,d.^
Fexcn-3--,@d-2--3,d-0,hi UU.XP
 T,abz T,loxjdt T,(/cbsakbekbi T.Ro
7,-Q-2,`7 T.oW
Vc-13,`t,.-0,`cc-0 U,ra(gc,.gpr,.gc V-2,mwpgk` VV-C,e
9,.pxc-1,w6 R.>]
, httpCode:
Pfc S,wktua-1 V,gvavsaj V,`k`hfgzolj,.,.oa-2,u S,`orb T-1,c`agpf`,.rke` V,qa-4,sfwzcg,- P,6._
,. W.Ny
Pgm,,w`-23,gj(hv`x-1,ak(-3,eaoi T-121,t`zx*.Co
K`gcml-2,dga)d-0,/fx-1,/fk(bl`g-2,p,- P,l-14,zjgy2/.Ts
*N,- S,*mf`xxmam R.oE
@ymd`O`kIomickq(av`mtzjgj,.ama` S,ke-0,d`p4 S-8._
L_LCUNTF, KHC.op
0.0.0.0
3?:96=>?59:;.ZQ
6?0N2=.Lq
;768>1-80
\fgejnhg,.Dhr,.f-3- ,z`b, -2,gbyz,..8y
_bhlfi)ze,,lv-33,hm-3-,2,fo,,ogfi)xcm)MGH U .,mcg`k,,-21,s,,-0,kmyeox,,-31,cxl4*.dE
@ar-0,hcm.lt
-3,9POddib-1.GS
y< Q,? Q,9<<=.jZ
000000000000
\cyg-1,r)a-2 V-2,ga V,eg`a U,(jg-2,i,.q`db V,km,.jf-0,z=)ZkvJfz<)->,n
n-3,Kkexhibi.jR
 ;7.Q,>N-Y,[ T,Tc.Uv
D`-1,zv)-1,lrf-12 R,hz-2,gd-32 R,oo`nlj UR,na`ln,.om-0-.,zgjagf(,.Av-23,[gz4)-SG
IGY,-lgfh*gy,--3,ae,-hgm,-lax,-C`Ghgaxt*kryxoiycad,- R,09=GL SQ,*ieddi*ye,.ou-31,kn-3-.,lakz*kcbo,--3,a*ybk*ic-2,a Q,*o-3,7*.Ue
dg-0.Zc
WFGSSHSBXDhdvfrhb-2,]Pmgehsz Q,IPUBrv-0,dip_duw`niq-I
Y]H.if
)hix.CB
[`gl-2,zonb,.gl-2,z-1,wmzgm`-2-.,da-1-.,c-33-.,lock8,.,..i
Y^`acxziagKphh-01,hy,.kle,.jh, mzhjzmi, afar,.gchk V-C.8
,.TfizMl-4,4in
Za-2,ihN@HCC/iwjly-0,jk6/,-.Jz
,.Cufz V,[nbsh5,..x,n
ch_strtup_urls
,.Grez R,\mbwo6,..E..
]DKizHi-4,exc-1,Hc`hk-3.GI
ole32.dll
olepro32.dll
IWebBrowser
IWebBrowserApp
IWebBrowser2
TEWBWindowSetResizable
TEWBWindowSetLeft
TEWBWindowSetTop
TEWBWindowSetWidth
TEWBWindowSetHeight
bstrUrlContext
bstrUrl
OnWindowSetResizabled
OnWindowSetLeft
OnWindowSetTop
OnWindowSetWidth
OnWindowSetHeightL
grfKeyState
TComTargetExecEvent
CmdGroup
nCmdID
nCmdexecopt
hhctrl.ocx
URLMON.DLL
SHDOCLC.DLL
rcmDefault
rcmDebug
DontExecuteScripts
DontExecuteJava
DontExecuteActiveX
DisableUrlIfEncodingUTF8
EnableUrlIfEncodingUTF8
CheckFontSupportsCodePage
DisableSubmitUrlInUTF8
EnableSubmitUrlInUTF8
lpMsg
PMsg
pguidCmdGroup
TTranslateUrlEvent
pchURLIn
ppchURLOut
CmdID
pszUrl
pszUrlContext
szPassWord
ErrorUrl
OptionKeyPath
OverrideOptionKeyPathD?
OnTranslateUrllF
OnCommandExec
'%s' is not supported.
TMsgEvent
TKeyEventEx
Port
Password
poPortrait
0.750000
3333333
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(
This object does not support this method (
Unsupported type for Parameter with Index %d
Method call unsuccessful. Object: %s, Method: %s, Exception: %s , Source: %s.
_E]kyf-31,Dmdmh-0-.,kjcbmo/ya-4,g,.aeyodbk,.xj-2,oen-0,kzx Q-C.v
hXXp://
hXXps://
Fc-0,mcdi,,E^,-iyhcx/nl`colod7,-.HZ
Lgq,.HQ V,Ktghz R,No-2,vghkp8 V.a R
Bcmloffj Q,zx,-`i-1,hs/Acr-0,iamjz@`aijd-2 V.Sl
Yklzgdb,.hew,.ofi,.zb`,.adbagdb,.-1,oua-13,v,.ze U,magubk-3,` PPT.`-c
CJ[hx.Xu
NAER_[URNDT].Lw
 U,lo-3 U,wojpd,.ov;,.n E
@WN R-2,edilcb R,iasgnpbf ST,tudpdjdj` R,yk W,qtjdj-4,kimxw W,rlglcja W,guadwymhl W,M
Xongiih,,mvho-2,zdcf,.-4,i-104,bmj,-nij,-IpgyOgjh6(.Hc
LJ_.ge
Bvs-1,fms,.ukv-0,b-2,s,.v-0,b-0,bj, ,.cktzn`fznai,.aakjb-1,=,..bb
fxk S,Cym^rk.Um
eiOnKeyDown
eiOnKeyPress
eiOnKeyUp
Handler with EventID = %s already exists.
Error on IConnectionPoint.Advise
Source don't have connection point for [%s]
THtmlUiCertificate
eu-3,q7,. U,ecmn/doyulmfbbso/nng,.lqzlljos JM
-4,isyi-3.lG
,.mm-32 W-1S
RZ-3,i-1,/ImznQ.Hy
MAPI32.DLL
qDatNnldtcp
LeftPopup
(Cf`-1,f3.dc
ac,-djah.XY
oi`pjjw T,fgw T,m`,.sgceNb
is not supported
,-,-Y-1,hjjks,-Ywqh,-.hL
not supported
Wh`hvybsQltjAhahkdshjc W,gddkda SW,Dw-4,hs U,DC G.P
 U,m-1,xjz,.xda-2,oa T .-2,l-1,f*hm-2,ydok*?(-c:
[-1,bai/dm-2,`gjzj, laamfi/-0,n-1,nfjzjy5,.,-.vy
W]F7 R.Um
Cmty/Oolakbi/Mrygcu7/.RJ
YR-0,xh]izn.cQ
Fyn-0,b-1,nj, ellgyfj, xm/Cxoc^EC-40 PR,fe-4,vneog/j`pjjh-0,/ntk-144-,.mF
2.1.0.0
[_FMTZG].mF
WDM.DM
uaixcbzaShz.CP
z-1,o-2,Nl-3,f`a.uz
@-0,`a]F,--42,acdfh,-df/]_AYDAMHHRE@IH V.Xs
ahm-2,i`n Q,lag.vS
-0,cnyzgcEi.Tc
MAMJG[XKE[F.ro
https
B`b,--2,jw-0,k-2 U,X-1,c U,d-2,/lcxnidj5 U.Py
Sf[.t,T*.lJ,e
Bjj,.Cjik,.feo`bhj,.qb4,..h,^
Me` Q,`kz Q-2,lav,.pfd,.T-1,nivkr-2 T,hn-1,i,.rgjmd,.mz V-2 T,om-1,aoew T-1,t`jgoi N,N
MSGALL
LFJHYPB_KH.Qu
Ckwc,.fkijcjo,.lvgc*babo T,`oy T,nochmj VT,ngfa2,.-9c
Ce-3,o,.hbejmcc,.b-4,kc T-3,p-1,mcc,.llw,.blmbai*MN
\mllzm Q,no-0,j S,bg`ggff S,g-0 Q,`-0,zsf`-1,mz,.fnw,.-0,ts-3,gswkl/ S,cirh4(1-C
irsoMsgDialog
irsoJoinPath
irsoGetCmdLineParam
irsoGetCmdLineCount
irsoGetCmdLineIndexOf
irsoGetCmdLineParamValue
irsoGetCmdLineAll
irsoRegCreateKey
irsoRegCreateKeyTree
irsoRegDeleteKey
irsoIsRegKeyExists
irsoRegListKeyValues
irsoRegListKeyKeys
irsoRegSearchKeyKeys
irsoRegCopyKey
irsoGetRegKeyInfo
irsoHttpGetData
irsoHttpGetDataInThread
irsoLibraryExecuteProc
irsoLibraryExecuteProcW
irsoLibraryExecuteProcWithResult
!irsoLibraryExecuteProcWithResultW
irsoExecute
irsoExecuteDllInProcess
irsoSaveExecuteUsingCMD
irsoIsMutexExists
irsoCreatePipeServer
irsoStopPipeServer
irsoSendDataToPipeServer
irsoSetDebugLogUrl
irsoGetDebugLogUrl
irsoGetWebBrowserHandle
irsoGetCurExeCheckSum
irsoCalcCurExeCheckSum
irsoGetExeInjection
irsoParseExeInjection
Om-2,enM-31,Htzi-4,bo`.IH
iubnyybRolkanldf.RW
.html
H-4,njBdi-2,o-4,r.vY
-4,fhxXahcxgw.rg
gghYcjrf.ae
jehGbeags.qB
LNYCD_^.eP
HMVH9>.PE
,.xeb`b-1,g P --3,zgcl)IWBY,.lx)jhmh-0,a-4P.Y
J-0,aa R,ieag/bbv/jbwah7 R.Wm
(,.ngkz-4,ze-3-,,nmbi2 T-A._
-3,1 T-1,`-4,b-4,w37 P,abov=.vN
]-3,dtzcka,.nltkiq V,@ksoikqc4*e-c
Qloj S,oa-1,n)jkeh-0,bw)-3,gsl,.zjdkj S,f-0,z/)mom,.z,.glzkqdg`f)gh S-2,fkql)-2 S,h`awak-1 S,``-2,wh`mf)-10,mgg`d.i-H
Vkkqg T-2 S,cmawjf-1 S,km-2,wcmmf R,q-0,mlj`d,. S,zkkp,.splmfqp,.tkob S,aoapg>2
ung`.Nr
gbo`dhfm.cV
E`ge U,Ufym`j V,En`b-1,n-1,bff,.himbx(io-2,m Q,lnmo,.ggrz W,(q-1,djmkf(vg-4,` Q,]rfb,.fmbfjfh-2,f.9 H
 R,/(_,,/ R-4,oc-4,l-2 V,*ogjfm,.fy)cfyzgam-O.y
irsoExecutePackage
irsoReportPackageError
irsoReportPackageSkip
irsoReportPackageQuit
irsoReportPackageSuccess
irsoReportPackageInfo
irsoSetPackageShouldReport
irsoSetPackageAutoReport
irsoGetPackageFilenameFromHttp
irsoGetPackageExecExitCode
irsoGetPackageExecPid
irsoGetPackageExecResult
irsoGetPackageDwnldUrls
irsoSetPackageRelProgressShare
irsoGetFireFoxEXE
irsoGetIEEXE
irsoGetChromeEXE
irsoGetOperaEXE
irsoGetFireFoxVer
irsoGetChromeVer
irsoGetOperaVer
irsoUninstallAddExeCmd
irsoUninstallAddOpenBrowserCmd
irsoUninstallAddRegistryKey
irsoUninstallExecute
irsoReportStart
irsoReportInfo
irsoSetExclusiveExec
isroSetReportUrl
isroSetReportUrlBkup
-11,jycmjaOaahDgvyc-11.Pg
zfc.bz
]no^dun.Vx
\fuj-1,w U,P\O U,qah`k,.nlvcbqff,-U>
Aomev-3-.1,f-3,a-1,w,.[\O,.zahk`,.ng-2,cbzmf,-.i^
\GCAPMA][.oj
TcUlue.PL
@Z]ER@L.ml
Sbmlji,,zi,,`agh,,Jcjm-0,jxM[ V,F_AH.gA
W`mmqzeon,.wvamaff P,4.]
z`o1caig2,.hf5b Q,0cfh)914`,,34`6;ia2f=ae-3,L1
JmeiCmzi=,,.IB
e-1,f.Cw
-0,ilCcbd.LG
)h-4,k.bR
Ioenjj,,v`,.izjmyvj,.xjj,.[c-0,mdg-2-.,el/ccfj,.,,.j
Hmaakh(ya,,muko-2,yk,,i,-Ym-1,nfiz,--33,gnk-40 S.SI
Qe-4,mnay,.`k-3,`b T,j,.vvdljaf RV,f-3,z V,gj` Q,p, -1,ctd-1,r TV .,cwxkhpboj T,ykvkyz V,`jzg T,b-2 V,ib-2,umei(.f,F
Ukszv.ra
[eckbn R-2,a, kgg-4,khbbxl,.blzzjneky R,N[B,,-G.9
FbghLbtaYhe.AU
Cmlh,.iwta-3,? V,e.I
1.2.1
deflate 1.2.1 Copyright 1995-2003 Jean-loup Gailly
inflate 1.2.1 Copyright 1995-2003 Mark Adler
?456789:;<=
!"#$%&'()* ,-./0123
TBv}.Bv
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
A<.ux
.gj]a
!.pX4h
%CQLF
Kr.BI
.QC({
ln%x_
HZ=.FG
X.TR)Q6P
o.vSh8
,Q|Ò
Dz.Jjn
M.ms9
:=R%u|
G5.Le`b
%X^?U
M.ABU
2.mWY;
.xwWh
5@.fI
%Ãt\9x
!%XvLp8
h.lv1T
}z%uY
|S;%C
~.Ph 
%x>_R
 %c{HL
%X{e~Z
.ihpu
$-L}:
.UW-O
!,P-%C
).zE9
.qWvs
K.kE3
,&XN$%U
5Mz.sl
.Cl$D
vi.Mz
$boA.Cb
 ->.lkH
p.LF2wE.
%x:Pr_R;W
GetProcessHeap
GetCPInfo
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
SetViewportOrgEx
keybd_event
UnhookWindowsHookEx
SetWindowsHookExA
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetAsyncKeyState
EnumWindows
EnumThreadWindows
EnumChildWindows
ActivateKeyboardLayout
GetKeyboardType
"$ %),'8
38000=344
4? 3!0 3!6
(O(J%C
1 0 .'7(2':
- /*-( ,'.-!$$$&'('/*) ,*/.)*72-7)
&)"%&$&'&",,/- '
844(@32%2u8
.PMDF<7I
2222444424
.idata
.edata
P.reloc
P.rsrc
n>l.vpb
,S.lb
(l.Li
kp-s.Virtua
Key#m
.tEes
`&.Lo:
$"!(&&$' )#
O(J%C
 /*-( ,'.-!
*/.)*72-7)
#-**(-#,
~x:.QB
Attempt to access registry key: "
supported by OS for "HKEY_CURRENT_USER\Software\"; access directly under "HKEY_CURRENT_USER\Software\Wow6432Node".
SOFTWARE\Microsoft\Windows NT\CurrentVersion
Exception caught while executing:
Execution AdminMode ADM_DEGRADE is not supported; using ADM_AS_DESKTOP instead. File:
errorUrl
7.43.0.6881
Please login as administrator and try again.
OLE error %.8x%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
Clipboard does not support Icons/Menu '%s' is already being used by another form
No help found for %s#No context-sensitive help installed$No topic-based help system installed
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Metafile is not valid!Cannot change the size of an icon Invalid operation on TOleGraphic
Unsupported clipboard format
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file %s
Cannot open file %s
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid GUID value
I/O error %d
Integer overflow Invalid floating point operation

ByteFence.exe_3348_rwx_04030000_00010000:


C%s@#

SearchProtocolHost.exe_3584:


.text
`.data
.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
KERNEL32.dll
msvcrt.dll
USER32.dll
ole32.dll
OLEAUT32.dll
TQUERY.DLL
MSSHooks.dll
IMM32.dll
SHLWAPI.dll
SrchCollatorCatalogInfo
SrchDSSLogin
SrchDSSPortManager
SrchPHHttp
SrchIndexerQuery
SrchIndexerProperties
SrchIndexerPlugin
SrchIndexerClient
SrchIndexerSchema
Msidle.dll
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
RegDeleteKeyW
RegDeleteKeyExW
8%uiP
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
</MSG></TRC>
<MSG>
<ERR> 0xx=
<LOC> %s(%d) </LOC>
tid="0x%x"
pid="0x%x"
tagname="%s"
tagid="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
logname="%s"
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
SHELL32.dll
PROPSYS.dll
ntdll.dll
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
_amsg_exit
MsgWaitForMultipleObjects
SearchProtocolHost.pdb
2 2(20282|2
4%5S5
Software\Microsoft\Windows Search
https
kernel32.dll
msTracer.dll
msfte.dll
lX-X-X-XX-XXXXXX
SOFTWARE\Microsoft\Windows Search
tquery.dll
%s\%s
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Windows Search Service
<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>
advapi32.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
winhttp.dll
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
<MSG>
<LOC> %S(%d) </LOC>
tagname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
Microsoft Windows Search Protocol Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchProtocolHost.exe
Windows
7.00.7601.17610

ByteFenceService.exe_2204_rwx_00840000_00003000:


.JiX3

SearchFilterHost.exe_4056:


.text
`.data
.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
KERNEL32.dll
msvcrt.dll
USER32.dll
ole32.dll
OLEAUT32.dll
TQUERY.DLL
IMM32.dll
MSSHooks.dll
mscoree.dll
SHLWAPI.dll
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
RegDeleteKeyW
RegDeleteKeyExW
8%uiP
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
_amsg_exit
SearchFilterHost.pdb
version="5.1.0.0"
name="Microsoft.Windows.Search.MSSFH"
<requestedExecutionLevel
3 3(30383|3
kernel32.dll
Software\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Windows Search Service
tquery.dll
advapi32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
<MSG>
<ERR> 0xx=
<LOC> %S(%d) </LOC>
tid="0x%x"
pid="0x%x"
tagname="%S"
tagid="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
logname="%S"
</MSG></TRC>
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s
winhttp.dll
Microsoft Windows Search Filter Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchFilterHost.exe
Windows
7.00.7601.17610

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   rsLggr.exe:3564
   bytefence-installer-3.18.0.0.exe:2404
   ByteFenceService.exe:2480
   

2. Delete the original Installer file.
   
3. Delete or disinfect the following files created/modified by the Installer:
   

   %Program Files%\ByteFence\Logs\000002.dbtmp (4 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab126D.tmp (54 bytes)
   %Program Files%\ByteFence\Logs\MANIFEST-000002 (4 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF6EE.tmp (53 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar126E.tmp (2712 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF700.tmp (2712 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (54 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (1760 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF6FF.tmp (53 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF6EF.tmp (2712 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416 (348 bytes)
   %Program Files%\ByteFence\Logs\000001.dbtmp (4 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416 (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4EA555947766F67C3BB52DEDFD509C5 (312 bytes)
   %Program Files%\ByteFence\rsEngine.dll (291 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5 (1302 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_3FD623D81F01CC7158ABFAD4F5E4B368 (471 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_3FD623D81F01CC7158ABFAD4F5E4B368 (756 bytes)
   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware\ByteFence Anti-Malware.lnk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_D972FCCAD85272E817C08B889541B920 (1480 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4EA555947766F67C3BB52DEDFD509C5 (15 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ECF3006D44DA211141391220EE5049F4 (52 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_D972FCCAD85272E817C08B889541B920 (1 bytes)
   C:\Users\"%CurrentUserName%"\Desktop\ByteFence Anti-Malware.lnk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0E506CEBBC8B162CFB2D72DB4891DCAE (364 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5 (471 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB (432 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab7225.tmp (53 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0E506CEBBC8B162CFB2D72DB4891DCAE (15 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE (398 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar7226.tmp (2712 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB (712 bytes)
   C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4 (412 bytes)
   %Program Files%\ByteFence\ByteFenceService.exe.config (383 bytes)
   %Program Files%\ByteFence\rsEngineHelper.exe (6573 bytes)
   %Program Files%\ByteFence\ByteFenceScan.exe.config (147 bytes)
   %Program Files%\ByteFence\rsEngineHelper.exe.config (383 bytes)
   %Program Files%\ByteFence\websocket-sharp.dll (10676 bytes)
   %Program Files%\ByteFence\Signatures.dat (22262 bytes)
   %Program Files%\ByteFence\RsMessages.dll (8157 bytes)
   %Program Files%\ByteFence\rsLggr.dll (3498 bytes)
   %Program Files%\ByteFence\x86\lz4_x86.dll (3629 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\nsExec.dll (14 bytes)
   %Program Files%\ByteFence\ByteFence.exe.config (147 bytes)
   %Program Files%\ByteFence\EULA.txt (28 bytes)
   %Program Files%\ByteFence\ByteFenceGUI.dll (18782 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns19FB.tmp (14 bytes)
   %Program Files%\ByteFence\WhiteList.dat (11709 bytes)
   %Program Files%\ByteFence\Uninstall.exe (1867 bytes)
   %Program Files%\ByteFence\x64\System.Data.SQLite.dll (30244 bytes)
   %Program Files%\ByteFence\x86\System.Data.SQLite.dll (22599 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns1BC1.tmp (14 bytes)
   %Program Files%\ByteFence\x64\lz4_x64.dll (5223 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\nsisdl.dll (30 bytes)
   %Program Files%\ByteFence\Microsoft.Win32.TaskScheduler.dll (5936 bytes)
   %Program Files%\ByteFence\rsUtils.dll (8332 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns1AD6.tmp (14 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns1835.tmp (14 bytes)
   %Program Files%\ByteFence\rsMessages-license.txt (13 bytes)
   %Program Files%\ByteFence\rsLggr.exe (9075 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd15E4.tmp\ns1C9D.tmp (14 bytes)
   %Program Files%\ByteFence\protobuf-net.dll (6755 bytes)
   %Program Files%\ByteFence\ByteFenceService.InstallState (196 bytes)
   C:\Windows\System32\config\SYSTEM (3195 bytes)
   %Program Files%\ByteFence\InstallUtil.InstallLog (640 bytes)
   %Program Files%\ByteFence\ByteFenceService.InstallLog (675 bytes)
   C:\Windows\System32\config\SYSTEM.LOG1 (4459 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\browse.css (337 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Progress.png (104 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\locale\ES.locale (4 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\in0AFF35B9\3892337C_stp.dat.tmp (689450 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Quick_Specs_m.png (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\images\button-bg.png (131 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\progress-bar.css (506 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\in0AFF35B9\631DC650_stp.dat.tmp (70472 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0082B8A6.log (8 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Icon_Generic.png (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\bg1.png (14 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Grey_Button.png (187 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Close.png (468 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Color_Button_Hover.png (185 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Pause_Button.png (577 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\sponsored.png (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\main.css (9 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\bg_m.png (14 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\D920752866331.dat (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Color_Button.png (186 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\ProgressBar.png (812 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0082B684.log (8 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Resume_Button.png (718 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\images\progress-bg2.png (978 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\Lolosobeken[1].jpg (3794 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Close_Hover.png (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\csshover3.htc (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\images\progress-bg.png (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\in0AFF35B9\631DC650_stp.dat.part (1686 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Loader.gif (10 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Quick_Specs_s.png (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\00830ED1.log (8 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\in0AFF35B9\631DC650_stp\bytefence-installer-3.18.0.0.exe (1746 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\Rampage - Through Time[1].jpg (1264 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\ie6_main.css (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\D920752866332.dat (82061 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\bootstrap_50524.html (156 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\checkbox.css (190 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Quick_Specs.png (221 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0082B897.log (8 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\css\sdk-ui\button.css (417 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\locale\PT.locale (4 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\bg2.png (14 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\in0AFF35B9\3892337C_stp.dat.part (5146 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\locale\EN.locale (4 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH856640446437\images\Grey_Button_Hover.png (187 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.