MD5: d8867a7092fe04c336f6d2e3d58e7999
SHA1: a99250674731f2aff4da7e9770f790c2f0c608b2
SHA256: 63f8e3cc992fbe06862402e3a929ae756fbb821731b7d6b4f4e4b85569cc8901
SSDeep: 12288:fHyMJfs8dPOrwVJfGGhp8QTxFmyJd5jiOVBv23G2a4aezG:vyMJfskWruJfFp9ay75zO3G2a4bC
Size: 607368 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: Setuprocess
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXP SP3 32-bit

Summary:

Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.

Payload

No specific payload has been found.

Process activity

The Adware creates the following process(es):

%original file name%.exe:3872

The Adware injects its code into the following process(es):

%original file name%.exe:3220

Mutexes

The following mutexes were created/opened:

__DDrawCheckExclMode__
__DDrawExclMode__
DDrawWindowListMutex
DDrawDriverObjectListMutex
RasPbFile
WininetProxyRegistryMutex
WininetConnectionMutex
WininetStartupMutex
c:!documents and settings!adm!local settings!history!history.ie5!
c:!documents and settings!adm!cookies!
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
_!MSFTHISTORY!_
c:!documents and settings!adm!ietldcache!
!PrivacIE!SharedMemory!Mutex
ZonesLockedCacheCounterMutex
ZonesCacheCounterMutex
ZoneAttributeCacheCounterMutex
!IETld!Mutex
ZonesCounterMutex
ShimCacheMutex
CTF.TimListCache.FMPDefaultS-1-5-21-796845957-1563985344-1801674531-1003MUTEX.DefaultS-1-5-21-796845957-1563985344-1801674531-1003
CTF.TMD.MutexDefaultS-1-5-21-796845957-1563985344-1801674531-1003
CTF.Layouts.MutexDefaultS-1-5-21-796845957-1563985344-1801674531-1003
CTF.Asm.MutexDefaultS-1-5-21-796845957-1563985344-1801674531-1003
CTF.Compart.MutexDefaultS-1-5-21-796845957-1563985344-1801674531-1003
CTF.LBES.MutexDefaultS-1-5-21-796845957-1563985344-1801674531-1003

File activity

The process %original file name%.exe:3872 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\ProgressBar.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\main.css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Progress.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\BG.png (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Quick_Specs.png (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0017ED7D.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Close_Hover.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\csshover3.htc (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\images\progress-bg.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\progress-bar.css (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\checkbox.css (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\button.css (417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Color_Button_Hover.png (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\ie6_main.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\browse.css (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Close.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Loader.gif (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\form.bmp.Mask (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Grey_Button.png (698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Grey_Button_Hover.png (719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\locale\EN.locale (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Color_Button.png (808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Resume_Button.png (681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\upper_bar.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Pause_Button.png (493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\images\button-bg.png (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Icon_Generic.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\images\progress-bg2.png (978 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\sdk\exceptlist.txt (34 bytes)

The Adware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\0017ED7D.log (0 bytes)

The process %original file name%.exe:3220 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\Lilisipipe[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1575460_Setup.CIS (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\icc.dll (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Icon_Generic.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\Cacototasa[1].jpg (1595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\images\progress-bg.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\3F9KLW6F\bg2[1].jpg (4952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Pause_Button.png (493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001812A8.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\3F9KLW6F\No_Button[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Close_Hover.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\364991281.cfg (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\upper_bar.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\csshover3.htc (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00180877.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\3F9KLW6F\Yes_Button_Hover[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\browse.css (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1575627.flat (3921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00181855.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\sqlite3.dll (3716 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\checkbox.css (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Resume_Button.png (681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\button.css (417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\bg2[1].png (32820 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\progress-bar.css (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Color_Button.png (808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\Nafidiri[1].png (4 bytes)
%Documents and Settings%\%current user%\Desktop\Continue Weather Channel Installation.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\3F9KLW6F\LOGO[1].png (1675 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\No_Button_Hover[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001812C7.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\Seniser[1].png (6128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1141050697.cfg (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\Sesakesaye_bisli[1].png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\Yes_Button[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0017D447.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Close.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\IE_logo[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1575459_Setup.EXE (14939 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001812D7.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\3F9KLW6F\Gegogego[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\sdk\exceptlist.txt (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\locale\EN.locale (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\20378062.cfg (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1575620.flat (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\form.bmp.Mask (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\bg1[1].jpg (26416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Color_Button_Hover.png (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\Ropopi_Title[1].png (1842 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\RAM.dll (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00181299.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\images\progress-bg2.png (978 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\FF_logo[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\icc_051186061212\icc_23991.dat (146 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\declineBG[1].png (461 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00180A0D.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\ProgressBar.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1575556_Setup.CIS (3638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\BG_bisli[1].png (2334 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Loader.gif (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Progress.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\3F9KLW6F\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1818600081.cfg (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\main.css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\bg1[1].png (27000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\BG.png (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00181BEF.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001818C3.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\images\button-bg.png (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\logo-lightbg-small[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ICReinstall_%original file name%.exe (3680 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Quick_Specs.png (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\ie6_main.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\Gegogego_Bisli[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Grey_Button_Hover.png (719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00183A74.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\CH_logo[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\bootstrap_42879.html (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Grey_Button.png (698 bytes)

The Adware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\00180A0D.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001812D7.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1575620.flat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00181BEF.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001812C7.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1575627.flat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00183A74.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00181299.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001818C3.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001812A8.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00180877.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0017D447.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00181855.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\bootstrap_42879.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\icc_051186061212\icc_23991.dat (0 bytes)

Registry activity

The process %original file name%.exe:3872 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4B C9 5A 5A F3 1D C3 EC CD 2F 3D 5F 4B BA C5 CB"

The process %original file name%.exe:3220 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdd9f6f3-7454-11e2-b4cd-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdd9f6f2-7454-11e2-b4cd-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "708992537"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 88 AB 76 D3 AA F6 21 95 59 75 B8 FC 3B 89 6D"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{773a730e-74fb-11e2-b597-000c293bdf2f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdd9f6f5-7454-11e2-b4cd-806d6172696f}]
"BaseClass" = "Drive"

The Adware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Adware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Adware modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Adware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 1212
0d3cbc00b8256b1e27e5136df9524231
b49b3eee6a3564f4178c18889d11bd0a
882286fcc86f77f1959e5f6dc8c702f8
ab9371a8e2dd99f7ab32be267cfe2d37
3609a0d6fe4eae9f5b7861a3b0628432
b6c6868a369f9ced468fca0b32a4188c
380c8aadda43b8e72c155d9aea92c32a
273aef6d4b47564ae823d972adf67d6e
63581d8db156b2864ba24ff6362e469a
c1d4b73cbc7d9891629a2c647736e9df
8c82e46256616f60f3dc9a8277ea5920
ca8bb461e79ebe8a5d3693b4d70f4596
d1497d1d3352c4ab5ba4a7feac8a156d
71b25b121fca18e2e35c9365aecc1451
9624aca227c9f23321f71562a6634524
bdffd9823226983c56b559f9fa3b204e
6504a4b46368fb6ed09a59dd48c11d02
578ee9f6a9ba91037d7208d003223057
75ec4b21689c10cb59db4a694811e670
8899ed4cf6a5fac944309b6f28b7e5c7
ca8ca8e431cc8d5927278bfe73e49938
04827abc342db164dcef49bfdee4b111
ccad9d9fed0b51bc72d015f868224c4e
fa16c9064ea9f27b35c807f24bb2e4d1
a2e0b960457b73c840812a0c6042e80e
cd3662e1a2e27acfb927ac7ec8fc1643

URLs

URL	IP
hxxp://os-slv-1323817372.us-west-2.elb.amazonaws.com/Downloadster/?v=3.0&c=1936796661
hxxp://d2wpxf9c2sey3m.cloudfront.net/images/logos/downloadinfo/logo-lightbg-small.png
hxxp://a908.g.akamai.net/web/dw7/install/stub/weathersp3_StubInstaller.exe
hxxp://d2wpxf9c2sey3m.cloudfront.net/logos/32x32/weatherchannel.png
hxxp://img.downloadster2cdn.com/img/Global/Yes_Button.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Global/declineBG.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Global/Yes_Button_Hover.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Global/No_Button.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Global/No_Button_Hover.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Ruteropu/BG_bisli.png	146.185.27.45
hxxp://img.downloadster2cdn.com/ofr/RAM.cis	146.185.27.45
hxxp://img.downloadster2cdn.com/ofr/isicicc.cis	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Ropopi/Ropopi_Title.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Nafidiri/Nafidiri.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/IE_logo.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/CH_logo.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/FF_logo.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Cacototasa/Cacototasa.jpg	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Mapayuy/LOGO.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Seniser/Seniser.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Malaromoro/bg1.jpg	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Malaromoro/bg2.jpg	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Gegogego/Gegogego.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Gegogego/Gegogego_Bisli.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Rilides/bg1.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Lilisipipe/Lilisipipe.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Sesakesaye/Sesakesaye_bisli.png	146.185.27.45
hxxp://img.downloadster2cdn.com/img/Rilides/bg2.png	146.185.27.45
hxxp://cdnus.downloadster2cdn.com/ofr/isicicc.cis	74.81.69.244
hxxp://download.weather.com/web/dw7/install/stub/weathersp3_StubInstaller.exe	69.22.181.18
hxxp://cdneu.downloadster2cdn.com/ofr/RAM.cis	146.185.27.53
hxxp://cdneu.downloadster2cdn.com/ofr/isicicc.cis	146.185.27.53
hxxp://cdn.secureinstaller.com/logos/32x32/weatherchannel.png	54.230.39.61
hxxp://os.downloadster2cdn.com/Downloadster/?v=3.0&c=1936796661	54.203.246.77
hxxp://media.downloadinfo.co/images/logos/downloadinfo/logo-lightbg-small.png	204.246.169.204
hxxp://cdnus.downloadster2cdn.com/ofr/RAM.cis	74.81.69.244

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /ofr/isicicc.cis HTTP/1.1

Range: bytes=102400-204799

Accept: */*

Host: cdneu.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:40 GMT

Content-Type: application/octet-stream

Content-Length: 102400

Connection: keep-alive

x-amz-id-2: R1QeDwClNxU1Ory9cCQ8PsmrkE1p0BhFtso0aWvrB7ZBR8thPfxxovvAVE2HvPuq

x-amz-request-id: 97AA3AF4D1B44CA2

x-amz-meta-cb-modifiedtime: Wed, 07 May 2014 15:52:44 GMT

Last-Modified: Tue, 17 Jun 2014 14:03:24 GMT

x-amz-version-id: XM1TisLxZ0IO1Jbv1DhZMnb775Hj1tT8

ETag: "a0fe664dcc1b1269ca09eeee5bf2e41c"

Content-Range: bytes 102400-204799/372327
....un...r.......5.(...b....A.[..N&.#.....L...&..Z.A5....e....-..T,..C
.u.kql...|nN...T....v..).......4T..!.........M.i*{.....w...3.Oc.A.....
?C...........W.w....;........Y....-...........?.@`2,"..@?......[.....&
...eb7...I.$.%U1...M..-..$.g.y/........i.y.Kf7N...Q.b../..@........_..
/0.9V'.7..^)......y..6...M....EE.rT..F.5..]......X.e`..d....K.....n.;.
D....1.......x6)....*n.k..].Bp..a5..Z.W.....P..... .P...Y.$..NC?....n:
...D...Wn/.............K!...3?W.|7k..>.......n.o....>....p......
]..U..i..k.....g.....}..U......HO.i......3Sc*.m..*...M..Ij].....T.K..~
.......|.w/sZa.R..\.).'..Zi?%.r.[.5....2.T...?tcN@ .8 *L.O.i,.....r...
.m...n.F.o)Q.`z.=..Vm..t..O.k}..R.E.54.b...k.'3........].. \r......A.1
[email protected]>w..3... .. .;.]..M..7$.y..5<.&B.Y.T-MJ....F..Z.7U
....;iD*sJMI.M..k.I)n.A'wr.O..t.V... .&....b.g.~.. fq....MrP.h..;...Sq
Y.R6.6f.^HuX..i=. }..6 ...`....".........w.707.......m..LVf......{_.uv
S.........LL.Vt..e$..9.....8..._..74f......<5g...J.........R.H..Qn.
9c..Yq........U.)...<..........]........H\wL?y.....1......f..^.....
7.*.$N{...r.r.x.....f.J.6t.o.!...'.5.v..K,._v..[..8...5...4fQ..p...iEp
.{..5kie_#........u.0.GD......./...q..7O...../3...>...^Q.-t.N..b. .
u.Y..x.o..L.>...5c.`.y../....7r..=...pS..K`....}....c.....aL&wwI. .
.....(\[..1<........q..d....}.c./.`/.V)..}.$..=/i....[o...B=...4c. 
...AC...E.[.D....O_..>..)7.g.....=....=.:...n...hD....o.....q..u...
F-........oVs(.../.p.7...>~.....~5....a....:y...3pH...i....o....n.i
..jO..<29..z.......a.......4O5..)..6..3..f4.8..4Z..U...{....PAl
<<< skipped >>>

GET /ofr/RAM.cis HTTP/1.1

Range: bytes=0-102399

Accept: */*

Host: cdnus.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.4.5

Date: Tue, 19 Aug 2014 05:33:48 GMT

Content-Type: application/octet-stream

Content-Length: 68754

Connection: keep-alive

x-amz-id-2: Mz1OETJE0IS6YRp9WluNN8pdGURcsxK9k0EUb/whLC4j0NDuPgxJFVDLYwSUMGTT

x-amz-request-id: FB677211519D0BC8

x-amz-meta-cb-modifiedtime: Tue, 25 Feb 2014 09:01:03 GMT

Last-Modified: Tue, 25 Feb 2014 09:33:04 GMT

x-amz-version-id: 0J7Ku3fOApQ0maOx9q3GISpaX.5t75it

ETag: "85a9022d4d17cf300c437ae38df1e2b6"

Content-Range: bytes 0-68753/68754
CIS................;...............P.......E.v P.. .v.f*...]....HO..HO
...#a .O..>.ucs..#1.y.e0..M8h..'.../.H...[&....-l......0dnz.H.u...f
.8e..@|..R...~....6..Ey.&..K... U.[.F.s{.b..w..@...[b.........Wo.,....
....].[hc>.`.>$((V..=[.y.)..R....@....*.P.B....].a....J.....g...
G.`Y..`.......\...a.....A...=.'[email protected]=H.N.K.Pp.. .)...].Z.iJ......
h1qV......../.|...x......O.N...{.........*....6....IC... -...1R.#OW..O
] .h.L05%3...VP.M.eX.......U.n.u...V...3c- .........].y'...d)9.7..N.D 
/.B.6)]..I....C..ci..E"..KV..._.x....i2....E..\`.......*$...t.\ .:.h..
...}G..a..5...?.sP.U&W>.S..t\[.,..E=.$.i[bO2..5.9....b.N.sm.....yk.
{..*g|..^..:3.......7.o..:Ks...oP..*....e..e.{C.t.. .'..|O..J..`..../.
1.....s..rq..).....1&}.{[email protected].....=.\.......S6...............
...EC.......$3.......y...7.U."..75.m..e...KU.....Q...Q.L..LY.oH..i..h.
.s.*....N..[J. [email protected]:..P.N...........cC...K...[.!.j.../y.AAQ
.....W.t.....}>Q.`.Y..O...xX.N.s.q.T)..m..4..]....B.!,S..W.f.r*h.e%
h.W<.....3...V..k.q...i..z....=J3.......^.fq*.[.._>...s...}1s.h.
.E-...N.3s.~.. .,.^..'!.E.w..'}.JTPH..A..L.,P....W.....mW..D........zH
.=.."...SoC..-...... Y-.>4#.....F.......% .Q-..p.c.X.:......p.:bi;.
C5.s..2R92..H.|.V.....q..U.{(......!......l.^..Vz.L....x...{..........
...n:...3i.M8.d8..A.......O..U...j.y..I.7z71^g.u....a.0Y...G.S..g.....
Lzb_..$a.&.pV.........=w.E.`..E.Y....L..2.1.Yl>;..%W...G6..........
}..Bl.z'.kQ.Do.......Zf.i].cI]......G."z....%.........a..X .......'v|:
[email protected]..:t..g\.Q... .c*...[...x...<>8c.<
<<< skipped >>>

GET /ofr/isicicc.cis HTTP/1.1

Range: bytes=204800-307199

Accept: */*

Host: cdnus.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.4.5

Date: Tue, 19 Aug 2014 05:33:49 GMT

Content-Type: application/octet-stream

Content-Length: 102400

Connection: keep-alive

x-amz-id-2: R4ts/eydOl UlRxepYWFpSkW7 yDm/AyVVYC50qTWgdNBAhFWGDHocgxfSl3fCw3

x-amz-request-id: 86D1072E4AA43715

x-amz-meta-cb-modifiedtime: Wed, 07 May 2014 15:52:44 GMT

Last-Modified: Tue, 17 Jun 2014 14:03:24 GMT

x-amz-version-id: XM1TisLxZ0IO1Jbv1DhZMnb775Hj1tT8

ETag: "a0fe664dcc1b1269ca09eeee5bf2e41c"

Content-Range: bytes 204800-307199/372327
[email protected].....*.....@.....;...y/p./.%.X...8p..
u(.s...h.?. [email protected].\.08..Ql....N...P'./.m...u. ..`M\.....*Nm=n.xr
s.]....)..q..N.ZHo.~....JMR.L...w............<....u.=.:b.l&..a.....
..Xo=......'.6..z..~.o..I..P.Q.....8....>......._...J.....AD....>
;.'.....ES.....&l..M}.....e._....v.4...z.m.7..Q9.@u%.sM..........O<
X...W#W..T}#.x.."..[.....B....z.Y|k...Kx.....m/..^e.b.U'9`............
.%..".....y.....)........P.WW..D .[?...W.R...Wh...^^[[email protected][*.........
m.A... .......L..?uU^[email protected].*..PTK...,.k.......MbGTu o5%...y ...f..M
...w.%....D..`.u.eu..o......A%.VI.n ..!6.U...9..7c.:.x7.i.....\.....p.
 l.T...A..mdXu...=..2.o....L....,m....q57..T.....F...e%.....X.7.5.Y...
.P]....!...WPNy.....2.pb.-RA..b..#[email protected].!L.../$...u....._...*....Q..cG
...H[>.t.r....-D....7n.cd..'(...`Ta.....Rw. 0wlr1Y'[email protected]@Gk.nk(.
...[/apt....#&U..t..".......FxT.e%r.P.............N...V.&k.M.Wzq.P1..2
w.5B...zbg......WG|U_N.....Y.gZ2..U.....1...n.d.Pv......h...q.....)..O
1}JL.W.$..&...)..#...pi6..z.....-(*....V>........V..G9.....5..j...N
[email protected]..,.H....-k....;..U..).q.....?....QJ5]@g.G.]Ol .
.ZIv.U..N6..J#4Y.....m......._.N.....:.../4U.y..x......."l..B..cC...S&
..Dk......................&.}.q.`...v..b.....k.YN........T.qb.J^./.0K.
.....#&.jsR.C&..`..\.jA......T....P...4...(......d|.`.D....^..DT.d'J1.
....w..K%....5...t,..B..K..]...p..K..'..Q..m.y...u...U..F..H../.....z.
......n.r.h...O....F.......:7....9==.r..R........)...V...t......I.p.&g
t;.........Y...7>".=.............QY...\.4...0.....IA.p7D..x,...
<<< skipped >>>

GET /ofr/isicicc.cis HTTP/1.1

Range: bytes=307200-372326

Accept: */*

Host: cdnus.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.4.5

Date: Tue, 19 Aug 2014 05:33:49 GMT

Content-Type: application/octet-stream

Content-Length: 65127

Connection: keep-alive

x-amz-id-2: R4ts/eydOl UlRxepYWFpSkW7 yDm/AyVVYC50qTWgdNBAhFWGDHocgxfSl3fCw3

x-amz-request-id: 86D1072E4AA43715

x-amz-meta-cb-modifiedtime: Wed, 07 May 2014 15:52:44 GMT

Last-Modified: Tue, 17 Jun 2014 14:03:24 GMT

x-amz-version-id: XM1TisLxZ0IO1Jbv1DhZMnb775Hj1tT8

ETag: "a0fe664dcc1b1269ca09eeee5bf2e41c"

Content-Range: bytes 307200-372326/372327
....o.c.....v..;..e.$o.I.\.$U.....NQ.....4......}7.X...c.v.l.#E....s..
Je.. 3K...b..EW!.I...{......:oTd..7......E.P;..^..".'..........J.q..].
o..U?.Ur....8.'.'R.T'<c..B!,....Jw\%;7....  ..x..>K..8.T.....8..
..r2..N.1Ncu([email protected]......`/...o..u..d...c..O..L..&..........JL@e....:
[email protected] w.......Wz..ymp..7...cS...'`n...G..D...Kh....$.....F.......m..
HF.}v....;.>.hI....a....f.]t....]...$..N......rc.Uq.7.Y.....J..u'h.
'..........Z.....\<01 RK..>.a...2{...(.a...N.o....g......9Y...;.
h......1....y,...#.i}3...{g.hdq.1...*.W_dh...SN....J./.k....{.s....pZ2
........x..C} ..DpuH....M.:....E..71....S..M.......33.d...mrV....THVo.
..../.7.............Q.../.{..&.Sl...q..JI...^l .._7...A.cJ.F...>..2
e....%..j......Z;u..[...-.c..E...).....]...Ci.8....kW.0..........R..mz
...39I.m_. .N.[.O..q.dm..?b....7.....$N|O..B.o...p.!...}..x.9..l[%....
3...,..%X.d.......f6oF.M'.?.......<...(..y.;.}...6.O..h...b K......
....`yA. w......^...g......;}...0.tx)...."[email protected]...%o~...3........B..Y
).3.K.....4.n..J..F..?.F.Va.G.......fS..>E<9.9R....]...e.)E["...
M.-AE.p.]..M.r.{MK/.e..-....I......&^...G.F..L..&.CQ.fv..)?...........
.D ...(X.<.i..L...`......dG...H.....B.......S0....}K.>..]......d
.....T....1N.U.L.o...J5.! .Os.. ,..2..0......I,|...'.....TK..B..V..f.B
.&...M.....^.B.=Jb......k..\&c.....B...-.NF.H...}...#...k..Pu...n.....
@.....:...2......z ...Y.=.D..z..zY..}. L.y..|..%.,...p....{K......'...
.......w.0L.....S$6.nyq..r 9.......AA7..(..l.43(.....$.P.l..kgV.i...L.
\=9.......a...u ..kYo.8x..NfS.E.V...(K;C;.{.L........L......?X..t{
<<< skipped >>>

GET /ofr/isicicc.cis HTTP/1.1

Range: bytes=307200-372326

Accept: */*

Host: cdnus.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.4.5

Date: Tue, 19 Aug 2014 05:33:49 GMT

Content-Type: application/octet-stream

Content-Length: 65127

Connection: keep-alive

x-amz-id-2: R4ts/eydOl UlRxepYWFpSkW7 yDm/AyVVYC50qTWgdNBAhFWGDHocgxfSl3fCw3

x-amz-request-id: 86D1072E4AA43715

x-amz-meta-cb-modifiedtime: Wed, 07 May 2014 15:52:44 GMT

Last-Modified: Tue, 17 Jun 2014 14:03:24 GMT

x-amz-version-id: XM1TisLxZ0IO1Jbv1DhZMnb775Hj1tT8

ETag: "a0fe664dcc1b1269ca09eeee5bf2e41c"

Content-Range: bytes 307200-372326/372327
....o.c.....v..;..e.$o.I.\.$U.....NQ.....4......}7.X...c.v.l.#E....s..
Je.. 3K...b..EW!.I...{......:oTd..7......E.P;..^..".'..........J.q..].
o..U?.Ur....8.'.'R.T'<c..B!,....Jw\%;7....  ..x..>K..8.T.....8..
..r2..N.1Ncu([email protected]......`/...o..u..d...c..O..L..&..........JL@e....:
[email protected] w.......Wz..ymp..7...cS...'`n...G..D...Kh....$.....F.......m..
HF.}v....;.>.hI....a....f.]t....]...$..N......rc.Uq.7.Y.....J..u'h.
'..........Z.....\<01 RK..>.a...2{...(.a...N.o....g......9Y...;.
h......1....y,...#.i}3...{g.hdq.1...*.W_dh...SN....J./.k....{.s....pZ2
........x..C} ..DpuH....M.:....E..71....S..M.......33.d...mrV....THVo.
..../.7.............Q.../.{..&.Sl...q..JI...^l .._7...A.cJ.F...>..2
e....%..j......Z;u..[...-.c..E...).....]...Ci.8....kW.0..........R..mz
...39I.m_. .N.[.O..q.dm..?b....7.....$N|O..B.o...p.!...}..x.9..l[%....
3...,..%X.d.......f6oF.M'.?.......<...(..y.;.}...6.O..h...b K......
....`yA. w......^...g......;}...0.tx)...."[email protected]...%o~...3........B..Y
).3.K.....4.n..J..F..?.F.Va.G.......fS..>E<9.9R....]...e.)E["...
M.-AE.p.]..M.r.{MK/.e..-....I......&^...G.F..L..&.CQ.fv..)?...........
.D ...(X.<.i..L...`......dG...H.....B.......S0....}K.>..]......d
.....T....1N.U.L.o...J5.! .Os.. ,..2..0......I,|...'.....TK..B..V..f.B
.&...M.....^.B.=Jb......k..\&c.....B...-.NF.H...}...#...k..Pu...n.....
@.....:...2......z ...Y.=.D..z..zY..}. L.y..|..%.,...p....{K......'...
.......w.0L.....S$6.nyq..r 9.......AA7..(..l.43(.....$.P.l..kgV.i...L.
\=9.......a...u ..kYo.8x..NfS.E.V...(K;C;.{.L........L......?X..t{
<<< skipped >>>

GET /web/dw7/install/stub/weathersp3_StubInstaller.exe HTTP/1.1

Range: bytes=102400-409599

Accept: */*

Host: download.weather.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: Apache

SVRNAME: web1x03

Last-Modified: Tue, 17 Apr 2012 11:47:45 GMT

Accept-Ranges: bytes

X-UA-Compatible: IE=edge

Content-Type: application/octet-stream

Cache-Control: max-age=86400

Expires: Wed, 20 Aug 2014 05:32:37 GMT

Date: Tue, 19 Aug 2014 05:32:37 GMT

Content-Range: bytes 102400-409599/2378424

Content-Length: 307200

Connection: keep-alive
.)M..M..E.3..(.........U........W.3..E..E.S.].VW...v .E....7S.3...u]9}
.uX;.uTj..v .?.E.PS.}..}..}..}....7S..E.P...;....E..E.j.WWP.E..E.PWS..
(8S.j.S..,8S...;.u...S.u..u..u..v ..`7S.9~ht.9}.u..u..vh.u......P\.M._
^3.[.^.........U..f.}[email protected]..@[email protected].]...j....R.....
..u..v..M.......e...N..n....M...M...........B......j....R..[....u..v..
M..K....e...N.......M...M....i.............j....R.......u..v..M.......
u..e...u..N.......M...M....%.............j....R.......u..v..M.......u(
.e...u$.u .u..u..u..u..u.V.N....M...M...........l....$.j....R.......u.
.v..M..u....u..F..e...N........M...M...........'[email protected]..
v..M..0....u..F..e...N........M...M....G.............j....R.......]..s
..M.......u..C..e........u.....K.........M...M..................j....R
.......]..s..M.......u..C..e........u.....K.........M...M...........@.
.....j....R..Y....]..s..M..I....u..C..e........u.....K.........M...M..
..T.............j$...R..;......E.3..E..u..}.............M..N .......M.
.E...Q...}..}........E......E..M........E............A.....u...h....j0
...P...........A....U....d...W.3..E.S.].VW...}[email protected].;.t..[ .7....
@t..w ..t8S...j..w ..,8S...;.t.VVhk...S...8S.;.t....E.P.w .u..u..u..u.
[email protected].......;.t.j.S..h8S......t..... t.
3..E.(...;.u<.....;.t..p .E.Pj.V..T7S.P..X7S..5.7S..E.P.E.P...E.P.E
.P...\.E.PS...7S..E.Pj.S..T7S.P..X7S..E.P.E.P...7S..-.w ..t8S..5.7S...
.E.PW...E.PS..j..E.PWS..\7S..E..E..}..].. ... .... ..... ..E. E....E..
E..E.. ....E.. ..... .;}.~. ]..]...;M.}..M..E...;E.~..u. u..u.;u.}
<<< skipped >>>

GET /web/dw7/install/stub/weathersp3_StubInstaller.exe HTTP/1.1

Range: bytes=716800-1023999

Accept: */*

Host: download.weather.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: Apache

SVRNAME: web1x03

Last-Modified: Tue, 17 Apr 2012 11:47:45 GMT

Accept-Ranges: bytes

X-UA-Compatible: IE=edge

Content-Type: application/octet-stream

Cache-Control: max-age=86400

Expires: Wed, 20 Aug 2014 05:32:37 GMT

Date: Tue, 19 Aug 2014 05:32:37 GMT

Content-Range: bytes 716800-1023999/2378424

Content-Length: 307200

Connection: keep-alive
.V3.PPP..PV.......^.....j..d.R......h<....k[..Y...M.3..E.;.t.......
C......U..V...`....E..t.V.g[..Y..^].....U....4...W.3..E..E.S.].VWP...E
........3.;........E..E..E..E..E.P.E..p ...7S..E.P....-........`.....j
[email protected]....\...3..E..E..E..E.......`.....t..u..E..H. E.Q.u..
..P...E..H. E.Q.u....P.u..E.P...5S...j.V.........E.P....-....j..M.Qj.S
...G......P.j..u.........n....u...y..SP.......|o......................
[email protected]._^3.[..u........U.... ...W.3..E.S3.V.u.W.E..E..E..E..E...P.s
 ...7S..F..U. ..N. U..}. N. }.;.u.;.t~.. ... . ..E..M............]....
.tV.}.....X..M.t..u..;.....YP3.9E......Pj.V.W<.}..t..u..;.....YP3.9
E......Pj.V.W<.}..u..!..x.... .........t..H....V.....u..M._^3.[..t.
.......U....,...W.3..E..E.S3.VW...... ....E..]..]..]..]..;..;........H
....6.M..PX..t .M..E.P.;....u..E..u.P...7S...ug;.u..E.P.w .]..]..]..].
...7S.......`.....t..E.;E.|.......`.....u..E.;E.}..E....3..M._^3.[..s.
.......w...E.....U........W.3..E.VW.E...3.P.v .}..}..}..}....7S..E.P.v
 ..t8S.P.........*............=....t-=. [email protected].=....u..E.)E....E.)
E....E..E....E..E...Wj..M.Q....0...9}.t............M._3.^..r..........
......U........W.3..E..e...e...e...e..V......W.,....t<.x..6.E.P.w .
..7S..u..E..u.P...7S...u...u.3..M._3.^.tr.......Av........U........W.3
..E..E.SVW.E..E...3.P.s .u..u..u..u....7S..#...V......u.............u.
...S.u.....R4.M._3.^3.@[..q........V.q ..t8S.P.=.....hD.S.....;......t
...j.......^.h .S...:......uXht.S...:......u.h..S...:......t...j......
.^.h.'T...:......t...j.......^.h$.S...:......t...j.......^.hT>S
<<< skipped >>>

GET /web/dw7/install/stub/weathersp3_StubInstaller.exe HTTP/1.1

Range: bytes=1331200-1638399

Accept: */*

Host: download.weather.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: Apache

SVRNAME: web1x03

Last-Modified: Tue, 17 Apr 2012 11:47:45 GMT

Accept-Ranges: bytes

X-UA-Compatible: IE=edge

Content-Type: application/octet-stream

Cache-Control: max-age=86399

Expires: Wed, 20 Aug 2014 05:32:37 GMT

Date: Tue, 19 Aug 2014 05:32:38 GMT

Content-Range: bytes 1331200-1638399/2378424

Content-Length: 307200

Connection: keep-alive
..A...A...A...A...A...J...A...A...A..(I...A.}.A. .A...A.h.A...A...A...
I./.I.K.I.."I.R$I.."I.w.I...I..#I.:3C.|#I.K.I.K.I..$I.e.I...I.Y.A...I.
..A...A...A...A.D.A.f.A...A...A...@...@[email protected] [email protected]\G...
A...A.Y.A.q*D.XWF.g.B.g.B.o.D.XWF.Y\G.;.N...A...A..(I.;.N.J.D...I.k.I.
.!I.`'I.;.N.F.I.;.N.%.J..(I.;.N.;.N.t.I...E...I...D.;.N.;.N...D...D...
D...I.!.D...D..=F..!I.A.I...D...D.Y\G.;[email protected]\G.XWF.
.!I..!I...@..!I...J.X\[email protected][email protected]%I.m&I.S.I...I...I...
@.2dC.u.I.Y\G...I.0 L.;[email protected].>.K..
.J...J.F.J...J.. O...J...J...J.[.K.G.K...J.E.J.G.K...K.."I.pbT........
...................J.....................S.K.......................K.{
...............&.....J.......................J.......................J
.........................Afx:DockPane....CMFCToolBarSystemMenuButton..
[email protected] L...K...K...K.`*J.;.N..'J.rfJ.X\G...@.;.N.;.N
..(I.X\G.o.D.|.K.;.N.;.N.4.K.X\G.~]G.^.M..(I.>(J..&J..0J.0 L..QJ..1
J...@.]\G.v\G.k)J..)J..\G..\G..\G.#]G..(I.g.B..PJ.DQJ..8J..OJ.s1J..(I.
..J.".K.X.K..6G...K.;.N.;.N.;.N.;.N.;.N..&J.!)J.CMFCBaseTabCtrl.DdT...
...........MS...........V.L.A.@|[email protected] L..(I.;.N.;.N.`.A...A.
..A.h.A...A..tO.n.A.Y\G..(I..(I..(I.EsO...K...K..sO...K...K..uO.L.V..&
lt;B.n>K.yJK...V...K..IK.DNK.B.A./.A.0 L..(I.;.N.;.N.`.A..IK...A.h.
A...A.f.A.n.A.Y\G..(I..(I..(I.X\G...A...A...A...A...A.5.A...A...A...A.
.(I...A.}.A. .A...A.h.A...A...A.=.A.R.A.g.A...A...A...A...A. .A.E.A.j.
A...A...A...A...A...A. .A.Y.A...A...A...A...A...A.D.A.f.A...A...A.
<<< skipped >>>

GET /web/dw7/install/stub/weathersp3_StubInstaller.exe HTTP/1.1

Range: bytes=1945600-2252799

Accept: */*

Host: download.weather.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: Apache

SVRNAME: web1x03

Last-Modified: Tue, 17 Apr 2012 11:47:45 GMT

Accept-Ranges: bytes

X-UA-Compatible: IE=edge

Content-Type: application/octet-stream

Cache-Control: max-age=86399

Expires: Wed, 20 Aug 2014 05:32:37 GMT

Date: Tue, 19 Aug 2014 05:32:38 GMT

Content-Range: bytes 1945600-2252799/2378424

Content-Length: 307200

Connection: keep-alive
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
.............................V#..3..3..3..3..3...`.............sP.....
.....3..3..3..3..3..3..3..3..3..3..3..3..3..3..3..3..3..3..3..3..3..3.
[email protected].[(........
......................................................................
.......................................................)**............
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>

GET /ofr/RAM.cis HTTP/1.1

Range: bytes=102400-204799

Accept: */*

Host: cdneu.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 416 Requested Range Not Satisfiable

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:40 GMT

Content-Type: text/html

Content-Length: 615

Connection: keep-alive

x-amz-id-2: M4bJSGm98RanGhbBBT7WdY/fkR2m7DaODstvs5QxahznZ2b1j254vJNUJDjcwr3U

x-amz-request-id: DEC072FB7BBBAC6B

x-amz-meta-cb-modifiedtime: Tue, 25 Feb 2014 09:01:03 GMT

x-amz-version-id: 0J7Ku3fOApQ0maOx9q3GISpaX.5t75it

ETag: "85a9022d4d17cf300c437ae38df1e2b6"

Content-Range: bytes */68754
<html>..<head><title>416 Requested Range Not Satisfi
able</title></head>..<body bgcolor="white">..<cen
ter><h1>416 Requested Range Not Satisfiable</h1></ce
nter>..<hr><center>nginx/1.0.10</center>..</bo
dy>..</html>..<!-- a padding to disable MSIE and Chrome fr
iendly error page -->..<!-- a padding to disable MSIE and Chrome
 friendly error page -->..<!-- a padding to disable MSIE and Chr
ome friendly error page -->..<!-- a padding to disable MSIE and 
Chrome friendly error page -->..<!-- a padding to disable MSIE a
nd Chrome friendly error page -->..<!-- a padding to disable MSI
E and Chrome friendly error page -->....

GET /img/Global/Yes_Button.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:39 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: ZSk3KgBtBgnvMgxMPxJoefvJh5z6tBuuM3eX6q MhaJH0x13vwFKq8Kft yyMlPi

x-amz-request-id: 9AE93B6BB772A735

x-amz-meta-s3fox-filesize: 1091

x-amz-meta-s3fox-modifiedtime: 1380713503006

Last-Modified: Wed, 13 Nov 2013 16:12:48 GMT

x-amz-version-id: .ffwqW.8iCK2_zdeBNvgWdy.OnUDjeHF

ETag: "3f27a393967d84f83a317f40351c0065"

Content-Length: 1091

Accept-Ranges: bytes
.PNG........IHDR...T.........d.......tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:2D2B0E0924EA11E392EFCCF1
BDECC388" xmpMM:DocumentID="xmp.did:2D2B0E0A24EA11E392EFCCF1BDECC388"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2D2B0E0724EA11E392
EFCCF1BDECC388" stRef:documentID="xmp.did:2D2B0E0824EA11E392EFCCF1BDEC
C388"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>..&X....IDATx...1..0.E.......... .d.6\.&.ND
H.v....9.{....)...D$k...O...T.[Sl.I....K.....S3..fB...2?w.....2...../=
#.3.E(B...E(B...E( ...E(..Z..f..)U..l9.....7...........I..w...).u*..P#
G...?...%....\.l....IEND.B`.....
<<< skipped >>>

GET /img/Global/Yes_Button_Hover.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:39 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: PMHjLnudkVLClG145XdPVD9fX0DWdIhLkYKcq5pQ7M6BbN7MPE2HWMxjNCd/JSDu

x-amz-request-id: 28A09E79B85D4118

x-amz-meta-s3fox-filesize: 1094

x-amz-meta-s3fox-modifiedtime: 1380713503000

Last-Modified: Wed, 13 Nov 2013 16:12:44 GMT

x-amz-version-id: L9RQqPthtuNtMC55hxM9o_RZqWXqZtid

ETag: "aec475b9d6280598800f3ceafea4af8c"

Content-Length: 1094

Accept-Ranges: bytes
.PNG........IHDR...T.........d.......tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:30B2AE2724EA11E392EFCCF1
BDECC388" xmpMM:DocumentID="xmp.did:30B2AE2824EA11E392EFCCF1BDECC388"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:30B2AE2524EA11E392
EFCCF1BDECC388" stRef:documentID="xmp.did:30B2AE2624EA11E392EFCCF1BDEC
C388"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>. ,.....IDATx......0.E..D....@L.^L...!...2.
..........=.....vq?.H.l4[.v..d.S.l......x..W{=..k...L(..3.....k.s..3..
.K....B..P..B..P@(B...E(B..u.f4.3..)e..l9z.i.?o..7.7M.....%...y..$.:.t
A..K........S..^/......IEND.B`.....
<<< skipped >>>

GET /img/Global/No_Button_Hover.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:39 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: 46CHqGl3shvSSh6NligYuWczzcNamzgMpCjnjKSf8knU2v1BfhtZm3cVLB6m6cza

x-amz-request-id: EDA954A40248B425

x-amz-meta-s3fox-filesize: 1091

x-amz-meta-s3fox-modifiedtime: 1380713503004

Last-Modified: Wed, 13 Nov 2013 16:12:47 GMT

x-amz-version-id: wNmfJwpUmazhRatL.BZxBG0x.XZldhEV

ETag: "6d55a62314755c1454569b2b098a3a9f"

Content-Length: 1091

Accept-Ranges: bytes
.PNG........IHDR...T.........d.......tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:30B2AE2324EA11E392EFCCF1
BDECC388" xmpMM:DocumentID="xmp.did:30B2AE2424EA11E392EFCCF1BDECC388"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:30B2AE2124EA11E392
EFCCF1BDECC388" stRef:documentID="xmp.did:30B2AE2224EA11E392EFCCF1BDEC
C388"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>........IDATx...1..0.E........8A9?=..h'.NDH
.v..b $.{....)...D$j...O;.v...I6....../.s.....f....2.>.......1..?..
...... ...E( ....."...P."..PWhFC1...R.N...g......~.9h..~*.\.Q..3l'....
.B.\.W...`.............IEND.B`.....
<<< skipped >>>

GET /img/Ropopi/Ropopi_Title.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:40 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: Vj bn3M2t3kDs9/WYfXjz3yhuFhbCOFtFfwMwEXJ4cvKqBsEgbnbCAoKjJXlnaAA

x-amz-request-id: 1227805D3F179064

x-amz-meta-s3fox-filesize: 6116

x-amz-meta-s3fox-modifiedtime: 1387450415497

Last-Modified: Thu, 19 Dec 2013 10:53:55 GMT

x-amz-version-id: 3I.0T8r7FzB4TXAFhfckgLMsgXRICC.S

ETag: "ceb0a8abdb1e31bd3593877e0d862ea8"

Content-Length: 6116

Accept-Ranges: bytes
.PNG........IHDR.......&.......o.....sRGB.........gAMA......a.....PLTE
...r..u..m. p./s.3w.8w.6w.8x.6z.:}.Aw..x..{..~.!..<..>..C..H..C.
.K..E..K..F..K..Q..S..Z..R..X..M..S..[..]..b..b..m..#..#..%..)..,..*..
-.....0..0..2..8..4..8..9..<..:[email protected]
..M..T..Z..T..Z..Q..U..U..Y..F..K..N..Q..T..S..T..S..U..V..Y..\..Y..\.
.c..c..k..d..q..Y..]..Z..]..]..^..Z..]..[..]..f..k..a..e..a..e..`..f..
c..e..j..f..o..j..m..t..z..s..x..x..s..{..a..e..a..d..b..e..c..e..j..e
..h..g..j..m..j..m..n..l..r..q..u..q..u..p..r..u..y..p..r..t..t..y..~.
.v..}..x..{...........................................................
......................................................................
......................................................................
......................................................................
..........e....tRNS...................................................
......................................................................
......................................................................
.................................................................S..%.
...pHYs..........o.d....tEXtSoftware.Paint.NET v3.5.100.r....;IDAThC.Y
._....... I. .....d..~..4...&($Q.bl....R....E..J...D..V.u.\..[o7......
.b_..w.W...7WW...v.......4....O..~..=.9I.?.op%|...q.?_...WB...7.#^:~..
7>.6...4b.HO.. ..],&.k...8(N..x....2..Pl..1ac..^.f........C"?.....u
.w.......].1.jZ..`[email protected].. ..W........Xw .kB..E....U....;.
........C......w..\|~..}...)....i..?X>.~Y....o.#c...0.c0..G...@
<<< skipped >>>

GET /img/IE_logo.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:40 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: NxAquGDqQ/X4j 7qOQ5BOUIDaIX5GHvH8cLGooMfBPdAO3oyHGRNujr/q4xE fvq

x-amz-request-id: C0D1AD3D17666FF0

x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:46 GMT

Last-Modified: Thu, 21 Nov 2013 15:40:00 GMT

x-amz-version-id: ULP9X2D2g9vGJo_NefwroanEdNt0Bt7c

ETag: "0866b0f3be00fd96d58f7fba54d6700d"

Content-Length: 5406

Accept-Ranges: bytes
.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/Cacototasa/Cacototasa.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:40 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: dQDvFnScXJnDE5lcTB95r1/rLyW0x9XJDzWQmv7cyVY/OAnkmQOTkVibgv475yOM

x-amz-request-id: DC0420F7D9200D37

x-amz-meta-s3fox-filesize: 20818

x-amz-meta-s3fox-modifiedtime: 1393769092410

Last-Modified: Sun, 02 Mar 2014 15:29:39 GMT

x-amz-version-id: Y9Lpbg5.jDu5HkYImUiWYrgWTBsGqb_x

ETag: "dbef0f63d4b13c068ea56d23dab413f6"

Content-Length: 20818

Accept-Ranges: bytes
......Exif..II*.................Ducky.......C..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmp
MM:InstanceID="xmp.iid:93550345A21311E38A02B56ABED704CF" xmpMM:Documen
tID="xmp.did:93550346A21311E38A02B56ABED704CF"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:93550343A21311E38A02B56ABED704CF" stRef:d
ocumentID="xmp.did:93550344A21311E38A02B56ABED704CF"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
......................................................................
.............................................!1.AQ..aq".....2..u.BRr#.
%.b..3Cs.7....c.$4dt5e'.S..D6..T.E..........................!1AQq2.a..
."Rr3......B#..bS...C............?.......,...o......Akp4.P.....D....p6
....**.y...-*:..g/..{<..........W.... Z;N4y.....K....jw...&..e...2~
T.g..u~../-.......U..nva...H....9}..Q...._..r..xs....o....#....(....Zh
{V#.....,.. .JG.....hx..5N#.Z...a.....x.\..RF?..c.g......?.l.)lP..
<<< skipped >>>

GET /img/Seniser/Seniser.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:40 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: WlZUxevZfKjdFGmdPbJjefexS5jA3N5rR mkwUJ07hbid6jf/t8cTdvmhYayMiQu

x-amz-request-id: C3A1934674509177

x-amz-meta-s3fox-filesize: 50085

x-amz-meta-s3fox-modifiedtime: 1390986529596

Last-Modified: Wed, 29 Jan 2014 09:13:59 GMT

x-amz-version-id: QjqTwx_WtPuZIJz7CFxx6CtYgyzT8pRK

ETag: "f1b0c2e8dbea7007de3b729877ed968e"

Content-Length: 50085

Accept-Ranges: bytes
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:EB591AE63587E311AC799D5F5C8BA5FF" xmpMM:DocumentID="xmp.did:B7A6
F41288C411E39181D0C065CD57B3" xmpMM:InstanceID="xmp.iid:B7A6F41188C411
E39181D0C065CD57B3" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EB591AE63587E311AC79
9D5F5C8BA5FF" stRef:documentID="xmp.did:EB591AE63587E311AC799D5F5C8BA5
FF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>..FD....IDATx...u.\.....]..U.... n1..df..c.I&
....g&.dB...O...8.c'f.!..B.[R........S.w..w2s'sgr........:u..o...:G...
......2...P....g..L...C..#...j....F..Kk..- K...........d.A.G,.....R.,.
o.....g...63.F.P.G...T....$~Y..d.....G.....P...."fU...LX......w#k...e\
.....{.....M-.L...a...{N.[w..M_."....P.....1...a(.9.O..U.!C.O~.x:...3.
68......9........^(.(._.......N..*M.T./.lR..5h.r.C..Ft>...2.@:-.../
R........{.j5.....(.!.(. .E~..`...x-.}..l.........@..(O....T..b.y%....
U(....,...".F@....../..*.4<.,&e.L(-x.......x}S.2....*.....\.(.*
<<< skipped >>>

GET /img/Malaromoro/bg2.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:41 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: l2gT3yjapmKahBu2V5HL70Hffu66o/DXADPThLrE4b7O5HPmekr8bA4Qsh0DvegR

x-amz-request-id: 7A4271381AF000BF

x-amz-meta-cb-modifiedtime: Sun, 16 Mar 2014 10:17:54 GMT

Last-Modified: Sun, 16 Mar 2014 10:45:33 GMT

x-amz-version-id: JMXnkH_Q4w85o.RRxkVvr1HHBSYxTWbA

ETag: "3ca90bdb0184dba078b0e604eb239df0"

Content-Length: 59210

Accept-Ranges: bytes
......Exif..II*.................Ducky.......<.....ohXXp://ns.adobe.
com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-
c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRe
f="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://n
s.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:345E81DDDAA9E3
11B383BEF54B638275" xmpMM:DocumentID="xmp.did:118EE61EAA0211E3A8EABD13
5B592C02" xmpMM:InstanceID="xmp.iid:118EE61DAA0211E3A8EABD135B592C02" 
xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedF
rom stRef:instanceID="xmp.iid:086B2D40FAA9E311A847ACF83C7EB2CA" stRef:
documentID="xmp.did:345E81DDDAA9E311B383BEF54B638275"/> </rdf:De
scription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"
?>....Adobe.d......................................................
......................................................................
.......................0..............................................
...........................................!.1.A".Qa2..q...B#3..Rb...C
$45..r..cs%....S.DT....U..E&......................!1.A.Qa.q.."2......B
..Rb.#[email protected].*..b.,...]H.Z7
.|1.....v.4....M.....T.<.Q......z.....u9...\u.......M....r'.gW.hM.B
[email protected]..:.....:.s.......:...L..._..%nh6._........b)
<<< skipped >>>

GET /img/Gegogego/Gegogego_Bisli.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:41 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: u5hQEfFSQ4WcsiLda3uciIuLcLcff43UnDYabL5Wd11Qj46Wy5OsdLgaxrnP2RkO

x-amz-request-id: 881D7725B48D7421

x-amz-meta-cb-modifiedtime: Wed, 26 Mar 2014 10:22:00 GMT

Last-Modified: Sun, 30 Mar 2014 06:55:20 GMT

x-amz-version-id: dQSLbyuSQbJhu3bSmJ8OUaai0Dq6hO.H

ETag: "655a3c68842717ac143b877be16f9161"

Content-Length: 10056

Accept-Ranges: bytes
.PNG........IHDR.......*.............pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/Lilisipipe/Lilisipipe.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:41 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: OC KjupDEFrmG0LhFQ1BhtOstdubtpLQh/ncWxUTLQIEBJPJV1kPOW9ezxdvfYmv

x-amz-request-id: B724A3ED1A19BEF5

x-amz-meta-s3fox-filesize: 4205

x-amz-meta-s3fox-modifiedtime: 1394472583656

Last-Modified: Mon, 10 Mar 2014 18:21:58 GMT

x-amz-version-id: aUbNYoFSmvGMGSTNwmSzDDFZRwAmOUET

ETag: "c55aebc8002d65f19bf01be44577c1ce"

Content-Length: 4205

Accept-Ranges: bytes
.PNG........IHDR...t...........:.....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/Sesakesaye/Sesakesaye_bisli.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:42 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: yBCFhiapuVBbYgBw37ZRfgRnwAP2Bq22X6EXDKz 6zIAQBKmFButriC2ntgDafC7

x-amz-request-id: 09C10B536392D734

x-amz-meta-cb-modifiedtime: Fri, 07 Feb 2014 16:36:40 GMT

Last-Modified: Fri, 07 Feb 2014 16:40:30 GMT

x-amz-version-id: yfosfRpOf.8mDjaIHnFVAoJJNdB_rGPY

ETag: "e3a7e42373e168852fc2a4d9a17d2583"

Content-Length: 19316

Accept-Ranges: bytes
.PNG........IHDR.......).............pHYs.......... .....OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/Rilides/bg2.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:42 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: BL k9MuUnwtDHU2 1HL9Wm4tWdnGtj g2IXPkSNjvK3j5LsJWc5hfBot9tRbvzxW

x-amz-request-id: 0C352B4D3D965D1B

x-amz-meta-s3fox-filesize: 301334

x-amz-meta-s3fox-modifiedtime: 1397396644499

Last-Modified: Sun, 13 Apr 2014 13:59:01 GMT

x-amz-version-id: 0lWJxjRhnOWwJ3NVEhXd_.3GTWqfZo2y

ETag: "4cf2b02fb71d38855cff94074ec8aead"

Content-Length: 301334

Accept-Ranges: bytes
.PNG........IHDR.............V.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:5B5972EFDBB4E3118BE9FFB1A25D5C53" xmpMM:DocumentID="xmp.did:CDFF
1A39C30311E3988AB3D9E201A62D" xmpMM:InstanceID="xmp.iid:CDFF1A38C30311
E3988AB3D9E201A62D" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:26615D92F1B4E3118BE9
FFB1A25D5C53" stRef:documentID="xmp.did:5B5972EFDBB4E3118BE9FFB1A25D5C
53"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>.......FIDATx.T.i.e.u&..|......\d...(...).eY.
....6<.n.@b;H. A.N.........;.A.H.7.X.v,tl..[.5..HI.8..dMo.......|..
..e.E.....=........._._...b.S..tTJ^..X.TV-..b.....Z,...?......?...9|..
.D.o.=?....?.4.R.R.?,.2..g._Z.4O..j..?w.......wc|.IY.xV-...o.y.~..M.=.
..?...fD5..w7_2....T.#.g...~.3..yV}.qK.i.c..m~.1.3..z:.8.k.]W....)..._
..2........}....z..g{R7....of.\....U..y..17.....s..g...U.....:>.WJQ
.:.....qO.f<gklc...a..r.B.\O.<..............O....].>...t..x\.
..}).B?.}4.^..T6m#.|...8f~...qm7....Y..]..]g1...XB.6{..u".Y)URK^d.
<<< skipped >>>

GET /img/Global/declineBG.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:39 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: RXku hHf 0/kHKiJeiZLRHrFxC0MSwQ8fI40TeqE0Iird0qm81ISa ImsdxBuuPe

x-amz-request-id: F932BA32AFDA820F

x-amz-meta-s3fox-filesize: 1527

x-amz-meta-s3fox-modifiedtime: 1385033566667

Last-Modified: Thu, 21 Nov 2013 11:43:23 GMT

x-amz-version-id: TJNGNP9J.pYgtH1WelxAjMHRSvYRyHyQ

ETag: "c3671f6a6b3932da75a4c6b57cd45614"

Content-Length: 1527

Accept-Ranges: bytes
[email protected] ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:7496059F5C24E31185CEB55A04ED8505" xmpMM:DocumentID="xmp.did:9957
4DB952A011E39674B18426DE0A96" xmpMM:InstanceID="xmp.iid:99574DB852A011
E39674B18426DE0A96" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7EDADDF8E724E311B036
C0E7691E1950" stRef:documentID="xmp.did:7496059F5C24E31185CEB55A04ED85
05"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>...C...'[email protected]<..9i...RJi.v......
!.l..W.n....=.#.....~.;......%H.q8.0.. . .....u...4..... Hp*/.@#. . .v
$.H H H...4.....`G...R..uuy..m[.u}..g.%...i.!.a.S..}{...ww^k..#B.C^...
b.*..26a}._..-....8......F:?K.E...f...R.......t..RDh...S.x....)f.|8.O.
.'O.8......F.q./:...#..:N9.........\w.K\o#...k.o3...RykW.......LQyh...
{...#U{...^w..wS......A...h$@.@[email protected]$.$0..F....v..
@[email protected][email protected][email protected].......
...@#. ....H H`..........@#...F;.H H. ...4... H`G.........@#......
<<< skipped >>>

GET /img/Global/No_Button.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:39 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: ZjynwX6BV1x69/52ypXzrSK6K8Yp4gJQbBLSlWUqfPmELfG5udwAT6qh7wv7snI1

x-amz-request-id: 0E78196ED3678B2B

x-amz-meta-s3fox-filesize: 1090

x-amz-meta-s3fox-modifiedtime: 1380713503002

Last-Modified: Wed, 13 Nov 2013 16:12:45 GMT

x-amz-version-id: H1gWa5fQ5azVvHrSdifdTj_fe_Q1czxc

ETag: "4462e7ebdf4a24f57b288fbca0602dea"

Content-Length: 1090

Accept-Ranges: bytes
.PNG........IHDR...T.........d.......tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:2D2B0E0124EA11E392EFCCF1
BDECC388" xmpMM:DocumentID="xmp.did:2D2B0E0224EA11E392EFCCF1BDECC388"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2B97008A24EA11E392
EFCCF1BDECC388" stRef:documentID="xmp.did:2B97008B24EA11E392EFCCF1BDEC
C388"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>...\....IDATx...1..1.E'A...J/ .*.....ZYne..
3....jR...!.#I1?.H..5..v..T.KSl...Rz...r.W.......m\|...C.'.`.#.f......
.A(B..P@(B...E(B...E(B.....f&Y:.j..-G......3.&...i...s.G.l.a;...%].j.V
.j.....h"..5.......IEND.B`.....
<<< skipped >>>

GET /img/Ruteropu/BG_bisli.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:39 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: e6WcU f1Tqh/KmN1hjPnVk5DVIX eobVwikfkX5TfvDfz ZBR6K8A sdNfTfbLV6

x-amz-request-id: E140EE9C49E0AA88

x-amz-meta-cb-modifiedtime: Tue, 24 Dec 2013 08:55:27 GMT

Last-Modified: Tue, 24 Dec 2013 08:55:49 GMT

x-amz-version-id: ZeCdyqOtaeJO8.5LFd2w4A.zwR.Ovk0e

ETag: "6b41d29a765291a210bb33bbb7280c84"

Content-Length: 9761

Accept-Ranges: bytes
.PNG........IHDR.......(......^k.....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:EF02F20C6C7811E388FF83DA
D2A5AB25" xmpMM:DocumentID="xmp.did:EF02F20D6C7811E388FF83DAD2A5AB25"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EF02F20A6C7811E388
FF83DAD2A5AB25" stRef:documentID="xmp.did:EF02F20B6C7811E388FF83DAD2A5
AB25"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>^d....".IDATx..}..^E..[w....t......`.....A.
.Q@G..... ....!. 3.... ....&.H .k ..[6....{....jN.[.|.t .3.3t=...w..U.
N...._X..K..N.0.e.1....."M..i8......0.b.I$M...~-:..eN.H.}B.......C.G&g
t;.4IK...|.,K=..<s..z....K.......6.../.IG>:..q}......W>B.-!..
>..$p............I...N../:........34....e..T.6.KG..E.7...LP..3...v.
......dV.xf ....dUF.{..iB.J.Fj....t . ._~..z.....e.3:..4.&/.....6..p^.
.W...P.c.......[z......a....i...B.i".KB.u\sn....L......:!.`w.?..y.f..c
.h.&H.KU...J9.Qr.....fb....K...-.E5[36.L.J-............8.)..8.j....Fm.
..u.>...)S......02....S)......m.}.DKN.."..8.@..,...!..w......M.
<<< skipped >>>

GET /img/Nafidiri/Nafidiri.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:40 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: 36HttGulSOnnLVBNtJCue49LnbkusP7dUZJ73GEElutxNUNcVeL/W7xPYs3jsb9I

x-amz-request-id: 67C3D7885858E1E1

x-amz-meta-s3fox-filesize: 4979

x-amz-meta-s3fox-modifiedtime: 1400678109878

Last-Modified: Wed, 21 May 2014 13:17:02 GMT

x-amz-version-id: qdi5LuXmoyEc_oirnemnODJncVu2E9Vg

ETag: "a225e45d345f32a44435475456527da8"

Content-Length: 4979

Accept-Ranges: bytes
.PNG........IHDR..............?m.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:5187312F0FD9E311BE2EB271B5E00988" xmpMM:DocumentID="xmp.did:7C8C
4612D91011E3A41ACBA20CA929C5" xmpMM:InstanceID="xmp.iid:7C8C4611D91011
E3A41ACBA20CA929C5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5287312F0FD9E311BE2E
B271B5E00988" stRef:documentID="xmp.did:5187312F0FD9E311BE2EB271B5E009
88"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>u-=.....IDATx..[.xT....2.df.'l..5h.M)U.n...7.
Qh?.R.K[. uA.k....H...e..p.V.E ..$B.Y.F.I&...{..N..s.I.%..8.?..-..w...
v.H..k*B.$I.]..G...C.VB.$x`....O.....I.a4....`........Z..... ...._....
..s...Y/6F....E.A.4"......<^o...K.t=J..h..-2P/..WV...j-v8.{UU.G...'
@....y..p. fN.a..$..x.d..w..a)a.P3!.p!.)..3~d...0.'....|$......( .....
....o....*G{.BI.6.Q[].....E....c.U.......b.y."..d...0..6A3..C..d<Yr
#..S..0.:. 3!.L.e.:..N........e.......D<<}..<@um=*.4.4.g.*@2y
.O\......v!._....-..9.../.U........$8C\..q.D.gjlU..\.~..Q%o}..|..U
<<< skipped >>>

GET /img/CH_logo.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:40 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: zp1PULbiC5hUvxy0Dymh5T457D/rZ5zN8ajMpAguAxyar02iEIIDd98fSlBvb3oR

x-amz-request-id: A991D3B5E2D84417

x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:44 GMT

Last-Modified: Thu, 21 Nov 2013 15:40:01 GMT

x-amz-version-id: osjur0cYkvY0gJkbPOZZ_tbD.fAnrMVX

ETag: "ad8ed967a43ae4d7d6c28ff2ed3c8550"

Content-Length: 4577

Accept-Ranges: bytes
.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/FF_logo.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:40 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2:  hIVRWCn 4KtFQ7BM8L81Fw CYNAE0Qb3ym6SU5upu9gxhaJWVEj3fLTRVjYBCNV

x-amz-request-id: A11C9AF0299E6595

x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:45 GMT

Last-Modified: Thu, 21 Nov 2013 15:40:00 GMT

x-amz-version-id: g_t3b7eiRe5f7z2B5bSNHqt0MOq9rM5O

ETag: "6bcecb3debf7e4a0569b6a9d6e62adab"

Content-Length: 5025

Accept-Ranges: bytes
.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/Mapayuy/LOGO.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:40 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: lZtoa4n Dbnfri5SYRfKWy 971CEtU 8ZfUk8yIq3FYJw6tYe2d0dfX7 rbU8UGA

x-amz-request-id: 295E407F946DC6E7

x-amz-meta-cb-modifiedtime: Mon, 10 Feb 2014 08:51:03 GMT

Last-Modified: Mon, 10 Feb 2014 09:24:37 GMT

x-amz-version-id: 5u3JQZ1GPK62zlrEEfaN7rrrBMh6wKoK

ETag: "14f5d50e6a8628e97604c97e4735fe7d"

Content-Length: 16671

Accept-Ranges: bytes
.PNG........IHDR...,... ........y....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/Malaromoro/bg1.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:40 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: IUr46ZbspYhCTqA0TlDIl / qTP0Nj/Hk04fCUZx7hXD4/6fQ9MkZyDef5XVaAIn

x-amz-request-id: 3D5A8F284DAF403E

x-amz-meta-cb-modifiedtime: Sun, 16 Mar 2014 10:17:54 GMT

Last-Modified: Sun, 16 Mar 2014 10:45:33 GMT

x-amz-version-id: EqXw9hQ1szW0X1KVab90EKpMdqK_JEeL

ETag: "04007b142892c379ac83bd75ac617cf6"

Content-Length: 190754

Accept-Ranges: bytes
......Exif..II*.................Ducky.......d.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:A49514ECFC9DE3118
7F4F8E0F4860236" xmpMM:DocumentID="xmp.did:0699FCAEAA0111E389E68AC7CC9
63200" xmpMM:InstanceID="xmp.iid:0699FCADAA0111E389E68AC7CC963200" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:069AD74DE0A9E311B383BEF54B638275" stRef:doc
umentID="xmp.did:A49514ECFC9DE31187F4F8E0F4860236"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
....................0.................................................
..................................................!.1".A..Q2#.aq$..B3%
...4.....R..Ue&........................!.1..A"Qa.q.2#....B....R...br3.
..$.CScs.4.T%....Dt.U&............?..../*z..E].c..H..S..^g*...B....a.&
lt;.Q.....A ...$..M.>..M..........i6l{..p..rMdu..A1$...........r5W.
.S.......mmk......}u.......=#<...Dh...;.V.....N.r#;Q~...us..EO.
<<< skipped >>>

GET /img/Gegogego/Gegogego.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:41 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: ctFpelKo/k4TunTXNzDTCZT/fqAC84lCCsdARzurOf16Gnm0DODf Iq0r7wVdFFo

x-amz-request-id: B8486952D6E0CAD3

x-amz-meta-cb-modifiedtime: Tue, 24 Jun 2014 10:14:33 GMT

Last-Modified: Tue, 24 Jun 2014 10:31:23 GMT

x-amz-version-id: lQ1ZjbNz94SNdd_NOMYFRoL.dGISZGI2

ETag: "72031603c036e8a90ce3f5ad7163c689"

Content-Length: 10928

Accept-Ranges: bytes
.PNG........IHDR...0...........}.....sRGB.........gAMA......a.....pHYs
..........o.d....tEXtSoftware.Paint.NET v3.5.11G.B7..*.IDATx^.........
j..J..G E.]..3..a2!1..q.\l.7c....%.....(..........`....8.&......0....&
!...G;...#..(.J.V..j.....>.........#}dw.....}.<}...c............
......................................................................
......................................................................
............................................jq...f..[.2Y.,.9b....h..E.
j_3.S....jGb.d....%....O<V"....l.....`R..|......G.4z.k........5..,.
>Q#.....'.G...Z.T!........I..i.-Y...4....Z...h.kl%.y.[..Q..,.....4.
5..u.......<[email protected]|..WF....h....l..w.
..{.._.....G.K.-.....5.S%/Y.PNz..A..d.$....W8Z...v..F.JH...@]...p. . .
`.%O:.s...h4..O|..I..I...U..s..L4.DJb...\Nyu.........5?f!.H..........K
H.h..I?.?n......D.H........Sk-...e9.=....u.}...Zf.s....M..(.....1...M.
.....2...:W ....'w..,^.L*..{U.....pLL$....BT..|..,Y"..&2qI3.....3K....
X..*..F....s..s..1Sx.3Q..,Y"'G,=...[-..P........:.6$..s..}.Y..=.'.,...
.oD...i(...kt.3;....|.....zV.$rR5*_..o..&..G`.%.r...rr...#.Z.1..R..b..
.%.3n........../....N;...}....j$/].D......(..?Y..V.{..7.=.....w..e...E
,2.ku2..`n....Ki...Y...$jE....B....'......o!.|......Yk.......z.V....lS
...z...\Y.Mja...|.J...s?.d.X..H^<A...^......Q..../...t..c..e.......
.DD.....E=2..]CG./.Xg.5=.e.....C..V>......>|. .^6=|..l\u....P~..
..ko<6...?_.;............L......%J..,.....8.)...r.......=V...W..4..
X.'...].y..j..2......T #Q...0z.jx....K0.u....X..N._....)S%z....[Y.
<<< skipped >>>

GET /img/Rilides/bg1.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Tue, 19 Aug 2014 05:32:41 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: b1Am0B9zotV wxTeFWGxNg/aGmmIlpmbhEsB4KpZDtGKrBXLw7frg3u/nlsMVrD8

x-amz-request-id: 98E1B0B81795028E

x-amz-meta-s3fox-filesize: 270544

x-amz-meta-s3fox-modifiedtime: 1397396637300

Last-Modified: Sun, 13 Apr 2014 13:58:59 GMT

x-amz-version-id: R_nS0AGSDj8KviWXfqPQEZ5WZkK48wlH

ETag: "b287ea9709eef2cd60b92074479d5fe0"

Content-Length: 270544

Accept-Ranges: bytes
.PNG........IHDR..............7......tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:5B5972EFDBB4E3118BE9FFB1A25D5C53" xmpMM:DocumentID="xmp.did:C0B1
4E2BC30311E3A5B6BD720ED5AFD5" xmpMM:InstanceID="xmp.iid:C0B14E2AC30311
E3A5B6BD720ED5AFD5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:26615D92F1B4E3118BE9
FFB1A25D5C53" stRef:documentID="xmp.did:5B5972EFDBB4E3118BE9FFB1A25D5C
53"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>\s0.....IDATx.l}.`\...w..U..,.w...n.m:...%...
B*....@ ..?/!..z..1.w...q...$.kW.....f.. ...D.....9sf........C.i......
....e........1_e...L. .....3.N......X0.q.U,:.m..i......,;@..(....W....
..C/.w.;...]./..=..>....E.........xF..=....2B..?.D.y.z......6..t. .
......,..hR,.aZ......<&. _..3<...Y|=?...d..|.y.w.>.l.........
@((c.{x....ad...... ..!...q..y.=S....i!..Q..=.;.n.]..<7z>_fW.#m.
0....../[email protected].........,....ux......?..#.........d.Ch.....q.
4W.3.}j.d.._.:Eo...kX6.......Zzz].:......D.^S~.....<P....S..J..
<<< skipped >>>

GET /web/dw7/install/stub/weathersp3_StubInstaller.exe HTTP/1.1

Range: bytes=0-102399

Accept: */*

Host: download.weather.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: Apache

SVRNAME: web1x03

Last-Modified: Tue, 17 Apr 2012 11:47:45 GMT

Accept-Ranges: bytes

X-UA-Compatible: IE=edge

Content-Type: application/octet-stream

Cache-Control: max-age=86400

Expires: Wed, 20 Aug 2014 05:32:37 GMT

Date: Tue, 19 Aug 2014 05:32:37 GMT

Content-Range: bytes 0-102399/2378424

Content-Length: 102400

Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........`..........
.....yZ......wG......ws.[....wr......OA..............yJ......wv......w
C......wD.....Rich............................PE..L...Yt|O............
................B........0....@...........................$.......$...
@.................................<M.......p..`............>$...
...@".....0>[email protected].......
........................text...L........................... ..`.rdata.
.rQ...0...R... ..............@[email protected]............^...r..............@
....rsrc...`....p......................@[email protected].......@".......!....
[email protected].........................................................
......................................................................
......................................................................
......................................................................
........................................................U..j....R.....
..u.j.jh....H...e....4.U...S..P............E....R..P............E....R
..P.................P.E....F....$...P.E....E.........E...%..........CS
...........U..V........E..t.V..G..Y..^]...j....R.........u...4.U......
..E......%g....$....E....F.........E....F............<.............
.............. ....M......F...B....U........Qh.....u......]....$.U..SV
W...OK..V...........S.c...V.{...$...W.S...h....j....8S.j.Php..........
..8S.........F....$.....F...........K...........S.P...........W.B.
<<< skipped >>>

GET /web/dw7/install/stub/weathersp3_StubInstaller.exe HTTP/1.1

Range: bytes=409600-716799

Accept: */*

Host: download.weather.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: Apache

SVRNAME: web1x03

Last-Modified: Tue, 17 Apr 2012 11:47:45 GMT

Accept-Ranges: bytes

X-UA-Compatible: IE=edge

Content-Type: application/octet-stream

Cache-Control: max-age=86400

Expires: Wed, 20 Aug 2014 05:32:37 GMT

Date: Tue, 19 Aug 2014 05:32:37 GMT

Content-Range: bytes 409600-716799/2378424

Content-Length: 307200

Connection: keep-alive
..9p........p..M...)...E.P.M..E........u..~..~..v..M..1....u.V...5S.j.
.M.......F...xB.U.;B..:f.<B\[email protected]<3................
.M.....E.........hW....u....u.......3.9x,t.9~.u..p,.M...%...u.9~.tC.E.
Ph..S.WV...X..}..-e..;.|'.......u...P.Q03.;....;........E...P.Q..M...N
[email protected](....^...............H4t..M....e....... ...H
4t..M....e...........H4t..M....e...........H4t..M....e...........H4t..
M....e......@4.t..M.....e........H4t..M....e...........H4t..M....e....
.......H4t..M....e...........H4t..M....e......@4.t..M.....e........H4t
[email protected][email protected]. .
..e.........u...S.P$..........c.....U.....SV........W.p...\4S........Q
 .I.@ .R3...SQ..i........7S..........E..]..6....G..dX........9X....8S.
t!.p...p8S...t.......j..p..E........s...........E.t........A4....t..p.
..V..{.........u(....................q...P.R.3.......y................
t..(......=......E..`...}..t.......j..p....u...d8S...t..u... 7S.......
...t.....j.X_^[..j..rOR...a....3.3.F.].9...........9_ ..w....(...P.M..
.............M.QW.][email protected].;.u..E....U.Rh... P.Q...t
7.E..U.Rh.....]...P.Q...x..u..M......j..M.......u...p9S..E...P.Q..u...
.V.w....}[email protected]_ .......X...P.M..H.
...u......V.M..I....w ..t8S..E...P..U...u.Vhd....p ...8S..M...y.......
.j.......E..x..t5V.M.......w .E...P.BU...u.Vhe....p ...8S..M...y0.....
.M..M.................p..M.......E...`.....j.......u......j..".R..._..
...u..u...P...{....u..e.....6!....u..u............`.....j(..OR..._
<<< skipped >>>

GET /web/dw7/install/stub/weathersp3_StubInstaller.exe HTTP/1.1

Range: bytes=1024000-1331199

Accept: */*

Host: download.weather.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: Apache

SVRNAME: web1x03

Last-Modified: Tue, 17 Apr 2012 11:47:45 GMT

Accept-Ranges: bytes

X-UA-Compatible: IE=edge

Content-Type: application/octet-stream

Cache-Control: max-age=86399

Expires: Wed, 20 Aug 2014 05:32:37 GMT

Date: Tue, 19 Aug 2014 05:32:38 GMT

Content-Range: bytes 1024000-1331199/2378424

Content-Length: 307200

Connection: keep-alive
..P..,...."i...E... ...P..0.....i...E.......P..4.....h....D......eS...
@.....L......H......U.W..,....E....j..W..0.....j..W..4.....j....8.....
.<[email protected]...
.|....e...O.P..g...M..M......hh....W.u....................}......h....
...R........)X.j.3.S...H0.@4VQSSPj...................]..A......uB.....
.P.......w.....,...P.E....g............]...g..S...............M.......
..H..........85U....6U....U..S.][email protected]?....([email protected].^
[email protected]?........VWS..?.._^[].....S3.V..9..9X.u......9.....
}.j....5S..qW.=.8S.SSh......H.....SPh......H..........7...;.t.9X t....
.....QW....p.............c.....9X.W...........S......._^[...U..V.u....
.(....o3...u........a3...}..u)j.j.h......H......8S.........c..j.......
.^].....U..QSVW.......3.;.t.9p t.........Q.u.....p.............b..V...
U...VV.....S..H....u..5.8S.....~,j..u.h......H.....j.9E.t..E.j.S..H...
..9E.|.3._^[[email protected].........
u...$6U...........E......je...............(....E..............E.......
.......E........M..........T......V.....9X.j........3...j....U...^...V
j....G...........y.j....5S.^....9X.j.V.....^...U..3.V..9..9X.u..n....M
.;.t..U....y........SW.=.8S.PP.....S.......E...........j..u.h,........
.....u..E.j.j.S........9E.|..w.u........i............9X.P.x.....3...;.
u#[email protected][email protected]...[....*j.h.@...^[email protected]..
.W......._[^]...j|.C.R......3.3.9..9X......;.u..f........j...x.....F..
...9X...x...P.]..m...j..u.......j..5..X....5..X..P...j.......W.V;.
<<< skipped >>>

GET /web/dw7/install/stub/weathersp3_StubInstaller.exe HTTP/1.1

Range: bytes=1638400-1945599

Accept: */*

Host: download.weather.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: Apache

SVRNAME: web1x03

Last-Modified: Tue, 17 Apr 2012 11:47:45 GMT

Accept-Ranges: bytes

X-UA-Compatible: IE=edge

Content-Type: application/octet-stream

Cache-Control: max-age=86399

Expires: Wed, 20 Aug 2014 05:32:37 GMT

Date: Tue, 19 Aug 2014 05:32:38 GMT

Content-Range: bytes 1638400-1945599/2378424

Content-Length: 307200

Connection: keep-alive
,*0 ).**/* 0 ,2-,3.*0,*0  0 *0 */ *0, 1,*1- 2- 2-*0, 0, 0 *0  1, 1,*1,
*1- 2- 0,).* .  .  / *. *. )-**-**-**.  0  0,).**/  0,*/  1- 0,). */,,
1-*0, 0, 1-*/  1, 1, 1-,2. 1-(-**/, 1. 2.). *.*)-*),) . */  0,*.*)-) /
 ,1,,1, 0  2.)/,( )( )( )-1/ 2/)/, 3/ 3/*1. 2/ 30 30 1, 1,,2.)/ *-**-*
*.  0,).*)-)*.  /, 1, 1,*0,).**. */ ),*)-* 0, 0  1,*/ *. ,2.*0 ).* 1, 
0,)-*)-**/ ,1, 3- 3- 0,*/ */  0,*1, 1,)/ )/**/ )/ *0  2, 1,*0 *1- 2.*.
 (,**0.,31 3/ 3/ 2/)/,*0-,30*0.(,*)-* /,*2/*2/ 2.)/ */--2/ 0,).**. *. 
*. *. *. )-* 0  0 *.  0, 0 *.* 0, / */ *.*),)) ))-**-**.**. *.  0, /, 
/,*.*) )),) - -1,-1,,1-*/ *.  / *. -2.,2-,2--3.-3. / )-),1-,1- 1,*0 */
 )-*). *. *. )-*)-*)-*)- )- )- )- *. )-**,*) )) )*,**-**-*) )(*))*)) )
*-  .,*. (,)*-**. */ */ */ */ *.**. *.*)-)*-)*-**-**-**-**.**.**-)*,* 
.  0,*/ */  1, 2- 1, 0  0  0 */ *.**.**.**.  0,*. ,0 ,/ *-)*,),0 -2,-2
,-2--3,,2,,1, /  / *.**-*),)) )) )),* .  /* .* 0* 0 *,) -* -**,)) ) . 
 0 *.*) )) )) )) )),)) )*/ ,1- 1 *0* /* /* 0* /**.* /**.**.**-* .* .* 
.* .* .**-),/  .**-) / ,1, /**.* / ,0  / *-)*-**-**.  /  / *.  .* .* -
* -) 0  0  1 ,1 ,1 *.)*,* -* .* .  .* .* 0 ,1,,1, 0  1 *0  /**.)* )*,)
) )*,*,1,,1,,0,,0, 0  0  1,*0 */**/* 0 ,0  0 */*),)) )) )) )) )) ))-),
0, 0  /* /  .* / *.**.**. *-*),)*/  0, 0, 1, 1  0 *.**-**-*),)),)) )) 
)) )*1, 1, 2- 1,,3.-4/ 2-*1,*1-*1-*0,*0,*1.*1. 1- 1-*1/*1/)- ), *0- 1.
*1.*1.*0-*1. 2.,3/,3- 1,*0  1, 1,)/ *0 *0  1,(,)),)*- *.  / */ */  1, 
1,,1,)-)*/,*0,*0, 1,*/ */*,3.,4/*2,*2,*0 )/ )-*)-* 1, 2, 2,*1  3, 2,*0
 *0**0 ,2,,3-,3- 2- 1-*1, 2, 2, 3- 3. 3.*0-*0-*0, 1- 2/ 2.*0-)0,)0
<<< skipped >>>

GET /web/dw7/install/stub/weathersp3_StubInstaller.exe HTTP/1.1

Range: bytes=2252800-2378423

Accept: */*

Host: download.weather.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: Apache

SVRNAME: web1x03

Last-Modified: Tue, 17 Apr 2012 11:47:45 GMT

Accept-Ranges: bytes

X-UA-Compatible: IE=edge

Content-Type: application/octet-stream

Cache-Control: max-age=86399

Expires: Wed, 20 Aug 2014 05:32:37 GMT

Date: Tue, 19 Aug 2014 05:32:38 GMT

Content-Range: bytes 2252800-2378423/2378424

Content-Length: 125624

Connection: keep-alive
,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3.3.3.3.3.3.3.3.3.3.3.3.3.
4.444L4d4|4.4.4.4.4.4.5$5<5T5l5.5.5.5.5.5.5.6,6D6\6t6.6.6.6.6.6.6.6
.6.6.7.7.7D7P7T7`7d7h7l7p7t7x7|7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7
.7.7.7.7.7.7.7.7.7.7.7.7.7.8.8.8.8.8.8.8.8 8$8(8,8084888<8@8D8H8L8P
8T8X8\8`8d8h8l8p8t8x8|8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.
8.8.8.8.8.8.8.8.8.9.9.9.9.9.9.9.9 9$9(9,9094989<9@9D9H9L9P9T9X9\9t9
.9.9.9.9.9.:.:4:L:d:|:.:.:.:.:.:.;$;<;T;l;.;.;.;.;.;.;.<.<(&l
t;,<@<D<X<\<p<t<.<.<.<.<.<.<.&l
t;.=.=.=.=.=.= =$=(=,=0=4=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=
.=.=.=.=.>.>.>.>.>.>.>.> >$>(>,>0&
gt;4>8><>@>D>H>L>P>T>X>\>`>d>
;h>l>p>t>x>|>.>.>.>.>.>.>.>.>
;.>.>.>.>.>.>.>.>.>.>.>.>.>.>
;.>.>.>.>.>.>.>.>.>.>.?.?.?.?.?.?.?.? ?$
?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?.?.?.?.?.?.?.?.?.?.?.?
.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?....4....0.0.0.0.0.0.0.0 0$0
(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.1.1.1.1.1.1 1$1(1,101418
1<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1
.1.1.1.1.1.1.2.242L2d2|2.2.2.2.2.2.3$3<3T3l3.3.3.3.3.3.3.4,4D4\4t4.
4.4.4.4.4.5.545L5d5x5|5.5.5.5<7H7L7X7\7`7d7h7l7p7t7x7|7.7.7.7.7.7.7
.8.8.8.8.8.8.8.8.8.8.8.8.9.9.9.9.9.9.9.9 9$9(9,9094989<9@9D9H9L
<<< skipped >>>

POST /Downloadster/?v=3.0&c=1936796661 HTTP/1.1

Accept: */*

Host: os.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 830

Cache-Control: no-cache

0A0CzutD0DtC0GtC0ItC0QtC0BtB0ZtC0CtC0VtD0AtC0NtC0NtC0CtC0PtC0NtC0TtB0ZtC0FtC0CtN0U0I0DzutDtDtD0CtBzytA0B0D0FtB0FyEtC0D0BtN0W0VzuyDtFtCtN0W0S0PzutAtN0O0S0L1T1G1Nzu1P1GtN0E2V1P0C1M1J0S2Y1HzuyCtCtBzztByEtN1L1B0A1Q1H1L1GzutCtN0T0KzutCyDyByEyDtDtDtN0U0I0DzutDtDtD0CtBzytA0B0D0FtB0FyEtC0D0BtN0S0D0TzutBtDtCyEtDzztCzytDtAtAtByDyDtAyCzztN0V0M0Czu0V0M0WtN1L1B0V0M0D1P1OzutCtN0M0A0C1V0LzutDtDtD0CtBzytA0B0D0FtB0FtN0P0E1V0M0O0D0Ezu0D0L0LtN0D0E0P1V0M0O0DzutBtN1L1B0A1Q1H1L1GzutCtN0R0N1T1H1Pzu1Rzx1Y1QzzzzyCyB1TyBtDzytB1O1PtDyE1RtAtAyC1OyC1QtB1PtA1QyDzz1PyBzyzyzytF1P2V1PtN0O0S0L1T1G1Nzu1P1GtN0O0S0V1P1CzuyDtFtCtN0O0S0S0P0V1P1CzutAtN0O0S2VyCyEzutDtN0P0P0Nzu1B1T1G1Q1S1F2V1V1B2X1RtF1P2V1PtN0M1P1H0P1M0AzutByByEtN0M1P1H0P1M0TzuyDtCtCtN0M1P1H0V1L1C0AzutCzyyCtBtN0M1P1H0V1L1C0TzutBtDyEyBtN0P0R0O0D0U0C0T1V0T0I0T0L0Ezu2W1P1T2Z1M1P1C1V1R1M1T1G1G1P1I
HTTP/1.1 200 OK

Content-Type: text/html

Date: Tue, 19 Aug 2014 05:32:37 GMT

Server: nginx

X-ADS-CC: CA

X-ADS-CITY: Montr.al

X-ADS-IP: "%local server IP%"

X-ADS-TIMESTAMP: 20140819003237040

X-ADS-VERSION: 1.2.3

X-ICSCT-SERVER-NAME: ads.slave-08-us-west-2

X-Robots-Tag: none

transfer-encoding: chunked

Connection: keep-alive
1af6..o...pu..pv.o.....k.K.^L..3\....` ...1.v.8.....m..ul.....,.t....$
.o'qi..]..r.iZl...$.......*..........V.o........$.".?..........`"[....
........= .p....m..93...v..9.6..!...c...,<...,.j.5 ......e....k."..
l.".;*i..\....|.o.X.?*.a...f...... .......?f..X.Z]zU*....$.._..X.p....
o..h..^.....|e..1..!....L.....F........C.......K...%...)....w...`..V..
...K.%.....f...."...`...q.../M...i..\ah.n.....x...m..E#v..$wA..Bn. /&g
t;.(A.....;N.....6G..rro..?.$NS....U/.\...Ii..C..Ui.?........k...l..Z.
?..."j0.'..L....oK....6....o......L..u].h..g..J2G..........fj....B...-
...,.J.'w*.....-...-......U-.......%.*..'J.(...p......r............m..
.l.(E. ......$W.g...C!..a..9...@.&....O.#?M.."..i..:.<.......,.J.4.
......./..]...(..b..B.....'......@ ...4...Io..Io.....C....y.i.......N.
'G..~...M..1.......}>].A...2G../!<.r8.=w.....ONwl..X'.K......n..
.....o.....[.>.......t...&.MC..UK..;.....OP8..........r;>....0..
,.../...BkR...2.D...9o...X..#....&.........j&.........G.`..g.H......q.
...Y.#..Q{............".I< ...f .A"..Te/;[email protected]..._.
...... ....w.B4o..m#. q\..*.(..&......V...8..B.)....w../....P..3\.>
..Co.....%..1.y.. ...?_...d..V. |-............M....C8.uM..]......w. _.
T...L.d&.......{..u!.......#R.}...L...Q...'\_rc...1..V..(.O/.([..fh.D.
....6d.x.9z.... .%&:.1;.......K.........,......K...d.`...[.q.jU..\v.W.
.....ZW..R.hnJ.=.........[m..... .......N.o...H..a.....l..uxUB........
Q}Z3TX&T^.FC.H....7..]5........21...Z.;..tO....F.........I..y..I.o....
B%.LIT.5.......T..#[email protected]^}...G......v%[email protected].`
<<< skipped >>>

GET /logos/32x32/weatherchannel.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: cdn.secureinstaller.com

Connection: Keep-Alive

HTTP/1.1 403 Forbidden

Content-Type: application/xml

Transfer-Encoding: chunked

Connection: keep-alive

Date: Tue, 19 Aug 2014 05:32:37 GMT

Server: AmazonS3

X-Cache: Error from cloudfront

Via: 1.1 54325df4a5053a2892d26c658f740617.cloudfront.net (CloudFront)

X-Amz-Cf-Id: ENZ6g0W4nmXQwBYSJKnIq6qJqCSlihB3teLvhY76XJn_LGVtMWPMaQ==
e7..<?xml version="1.0" encoding="UTF-8"?>.<Error><Code
>AccessDenied</Code><Message>Access Denied</Message&
gt;<RequestId>C7F2782F12F34DE2</RequestId><HostId>5z
JFx48aUrovBvOi1eSNp9IiK6 /Pdrsvj71cKJMXeecwBKByQwc/r/I6Iq80Ovf</Hos
tId></Error>..0..

GET /ofr/isicicc.cis HTTP/1.1

Range: bytes=0-102399

Accept: */*

Host: cdnus.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.4.5

Date: Tue, 19 Aug 2014 05:33:48 GMT

Content-Type: application/octet-stream

Content-Length: 102400

Connection: keep-alive

x-amz-id-2: R4ts/eydOl UlRxepYWFpSkW7 yDm/AyVVYC50qTWgdNBAhFWGDHocgxfSl3fCw3

x-amz-request-id: 86D1072E4AA43715

x-amz-meta-cb-modifiedtime: Wed, 07 May 2014 15:52:44 GMT

Last-Modified: Tue, 17 Jun 2014 14:03:24 GMT

x-amz-version-id: XM1TisLxZ0IO1Jbv1DhZMnb775Hj1tT8

ETag: "a0fe664dcc1b1269ca09eeee5bf2e41c"

Content-Range: bytes 0-102399/372327
CIS................S.......g.......P.........whp..1...m..&^....=.`t,..
`i...z..S..].].............#a ...\2......c..J.*..Km[>,..."..[..e..~
".~.?p.J...EVB%.:. <.k(...h...$..>.('.... X.............6....x..
.(...uFK)@b&zj-W.r.......zQ...V.Vc...V4]5.'.P4.k4..o...7c|..:B.%...O.^
.._.4..X..l....K....b9._...4..7{*...5..[......'[...B..w>......g....
...^W....C..i...^..?<..O........`Js..^..Py......'...;*i.vQ`..F.....
...7r.j...........O.I.....~....F.B.t-..x(.YK.Z.'...{..T.dF4..O._....w.
...)y.K....8.. ..4t.,.jt.R..L..Q.F.4.L.>...!....5..?[`....;.51l.'..
5:.".......=QX...D,..H_.s.l....%..I!...2.!q0^...@t{..H.7...B:....Q....
.<h..m..R[.M.ve.....F.&t...A.........H,..... A..........\,.M.......
[email protected]`Sq,%*Q..v.?.......i.%...0O...WJ..b.4.s.
...5..M.>P.....<..KO......h....^.>uI.F..Bh.6..4..............
...v.Y..q.L'.Vr.H...F..G|..]t.....8...S?.U.yq..$&..>..........s.3.^
6.P...A...AM.......;hX.$.....n...i..g..1-.7..r.........tW.H...[e>5.
0.......L..a.o.....]...L..p.(S.&!.......K..}...V..v.y.J....q..g.|....A
.{}0.1BM......8n.."....b8. ..l...._........P....y..N..O(.......k.>.
(k..-.j.........5..E._.e.!.......bs..........3...J..l...a..s..^.=.l...
.N...l.3K.G.|@..U.....n.8.....L.......~..f..l$.j.......A}....qN.\....s
;....hd.K)..z.z....=.aq.J..z).M*/n....l..>u.We....y.I.S...m'....N.~
.e...w......Om.8....R.U...V4..3...R..&...^...[...U....bp.<.%...#*.o
.x.s.V.$.[wk.W....C$k......V1.&,.z.5.......v#..........J..I..q........
... .m6.......**.`..T....7.x`..k..v5...i`..G.M|......p.q........t.
<<< skipped >>>

GET /ofr/RAM.cis HTTP/1.1

Range: bytes=102400-204799

Accept: */*

Host: cdnus.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 416 Requested Range Not Satisfiable

Server: nginx/1.4.5

Date: Tue, 19 Aug 2014 05:33:49 GMT

Content-Type: text/html

Content-Length: 614

Connection: keep-alive

x-amz-id-2: Mz1OETJE0IS6YRp9WluNN8pdGURcsxK9k0EUb/whLC4j0NDuPgxJFVDLYwSUMGTT

x-amz-request-id: FB677211519D0BC8

x-amz-meta-cb-modifiedtime: Tue, 25 Feb 2014 09:01:03 GMT

x-amz-version-id: 0J7Ku3fOApQ0maOx9q3GISpaX.5t75it

Content-Range: bytes */68754
<html>..<head><title>416 Requested Range Not Satisfi
able</title></head>..<body bgcolor="white">..<cen
ter><h1>416 Requested Range Not Satisfiable</h1></ce
nter>..<hr><center>nginx/1.4.5</center>..</bod
y>..</html>..<!-- a padding to disable MSIE and Chrome fri
endly error page -->..<!-- a padding to disable MSIE and Chrome 
friendly error page -->..<!-- a padding to disable MSIE and Chro
me friendly error page -->..<!-- a padding to disable MSIE and C
hrome friendly error page -->..<!-- a padding to disable MSIE an
d Chrome friendly error page -->..<!-- a padding to disable MSIE
 and Chrome friendly error page -->......


GET /ofr/RAM.cis HTTP/1.1

Range: bytes=102400-204799

Accept: */*

Host: cdnus.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 416 Requested Range Not Satisfiable

Server: nginx/1.4.5

Date: Tue, 19 Aug 2014 05:33:49 GMT

Content-Type: text/html

Content-Length: 614

Connection: keep-alive

x-amz-id-2: Mz1OETJE0IS6YRp9WluNN8pdGURcsxK9k0EUb/whLC4j0NDuPgxJFVDLYwSUMGTT

x-amz-request-id: FB677211519D0BC8

x-amz-meta-cb-modifiedtime: Tue, 25 Feb 2014 09:01:03 GMT

x-amz-version-id: 0J7Ku3fOApQ0maOx9q3GISpaX.5t75it

Content-Range: bytes */68754
<html>..<head><title>416 Requested Range Not Satisfi
able</title></head>..<body bgcolor="white">..<cen
ter><h1>416 Requested Range Not Satisfiable</h1></ce
nter>..<hr><center>nginx/1.4.5</center>..</bod
y>..</html>..<!-- a padding to disable MSIE and Chrome fri
endly error page -->..<!-- a padding to disable MSIE and Chrome 
friendly error page -->..<!-- a padding to disable MSIE and Chro
me friendly error page -->..<!-- a padding to disable MSIE and C
hrome friendly error page -->..<!-- a padding to disable MSIE an
d Chrome friendly error page -->..<!-- a padding to disable MSIE
 and Chrome friendly error page -->......


GET /ofr/isicicc.cis HTTP/1.1

Range: bytes=102400-204799

Accept: */*

Host: cdnus.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.4.5

Date: Tue, 19 Aug 2014 05:33:49 GMT

Content-Type: application/octet-stream

Content-Length: 102400

Connection: keep-alive

x-amz-id-2: R4ts/eydOl UlRxepYWFpSkW7 yDm/AyVVYC50qTWgdNBAhFWGDHocgxfSl3fCw3

x-amz-request-id: 86D1072E4AA43715

x-amz-meta-cb-modifiedtime: Wed, 07 May 2014 15:52:44 GMT

Last-Modified: Tue, 17 Jun 2014 14:03:24 GMT

x-amz-version-id: XM1TisLxZ0IO1Jbv1DhZMnb775Hj1tT8

ETag: "a0fe664dcc1b1269ca09eeee5bf2e41c"

Content-Range: bytes 102400-204799/372327
....un...r.......5.(...b....A.[..N&.#.....L...&..Z.A5....e....-..T,..C
.u.kql...|nN...T....v..).......4T..!.........M.i*{.....w...3.Oc.A.....
?C...........W.w....;........Y....-...........?.@`2,"..@?......[.....&
...eb7...I.$.%U1...M..-..$.g.y/........i.y.Kf7N...Q.b../..@........_..
/0.9V'.7..^)......y..6...M....EE.rT..F.5..]......X.e`..d....K.....n.;.
D....1.......x6)....*n.k..].Bp..a5..Z.W.....P..... .P...Y.$..NC?....n:
...D...Wn/.............K!...3?W.|7k..>.......n.o....>....p......
]..U..i..k.....g.....}..U......HO.i......3Sc*.m..*...M..Ij].....T.K..~
.......|.w/sZa.R..\.).'..Zi?%.r.[.5....2.T...?tcN@ .8 *L.O.i,.....r...
.m...n.F.o)Q.`z.=..Vm..t..O.k}..R.E.54.b...k.'3........].. \r......A.1
[email protected]>w..3... .. .;.]..M..7$.y..5<.&B.Y.T-MJ....F..Z.7U
....;iD*sJMI.M..k.I)n.A'wr.O..t.V... .&....b.g.~.. fq....MrP.h..;...Sq
Y.R6.6f.^HuX..i=. }..6 ...`....".........w.707.......m..LVf......{_.uv
S.........LL.Vt..e$..9.....8..._..74f......<5g...J.........R.H..Qn.
9c..Yq........U.)...<..........]........H\wL?y.....1......f..^.....
7.*.$N{...r.r.x.....f.J.6t.o.!...'.5.v..K,._v..[..8...5...4fQ..p...iEp
.{..5kie_#........u.0.GD......./...q..7O...../3...>...^Q.-t.N..b. .
u.Y..x.o..L.>...5c.`.y../....7r..=...pS..K`....}....c.....aL&wwI. .
.....(\[..1<........q..d....}.c./.`/.V)..}.$..=/i....[o...B=...4c. 
...AC...E.[.D....O_..>..)7.g.....=....=.:...n...hD....o.....q..u...
F-........oVs(.../.p.7...>~.....~5....a....:y...3pH...i....o....n.i
..jO..<29..z.......a.......4O5..)..6..3..f4.8..4Z..U...{....PAl
<<< skipped >>>

GET /images/logos/downloadinfo/logo-lightbg-small.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E)

Host: media.downloadinfo.co

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/png

Content-Length: 9222

Connection: keep-alive

Date: Wed, 30 Jul 2014 09:03:52 GMT

Last-Modified: Thu, 14 Mar 2013 23:50:35 GMT

ETag: "75973acb39a471ab5301a00d1e02bb4b"

Accept-Ranges: bytes

Server: AmazonS3

Age: 160

X-Cache: Hit from cloudfront

Via: 1.1 caacfd99fa347b00756ad58c08e912c2.cloudfront.net (CloudFront)

X-Amz-Cf-Id: ENAaKCYqmsFaRM_fvdJpf1q3RTFKOjUTDBO_m3iINKCW-j4b7pFZVQ==
.PNG........IHDR...,...:.......dG....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:A89B8214852511E2B792C9
F28CAD2CC1" xmpMM:DocumentID="xmp.did:A89B8215852511E2B792C9F28CAD2CC1
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:287C8F857DDE11E2
B792C9F28CAD2CC1" stRef:documentID="xmp.did:287C8F867DDE11E2B792C9F28C
AD2CC1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>9.Zh.. xIDATx..]...U.....3se...>&..$..
.((...., ..((.............W./...E.A 1.I.I $.LH&.d2....GuU.....]]S.=..$
.}.|.........{.{.9..;i.b.._h......z..(.bE.LT<.)..xq.G..fqMX.....o..
...m.|D.......Q....e./....l,U.z..j..HaI.R4e.4*.. Q..Ti.t..'t..Fs.n.%..
[email protected]_x.....'|zo......p4.R".~_....p...e.
."E.Q.,..|jJ.Z...8al.5..L..3...  (<..h"E.X.:.....IU5.{....T_WC.....
Y:u....=p...]=m...7...E......H.rT.K.....'.4....9Sf..`&../...Ps[...X.H3
.0Lp#C7()@k0.... M7...b.&O............O....I..l.[...)R...<..D2.....
t.)..}...(TRB.:...7J.q.k<.x.....4.0}..f..h...7%.O$T.^1..D......
<<< skipped >>>

The Adware connects to the servers at the folowing location(s):

.idata

.rdata

P.reloc

P.rsrc

.dll3

kernel32.dll

.DEFAULT\Control Panel\International

File I/O error %d

lzma: Compressed data is corrupted (%d)

LzmaDecode failed (%d)

shell32.dll

/SL4 $%x "

" %d %d

Labu Setup Setup Data (5.1.13)

Labu Setup Messages (5.1.11)

user32.dll

oleaut32.dll

advapi32.dll

RegOpenKeyExA

RegCloseKey

GetWindowsDirectoryA

MsgWaitForMultipleObjects

ExitWindowsEx

comctl32.dll

<assemblyIdentity version="0.0.0.0" processorArchitecture="X86" name="Setup.exe" type="win32"/>

<requestedExecutionLevel level="asInvoker" uiAccess="false" />

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted%Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'

Invalid variant operation"Variant method calls not supported

External exception %x

%original file name%.exe_3220_rwx_00403000_00002000:

.dll3

%original file name%.exe_3220_rwx_009A1000_00125000:

kernel32.dll

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

EVariantBadIndexError

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

.Owner

EInvalidGraphicOperation

USER32.DLL

comctl32.dll

UrlMon

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeyword

crSQLWait

%s (%s)

IMM32.DLL

AutoHotkeys

BiDiModexE

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview

WindowState

OnKeyDown

OnKeyPress

OnKeyUp 7

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

2301654879

A`bng`@ikc-4,uUxlxs-4,Ht.HA

Vh-0,Cd`jiVhlxwd-0,tLcibD.ZP

TThreadExecuter

TScanAllWindowsCallBackData

Portuguese

i\*.*2XE

i.dwcnhE

nmhpjhc03.fcclJL

i.ulzn1E

powrprof.dll

1.2.3

THttpTimeOutThread

THttpCallBackShell

Gx-21,\igh]ixyj-42,M.DJ

A`qjz``-0,ZkdkNgij.pc

Kcqjpc`-0,Aaj-1,gEdafa`.pM

hXXps://

hXXp://

https

SQL error or missing database

An internal logic error in SQLite

Operation terminated by sqlite3_interrupt()

Uses OS features not supported on host

2nd parameter to sqlite3_bind out of range

sqlite3_step() has another row ready

sqlite3_step() has finished executing

Unknown SQLite Error Code

sqlite3.dll

ESQLiteException

TSQLiteDatabase

TSQLiteTable

Error executing SQL

Could not prepare SQL statement

Error executing SQL statement

select [sql] from sqlite_master where [type] = 'table' and lower(name) = '

Could not prepare SQL statement

SQLite is Busy

SOFTWARE\Mozilla\Mozilla Firefox

session\urls_to_restore_on_startup

DoSetChromeHomePage AL=

SELECT value FROM meta WHERE key='Default Search Provider ID'

SELECT short_name FROM keywords WHERE id='

UPDATE keywords SET sync_guid='

UPDATE keywords SET instant_url='' WHERE id=

keywords_backup

DROP TABLE keywords_backup

CREATE TABLE keywords_backup AS SELECT * FROM keywords ORDER BY id ASC

autogenerate_keyword ||

SELECT id || short_name || keyword || favicon_url || url || safe_for_autoreplace || originating_url || date_created || usage_count || input_encodings || show_in_default_list || suggest_url || prepopulate_id ||

created_by_policy || instant_url || last_modified || sync_guid

FROM keywords ORDER BY id ASC

RemoveChromeSearchProvider - cannot remove

DELETE from keywords WHERE short_name='

RemoveChromeSearchProvider - exception:

SELECT id FROM keywords WHERE short_name='

Home URL

Amazon.com

eBay.com

Merriam-Webster

Suggest URL

Opera Preferences version 2.0

; Do not edit this file while Opera is running

Key=c

Suggest URL=

HNetCfg.FwMgr

HNetCfg.FwAuthorizedApplication

]DKizHi-4,exc-1,Hc`hk-3.GI

6?0N2=.Lq

;768>1-80

005345000000

000000000000

000000000010

000000000030

cabinet.dll

Reporting failed on first attempt, second attempt is cancelled (finallizing)! Url:

First report attempt failed, going for second! Url:

The report failed! Url:

Successfull report, Url:

TUninstallExecuter

TUninstallExecuter can be created only once.

CJ[hx.Xu

Downloading Bundles data from adServer on url:

BND_HTTP_CODE

&ExeChkSum=

Report main param:

Report param (pkg:

), exeName:

GENERIC_WINDOWS

NO_JAR_SUPPORT

ole32.dll

olepro32.dll

IWebBrowser

IWebBrowserApp

IWebBrowser2$8

TEWBWindowSetResizable

TEWBWindowSetLeft

TEWBWindowSetTop

TEWBWindowSetWidth

TEWBWindowSetHeight

bstrUrlContext

bstrUrl

OnWindowSetResizable

OnWindowSetLeft

OnWindowSetTop

OnWindowSetWidth4>

OnWindowSetHeightp>

grfKeyState

TComTargetExecEvent

CmdGroup

nCmdID

nCmdexecopt

hhctrl.ocx

URLMON.DLL

SHDOCLC.DLL

rcmDefault

rcmDebug

DontExecuteScripts

DontExecuteJava

DontExecuteActiveX

DisableUrlIfEncodingUTF8

EnableUrlIfEncodingUTF8

CheckFontSupportsCodePage

DisableSubmitUrlInUTF8

EnableSubmitUrlInUTF8

lpMsg

PMsg

pguidCmdGroup

TTranslateUrlEvent

pchURLIn

ppchURLOut

CmdID

pszUrl

pszUrlContext

szPassWord

ErrorUrl

OptionKeyPath

OverrideOptionKeyPath

OnTranslateUrl(k

OnCommandExec4U

'%s' is not supported.

TMsgEvent

TKeyEventEx

Port

Password

poPortrait

0.750000

3333333

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(

This object does not support this method (

Unsupported type for Parameter with Index %d

Method call unsuccessful. %s (%s).

eiOnKeyDown

eiOnKeyPress

eiOnKeyUp

OnKeyUp

Handler with EventID = %s already exists.

Error on IConnectionPoint.Advise

Source don't have connection point for [%s]

JS function sync-execution failed with message:

] execution failed with message:

.html

MAPI32.DLL

LeftPopup

TPipeServer

TPipeObject

TPipeServerListener

TPipeClientU

2.1.0.0

This exe was created with an old version of HtmlAppMaker.

irsoMsgDialog

irsoGetCurExePath

irsoJoinPath

irsoGetCmdLineParam

irsoGetCmdLineCount

irsoGetCmdLineIndexOf

irsoGetCmdLineParamValue

irsoGetCmdLineAll

irsoRegCreateKey

irsoRegCreateKeyTree

irsoRegDeleteKey

irsoIsRegKeyExists

irsoRegListKeyValues

irsoRegListKeyKeys

irsoRegSearchKeyKeys

irsoRegCopyKey

irsoHttpGetData

irsoHttpGetDataInThread

irsoLibraryExecuteProc

irsoLibraryExecuteProcW

irsoLibraryExecuteProcWithResult

!irsoLibraryExecuteProcWithResultW

irsoExecute

irsoIsMutexExists

irsoGetCurExeCheckSum

irsoSetSQLiteDll

irsoGetSQLiteDll

TExecArgsX

H-4,njBdi-2,o-4,r.vY

iexplore.exe

firefox.exe

chrome.exe

safari.exe

opera.exe

THtmlUIExeApp

irsoExecutePackage

irsoReportPackageError

irsoReportPackageSkip

irsoReportPackageQuit

irsoReportPackageSuccess

irsoReportPackageInfo

irsoGetPackageFilenameFromHttp

irsoGetPackageExecExitCode

irsoGetPackageExecResult

irsoSetPackageRelProgressShare

irsoIsFireFoxInstalled

irsoIsChromeInstalled

irsoIsOperaInstalled

irsoGetFireFoxHomePage

irsoGetChromeHomePage

irsoGetOperaHomePage

irsoSetFireFoxHomePage

irsoSetChromeHomePage

irsoSetOperaHomePage

irsoGetFireFoxDefaultSP

irsoGetChromeDefaultSP

irsoGetOperaDefaultSP

irsoAddFireFoxDefaultSPFromXML

irsoAddFireFoxDefaultSP

irsoSetFireFoxAddressBar

irsoAddOperaDefaultSP

irsoAddChromeDefaultSP

irsoGetFireFoxEXE

irsoGetIEEXE

irsoGetChromeEXE

irsoGetOperaEXE

irsoGetFireFoxVer

irsoGetChromeVer

irsoGetOperaVer

irsoLocateSQLite

irsoGetFireFoxCookie

irsoGetChromeCookie

irsoIsFireFoxExtensionInstalled

irsoInstallFireFoxAddon

irsoInstallChromeAddon

irsoUninstallAddExeCmd

irsoUninstallAddOpenBrowserCmd

irsoUninstallAddRegistryKey

irsoUninstallExecute

irsoReportStart

irsoReportInfo

irsoSetExclusiveExec

An attempt to download bundle data was denied: adServer domain name must remain the same! Url:

\fuj-1,w U,P\O U,qah`k,.nlvcbqff,-U>

/UnExeFile:

UnExeFile

z`o1caig2,.hf5b Q,0cfh)914`,,34`6;ia2f=ae-3,L1

1.2.1

inflate 1.2.1 Copyright 1995-2003 Mark Adler

?456789:;<=

!"#$%&'()* ,-./0123

333333333333333333

33333833

3333339

3333333333333338

:*"*"$3338

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

.Bj&T

.Wl51

@%DKe

&zQ%S

sqlV}

b8Y%8s&

lx=%D

gyÏ

%SXe'Z

\w.we

AC.EjX

KWindows

XisrWindowsEx

kisrSQLiteTable3

isrSQLite3

isrSQLiteUtils

hisrPipes

HtmlUIExeApp

WaitNamedPipeA

PeekNamedPipe

GetWindowsDirectoryW

GetCPInfo

DisconnectNamedPipe

CreatePipe

CreateNamedPipeA

ConnectNamedPipe

RegQueryInfoKeyA

RegOpenKeyExW

RegOpenKeyExA

RegFlushKey

RegEnumKeyW

RegEnumKeyExA

RegDeleteKeyW

RegDeleteKeyA

RegCreateKeyExW

RegCreateKeyExA

RegCloseKey

SetViewportOrgEx

ShellExecuteExW

ShellExecuteA

UnhookWindowsHookEx

SetWindowsHookExA

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextA

GetAsyncKeyState

EnumWindows

EnumThreadWindows

EnumChildWindows

ActivateKeyboardLayout

GetKeyboardType

"$ %),'8

38000=344

&W!%C-7

1 0 .'7(2':

- /*-( ,'.-!$$$&'('/*) ,*/.)*72-7)

&)"%&$&'&",,/- '

SSSHHHK`````````````````q}

#)'%%'%'%

.idata

.edata

P.reloc

P.rsrc

- /*-( ,'.-!$

*/.)*72-7)

#-**(-#,

&",,/- '

Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice

http\shell\open\command

PathToExe

mozsqlite3.dll

cookies.sqlite

GetChromeDefaultSearchProviderFromDb - failed to get spid, returning default!

sqlGetQueryResultEx failed!

Opera\Opera

Opera

\operaprefs.ini

\profile\operaprefs.ini

\profile\opera6.ini

\opera6.ini

Software\Opera Software

locale\en\en.lng

\profile\search.ini

\search.ini

search.ini

\defaults\search.ini

DoRemoveOperaSearchProvider - cannot remove

" was sucessfully removed but references to its HexKey: "

TopResultURLFallback

FaviconURL

FaviconURLFallback

*.txt

Uninstall\Uninstall.exe

Uninstall\uninst.dat

uninst.dat

regsvr32.exe

Waiting for all the ongoing reports to complete...

_EXEXE_

errorUrl

Failed to launch htmlUI from the following url:

main.html

Remote mask loading is currently not supported. mask:

Please login as administrator and try again.

Installer Account Name altered after at least one report already sent.

.Uninstall\

No help found for %s#No context-sensitive help installed$No topic-based help system installed

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

OLE error %.8x%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

Alt  Clipboard does not support Icons/Menu '%s' is already being used by another form

!Control '%s' has no parent window

Metafile is not valid!Cannot change the size of an icon Invalid operation on TOleGraphic

Unsupported clipboard format

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Failed to get data for '%s'

Failed to set data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file %s

Cannot open file %s

Invalid stream format$''%s'' is not a valid component name

Ancestor for '%s' not found

External exception %x

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

Invalid variant operation!Invalid variant operation ($%.8x)

Variant is not an array5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

!'%s' is not a valid integer value('%s' is not a valid floating point value"'%s' is not a valid currency value!'%g' is not a valid date and time

'%s' is not a valid GUID value

I/O error %d

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   %original file name%.exe:3872
   

2. Delete the original Adware file.
   
3. Delete or disinfect the following files created/modified by the Adware:
   

   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\ProgressBar.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\main.css (6 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Progress.png (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\BG.png (25 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Quick_Specs.png (221 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0017ED7D.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Close_Hover.png (207 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\csshover3.htc (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\images\progress-bg.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\progress-bar.css (506 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\checkbox.css (190 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\button.css (417 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Color_Button_Hover.png (818 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\ie6_main.css (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\browse.css (337 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Close.png (207 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Loader.gif (10 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\form.bmp.Mask (244 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Grey_Button.png (698 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Grey_Button_Hover.png (719 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\locale\EN.locale (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Color_Button.png (808 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Resume_Button.png (681 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\upper_bar.png (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Pause_Button.png (493 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\images\button-bg.png (131 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\images\Icon_Generic.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\css\sdk-ui\images\progress-bg2.png (978 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1568140\sdk\exceptlist.txt (34 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\Lilisipipe[1].png (4 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1575460_Setup.CIS (68 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\icc.dll (204 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Icon_Generic.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\Cacototasa[1].jpg (1595 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\images\progress-bg.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\3F9KLW6F\bg2[1].jpg (4952 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Pause_Button.png (493 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\001812A8.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\3F9KLW6F\No_Button[1].png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Close_Hover.png (207 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\364991281.cfg (204 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\upper_bar.png (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\csshover3.htc (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00180877.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\3F9KLW6F\Yes_Button_Hover[1].png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\browse.css (337 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\isf_1575627.flat (3921 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00181855.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\sqlite3.dll (3716 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\checkbox.css (190 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Resume_Button.png (681 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\button.css (417 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\bg2[1].png (32820 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\progress-bar.css (506 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Color_Button.png (808 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\Nafidiri[1].png (4 bytes)
   %Documents and Settings%\%current user%\Desktop\Continue Weather Channel Installation.lnk (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\3F9KLW6F\LOGO[1].png (1675 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\No_Button_Hover[1].png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\001812C7.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\Seniser[1].png (6128 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1141050697.cfg (212 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\Sesakesaye_bisli[1].png (776 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\Yes_Button[1].png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0017D447.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Close.png (207 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\IE_logo[1].png (5 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1575459_Setup.EXE (14939 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\001812D7.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\3F9KLW6F\Gegogego[1].png (392 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\sdk\exceptlist.txt (34 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\locale\EN.locale (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\20378062.cfg (204 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\isf_1575620.flat (151 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\form.bmp.Mask (244 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\bg1[1].jpg (26416 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Color_Button_Hover.png (818 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\Ropopi_Title[1].png (1842 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\RAM.dll (151 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00181299.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\images\progress-bg2.png (978 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\FF_logo[1].png (5 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\icc_051186061212\icc_23991.dat (146 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\declineBG[1].png (461 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00180A0D.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\ProgressBar.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1575556_Setup.CIS (3638 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SZIS9VJF\BG_bisli[1].png (2334 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Loader.gif (10 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Progress.png (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\3F9KLW6F\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1818600081.cfg (212 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\main.css (6 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1GGYBZUQ\bg1[1].png (27000 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\BG.png (25 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00181BEF.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\001818C3.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\sdk-ui\images\button-bg.png (131 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\logo-lightbg-small[1].png (392 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ICReinstall_%original file name%.exe (3680 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Quick_Specs.png (221 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\css\ie6_main.css (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\Gegogego_Bisli[1].png (392 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Grey_Button_Hover.png (719 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00183A74.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OVYHJBCC\CH_logo[1].png (4 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\bootstrap_42879.html (156 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1561687\images\Grey_Button.png (698 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.