MD5: f8d7280253e34a28754cf6d2a83befa6
SHA1: 6208572a9f25b0341f4811858c1d28b30aab15b4
SHA256: ec960f891768df09e14f1c228c5ee56249bc3771dbceb0af323bc73a0d7f7272
SSDeep: 12288:fHyMJfs8dPOrwVJfGGhp8QTxFmyJd5jiOVBv23G2a4aezG:vyMJfskWruJfFp9ay75zO3G2a4bC
Size: 607368 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: Appsinstaller
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXPESX SP3 32-bit

Summary:

Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.

Payload

No specific payload has been found.

Process activity

The Adware creates the following process(es):

mscorsvw.exe:172

The Adware injects its code into the following process(es):

%original file name%.exe:876

Mutexes

The following mutexes were created/opened:

RasPbFile
__DDrawCheckExclMode__
__DDrawExclMode__
DDrawDriverObjectListMutex
CTF.TMD.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Layouts.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Asm.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Compart.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.LBES.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
DDrawWindowListMutex
WininetProxyRegistryMutex
WininetConnectionMutex
WininetStartupMutex
c:!documents and settings!adm!local settings!history!history.ie5!
c:!documents and settings!adm!cookies!
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
_!MSFTHISTORY!_
ShimCacheMutex
ZonesLockedCacheCounterMutex
ZonesCounterMutex
ZonesCacheCounterMutex

File activity

The process %original file name%.exe:876 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\upper_bar.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\form.bmp.Mask (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2RERJYES\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\icc.dll (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014D02F.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2RERJYES\Pisiseti_BG1[1].jpg (11713 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\main.css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ICReinstall_%original file name%.exe (3680 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Resume_Button.png (681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\locale\EN.locale (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\sqlite3.dll (3716 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014D5AD.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\images\progress-bg.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Close_Hover.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OXEJG5YB\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014AB52.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\checkbox.css (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\images\progress-bg2.png (978 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GXU7KPMF\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1361329_Setup.EXE (29234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\sdk\exceptlist.txt (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\button.css (417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Color_Button.png (808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1361368_Setup.CIS (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014C32F.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1141050697.cfg (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\BG.png (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Pause_Button.png (493 bytes)
%Documents and Settings%\%current user%\Desktop\Continue CCleaner Installation.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1361393.flat (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Progress.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1361460.flat (6314 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\RAM.dll (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014D148.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\ie6_main.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Loader.gif (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Color_Button_Hover.png (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GXU7KPMF\ccleaner[1].png (646 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014D7D0.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Icon_Generic.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\ProgressBar.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Grey_Button_Hover.png (719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\browse.css (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Grey_Button.png (698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\progress-bar.css (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OXEJG5YB\logo-lightbg-small[1].png (1651 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Quick_Specs.png (221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\bootstrap_27709.html (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\images\button-bg.png (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1818600081.cfg (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\csshover3.htc (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0R854XI7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\364991281.cfg (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014C504.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014D07D.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Close.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\20378062.cfg (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1361393_Setup.CIS (2740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2RERJYES\Seniser[1].png (15065 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014D010.log (8 bytes)

The Adware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\0014AB52.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014D07D.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014D02F.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014D148.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1361460.flat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014C504.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\bootstrap_27709.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014D7D0.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014D5AD.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1361393.flat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014C32F.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014D010.log (0 bytes)

Registry activity

The process mscorsvw.exe:172 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "1260000"

The process %original file name%.exe:876 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 13 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "708992537"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BC 71 7A 0B 11 BB A4 E2 C5 1D 65 28 20 51 87 C9"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Adware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Adware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Adware modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Adware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 1538
0d3cbc00b8256b1e27e5136df9524231
4b08c7d3e7d79bf4249380bb30853355
bd0241beffdd9d38368a268e45377a20
eac8654d9be11471d0b03fc87360d87e
5ec0a86aa7971e3ea26ad189ef7aa21e
fcc1aee3539e46c281ad8edcee9473ee
e7e0b6ee7343fee9a690b97669f5a12d
bbc70f23bd0539f66ba15eb6229ef2ae
6fd66841564c457959e183f895dc6562
81cc6e6737a6f738b81a34dbc2cc4cb1
0fe7817b2c3e5a678b5018604b544aff
e194dd3074971aa7352c0fe5536eef91
96b884e3404de22fa8154125a84d59fe
932004814c318e681cb9e23f93f34f56
a5c524e0f71be7684864ab635a5ee90d
00eae56ebbcc1688b393245e83686174
1fff80893ae4c9970e036cf68b4be995
ac5ec3bbc67b17b3beb3ddfa388a3ae5
02f2a7fd3a60660f64381bae0de86e14
8d6e25041bd0e166c764fa149ff1fcde
c215e072ea5f454ce11f96819ed4037f
33822b4f180fb908dce1f1d307334a11
a78ba1ee8a60f5b39f2e8de4be8af027
39b156884931a42247affed325041a0d
52c140e074ce76fd58f282bdc19493e4
b83c308efa2fbe8c99f9361f622d8b09

URLs

URL	IP
hxxp://os.downloadster2cdn.com/Downloadster/?v=3.0&c=59138186	54.212.249.225
hxxp://d1k4dgg08m176h.cloudfront.net/ccsetup324.exe
hxxp://d2wpxf9c2sey3m.cloudfront.net/images/logos/downloadinfo/logo-lightbg-small.png
hxxp://d227ccvjlkns26.cloudfront.net/logos/32x32/ccleaner.png
hxxp://img.downloadster2cdn.com/img/Taderonadan/Taderonadan.png	146.185.27.53
hxxp://img.downloadster2cdn.com/img/Noseresel/Noseresel.png	146.185.27.53
hxxp://img.downloadster2cdn.com/img/Seniser/Seniser.png	146.185.27.53
hxxp://img.downloadster2cdn.com/img/Pisiseti/Pisiseti_BG1.jpg	146.185.27.53
hxxp://img.downloadster2cdn.com/img/Pisiseti/Pisiseti_BG2.jpg	146.185.27.53
hxxp://img.downloadster2cdn.com/ofr/RAM.cis	146.185.27.53
hxxp://img.downloadster2cdn.com/img/Pisiseti/Pisiseti_BG1_232.jpg	146.185.27.53
hxxp://img.downloadster2cdn.com/ofr/isicicc.cis	146.185.27.53
hxxp://download.piriform.com/ccsetup324.exe	54.230.39.33
hxxp://cdneu.downloadster2cdn.com/ofr/isicicc.cis	146.185.27.53
hxxp://cdn.secureinstaller.com/logos/32x32/ccleaner.png	54.230.38.126
hxxp://cdnus.downloadster2cdn.com/ofr/isicicc.cis	199.58.87.110
hxxp://cdnus.downloadster2cdn.com/ofr/RAM.cis	199.58.87.110
hxxp://media.downloadinfo.co/images/logos/downloadinfo/logo-lightbg-small.png	54.230.38.177

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Executable served from Amazon S3
SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack

Traffic

GET /ofr/isicicc.cis HTTP/1.1

Range: bytes=102400-204799

Accept: */*

Host: cdneu.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

.......D............OO. .f.]b..OB.F......n..F....@..."PB.l._@...>]b
.Z4.16..J.}..A..iU.R._....L..cd.y..e.$...t ....}f84.4.>...T...?k...
....Y0\....E...m'......[..ZR.....B8..b=H......J....,.17..B.?.....i..K,
}.-S......5.t..A.?....*.....u9...&..qJ.........z~....Y6....]v...A.....
......)<.eQ....<b[..!.|lr.C."u.....;^.EOT.%.2....L...2...|..b..A
N.......u..Z...ky..y.q...j...$.{.#.">O..7...o.u..,)r.......@;..}.1.
.`>..o...`.......9S.~x%~.....T.W.6n....c......&....(.A..I[.X..&.f..
[..-....DO........).k..;\...w...F..lb}. .......# ...0......V..7....O..
.e.p..Y....u...................>..D...9.:7?]...&PF...x....7..n~Q...
..]...5.......i..=..X.e...Z.<.iV.d....)*..kt.A......T.C..y#iu.....r
.....qtt. ...0..A..Wq..2..&w....`.G..#...<.;.L...!.....u.)u6cYw....
4&Gu!..'N..#f"..6...<..w....:...P._:...>..w.bf.5b......2.y.7..(.
...|)J.\.U.......P.....V..p.....P.[..?j......W'...d.^38.e.....f.G.....
.a5_.h...bF.......T.m.j.....).4.d3^......n'..{4....o.ar..D.|c..u.....h
X.....-Hs..1&..M..~{].3...Z...Z...6J..|g..Y...j...ln....a|.4...V..#...
 ..ae.i..._1.N......n.#..J...........%....)...%....,#.....5...(..d...(
.0}&..Dt..],........Y.G.XX2q.N..[L`..".).JO..M,...H.X..rD.......k....P
.q."O.w.....&..b.....%..... ..\..rl%V...Gj.....&..M.gW.......=..E....F
U...^......Q.g*..V=...Q.....z.;.r........Eq....~.H..j.......Ck..e....U
@0.9...91..~..{.z..[w......?AR.......d1{JK.....#...!.^......4.->*..
...........De..c...J)..{.#.r., ..F.j.....-........zc.. ]....l.........
...P......#.dH../t..."^...'xB..............].qLx...g.c..I...j2.h7.
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=0-102399

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 102400

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:00 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 0-102399/4011968

X-Cache: Miss from cloudfront

Via: 1.1 aecb927fc72cfbfae33a898dd2f40b7b.cloudfront.net (CloudFront)

X-Amz-Cf-Id: gVAkamFABJxZ0ATDZRfCnYRrFBHf4-Qd0pjO58N4TupUUMRkyCwwGg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8
...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8.......
.PE..L.....GO.................p.......B...9............@..............
............02.....k.=...@.................................d.........1
.h...........` =.`....................................................
........................................text....o.......p.............
..... ..`.rdata...*.......,...t..............@[email protected]....~...........
[email protected]*..0...........................rsrc...h..
...1.....................@[email protected]....... [email protected].
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
[email protected][email protected]...
..@..}[email protected]... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
[email protected]}[email protected].}.j.W.E......E.....
[email protected][email protected][email protected] [email protected].
u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U..QQ
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=102400-409599

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:00 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Age: 1

Content-Range: bytes 102400-409599/4011968

X-Cache: Hit from cloudfront

Via: 1.1 aecb927fc72cfbfae33a898dd2f40b7b.cloudfront.net (CloudFront)

X-Amz-Cf-Id: OCjX-uvgxFqotDXNCbUdJ6LmZ-O8_Xq3qGPjWBtzVcvab3TM4sfFoQ==
yQ..........{...............Ky.0..$...K)B..I.......9., @..W...4..n....
..l...-..g.........S$...x..a"...pI;b..w....I.|.z.;.....Gv.T.....\L....
F..0.V%l.c.:..fFW.......nn....$.?%..:...../..C".p. ..........:.y..[..P
R...L...L...(>au.=..R.......|..LU(/..A"...3...TzX=Of..0... [).&XE..
J........:^..R!4...=d$^..* ..=..25....Au.z.G..&....}..v....O.Z..8.e.u.
.8...G.u0H.E|.Bt.uj..%.......q.B..=p.:.sT'.Ga.iV.Y.#.~......c.n#..2...
.......L.>U..4.{.>TD....;D....j.J7.....8#.C.eb1}.....nB....Wp...
.?.../GB...:`.<&.2K..|...z.0..-..{[email protected]^eI
.2iJms...N&'.. ..)!."GV.{&...I.j.l....W.E.!#.$...WX..'.F.3ys..K...Z-].
.)..s.$.V...........z.t.....XZ..qr.gO.4....}........X.. ..D}......b..A
..s.~.....Bk.....;..*..R.Y.#..o../..V.....{.....>.2?...'....}..x.P^
.r...5..6%.....\..]y.k..T..[*.;.\".o.=l.. ~..v.&........~...Vvp...O<
;&...\...:.E....U.. ......O..)5...<#.F[.\.K.A:.Y..c..%._.".........
.8^.%mB..) ....v...p.ko.|....gU../KnP.}..z....._..}.@&p..ri.f.n..2..N.
r..4..........q.Zu.".....jI.7H.,....\.?4...A.Y....[.......]..y. ..m..h
>[email protected].../.6z.
..=...C...S...i`...[.....2=....'{.....@Ii@=...|.............J......h..
50.....0.r...........G...|.8.P.M..;q.......-.Q..!..}%...Vn..[.G]......
Hd...(A*.S..r...H.'.h....."..?K...^K...%................R.....K.N....j
..&_.._/j.Pa...t.B......r...o.....8.Vw..>/,.:C....~.S...c..NP,...d.
.H.L..c.U..`...H.i">.....l.7.'z..?.....e.....H....S........U.7-,.9l
L...$.....%A...1..w...W.WC.Q..."!....K_.>...E......%j ...Y....y
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=716800-1023999

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:00 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Age: 2

Content-Range: bytes 716800-1023999/4011968

X-Cache: Hit from cloudfront

Via: 1.1 aecb927fc72cfbfae33a898dd2f40b7b.cloudfront.net (CloudFront)

X-Amz-Cf-Id: kQWOBCvr8KoFzmZQ3cLOvPZB3_cQCVxLZjD_1sQlmLcyWvy7CNP3GQ==
w..>..O..#L..6s...t].>....4DB..........[.........".U.......p.".=
b/.U......c......;...lZ`&..^=S...Q.... ....:.....`.l1jz.....r9....qr..
.4.8...5)).j...TB..6.Pjs.;....&.. .V.\#.p.5M.C.J..p=./.C.... ...e<.
g#..V..#Di>.e.......E....m..........:......c..m...SAG.3.~*e.....?c.
js..b..#......W_......6.az....aYy..w...._.Q."7.tU..........-6...qG.#..
h....0...b.N...nu.a.o5_Y1...mH.y.N...o... ............1..Ti.[.N..H..4.
7.q.^.....mQp$...}.i.-v`.<...qm......q.U..[^gLD...X...C.....{...4R.
.U{..\.$.mp......D].....O.b.E*.........,....Q...`...>....p.... *.r.
)..f;.......9.._R<s..7QI.4.r.....i..|...-co...............\..f....Q
S.Ff..Z,......d.:S.K....$..U...s.....b3e2"O5...Y87..:..EK^..x...V...|q
.Z...d.d..../....ZH5.d......=.....%..P..=.=..>@K.-...\m.v.q.Rc.E.@F
3]......Y5o.pC.I.........[ ........v....1!k...ER...4...g...?eF!.......
..A.UV..e..~2....1......E.p.V..M.....nh...QrE.t.....G...@.}.EK.a..GJ..
.B.(.g..Z#....|n......M0.{.B4..Q....:F.. ...j.V..xF.&..r.x-....^..>
G..%..l...xN6..@........*.N.K...e...8....V..;.3ff.O..-.!..]t#("J.LM...
}Asaq.R..&...4..z....3.f8.... .........-.........4.] .2V.u/..S..."..z"
..hS..a..Yb|.l..5K~.6(^.1..q....?. ..v......C\v.....D...%[email protected]......
...p.|.....J.6Y3."4.....A...X@9 ).>..x).......fkM2.:g.(d(.....h....
Mxup..B......-.|'.$.$...zB=.2.f..d..g..y5z....75v3U..YC.b_ ..!..9.._.O
c..L...R.k.z.....{5St;.....U.`...tM..U.lh.0..6...}..0...y.......Z3..$K
..........._CxZ...#..=.;..m)..G...c.Y..I....5...g..*).}.........c..R..
..?/0...........].....D.s`K.... .:..c...Nv>]:z..z.N-..d.....OY.
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=1638400-1945599

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:03 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Age: 2

Content-Range: bytes 1638400-1945599/4011968

X-Cache: Hit from cloudfront

Via: 1.1 aecb927fc72cfbfae33a898dd2f40b7b.cloudfront.net (CloudFront)

X-Amz-Cf-Id: ZP9lPBW-5gVrkj9sVEVbivwdfK1c6cHb0_vvyH6rK24P44vSZveg4A==
.N1;[email protected]=..(e|...3....5.8t........?..b\
....c... ..}.....y."<.O.AK..W...f....}..A...R.Ua ..J.K,.. ;P..>\
.S.$.D.-..h..].Ao.$..m...p.<.m.t..P.M.6N0.....aSa.e|6....-i..k|.06.
d......$qg!..A......Y....*...~n....)......9ASn......f....~...h.c......
...O.;..[...a *@.....['a..o...1....=........s..ck.......h*\....P....p.
....".w....yI.}S.....}.[..)......p5vx.......Lf.*...?$.J...Ip.6...&Oe.5
s...g...K.7.3XJ@'.vj..$r.9..W....{...w\.7I.V....@?...$J..w..../....p..
.......%9S.o2...........{...h.35....2...'..?..=.$nF...k......y#.......
yh!.N...7.8.<(...m..f.>..%0.h../..He.G.V.g(.T........C..../...p.
a..8nN..[. .4C.W'...%......K...i..#*\........J...e.(..%.......<....
...hU..p>...?....Z.\..&.U..`....9n......e......$Z)..:...#..S|.a_...
....a.SW..%....................J@p...^.ZM...).&5..f@..,..R.m.. n....f.
.g...;....9....t.]7s.B.4.....j..L ...9.Q...3j.._<..|..`[email protected].
....M...!........m....FA.......c...s.^V..h..D...OL...a.2..|..0s..yb..d
..(z}.H..p..K.....!?...:....@[email protected]][email protected]....
[email protected]&..>ES.x.....W#gp..m.6.p.t.....`...]T..m!..)F
...e....>.e4..R..m'.J.cfmf.U.V .e..O2......Y.....R...@...:.d#x.....
..<...*...t........... ..6.......k..g&....D?./...j......P...#.|.S;3
s....~..]....Iexg..nWi.J...(.e ....c #.X.....'..S/2Y....T g.F.3...c..n
.... |.dg.=$.w.i..n.....NE.;..[.C&_...".87..m-t...G*.bt.8.Q..7....A@7.
W..K..Y.X..:@....1y...o =......P...07.9..*...Dg.1?....8...P.z....U....
.X....P...kk.....M......r..3....tB...2..:....m.2......Z_.....tv..2
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=2252800-2559999

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:05 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 2252800-2559999/4011968

X-Cache: Miss from cloudfront

Via: 1.1 aecb927fc72cfbfae33a898dd2f40b7b.cloudfront.net (CloudFront)

X-Amz-Cf-Id: c5e4v0kuTRlg-YTjNAAF__6nEjjVFaa86LGX0iYJbRye934AIdQ7Mg==
_2PU.............b.\.B.....;.....D..QV.NUr..2S....I"j_g...........)...
l...:.dV:..z..$./^.Y.3.'.\.7.._#A...q.&Wr."r........'..]@......;.4w6.a
.....G...3.b.'mlD..9U-r4./.u....v.w..y....H.YQ]'..W.M.#o..G..8...?!.zA
...S#5........W(;n...?.....'_..EZ./Bb%..w\U.7. DE.)...m....nQ.2.....z)
..Gx..v6I.9t....&.....\3....{x.....L.d.f....%.&....^.B=.A|.Y...P..m..&
gt;..U.........{....I....:r....*........GHR}g....L....R.za~(..M..| ..$
'...}...$...xX:....q..M.o...........(lq_...9z&.....>...{m....Yj..e.
.....,.._......[d.'Zf...\.0....(..r....o;.}.S.q!...,...*9l.17.., B....
...d. ....I....,.......g.....U.-.f.....P7........=.#.H.P..A-......J..W
...4..... ....LFm6.R........6...!.eh...Z..M..] .....A...,..5..F.sJnk.B
.r.=......4....:4...<.g=#i6j./9..pJ........7&.B]..3....}....Sx.*.!Q
...[QK,#.......CHt. ;:.....N'....9...4X....c...l&..C..Ou`..p....p..R..
... Y..h...~.Z.4.......3..3o.O...".{[email protected]..}...l...........J.Lvg."#t
;..a.;........Uc...\=.......vM...w.........[..l aE6I..8@. .2%..&{7K...
...[..c..Ro....}}5..."....^...-O.y..2v.7wfH.!.......xRw&.. ,. ...BF...
.R...5v.K.0...r.'.'.B.._. e9LA...g\......5..V.; 0).....4e)..t..{...-BY
........|.u..........4.....e.K?.A....Uyw.4.............k....V%.}......
q.l*........hi<...4.H..P.s....~..u..Z.D.}.#[email protected].
#...h../..SJpa.....5.........F.Y....0.DM.W>.......B.m......k...Q.\.
.t$^............r...Df.......,...vfl.@5.|.......}..s...............8..
..<#.......k`.X.....D.....Y...c>?.S.q.>d.Q.........s..dw.Q{..
. 10..c.z..7...z....B.}.q.mP.L..(H.v......?.a.. U=q [email protected]
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=2560000-2867199

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:05 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 2560000-2867199/4011968

X-Cache: Miss from cloudfront

Via: 1.1 aecb927fc72cfbfae33a898dd2f40b7b.cloudfront.net (CloudFront)

X-Amz-Cf-Id: bHbrsRJ1ukrRd3QItLGOb3yMl1zwJ9mKXJLuEnSWAzgWIFVOxL_0hA==
-}g.`...E....w.....$....E....~9.G.r..$..'..0 ..h.U}.g....j...*E....h.!
..HAS... ....V...`.b...I.......Cy. [......./P..J...i.'.L....K.6o...]".
.. ...Z..H..ln'....a.......... IH.U.._.X...K..t."..".3...c....n5.."w.Q
../E.#mG.......U.0f..#...W.....M.3..5.g..b.0.w.P...........h...%.... .
!......S.....b.Qu......g"...."`.....#[email protected]?D.c.I.}..b.
.......*....m...w...t.YX.8\.>di..&.....Nb.e.V....Y..3...w(.v.T.....
...x..........x..m..L..`..>...G.......<........4f........r!.]&~.
....K......"{.l....c....<F&.u2T.4.....Pu.li.f.T..`..e.......C;v'.. 
...PX2..........q..=`..#t5.u88s...D..0B...U......G....:....&x......`Ue
......c.h.2F..l/4..'[email protected]."..w......_~}.....
7..B......c.).....6.I4]z.......8...F:5..]W^.9.).=..E.y..fB;.eP .O.;...
B.....9Wn...:..cEos"{-eO...)i.........55........v....M....h.}U.#.H....
o..(P."n....G.}.c....>...'.vb[.UB.*.P..q......I....S.yl...M.H....._
>.biQ.08..:Q.kxM.<<.G.p..3..#..a/.....@n<.j....O.Y..*...O.
...]>x......PM.Q.H.U....3.i1Q...4?6.._3l Ul...A.M...>,....^^&...
............P../=K.b?......V......C....4.}...._...AT..9.cC.M..4y.3[.R.
..tQ..n.......(....#.....`.B>.Es...2....mLR.}..x.q#.R.].eB...f.0Y.d
2'g..p........-"'.Y......*j..Spp@......"t.lmt..c.v......hI....H:....{:
^.[..8.....G....;qR.e......R..P.....b....?=...a.H.......i.i....bU.h...
.;V'..SW.k.!.....,h...0.C.7........Fm.U.>.I............b..P..s..R:.
&......T.J.|Z...wU...(.... ...9W...V.2}>.e..f.Ci9H...6Z}..I.ozf....
o.....l.......f.L.e.H.yZ.Ei.a0g.Zn....58_o.......~.....^..8..w..].
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=3174400-3481599

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:05 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 3174400-3481599/4011968

X-Cache: Miss from cloudfront

Via: 1.1 aecb927fc72cfbfae33a898dd2f40b7b.cloudfront.net (CloudFront)

X-Amz-Cf-Id: d9TTvhbQLVGQ7UoWO2ftfRWoq-UXg-3i1lfJNi5StqQch9OG2k_k2A==
............Z)...o>[email protected]=E.S#.X..{..1........y~..T..o..
O.~....`O.......)[email protected]..].VZH..`b...!.ty......C.8..JN.....$.....z.
......./.x..s.\.y9j..ka...ze.q[.YKv....a.....~..h.h..g/..U.$&.(....Ek.
N.9}S.../Xq.qZ.9 3...Sv.E. ....v..l.4.....A....V..<W.M.f6....d!p..d
..]......`....o}5EM~...n>...*.....j....^..E(..g...R.........#YDqp.w
.7.X....^. .......i.8'.`.rG..I 's...rjw....Fo.zV.......|r...&........$
...e.;. .]..n.... #.8n.3.W..=2.................~.h....N.....!}T7...Y.n
.&U.....0.v.y.2mT$x*...u.P...2t#..k}..OXG.....r..n...1..&>.=.......
...2...i.,..e.7g;.R.. 2.$....&.g.... ^[email protected] fU_S.........[....P
..#2.a2ox......|.y.XR..f....M...6X.....Jg.S!..^}... L.|.P.B6.A# 9T<
...a.... 2~J:D....as..r...Z..l.!.\....&....a..}.C..z.a...e.89....g.s..
p..KM.B..W...7..).g%/.mz..a..0..;.Z[u.8A.....t..}YB.4...e43.6:........
..h.a2..5.^p.....|B.a.S|.$.,e......*.X:.X......e...og...lE..."...*.r..
.....{./%..5......CO].uW........&F..x....c.L"....E..x..............,..
....4.].......;..?>..p.......~...~..X.de..y.1.L..w&...?...BW..4K.0.
*......\...n...D....t)s...........2U.y.V....H...5il.(<..A.c.o..{.-.
)S~...j..E..r..}..!..,.n.]...p.....~..!D1a.N. .b%Wo....`.;.X...Jx.....
..\.....Y_....K..dZ..xJ.......!.z..%9./.t.P....{;?T=...a....%.Ev.. ...
r.A......[.....@E./..8......L.\....p.!.Tj....&.*r.v..G^.X.c.j.....N.K.
.}.a\.Q.J...P;..y..p.b.F.z..U.ac4xm&S.C.d....xz0..&..y..{.0..N.m......
@..1.D).[.....W....mJ.......)..{.{....&.G_U..#..bi..;...G)...f..V..v..
....$w.l:........v.Q....X...W.m...?..]D..M...6!.*.(.t.~...l.#....q
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=3481600-3788799

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:05 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 3481600-3788799/4011968

X-Cache: Hit from cloudfront

Via: 1.1 aecb927fc72cfbfae33a898dd2f40b7b.cloudfront.net (CloudFront)

X-Amz-Cf-Id: -fh2eOFuhNd4t-8FaV4CDwnIulEgmECx14izAzCfQXMVomT-6iXHdA==
...|...b..#.`...........g..|...eR...IK..?9..#....J.......... .........
?...n.|..;8.j.sS.q..B.:..L*.9.......#G3V..(.1......i.........9x.,.i...
...e.n..(.L.eN...Z,...T'.>...m............a......Gd.....(...R....J.
.=._...ie..".W...\..4"l...U...k..a([email protected].|M..,a.. ......T......
.y._RWTJV.v.."..}.c,| .i..y..1..m!k0..^ G...>..X......V.6;O$yEk....
x....L.....U...9L.......8.D....y....."Ql._...3%]<x......C..x..iW...
..........!..f.g.4.d..K......f.l.W..T.Eu..K6T..uG ..l..3..%.....Dv...m
..=.e..)..L.v....J*...yd![..^.5.`r....[i,.58..A.3...L.P..m....2....S..
.T9.v...8..l...9%....R.G..#.....2e..a#UG.-f.a.b...q.!.E.... .\.HE2i*.s
q.../w0r..r..#.....9......A..l5....G8..H")..x.S.y..@{.^D.n.......E..e.
.*d.....Ej.kC...4R.`..2.~.38.:...>.<...9...R.oM..c.1..3...V.....
..f..Of...k.}..GEy*A...k......`.C...$p..&.g..p......q.i...;v.........\
v.4.:...]ZL.-..auz'.ZA..-....(.3C....Q^2D...c.(...M..x4.."....].*b..=.
.`.pS...4C.Z1~....G....Ygpf....."..`....a.xM.1...'....-....EnZ...2...H
Z. .k.t....}5X..[>t$E.Y..}.9-_D.....?...b....{.K.,..P.{.a..e]4.....
$RfF.._......0E.q{..^....3u9..T.a..I.N(.....D.y..tQ..Y.x...L.4...9x...
[email protected]...^]..V.p.*'........(....v...,p..#..
.Z..D'...H...%|LZ.g(.../....F....H...w....bcxE....^(........E....m!...
>..T..-./px.....Co.....c;X^...H...f!.).. .......p.<.v.]........A
.l.i..V*;4.,.#....s..Mi.d..t<w..E......9.... i..$G!...LH'..b..%WF..
....B..{6x..t......2...7>.r}X....% ..gU..U..4*.'.1.Yy........Wr.ao.
.<.~>.........W........'b...K.......g.e7$\...!s_:..Sc..C....
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=3788800-4011967

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 223168

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:05 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Age: 1

Content-Range: bytes 3788800-4011967/4011968

X-Cache: Hit from cloudfront

Via: 1.1 aecb927fc72cfbfae33a898dd2f40b7b.cloudfront.net (CloudFront)

X-Amz-Cf-Id: ZGhCSh7c5UPLrxdqbvAXymlE4AtPK9p-mKkZTUbll46L2SZ0J9jPjw==
.4..u.A.....R..^!..}.`..r|....F..R..X..y..t.}[......*.6.\..tB..T.Tu...
@..2..P.T2.RI..VDz..;...K(./.j...`79.1.*..]...Qa...4\.m......x.yIchj..
n........^Y...)....hu.r}.3.1F.........h...........^Up.*,.'.[.I...`4...
..)i..s.V...o.............S...P...=.@/...\..y\.#..z.\.5..Mb.....v.....
.#).(N.6M...=:......*0*.{[email protected].?eSJ.n.~<.Ei.:...FA!
M......o.K.......b.S..pn.."7......L.q.I.......U..0.2.}...8r.r..B...Vx.
b.9#T.....1 yO...............D........i.?T_.h"B.....T;Gw.f.b..........
..K.|...)..........=9..Xw..r.uA(u..vi.....*.U.d.,..v.C.)....8.!..(....
8.a9.i.)U..pzwM..o.....  "..K.....b8X.5O.`..:.Z..9.......Z....T.2.-..m
W2v...M.k#........c...$........y..W......IzQ.0..a..)2z6.r.o.......8..0
..."..%.o....^..^=.}...a..PHk....]....7....A.#O...\.gU.8.(R.s|$/?.F..\
^4.{Si...XUr....u.......,.w...i*1.>}1?AP........F2...G.a.5^........
....).I.....N.a....\I.... z..gL.(..!.V.Sg$5..o.....^.p>b..c....uh..
.W9~._w......y>Q'..|39....o.%...1,".|.Y...|...{....u........... ...
T[Jc..........[..2..Z.Ijc3...d.V%e.........j.[..M..iq..|.|.Y..6TI..Cqx
...Ij...d..d1...h?..(..=..V"...Z..[.......x. ....f..q....N.[qR.9.0.lxh
...F../.....Y1.T........u\...w.z:a..Jx......w\x:.....5z......V.|'... .
....Np...^8..Hs.Lz.......cpR....PE.I...$W.H...]=.4....< .~...Cs..Wo
......h..)...[....Y.........d. ._..o.u.[.....#..;.S......H.!...E.1.`..
I-.%;1#........!n.K....Y.T..6]"..-:9p,.....xe.d...p..f.....7........:.
.gm..D..#..M.r;........y.P4.5..........#*T'.qs.=.D._R.jG....F..-|s...%
9.......v:`3..uX.k...E.1.F.......xK..-6`J..h...kS/.m.X^...r..A.y..
<<< skipped >>>

POST /Downloadster/?v=3.0&c=59138186 HTTP/1.1

Accept: */*

Host: os.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 816

Cache-Control: no-cache

0A0CzutD0DtC0GtC0ItC0QtC0BtB0ZtC0CtC0VtD0AtC0NtC0NtC0CtC0PtC0NtC0TtB0ZtC0FtC0CtN0U0I0DzutDtDtD0CtBzyyD0D0C0B0CtDyB0AtByDtN0W0VzuyDtFtCtN0W0S0PzutAtN0O0S0L1T1G1Nzu1P1GtN0E2V1P0C1M1J0S2Y1HzuyCtCtBzztByEtN1L1B0A1Q1H1L1GzutCtN0T0KzutCtAyCtDyCyEtDtN0U0I0DzutDtDtD0CtBzyyD0D0C0B0CtDyB0AtByDtN0S0D0TzutBtDtCyEtCtBtBtDtCtDtCyDtAtAyDyCzytN0V0M0Czu0V0M0WtN1L1B0V0M0D1P1OzutCtN0M0A0C1V0LzutDtDtD0CtBzyyD0D0C0B0CtDtN0P0E1V0M0O0D0Ezu0D0L0LtN0D0E0P1V0M0O0DzutBtN1L1B0A1Q1H1L1GzutCtN0R0N1T1H1Pzu1Rzx1Y1Ozz1QyBtBzztDtByDtA1PtAyE1TtBzzyByDyE1R1OyC1QtB1TzztA1S1P1O1TyCtF1P2V1PtN0O0S0L1T1G1Nzu1P1GtN0O0S0V1P1CzuyDtFtCtN0O0S0S0P0V1P1CzutAtN0O0S2VyCyEzutDtN0P0P0Nzu1B1T1G1Q1S1F2V1V1B2X1RtF1P2V1PtN0M1P1H0P1M0AzutBzytCtN0M1P1H0P1M0TzuyDtCtCtN0M1P1H0V1L1C0AzutCzyyCyCtN0M1P1H0V1L1C0TzutBtDyEyBtN0P0R0O0D0U0C0T1V0T0I0T0L0Ezu1R1R1I1P1T1G1P1C
HTTP/1.1 200 OK

Content-Type: text/html

Date: Sat, 20 Dec 2014 13:25:00 GMT

Server: nginx

X-ADS-CC: CA

X-ADS-CITY: Montr.al

X-ADS-GICSET: global1367a

X-ADS-IP: "%local server IP%"

X-ADS-TIMESTAMP: 20141220082459780

X-ADS-VERSION: 1.2.4.1c

X-ICSCT-SERVER-NAME: ads.slave-09-us-west-2

X-Robots-Tag: none

transfer-encoding: chunked

Connection: keep-alive
1f40.......)...*`..R/E.6.C.T....LV.`.W.p (...H.B..hC...!08.-.*.u&6.nQ.
i......[......3..7Eq....:...>L..........De.k.g...QS.@..;......r....
...{N..Q...r..qI..S..'U.=3.G .m='.5....qv........-...G...J...9^kR._R. 
gW.....EYX...X./.| .<..$...#3. ........>.,%..6.@`.`.-.bW....g.I.
...3-..9..[...I,...hF.j6.%.....x......"3.............]..3O<..g.....
.Y&i..?Q..f.9^'..s c....dC...'}<........Ig7.l...M...i...'v....S.sG1
.o.O-..q.B.t1.t.......1...3&.N....R....,eZ.....S.$?Vsq/&........t..|.:
.P_.........'W.i8... ._....P9...5.`..9..... Y^.J.p2!...E.....}UT6.._..
..@. ..|...i.....x..c..3.{Wy..Wy7.....Vy.....z.G#z..Cya..q.i#}..Mf....
..?..v.S.v... ......./{...m..;...r....Ck.q{..ydt.'.t.!....p..q.{.g.z..
...~...F....m..[#}[email protected] {...u.u...u...7...o.....4......rC.{..
.....<.x...;.j... .z....vs........d\..i..my.87.....b=..c.....r..T..
..;9..e.r....a.l.D.......F.~..#>.T...........U}.K...r.R....s.......
.....Ovr.O.p.......s.....{...xt....O.zW...?fg\.<q.L Q.R%J....9.;...
.OiH.d]7.........o%.......7.."..".h.c.."U.7.V.....o.2........../{.sB%.
..._....I........E..P....nQJ..A...^.&r..|/..~..#G.Q.iF...By.e.r..._.4.
.x.J.Q.7.f...zb..}!..,|X.~...P.q^..n.]......'.h.#....3.?..C..T..fh..{r
. H...mL..B<<...5....?-.g{..J....9..I~9.]wo.LO$|......,...A.\...
.}Qp.c\...[.I%._.a.k... .8 .M...p.s6q..r..6.F.}...e.....bP.W.........G
UP./>/o.t....._Q.=..q<.0.....o".rB ..2...<A.#..z.O*X...rIo...
...|...H.=.....A..z R..OK\.Q....<I...J.wev}*..d...Z.....q..j.....Q.
..1f......e4yTWp1bV..xm......0q.k...}...yz......_VI..ir....{1...&l
<<< skipped >>>

GET /img/Seniser/Seniser.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Sat, 20 Dec 2014 13:25:02 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: Hi/7m7uUs1DBoEWSVzH3HAFz8WJU1CYTQWMnx8S uSaDYY0c7T0sAkH86f0/RIgg

x-amz-request-id: 03429F82D6310FAC

x-amz-meta-s3fox-filesize: 50085

x-amz-meta-s3fox-modifiedtime: 1390986529596

Last-Modified: Wed, 29 Jan 2014 09:13:59 GMT

x-amz-version-id: QjqTwx_WtPuZIJz7CFxx6CtYgyzT8pRK

ETag: "f1b0c2e8dbea7007de3b729877ed968e"

Content-Length: 50085

Accept-Ranges: bytes
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:EB591AE63587E311AC799D5F5C8BA5FF" xmpMM:DocumentID="xmp.did:B7A6
F41288C411E39181D0C065CD57B3" xmpMM:InstanceID="xmp.iid:B7A6F41188C411
E39181D0C065CD57B3" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EB591AE63587E311AC79
9D5F5C8BA5FF" stRef:documentID="xmp.did:EB591AE63587E311AC799D5F5C8BA5
FF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>..FD....IDATx...u.\.....]..U.... n1..df..c.I&
....g&.dB...O...8.c'f.!..B.[R........S.w..w2s'sgr........:u..o...:G...
......2...P....g..L...C..#...j....F..Kk..- K...........d.A.G,.....R.,.
o.....g...63.F.P.G...T....$~Y..d.....G.....P...."fU...LX......w#k...e\
.....{.....M-.L...a...{N.[w..M_."....P.....1...a(.9.O..U.!C.O~.x:...3.
68......9........^(.(._.......N..*M.T./.lR..5h.r.C..Ft>...2.@:-.../
R........{.j5.....(.!.(. .E~..`...x-.}..l.........@..(O....T..b.y%....
U(....,...".F@....../..*.4<.,&e.L(-x.......x}S.2....*.....\.(.*
<<< skipped >>>

GET /img/Pisiseti/Pisiseti_BG2.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Sat, 20 Dec 2014 13:25:03 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: rUzwQJ6 OB1ziJpNq1TB9auKyNpc3skBA0SPVaYKXRA2yTP4hBKL4rI/zew8g6fy

x-amz-request-id: F970BEC6FF74B3E8

x-amz-meta-cb-modifiedtime: Sun, 03 Aug 2014 13:34:12 GMT

Last-Modified: Sun, 03 Aug 2014 14:06:39 GMT

x-amz-version-id: g65Pu7fMQ3_d_iKpUmcmMY1mSX7QMIvT

ETag: "4f80beb2f7174c7b6371ae229e6eb2cd"

Content-Length: 53189

Accept-Ranges: bytes
......Exif..II*.................Ducky.......3.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:64B62334E13FE3119
787F97A3111AC62" xmpMM:DocumentID="xmp.did:634492801ADD11E4B391ABBEABF
C9175" xmpMM:InstanceID="xmp.iid:6344927F1ADD11E4B391ABBEABFC9175" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:005441E2DC1AE411AA8EF47F38B28B47" stRef:doc
umentID="xmp.did:46EA4D8410AB11E48FC8C49FCCEE3449"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
.."!!!"&&&&&&&&&&........... ... &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
&&&&&&&&&&&&........0.................................................
......................................!..1A"..Qa2.q..BR#...b...r..3$..
C.S...c...4D......................!1.AQ.a.q.".....2....B.R#br..3......
.......?.....(`2.0.IC............p...K,QN..$... ....]'..,.G...`%.'...-
T..e...3...(....i. ^.@ ........{z....Z.....x....<.#t....u..#....4..
._a.....T..t.a......D....h...A.........6y....3.....b..........49..
<<< skipped >>>

GET /ofr/RAM.cis HTTP/1.1

Range: bytes=0-102399

Accept: */*

Host: cdnus.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.2

Date: Sat, 20 Dec 2014 13:25:03 GMT

Content-Type: application/octet-stream

Content-Length: 68754

Connection: keep-alive

x-amz-id-2: pPGSYVykluTYGpAMjQBCezmP6Fk62MWmhBwZzuqPBIr0nzYmciXBX4tDosBYR7Hm

x-amz-request-id: 22C9305E84BB9A68

x-amz-meta-cb-modifiedtime: Tue, 25 Feb 2014 09:01:03 GMT

Last-Modified: Tue, 25 Feb 2014 09:33:04 GMT

x-amz-version-id: 0J7Ku3fOApQ0maOx9q3GISpaX.5t75it

ETag: "85a9022d4d17cf300c437ae38df1e2b6"

Content-Range: bytes 0-68753/68754
CIS................;...............P.......E.v P.. .v.f*...]....HO..HO
...#a .O..>.ucs..#1.y.e0..M8h..'.../.H...[&....-l......0dnz.H.u...f
.8e..@|..R...~....6..Ey.&..K... U.[.F.s{.b..w..@...[b.........Wo.,....
....].[hc>.`.>$((V..=[.y.)..R....@....*.P.B....].a....J.....g...
G.`Y..`.......\...a.....A...=.'[email protected]=H.N.K.Pp.. .)...].Z.iJ......
h1qV......../.|...x......O.N...{.........*....6....IC... -...1R.#OW..O
] .h.L05%3...VP.M.eX.......U.n.u...V...3c- .........].y'...d)9.7..N.D 
/.B.6)]..I....C..ci..E"..KV..._.x....i2....E..\`.......*$...t.\ .:.h..
...}G..a..5...?.sP.U&W>.S..t\[.,..E=.$.i[bO2..5.9....b.N.sm.....yk.
{..*g|..^..:3.......7.o..:Ks...oP..*....e..e.{C.t.. .'..|O..J..`..../.
1.....s..rq..).....1&}.{[email protected].....=.\.......S6...............
...EC.......$3.......y...7.U."..75.m..e...KU.....Q...Q.L..LY.oH..i..h.
.s.*....N..[J. [email protected]:..P.N...........cC...K...[.!.j.../y.AAQ
.....W.t.....}>Q.`.Y..O...xX.N.s.q.T)..m..4..]....B.!,S..W.f.r*h.e%
h.W<.....3...V..k.q...i..z....=J3.......^.fq*.[.._>...s...}1s.h.
.E-...N.3s.~.. .,.^..'!.E.w..'}.JTPH..A..L.,P....W.....mW..D........zH
.=.."...SoC..-...... Y-.>4#.....F.......% .Q-..p.c.X.:......p.:bi;.
C5.s..2R92..H.|.V.....q..U.{(......!......l.^..Vz.L....x...{..........
...n:...3i.M8.d8..A.......O..U...j.y..I.7z71^g.u....a.0Y...G.S..g.....
Lzb_..$a.&.pV.........=w.E.`..E.Y....L..2.1.Yl>;..%W...G6..........
}..Bl.z'.kQ.Do.......Zf.i].cI]......G."z....%.........a..X .......'v|:
[email protected]..:t..g\.Q... .c*...[...x...<>8c.<
<<< skipped >>>

GET /ofr/isicicc.cis HTTP/1.1

Range: bytes=204800-307199

Accept: */*

Host: cdnus.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.2

Date: Sat, 20 Dec 2014 13:25:03 GMT

Content-Type: application/octet-stream

Content-Length: 102400

Connection: keep-alive

x-amz-id-2: pleIyD6oVU4VW4a9yBj06mGMEtaRrXOsCCEnuPufwdUVAfpfj4hkQRIekna Kz0/

x-amz-request-id: 57C3EE03F904F08E

x-amz-meta-cb-modifiedtime: Thu, 28 Aug 2014 08:06:42 GMT

Last-Modified: Thu, 28 Aug 2014 08:07:54 GMT

x-amz-version-id: Cps7ujoLu7tbSmpel034FEsiI5AkDorU

ETag: "4b79f0fd86d9c68b64393776fdc910ef"

Content-Range: bytes 204800-307199/382062
.?:...R.B...\.x..l...L.......>[email protected]....<..!....Q.Q
|....U..........sh..%.........n9.:..r...>......BZ....>..Vm..3...
I.EEN...4...*f..'....x..(....{..<.\....S..5....p9J....}...=...."..&
gt;.. ..hg..\[email protected]!......kv..$(.owmuTrB.L......G.......
.......G....x....E]^....S.0.[.....K.....8....-.L...........\s.@.... ..
.!....3..{.yZ...m.;....... Y.3.......9.W>B .....2.3......Fu..;8.w..
....\...s?G..E......=..S...#...F....."`a.ec.^.aC$.^j.D..`.c.\ ...J7.|.
..*..&.o..`{..&..B.G.....h@~'`..h..\.......A..8k...>GV.....E.)...Rn
...1.. 8..kCF(.........3EK..b......cK.y..PqS.M....)...{.m.. l.e...u..*
.hs.....S'..y..J..b]B...%.r.}.L!.p.w......V....E.g..(:.<B...S..M...
..(.`....k.j...R.....[ s..5.b.......|..o..S..PDN.[.l...{bv...ktB.Fs..o
..].{.......5o:........{.0.C..."3M...Q:@..".:.Q@...?m6..,.....f.......
..'...Dx.dI.k.k...zq.hK.}.\....v~.W.\.].8h.e.:....j...K..{M...'!.....K
...z.:0....~..\P@[..v... .Z...\.G...hoa$$5.....4.H&.#.......Y..6..v.v.
.T..>s3...t...9C.}..X_J..T.........../1B.Uk)...1Z..4.......c...).].
...E..4..5c:.n.J..nl.....o..-..zp.n.V.D.a.wD.<.....#......L..|NID..
.......N.c.c.......z?P*......B...C8.AK..h..~z..... H.S1.=N.ka.F.;.O&..
<.Wv....N..\........F}../.G.b{)R..e.z._.:VqUH..oi..a.fC-c..&.w.."Y.
<.7B.P.....X..t....X..s.y,......Q)..o.v...hi.R.$...................
.}..z...-F.V....m.k.spF..2!Pf.{.t8..U;Q.(.....lD.....J^k..x.?.G.q.{..o
FuT.MJG..,7.)A\5....=.u}b:sV..nv...j..2.|L.......q .s.5A...8!.........
...U.=.{G!...$..i.7.O{Fw...G=,k.]........7...n...( d..n.D..{Cu..{q
<<< skipped >>>

GET /images/logos/downloadinfo/logo-lightbg-small.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: media.downloadinfo.co

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/png

Content-Length: 9222

Connection: keep-alive

Date: Sat, 20 Dec 2014 06:38:02 GMT

Last-Modified: Thu, 14 Mar 2013 23:50:35 GMT

ETag: "75973acb39a471ab5301a00d1e02bb4b"

Accept-Ranges: bytes

Server: AmazonS3

Age: 24419

X-Cache: Hit from cloudfront

Via: 1.1 0aaebdec7b7b36cd00d258b6c14bcc46.cloudfront.net (CloudFront)

X-Amz-Cf-Id: MAfLWgM83XPYwK0jhfGuiH9BdUwbDjDsyjFww2-f712bs9VK-JNvPw==
.PNG........IHDR...,...:.......dG....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:A89B8214852511E2B792C9
F28CAD2CC1" xmpMM:DocumentID="xmp.did:A89B8215852511E2B792C9F28CAD2CC1
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:287C8F857DDE11E2
B792C9F28CAD2CC1" stRef:documentID="xmp.did:287C8F867DDE11E2B792C9F28C
AD2CC1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>9.Zh.. xIDATx..]...U.....3se...>&..$..
.((...., ..((.............W./...E.A 1.I.I $.LH&.d2....GuU.....]]S.=..$
.}.|.........{.{.9..;i.b.._h......z..(.bE.LT<.)..xq.G..fqMX.....o..
...m.|D.......Q....e./....l,U.z..j..HaI.R4e.4*.. Q..Ti.t..'t..Fs.n.%..
[email protected]_x.....'|zo......p4.R".~_....p...e.
."E.Q.,..|jJ.Z...8al.5..L..3...  (<..h"E.X.:.....IU5.{....T_WC.....
Y:u....=p...]=m...7...E......H.rT.K.....'.4....9Sf..`&../...Ps[...X.H3
.0Lp#C7()@k0.... M7...b.&O............O....I..l.[...)R...<..D2.....
t.)..}...(TRB.:...7J.q.k<.x.....4.0}..f..h...7%.O$T.^1..D......
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=409600-716799

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:00 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Age: 1

Content-Range: bytes 409600-716799/4011968

X-Cache: Hit from cloudfront

Via: 1.1 36888196897a69055ba7f343aa680ec9.cloudfront.net (CloudFront)

X-Amz-Cf-Id: cx12v-JBWotYaJnkBd_qKKDkglKcq8_rKji4BIQJHysvrAJhm4rUXQ==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 307200..Connection: keep-alive..Date: Sat, 20 Dec 2014
 13:25:00 GMT..x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 G
MT..Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT..x-amz-version-id: aT
DRzIqHoOZVVyu1Is_3JnUvzz7zIDtp..ETag: "c9dd1da2ef1bc9db869a70cc959c9a6
e"..Accept-Ranges: bytes..Server: AmazonS3..Age: 1..Content-Range: byt
es 409600-716799/4011968..X-Cache: Hit from cloudfront..Via: 1.1 36888
196897a69055ba7f343aa680ec9.cloudfront.net (CloudFront)..X-Amz-Cf-Id: 
cx12v-JBWotYaJnkBd_qKKDkglKcq8_rKji4BIQJHysvrAJhm4rUXQ==...n....t.xPM{
m....(.W[v.*/.i.%".Y...{.'7e..%..A...*...,8&8o5z.$..[2..0x...\.B..)../
7....i.......~....&....&.x.c...f.....&.......@!.S8...ud......1{....<
;.....h'[email protected]!..$D..]....5..L.E...fJ4...Ur..z.H.d.1..
...,0..OS.o:q..K......]f.g;.gb(L..x.WD...'..0b..u .(../U\..S..~!...T.#
'..`#.A.wWP.u..(......^.....OF.......Cn.jL........^'...*.$/.....GA...S
}.....v..:..#7.E.....B..P......[.>..dU.]5(...:.n2S..p&.~.......;<
;`k...1.....u.% mxe..w._SL..1.j.j.z..F.1...&2(....U.Y.x....... ...g.:4
O..qm&\...e&...&..[.E...IK..^T..C..."..>V..1....}G.0.s]..~.L..69..w
8HU..... .{Z....!..;...n....5.4vkj.XUf........7..01.....Q.Xl....v..J/.
...S.\{......66.:....k...]......*5e...]."..iP...t..\.......o.b.....cv.
...V6.....i..-w.W}. ..2.wvyY......SI ..Ru..........l..fA.*..7.....3..{
m~_R. ..'.P(.>(..LSO...G.....5I..|.i../..F,E.EZ..)L~CT...b..l....t.
...Q..~.L.....Z.]W...a qH..Kel..)?.?..feT..`.M3..y......=.'0...F..
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=1024000-1331199

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:03 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 1024000-1331199/4011968

X-Cache: Miss from cloudfront

Via: 1.1 36888196897a69055ba7f343aa680ec9.cloudfront.net (CloudFront)

X-Amz-Cf-Id: WLdLmPrhJmscH29DX_PnTUOLlYb9JJJjp4lv7bSGyEzYzCWpVTVmuw==
..W.P...../...ab...N.. ,.......Q#....zK.Ud.....J.W...?.m.C}qf...t..x..
.j.wm.....x..3$S..3..#.t....LVBW.....)#(.....J5[<g..,jE.d{......T..
SM..u.U|i..Z.u...UN..g}8.,.....b#^....E..$...........1...x|.^..z..n..;
.6'....A.M.....H..B.H.v..........N..[..F.3D.....o..k...%...K..Ke.$....
.>U..V...-.......3..>zq...w.......u...m..r...U..nM.>a...|....
.....\>6..-M.@!....b....oe,..x....U..g%.._.s=H..&.....827..t6...S .
.;.....~.%....[...LX.....T.n....-~...x.p.w......J......&..{..~...v.;.1
8_.K.:a.ZK/.*T)j.&..,....._L.]C........Y.d.r...M....=............S..S.
.>jf(..:..V.DK%..\ ..X1FU....#G..&Jf..... iy.6.a4[.Z'>r.-.P... Y
cDvb..g....".r...9..k.4.....y5#.`.].c8=........Bl..h>....9r.$.B.O;.
......5.=.Z...1k..K..........x[...z..:..$eV..M2.%W2F-....K.......8..S.
......G.vOY...d..o&....D\.ke.....M.j..y....?Ol;.s...x.....:.c.0..Z;kg.
.~.......C.Qp..w...H..|..qo.zc-.hN.W.P.e.)'L!z.C..GA..Nv...X'L....W.."
Yo.d.....v.....Ke..>.'S.A..Y.....~l..<.k6._..j.\.....t5....o.v.Q
1...$Pr..-.SR .~3..n.g.z..x..X....#L0.[R..Yk...t.I.~.."]......re.~...7
....=l8.{..I<e.Sr.}jf.&\.[.&.....2..y8."..g%8..D..}P.l..Z!....R.G..
...I.......Mw....%.d.fm)...!cS7E..!..$.8x..Q....[............Z.)..(1%.
W....-.O..rq.. .. .x!.B.;.36..Uc.AT>4...|"Z;G{......b=w..&..lj=.)4.
;g3.z...........~'..M.X.d.2-.`4Iae=...3(...s.,x.>`T{.$U/..PR..6)...
.PAV......E.$N.....g.....)a......)..f.2B\.....*.P.2..i..k..C.*3R......
W...-.....b$...]O........`m..L.].....o...).cv..c..,....~.$.;..."......
'.}....{e.../....|.".]j......JuZ.....g.?\A.t}......R..z.o.m......=
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=1331200-1638399

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

.........`..!...(.......... ....8......./|.i.|....x...3L.1...L..S..Zq.
...O.....}b...j.d\Dl.<...?;..... .-.....0o.8.h'..l..'...-....pA..0.
h......p.aV...].c*z..._L.].,av........3..t.`..P...D...Eva....t.]...J..
..%.(i.. ....)m...>.@..*!..[i.-.Ll......o......... F.,...87n....>
;...X......W...G....5. h&?...[.. L........Pa.rka|/....TZ? .|D.....e...
..<M*... @..8}.au.?..^....8 i..@ .p.P....=..c'y....^|K.....>Pd_o
......u....t...V..B....o_....BP...6...M.S......o..ba..G"Y..-.........O
~..a.....Y:..d...M..........{..A>C.\../......3r....Y.#o.R.v..6.'.. 
.yA..W...R.^....R..H..K..edm.....z...._..t.......0[.....79}........)..
jZ.......Hg.....%`.........E..pF8,....&.Y..12i.;...xg.D....I..p..S....
0......H$)...cjx..nD..IX.i".3...c..)..n.Iv.h:.....F.. 77.K...h.{E.fux*
/.O...'.....g..V....x............8.wR.V=.l..COe&w,.....8.1.E(.T.B...9o
..qU3L.{.H..M.<.............~....W\.#m.V...u#y......,.U.h.h.....N&g
t;.'.".P.1....B...s?s..j-.L.uzW.......$..\.-...5..x..$,..#.c.]=....@ .
.k..j1ma..9.~..Q..m.*...nE'..'..........WO&z[.B=......].o"J..^.f5k...]
.p....t..g...............t..T ....gCuYeKm.........;E.h.O......{.......
...*..&...".;.1.*.4.-6:...~"/.I>.o..j...N. L....>..&.:[email protected]
L".[P..TC"..Gh...(.........PH8T?D.!...Z..tIp.....F}..*;.bs....,.hDoZ*.
D ...l..-E.B:.m...2.^S...c.@..".C..UI5.W...Ax.. .V9.>...C...GV..e..
.]..C.i.u7(.f..P.J..........t.'..G}....9...........O.k..3..3....A.../.
..IL.c......;..&..... p[.*.X.....2.[....k..v.i.V.....$FIf^t.....|..!..
z.-....{.)4k../.l.;j.b...3'.".......w[.M.T....@o.$..Q.....z...@...
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=1945600-2252799

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:05 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 1945600-2252799/4011968

X-Cache: Miss from cloudfront

Via: 1.1 36888196897a69055ba7f343aa680ec9.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 0h16SFuDSB9zg64SKuv2WUtuKTSrcvRXhziP-h6KiII_4v9Ha8zx8g==
.hX..A..%....l.%>W3..G.R..]...:...t.I..@Z.$j...N.|[VZ/.W#9..I\.....
.5..XRPz.c.[6`E..'-..9.'.EEy*.L=.....~..G...n..P`.!.{h|..6[O.......\..
.G...T...{N s...t.....PAG.....[...pZ..!..3,M.qv.1.....<<....1...
...HF..!"0....[..dY.......w........ .XV......=...<^j.hn..L....}^.O.
.. #....C.]..).....7..&...rj...x.=...P.....6D...N......UO....`.....5.l
{y.~..y....`.5.R....&....d(..-.V.r...C....q..\.....bB?......:.d..W.l..
....- .v..:A....PH.T..Uv.y..&.8jw.a..Z.E45.vKe6Q~..._7(.d..c.....qS...
.\/x.7...F ..)..Z..R=......xS&"Z....b....)......:./6.....%..U....X.Q..
 ..h.........fk.9s5..Q.|..3w...........R&........].zFr/.rV......8&I...
u.*{...7Qi...!...Z....A..#..4..$...|..]...-..0.`8....X.*o{...8..*P...;
.=.}..0.........v.R.9.N..$... ......d.d._.C]....3<E\..Q.T..lZ[R. ..
..nB.d.......F].g.J.r..f..N5..e./..X.v..y...N;.E0......4...}S#........
....^9r..W3.z...R.J...B.lT$............qe8.........}[email protected]
..*...f.>..n{i?..o.}./.. .hP.WB..:l.5.#..................:.G..3.Qb.
ESQ.p.~~...Q.'..r.o4.........Y.m.........X...j.S..T.mH99.K.}..-../...s
8t..1........#....`&31.T/...l..T..u....\.:5.WSJ .A..H^.....W.._....0..
..@)*(....c.....m.....,I..........26..g=.]Ht....{g.. ~.E...O|>/C~..
.' ...s$.).}...y3.\&H.._*..k;....\c...x...P,[N.....g....;........(M.k.
....G..[.U.#.....J.............*x.w...M]}V..^..O............1s..ZS.{X`
.T7h.w...r........$.)'..J..........}..j#.4..@.(`).V[_....l..<&...U.
0...`.!..p.t....u.W...q...g .5u.....O..3C....u...6..d.....tOM.._...3..
k.....#J.N...Fk.3.iV>..j- ......BGD1..D..f.....).>...._....T
<<< skipped >>>

GET /ccsetup324.exe HTTP/1.1

Range: bytes=2867200-3174399

Accept: */*

Host: download.piriform.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:05 GMT

x-amz-meta-cb-modifiedtime: Tue, 06 Nov 2012 19:36:07 GMT

Last-Modified: Tue, 06 Nov 2012 19:46:04 GMT

x-amz-version-id: aTDRzIqHoOZVVyu1Is_3JnUvzz7zIDtp

ETag: "c9dd1da2ef1bc9db869a70cc959c9a6e"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 2867200-3174399/4011968

X-Cache: Miss from cloudfront

Via: 1.1 36888196897a69055ba7f343aa680ec9.cloudfront.net (CloudFront)

X-Amz-Cf-Id: ZqwKTx5E_y16dB-XXXvTmO2mrhiFQ1FCT-qRj-gtKXdgd1J5kPx22A==
....i]X.?..b.*....1y...^..G..}..-.?.e....G.G.L.|......._.....j...,.]B.
..o.._....0t.n..I...s).........0..\T...L..C.9....E_.....q. w....\..2r[
6..2{dd...]...X.E..m.........A.:.^I..:..Xy........25.`..K......h"c.$..
.< ..[.S0{-.Ut".`.....TC.....^.U t........B..3-.[...)..C.*......i..
[email protected].'~.v...4.L...RM....{1f..W.......b.0...........O.VMT...6..
q.v_.\...HK_.^/c*6g;....W.........z.,n...7....$/B...OJ....9Z...;h.....
..!D.........i}..........C...P>...n..U.;.:.....<...gEem....0..Ap
..3.k<@.*...am=1.....U.....>>.s*66cj....).v....Cqp...6x..r...
..... O|'.D.(..g...'......|~M.3rP..6\ 1...-.p..tS.....t.FQ...k.~.".j..
.-@'..;k(.bg_..r..4=...[zkc6...g".bHs~..n=...OL..Z:zy,...0..E.s...m..H
5..h5.".E...J....^....K..jMw._...P...3..4.s.....T.\........s.f....F...
...(.......2..Z.b..AU...."...$..A.M;"_..\.pb.).)N..7G.o.._...'...u...P
W....Ty.q9Q...T.....2.............."....}.Jc.4..R.-q..i..8b>.%X....
... ..Z.NJ.2. ....G(dF$..y....>..@yP?lw.%..A. i;...-....hkk.7.]..h.
..{...s..LY.0e..B{.X..G..j...79.....P....;:...oR..8..|B.....v.'j..rOG7
...0,... ...gx.e..d..~ZDMocl.......0 .:7.[.,p*...]7J?..L.0J".........d
...~,Je_=..`U.........X...........M...&)..FH...u..<B..K\..=..62$z..
f...B..w.....e..a...z...d...:6f..|.PV. /.Z.e=.n..q.<v...6:........[
9..-V.9[..r.:....S.5.y...{<.']n<.\X.bJ.q....O...H..i....&*^].&.H
..".CH.Z4..P.v.`.W:.].....).m...LM..U..Uj'...X .$)E=x.h.]..Mf..Tp.....
}Wvx..T."-........p.F.!W$r.MG3........G.........s....i....hd..o.....JA
%d...C.J........B..,..d....-..T)..!v[..^.8!............~. ........
<<< skipped >>>

GET /logos/32x32/ccleaner.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.secureinstaller.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/png

Content-Length: 3507

Connection: keep-alive

Date: Sat, 20 Dec 2014 13:25:01 GMT

Last-Modified: Mon, 26 Nov 2012 17:58:05 GMT

ETag: "85c0ae578ca8717cbfed6c4e53622b22"

Accept-Ranges: bytes

Server: AmazonS3

X-Cache: Miss from cloudfront

Via: 1.1 da4597f9a1ddca35a7a5dff69622a1b7.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 3_yPCR7kH8owFIN0cLJxMJwznA7ZYx4-eLJEYjJeZSfrQIgCw87ffA==
.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:2435F6CB301711E283C9E1
F24E45F7A1" xmpMM:DocumentID="xmp.did:2435F6CC301711E283C9E1F24E45F7A1
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E84AB79E27B111E2
83C9E1F24E45F7A1" stRef:documentID="xmp.did:2435F6CA301711E283C9E1F24E
45F7A1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>o.|T...%IDATx..W..........{w.k_w.,....*(P
*P...I.3m...IMk.ml..&..ZiR[.iM..1&h5XlC[T..."".a..].}..{..;.s......t.'
3wf........&.........$8...S..... \....4..q....\.0...k..9....Uu..6>`
[..7\?._..]....C.04<.q........3}P.i.g...S..r@.(...PKc.......' .p.n.
.E.(...T.40...O..B...C.;.....n.|s ..a|...".[...5PB.O.p\"..3-.\.KfCG6..
40..l.{.t......_.a..q9........i.....o.......F.p.e...x.$.6.'..=..,.U...
.....vtzSr....LN..U`.....).f..2.Ln.Z.}....ZQ.d....d).N.............3.9
=...`".9_^.}/Q...<..&..U1.I....Y..vT.G.....W.s.....C..m....r._..3.N
.(.AX.4..q.....Y........t....?... }l.[.. 6....k.......q.[.7.& s.r*
<<< skipped >>>

GET /img/Taderonadan/Taderonadan.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Sat, 20 Dec 2014 13:25:02 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: XeyZteoddMT7zB1aXipURwVWKsd6UNKVph0XvKwdImG99gDcfpXHDgr2hOv x9UW

x-amz-request-id: 72D33F0951C744D1

x-amz-meta-cb-modifiedtime: Sun, 20 Jul 2014 17:16:32 GMT

Last-Modified: Sun, 20 Jul 2014 17:18:55 GMT

x-amz-version-id: AxXc6EI.8NWvuCfiSgXfADM8rlZv9_vs

ETag: "e99f71cea95a6d0237d85c8ae5acfade"

Content-Length: 2643

Accept-Ranges: bytes
.PNG........IHDR...t...........:.....sRGB.........gAMA......a.....pHYs
..........o.d....tEXtSoftware.Paint.NET v3.5.100.r.....IDAThC....WU...
.{[email protected]..$.f.X.(..Rfb...3.2.4i...$.B).`9#1.S..H....B..,..cw.}
.,......s......]....7..{^..s...~....G..."&."!...SN...%l..`Y"Wt.=E..m..
..9.v..........>xPt..../..w.......S\..l..3k..8....3.hz.3.y..j..."#.
%b.V<..m.bWo,vf6...d.iM6.:qT..5..8dZ[..S.v.Mo..L.zp....\..3.^DC.N.h
$o..DaC...<...,.&..J.....j..4-~...]....". f....M..9-.&....A..}...n.
....D]....3.^@[email protected] . [email protected]&.3.K..
........"$..W."h...6.0...'n...SY(e.<..6g.C...u.h..x%...{.b!..""b..x
,.......n....3.O.a.....l.............]....C.&.L..W......./=...t.....'.
[email protected]..%:"(s,e!A.7....\/ms..p..........[..{.y" &T.."$....t...)_.,..a6
...j8,h. .........y.;u?v...i...(^.|.......P{...}[email protected].&(b..=Zj6..
.g..G....|.....MU.:MPDN.4...n[...ym.].J..7..v....,.>.../..s6\......
Xk...D...*.......c....!l2.......DaK.V...BH...f....V....e....b.-.....-.
..#................f.=....t\p...B..=}....R....l=...../..O......2..}...
P.n....]..)..|.Y..l....p....._Sn...e.f.M..n....l.3.....).....^n.Li^.w.
..t.3A....(.E.n1V|Z<`.>*...>S<%8.2{....f.Y.Y.e1Jp....W...)
}../..\..p.I.o..b.xR....'........H.]Aud L.D...Y'....i......x..4..e....
...'.......Az.....&..B....j{.='`.........G...._._.^...%3...!WG.xU."x9W
.....z.!.4x..b.`G.:<........Sp?.._p..WL.;.wl.....l...-q..?#>A.S.
.`p,..........z...e...'...C. ..x..?;.....=4;...;..y.....lU.4.Ug?&..,y^
.o.7..t.p.1.?)..I..e..%..
<<< skipped >>>

GET /ofr/isicicc.cis HTTP/1.1

Range: bytes=0-102399

Accept: */*

Host: cdnus.downloadster2cdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.2

Date: Sat, 20 Dec 2014 13:25:03 GMT

Content-Type: application/octet-stream

Content-Length: 102400

Connection: keep-alive

x-amz-id-2: pleIyD6oVU4VW4a9yBj06mGMEtaRrXOsCCEnuPufwdUVAfpfj4hkQRIekna Kz0/

x-amz-request-id: 57C3EE03F904F08E

x-amz-meta-cb-modifiedtime: Thu, 28 Aug 2014 08:06:42 GMT

Last-Modified: Thu, 28 Aug 2014 08:07:54 GMT

x-amz-version-id: Cps7ujoLu7tbSmpel034FEsiI5AkDorU

ETag: "4b79f0fd86d9c68b64393776fdc910ef"

Content-Range: bytes 0-102399/382062
CIS................S.......n.......P........>p..OaF~&.U"&..........
kM.....l..C..^.a].....U...U...#a ...h......d....D]b.....q....*.......J
x.,.r.`*....e.uZ.....N....,.0I..C.Pu..:..i.....hkNa ..;0..[d.}.....Zu.
.L;0.*P7V....Qv.#@\x.)ek.<.o;....W..............Au\.E.N......._{.cs
.p3....w)[email protected]../d.n...rP.O..`.l..&..k..Mzp....;#X...^jt..
.\.q=\N.[.'I..sP.-[8..1R\..S...9(..Z....(R..-.*......t.....]..C_T.4Mj.
....N.,h....:} Y.}.K9.)2........f.&..A.aqnv.}.=.#OOTRVO2...1X..7.htmO.
..$..0.=.1.Y.`.A.M....V...:T..5$....C`.....!.u.. .EK7=.....8..k.....@.
`.P..S.W.....G....Wz....j..;.<..w.0.$fF..&[.}.9........[#...%k.L...
Q..$. '[email protected]).B...E5..Q..M<
...-...o..D...V..H.. ............0.?_/Py.\....,..#.V..p.......<k...
.H...Zv..( i{M...._.... '.].k...D...k%..7.........~.T..."..A..A.u5.b".
.......vv.2..%......-C9^}EQ..]..$.Z..bj..R..SX.._&@Oq0'.....y&.s.X=o!.
.\ ..#.....i.f...=D.2.E..fZ.4e.=B..k.{..G.;V../...s......C.C....v.9...
..E|.... -M...T.#.Fu.....XmY.5!..w.V6.@*..TX&..6..tF.[.a.5...r.7...W..
......0...7....h....(....KJZ68.m.p......U.i..]..q...y.gymw.=...h...8aq
.#.^<..Y..,q#d..."B.-..kL...F.........Ko/@g...Rg.U...o.@.$..!.j.z.d
;..1.....].e12....;#...R..x..#.m...M.yq_8.".....".....7V...\........v.
....6.....0N..(.{'....<...w...9k.R{hVp.."..m.x...k.....;.#..h.5..6.
.j.;.!...=?-{a/9/..g.. .>..N:...s.7....~.m.....w.Q...J.1v..P......U
....5.."...g.!PF5...-..!4!...`..:....J.^......%_..f..%...)E.."8t.3....
oW....,. >`;Z......l..aX..v.6.Jw.I8Q0..LW<...4......!.k,].=}
<<< skipped >>>

GET /img/Noseresel/Noseresel.png HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Sat, 20 Dec 2014 13:25:02 GMT

Content-Type: image/png

Connection: keep-alive

x-amz-id-2: WH5/DBSO3ZAqqXITp9v1L1kg9kUM3gxVv9PkIIn4zx/v03/aWcHmlH9M4k2fPcKi dyQ6p04nBE=

x-amz-request-id: 2076CBE4DA4C24BE

x-amz-meta-cb-modifiedtime: Mon, 25 Aug 2014 13:34:54 GMT

Last-Modified: Mon, 25 Aug 2014 13:35:30 GMT

x-amz-version-id: TAf5uJduPCODkFdQAiP8vO0WMberqYrD

ETag: "26035609b62311690edfe84078a6de29"

Content-Length: 1574

Accept-Ranges: bytes
.PNG........IHDR...t...........:.....sRGB.........gAMA......a.....pHYs
..........o.d....tEXtSoftware.Paint.NET v3.5.100.r.....IDAThC..Y..U...
.A....QD...Y.QP.'Q.(......&F.......5.."... ....AEi......./....|1..5...
.=m.=.CO;.!.../......sn.[..S...*..v.Dm...*Sbh.)1....ZeJ..2%.V..C.L..U.
c.. ...-JT..-C....%*K)...` [email protected]=|...:.{.....X..,..,.
c...r.......A.`...r]a..h#.*.. ..C...CW......L.....(...0.F@w..._g$.....
2^.Yz@..... .z...0....6..D.2y...t.js..M)..F.vh...)]2..J14......,...a.f
......e..YnY.e..W.....Y.j:.8.=il.[ ~. ....,X..f.}[email protected]....`6&l
t;.:.i;.aU....;...Y......o..5../j......S......._;.........5;9.j...n...
..... [email protected].:k.e.W7..u.....`.U.Fc2PF...$P..0.:[..X..@...../
.&...B......k.F..S.Wx........V...R..uMn_. .t.a.w..n......Ow.q....#]...
......w.....)>..... ...,R|.<..........X......3........7......aB&
...q.........\ 9.vM.q.'.....\).[...P......j..j.!X...M.st....F5...Z..w.
..z.e.z.}.....z.H. ....c......Y.....JC......?..........R(.P....l'|..n.
..V...g.^{.4m....U.T.....A.x...........S.:g..2t%.w.....S.4,.:..g....*.
...Cp..<C.jq...x..DcaE.8_....I..^ C..;A..NV..h......iP....K......j.
E....n....0..z....[. a.E..D}.].bj.4A.*..h..j.b...X......x....{~...PHmn
....\.).P..w..7.=.....w.....3.Y..............CA.....|.VP.e.X.~7<.~.
Z.P...5.......d..T.....!.........G.=.....~..a.2...O...S....AZxh.*.^.M.
:_[.{@[.......GN.....kA.R..!...a.......k..z...E...........0..=.4%..-..
...aS......H&...L..Z.^..Gj?.w._4.......V..kd..]9M...B..e.|.k/...I."...
...@...
<<< skipped >>>

GET /img/Pisiseti/Pisiseti_BG1.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Sat, 20 Dec 2014 13:25:02 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: YZpFdkWUyKijT1H3d5Z09eh4jLFtBclAc4mYHcUbvHVLvrsDENDR09su3Ga9SRkqGJQAwRD n k=

x-amz-request-id: 6D127501AAE02C96

x-amz-meta-cb-modifiedtime: Sun, 03 Aug 2014 13:34:08 GMT

Last-Modified: Sun, 03 Aug 2014 14:06:39 GMT

x-amz-version-id: TD0_qBj.2tYSbhDbwEF0e4XQriIkQwNJ

ETag: "6041c42d43d5e09119cba1b9d4d6ed5c"

Content-Length: 48828

Accept-Ranges: bytes
......Exif..II*.................Ducky.......3.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:2025DE1C4271E311B
43782832C1A2295" xmpMM:DocumentID="xmp.did:48AE51B71ADD11E4A20ED7C7CE4
13405" xmpMM:InstanceID="xmp.iid:48AE51B61ADD11E4A20ED7C7CE413405" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:045441E2DC1AE411AA8EF47F38B28B47" stRef:doc
umentID="xmp.did:0274FB390E9311E4A11FED0374D940E8"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
.."!!!"&&&&&&&&&&........... ... &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
&&&&&&&&&&&&........0.................................................
.......................................!.1.AQ".a2..q.B#.R...b3..r..C$.
......Ss4%..c.&..DT......................!1.A.Qa".q.2.........BR#.b..3
C4............?.....E.u..(...b8lVw...H......P(..U.e1W......*2.AQ..UC.X
.p[..B....ka....V8{I......q............o.......C. ...YG1&...._.jl....l
.."......V.`.VW1A=... ..)h..K.$....V?..B...A..%....7...Rz.8.-..T.|
<<< skipped >>>

GET /img/Pisiseti/Pisiseti_BG1_232.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.downloadster2cdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx/1.0.10

Date: Sat, 20 Dec 2014 13:25:03 GMT

Content-Type: image/jpeg

Connection: keep-alive

x-amz-id-2: 0SrDzSiHB/wyObQsPDFfEl/wpCOikYCw/XwCQtU6vt4RyVkjbG0FtBbB P4jcM4eHJsjHEL/gmM=

x-amz-request-id: A4814537B1344FA3

x-amz-meta-cb-modifiedtime: Tue, 02 Dec 2014 16:18:04 GMT

Last-Modified: Tue, 02 Dec 2014 16:18:42 GMT

x-amz-version-id: nzRKiesY56Zmw8xFGBff.isRvXgGYf6G

ETag: "b2a6c4ce621ef821b83970f33df2d622"

Content-Length: 52593

Accept-Ranges: bytes
......JFIF.....`.`.....fExif..MM.*.................>...........F.(.
..........1.........N.......`.......`....paint.net 4.0.3....C.........
...........................................................C..........
.................................................................."...
.........................................................}........!1A.
.Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijs
tuvwxyz...............................................................
...............................................................w......
.!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcd
efghijstuvwxyz........................................................
............................?....}..\...m/.....5.wZ.KK..H..]J....RO...
W.....~~.....;....C......Z.\5......0>......]..G...c{g.........L4}C.
.I...0..`..=.R.I.W....h.....n.f.....%..j/.~>..!Ko.....m,.{..Q.l.a-.
..!............k..A...E....v.....{O0.n!.5...p...7~1..;.e...W.....'.W..
.o....~RG.N.zW._.............7:/..M.=..E.|u.....y...A..?.X..../.......
/.S..?....~...~.......[.-.n.w..QbEl..G..........!...:LJ.......>o..}
0..=.y.....FK.z.2. 6....9f.....,....x..c.~...)C..%.k.?..L....(= ..wg9.
.f.h\........V...]..o&..'......} ..I ..kfNR...<..Ce^..7...k_..eg..:
|...|.".5...O@=M{.....X......z,;./$..a.[.>....._....fO.~......4.Y..
...V.|...BA..}:._!..O..i.5Il.W...i.|5..&...qvr}|.w...........d...}....
..Z%[..@..)..\.=..[_.........#...6....O..-.W..f.%.'.p....I..<....;.
.3.......-n.. S...u...`.Y..s.....<W...#.z...w.....1...guI......
<<< skipped >>>

The Adware connects to the servers at the folowing location(s):

.idata

.rdata

P.reloc

P.rsrc

.dll3

kernel32.dll

.DEFAULT\Control Panel\International

File I/O error %d

lzma: Compressed data is corrupted (%d)

LzmaDecode failed (%d)

shell32.dll

/SL4 $%x "

" %d %d

Labu Setup Setup Data (5.1.13)

Labu Setup Messages (5.1.11)

user32.dll

oleaut32.dll

advapi32.dll

RegOpenKeyExA

RegCloseKey

GetWindowsDirectoryA

MsgWaitForMultipleObjects

ExitWindowsEx

comctl32.dll

<assemblyIdentity version="0.0.0.0" processorArchitecture="X86" name="Setup.exe" type="win32"/>

<requestedExecutionLevel level="asInvoker" uiAccess="false" />

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted%Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'

Invalid variant operation"Variant method calls not supported

External exception %x

%original file name%.exe_876_rwx_00403000_00002000:

.dll3

%original file name%.exe_876_rwx_009A1000_00125000:

kernel32.dll

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

EVariantBadIndexError

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

.Owner

EInvalidGraphicOperation

USER32.DLL

comctl32.dll

UrlMon

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeyword

crSQLWait

%s (%s)

IMM32.DLL

AutoHotkeys

BiDiModexE

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview

WindowState

OnKeyDown

OnKeyPress

OnKeyUp 7

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

2301654879

A`bng`@ikc-4,uUxlxs-4,Ht.HA

Vh-0,Cd`jiVhlxwd-0,tLcibD.ZP

TThreadExecuter

TScanAllWindowsCallBackData

Portuguese

i\*.*2XE

i.dwcnhE

nmhpjhc03.fcclJL

i.ulzn1E

powrprof.dll

1.2.3

THttpTimeOutThread

THttpCallBackShell

Gx-21,\igh]ixyj-42,M.DJ

A`qjz``-0,ZkdkNgij.pc

Kcqjpc`-0,Aaj-1,gEdafa`.pM

hXXps://

hXXp://

https

SQL error or missing database

An internal logic error in SQLite

Operation terminated by sqlite3_interrupt()

Uses OS features not supported on host

2nd parameter to sqlite3_bind out of range

sqlite3_step() has another row ready

sqlite3_step() has finished executing

Unknown SQLite Error Code

sqlite3.dll

ESQLiteException

TSQLiteDatabase

TSQLiteTable

Error executing SQL

Could not prepare SQL statement

Error executing SQL statement

select [sql] from sqlite_master where [type] = 'table' and lower(name) = '

Could not prepare SQL statement

SQLite is Busy

SOFTWARE\Mozilla\Mozilla Firefox

session\urls_to_restore_on_startup

DoSetChromeHomePage AL=

SELECT value FROM meta WHERE key='Default Search Provider ID'

SELECT short_name FROM keywords WHERE id='

UPDATE keywords SET sync_guid='

UPDATE keywords SET instant_url='' WHERE id=

keywords_backup

DROP TABLE keywords_backup

CREATE TABLE keywords_backup AS SELECT * FROM keywords ORDER BY id ASC

autogenerate_keyword ||

SELECT id || short_name || keyword || favicon_url || url || safe_for_autoreplace || originating_url || date_created || usage_count || input_encodings || show_in_default_list || suggest_url || prepopulate_id ||

created_by_policy || instant_url || last_modified || sync_guid

FROM keywords ORDER BY id ASC

RemoveChromeSearchProvider - cannot remove

DELETE from keywords WHERE short_name='

RemoveChromeSearchProvider - exception:

SELECT id FROM keywords WHERE short_name='

Home URL

Amazon.com

eBay.com

Merriam-Webster

Suggest URL

Opera Preferences version 2.0

; Do not edit this file while Opera is running

Key=c

Suggest URL=

HNetCfg.FwMgr

HNetCfg.FwAuthorizedApplication

]DKizHi-4,exc-1,Hc`hk-3.GI

6?0N2=.Lq

;768>1-80

005345000000

000000000000

000000000010

000000000030

cabinet.dll

Reporting failed on first attempt, second attempt is cancelled (finallizing)! Url:

First report attempt failed, going for second! Url:

The report failed! Url:

Successfull report, Url:

TUninstallExecuter

TUninstallExecuter can be created only once.

CJ[hx.Xu

Downloading Bundles data from adServer on url:

BND_HTTP_CODE

&ExeChkSum=

Report main param:

Report param (pkg:

), exeName:

GENERIC_WINDOWS

NO_JAR_SUPPORT

ole32.dll

olepro32.dll

IWebBrowser

IWebBrowserApp

IWebBrowser2$8

TEWBWindowSetResizable

TEWBWindowSetLeft

TEWBWindowSetTop

TEWBWindowSetWidth

TEWBWindowSetHeight

bstrUrlContext

bstrUrl

OnWindowSetResizable

OnWindowSetLeft

OnWindowSetTop

OnWindowSetWidth4>

OnWindowSetHeightp>

grfKeyState

TComTargetExecEvent

CmdGroup

nCmdID

nCmdexecopt

hhctrl.ocx

URLMON.DLL

SHDOCLC.DLL

rcmDefault

rcmDebug

DontExecuteScripts

DontExecuteJava

DontExecuteActiveX

DisableUrlIfEncodingUTF8

EnableUrlIfEncodingUTF8

CheckFontSupportsCodePage

DisableSubmitUrlInUTF8

EnableSubmitUrlInUTF8

lpMsg

PMsg

pguidCmdGroup

TTranslateUrlEvent

pchURLIn

ppchURLOut

CmdID

pszUrl

pszUrlContext

szPassWord

ErrorUrl

OptionKeyPath

OverrideOptionKeyPath

OnTranslateUrl(k

OnCommandExec4U

'%s' is not supported.

TMsgEvent

TKeyEventEx

Port

Password

poPortrait

0.750000

3333333

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(

This object does not support this method (

Unsupported type for Parameter with Index %d

Method call unsuccessful. %s (%s).

eiOnKeyDown

eiOnKeyPress

eiOnKeyUp

OnKeyUp

Handler with EventID = %s already exists.

Error on IConnectionPoint.Advise

Source don't have connection point for [%s]

JS function sync-execution failed with message:

] execution failed with message:

.html

MAPI32.DLL

LeftPopup

TPipeServer

TPipeObject

TPipeServerListener

TPipeClientU

2.1.0.0

This exe was created with an old version of HtmlAppMaker.

irsoMsgDialog

irsoGetCurExePath

irsoJoinPath

irsoGetCmdLineParam

irsoGetCmdLineCount

irsoGetCmdLineIndexOf

irsoGetCmdLineParamValue

irsoGetCmdLineAll

irsoRegCreateKey

irsoRegCreateKeyTree

irsoRegDeleteKey

irsoIsRegKeyExists

irsoRegListKeyValues

irsoRegListKeyKeys

irsoRegSearchKeyKeys

irsoRegCopyKey

irsoHttpGetData

irsoHttpGetDataInThread

irsoLibraryExecuteProc

irsoLibraryExecuteProcW

irsoLibraryExecuteProcWithResult

!irsoLibraryExecuteProcWithResultW

irsoExecute

irsoIsMutexExists

irsoGetCurExeCheckSum

irsoSetSQLiteDll

irsoGetSQLiteDll

TExecArgsX

H-4,njBdi-2,o-4,r.vY

iexplore.exe

firefox.exe

chrome.exe

safari.exe

opera.exe

THtmlUIExeApp

irsoExecutePackage

irsoReportPackageError

irsoReportPackageSkip

irsoReportPackageQuit

irsoReportPackageSuccess

irsoReportPackageInfo

irsoGetPackageFilenameFromHttp

irsoGetPackageExecExitCode

irsoGetPackageExecResult

irsoSetPackageRelProgressShare

irsoIsFireFoxInstalled

irsoIsChromeInstalled

irsoIsOperaInstalled

irsoGetFireFoxHomePage

irsoGetChromeHomePage

irsoGetOperaHomePage

irsoSetFireFoxHomePage

irsoSetChromeHomePage

irsoSetOperaHomePage

irsoGetFireFoxDefaultSP

irsoGetChromeDefaultSP

irsoGetOperaDefaultSP

irsoAddFireFoxDefaultSPFromXML

irsoAddFireFoxDefaultSP

irsoSetFireFoxAddressBar

irsoAddOperaDefaultSP

irsoAddChromeDefaultSP

irsoGetFireFoxEXE

irsoGetIEEXE

irsoGetChromeEXE

irsoGetOperaEXE

irsoGetFireFoxVer

irsoGetChromeVer

irsoGetOperaVer

irsoLocateSQLite

irsoGetFireFoxCookie

irsoGetChromeCookie

irsoIsFireFoxExtensionInstalled

irsoInstallFireFoxAddon

irsoInstallChromeAddon

irsoUninstallAddExeCmd

irsoUninstallAddOpenBrowserCmd

irsoUninstallAddRegistryKey

irsoUninstallExecute

irsoReportStart

irsoReportInfo

irsoSetExclusiveExec

An attempt to download bundle data was denied: adServer domain name must remain the same! Url:

\fuj-1,w U,P\O U,qah`k,.nlvcbqff,-U>

/UnExeFile:

UnExeFile

z`o1caig2,.hf5b Q,0cfh)914`,,34`6;ia2f=ae-3,L1

1.2.1

inflate 1.2.1 Copyright 1995-2003 Mark Adler

?456789:;<=

!"#$%&'()* ,-./0123

333333333333333333

33333833

3333339

3333333333333338

:*"*"$3338

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

.Bj&T

.Wl51

@%DKe

&zQ%S

sqlV}

b8Y%8s&

lx=%D

gyÏ

%SXe'Z

\w.we

AC.EjX

KWindows

XisrWindowsEx

kisrSQLiteTable3

isrSQLite3

isrSQLiteUtils

hisrPipes

HtmlUIExeApp

WaitNamedPipeA

PeekNamedPipe

GetWindowsDirectoryW

GetCPInfo

DisconnectNamedPipe

CreatePipe

CreateNamedPipeA

ConnectNamedPipe

RegQueryInfoKeyA

RegOpenKeyExW

RegOpenKeyExA

RegFlushKey

RegEnumKeyW

RegEnumKeyExA

RegDeleteKeyW

RegDeleteKeyA

RegCreateKeyExW

RegCreateKeyExA

RegCloseKey

SetViewportOrgEx

ShellExecuteExW

ShellExecuteA

UnhookWindowsHookEx

SetWindowsHookExA

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextA

GetAsyncKeyState

EnumWindows

EnumThreadWindows

EnumChildWindows

ActivateKeyboardLayout

GetKeyboardType

"$ %),'8

38000=344

&W!%C-7

1 0 .'7(2':

- /*-( ,'.-!$$$&'('/*) ,*/.)*72-7)

&)"%&$&'&",,/- '

SSSHHHK`````````````````q}

#)'%%'%'%

.idata

.edata

P.reloc

P.rsrc

- /*-( ,'.-!$

*/.)*72-7)

#-**(-#,

&",,/- '

Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice

http\shell\open\command

PathToExe

mozsqlite3.dll

cookies.sqlite

GetChromeDefaultSearchProviderFromDb - failed to get spid, returning default!

sqlGetQueryResultEx failed!

Opera\Opera

Opera

\operaprefs.ini

\profile\operaprefs.ini

\profile\opera6.ini

\opera6.ini

Software\Opera Software

locale\en\en.lng

\profile\search.ini

\search.ini

search.ini

\defaults\search.ini

DoRemoveOperaSearchProvider - cannot remove

" was sucessfully removed but references to its HexKey: "

TopResultURLFallback

FaviconURL

FaviconURLFallback

*.txt

Uninstall\Uninstall.exe

Uninstall\uninst.dat

uninst.dat

regsvr32.exe

Waiting for all the ongoing reports to complete...

_EXEXE_

errorUrl

Failed to launch htmlUI from the following url:

main.html

Remote mask loading is currently not supported. mask:

Please login as administrator and try again.

Installer Account Name altered after at least one report already sent.

.Uninstall\

No help found for %s#No context-sensitive help installed$No topic-based help system installed

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

OLE error %.8x%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

Alt  Clipboard does not support Icons/Menu '%s' is already being used by another form

!Control '%s' has no parent window

Metafile is not valid!Cannot change the size of an icon Invalid operation on TOleGraphic

Unsupported clipboard format

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Failed to get data for '%s'

Failed to set data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file %s

Cannot open file %s

Invalid stream format$''%s'' is not a valid component name

Ancestor for '%s' not found

External exception %x

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

Invalid variant operation!Invalid variant operation ($%.8x)

Variant is not an array5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

!'%s' is not a valid integer value('%s' is not a valid floating point value"'%s' is not a valid currency value!'%g' is not a valid date and time

'%s' is not a valid GUID value

I/O error %d

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   mscorsvw.exe:172
   

2. Delete the original Adware file.
   
3. Delete or disinfect the following files created/modified by the Adware:
   

   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\upper_bar.png (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\form.bmp.Mask (244 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2RERJYES\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\icc.dll (229 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0014D02F.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2RERJYES\Pisiseti_BG1[1].jpg (11713 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\main.css (6 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ICReinstall_%original file name%.exe (3680 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Resume_Button.png (681 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\locale\EN.locale (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\sqlite3.dll (3716 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0014D5AD.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\images\progress-bg.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Close_Hover.png (207 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OXEJG5YB\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0014AB52.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\checkbox.css (190 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\images\progress-bg2.png (978 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GXU7KPMF\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1361329_Setup.EXE (29234 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\sdk\exceptlist.txt (34 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\button.css (417 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Color_Button.png (808 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1361368_Setup.CIS (68 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0014C32F.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1141050697.cfg (212 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\BG.png (25 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Pause_Button.png (493 bytes)
   %Documents and Settings%\%current user%\Desktop\Continue CCleaner Installation.lnk (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\isf_1361393.flat (151 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Progress.png (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\isf_1361460.flat (6314 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\RAM.dll (151 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0014D148.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\ie6_main.css (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Loader.gif (10 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Color_Button_Hover.png (818 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GXU7KPMF\ccleaner[1].png (646 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0014D7D0.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Icon_Generic.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\ProgressBar.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Grey_Button_Hover.png (719 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\browse.css (337 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Grey_Button.png (698 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\progress-bar.css (506 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OXEJG5YB\logo-lightbg-small[1].png (1651 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Quick_Specs.png (221 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\bootstrap_27709.html (156 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\css\sdk-ui\images\button-bg.png (131 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1818600081.cfg (212 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\csshover3.htc (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0R854XI7\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\364991281.cfg (204 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0014C504.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0014D07D.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1354593\images\Close.png (207 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\20378062.cfg (204 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1275519350\1361393_Setup.CIS (2740 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2RERJYES\Seniser[1].png (15065 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0014D010.log (8 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.