Application.Bundler.Somoto.I_6d203980cf

by malwarelabrobot on April 21st, 2015 in Malware Descriptions.

Application.Bundler.Somoto.I (AdAware), SearchProtectToolbar_pcap.YR, mzpefinder_pcap_file.YR, SearchProtectToolbar.YR (Lavasoft MAS)
Behaviour: Malware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 6d203980cf5a21ffee449394f4bf280e
SHA1: c7934d06a97623fab336ae749b7e4447f532e582
SHA256: 38e6fb50794b32874d0ed17840be041091a1267bce8dbecb731a63c25eb88342
SSDeep: 3072: 22ihA0m3BJf0AM5R lRXc8HZ0tGkwWbNpWSIzaEGZlKY:xA0m3T0AMLupitGkwWBwNGZlKY
Size: 167536 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2010-12-17 11:14:12
Analyzed on: Windows7Ada SP1 64-bit


Summary:

Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Payload

No specific payload has been found.

Process activity

The Application creates the following process(es):

smt_istartsurf.exe:1504
ProtectWindowsManager.exe:3688
ProtectWindowsManager.exe:3640
%original file name%.exe:2884
ProtectService.exe:4012
ProtectService.exe:3988
XTab_Setup2121.exe:3788
FLVPlayerSetup.exe:2432
wpm_v20.0.0.1953_0302.exe:3600
biclient.exe:560
biclient.exe:1144
biclient.exe:2984
F121.tmp:2564
QQBrowser.exe:2876
QQBrowser.exe:3536
01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe:3680
powershell.exe:2172
powershell.exe:2876
powershell.exe:2728
appshat_generic.exe:3884
HPNotify.exe:3284
cmdshell.exe:4076
appshat.exe:924
webplayer_installer.exe:3644
webplayer_installer.exe:3388
Bxaze.exe:3424
cscript.exe:3144
cscript.exe:1172

The Application injects its code into the following process(es):

WebPlayer.exe:3544
WebPlayer.exe:456

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process smt_istartsurf.exe:1504 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\checked.png (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\checkbox_select.png (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\conf (79 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\code1.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\bg.png (5064 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\XTab_Setup2121.exe (76650 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\checkbox.png (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\474.db (168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\eg1.zip (190202 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\scrollbar.bmp (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\bg1.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\unchecked.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\code5.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\loading_bg.png (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\button.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\code3.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\MessageBox.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\eg2.zip (244632 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\Thumbs.db (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\UninstallManager.exe (60186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\bk_shadow.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\sweetsearch!1.0.0.1031.xpi (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\button1.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\474.json (512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\Thumbs.db (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\quick_searchff#5.4.10.xpi (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\close.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\code6.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\QQBrowser.exe (5199 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\min.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\QQBrowserFrame.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\DataBase (26688 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\code2.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\uninstallDlg2.xml (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\code4.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\wpm_v20.0.0.1953_0302.exe (16944 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\loading_light.png (139 bytes)

The process ProtectWindowsManager.exe:3688 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\ProgramData\WindowsMangerProtect\update\conf (5 bytes)

The process %original file name%.exe:2884 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE781.tmp (6479 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\biclient.exe (8793 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\config.ini (107 bytes)

The process ProtectService.exe:4012 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\ProgramData\IHProtectUpDate\update\conf (5 bytes)
%Program Files% (x86)\XTab\CmdShell.exe (49 bytes)

The process ProtectService.exe:3988 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Program Files% (x86)\XTab\msvcp110.dll (536 bytes)
%Program Files% (x86)\XTab\msvcr110.dll (876 bytes)

The process XTab_Setup2121.exe:3788 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Program Files% (x86)\XTab\web\img\loading.gif (5 bytes)
%Program Files% (x86)\XTab\skin\btn.png (2 bytes)
%Program Files% (x86)\XTab\install.data (68 bytes)
%Program Files% (x86)\XTab\web\_locales\zh-CN\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\_locales\en-US\messages.json (3 bytes)
%Program Files% (x86)\XTab\HPNotify.exe (17941 bytes)
%Program Files% (x86)\XTab\conf (1594 bytes)
%Program Files% (x86)\XTab\web\js\library.js (4216 bytes)
%Program Files% (x86)\XTab\BrowerWatchFF.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi5F01.tmp\System.dll (23 bytes)
%Program Files% (x86)\XTab\web\_locales\es-419\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\indexIE8.html (1794 bytes)
%Program Files% (x86)\XTab\web\_locales\pt\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\ver.txt (47 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-BE\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\input_bk.png (2 bytes)
%Program Files% (x86)\XTab\web\_locales\pl\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\_locales\it-IT\messages.json (4 bytes)
%Program Files% (x86)\XTab\skin\conf_back.png (1623 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-CA\messages.json (3 bytes)
%Program Files% (x86)\XTab\uninstall.exe (1343 bytes)
%Program Files% (x86)\XTab\skin\btn_apply.png (6 bytes)
%Program Files% (x86)\XTab\skin\conf.xml (8 bytes)
%Program Files% (x86)\XTab\CmdShell.exe (1685 bytes)
%Program Files% (x86)\XTab\web\indexIE.html (1 bytes)
%Program Files% (x86)\XTab\web\_locales\ru-MO\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\js\xagainit-ie8.js (4 bytes)
%Program Files% (x86)\XTab\skin\about_bk.png (1436 bytes)
%Program Files% (x86)\XTab\web\_locales\es-ES\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\main.xml (4 bytes)
%Program Files% (x86)\XTab\web\img\icon48.png (3 bytes)
%Program Files% (x86)\XTab\BrowserAction.dll (33992 bytes)
%Program Files% (x86)\XTab\skin\radio_2.png (3 bytes)
%Program Files% (x86)\XTab\msvcr110.dll (21280 bytes)
%Program Files% (x86)\XTab\searchProvider.xml (8 bytes)
%Program Files% (x86)\XTab\web\_locales\it-CH\messages.json (3 bytes)
%Program Files% (x86)\XTab\ProtectService.exe (5468 bytes)
%Program Files% (x86)\XTab\web\js\js.js (18 bytes)
%Program Files% (x86)\XTab\ffsearch_toolbar!1.0.0.1028.xpi (15 bytes)
%Program Files% (x86)\XTab\skin\logo.png (5 bytes)
%Program Files% (x86)\XTab\web\js\xagainit2.0.js (4 bytes)
%Program Files% (x86)\XTab\web\main.css (19 bytes)
%Program Files% (x86)\XTab\web\_locales\vi-VI\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\_locales\ru\messages.json (4 bytes)
%Program Files% (x86)\XTab\skin\close.png (3 bytes)
%Program Files% (x86)\XTab\web\data.html (20 bytes)
%Program Files% (x86)\XTab\web\img\logo32.ico (4 bytes)
%Program Files% (x86)\XTab\web\img\icon128.png (9 bytes)
%Program Files% (x86)\XTab\web\js\jquery.autocomplete.js (12 bytes)
%Program Files% (x86)\XTab\skin\about.png (4 bytes)
%Program Files% (x86)\XTab\BrowerWatchCH.dll (23 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-FR\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\img\icon16.png (628 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-CH\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\settings.png (5 bytes)
%Program Files% (x86)\XTab\web\js\jquery-1.11.0.min.js (4726 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-LU\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\js\ga.js (1568 bytes)
%Program Files% (x86)\XTab\web\js\common.js (2 bytes)
%Program Files% (x86)\XTab\web\_locales\tr-TR\messages.json (4 bytes)
%Program Files% (x86)\XTab\SupTab.dll (15946 bytes)
%Program Files% (x86)\XTab\IeWatchDog.dll (20 bytes)
%Program Files% (x86)\XTab\web\_locales\pt-BR\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\img\google_trends.png (7 bytes)
%Program Files% (x86)\XTab\web\_locales\zh-TW\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\rigth_arrow.png (2 bytes)
%Program Files% (x86)\XTab\msvcp110.dll (16990 bytes)
%Program Files% (x86)\XTab\skin\radio_1.png (3 bytes)

The process FLVPlayerSetup.exe:2432 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\modern-wizard.bmp (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\modern-header.bmp (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\webplayer_installer.exe (7069 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\nsDialogs.dll (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\webplayer-flv.rtf (2104 bytes)

The process wpm_v20.0.0.1953_0302.exe:3600 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (3568 bytes)

The process biclient.exe:560 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\4dfa5bcd08236142b5420a1deefa56ef[1].htm (26548 bytes)

The process biclient.exe:1144 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.0 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.1 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.2 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.3 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.4 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.5 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.6 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.7 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT (768 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\e1b82b8d0881034aa57a76140e007cf2[1].htm (25449 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.1 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.0 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.3 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.2 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.5 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.4 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.7 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.6 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.7 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.6 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.5 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.4 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.3 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.2 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.1 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.0 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe (50115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe (71289 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe (21724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.2 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.3 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.0 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.1 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.6 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.7 (12321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.4 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.5 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\tokyo_sprite_full[2].png (1276 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\ajax-bidl[1].htm (206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp (34241 bytes)

The process biclient.exe:2984 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\eula-swiftrecord[1].htm (4337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\eula-istartsurf[1].htm (1059 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DCJ619B4.txt (688 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0QLRXUB5.txt (548 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\54UVVXWF.txt (288 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\tokyoLightGrayStripesBG[1].jpg (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FLVPlayerSetup.exe (18768 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\ga[1].js (25835 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\tokyo_sprite_full[1].png (3701 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\eula[1].htm (1610 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\flvplayer[1].png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\eula-youtubeaccelerator[1].htm (2690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT (2208 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HQX9MJX4.txt (688 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\EODL2VLO.txt (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\226e81ab89188549baf0d586a6bc816b[1].htm (34870 bytes)

The process F121.tmp:2564 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\UserInfo.dll (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\NSISEncrypt.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\nsJSON.dll (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Swift Record\lm (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\WmiInspector.dll (3137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Swift Record\mj (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\IpConfig.dll (4254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Swift Record\tlg (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\nsExec.dll (14 bytes)

The process QQBrowser.exe:2876 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\include\tools\urlrequestor.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\include\speed_dial.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\es\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\pl\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code1.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\zh-CN\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\newtab.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\last_tab.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\fr-CA\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\simple.css (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\pack\ga.js (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code2.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\fr\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\button1.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\js.js (660 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\474.json (512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\icon.png (628 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\checkbox_select.png (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\MessageBox.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\index.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code5.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\pack\xagainit.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\fr-LU\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\bg1.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\bk_shadow.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\settings.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\pack\common.js (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\loading_bg.png (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\misc.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code4.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\google_trends.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code3.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\button.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\quick_start.xul (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code6.jpg (5 bytes)
C:\Users\Public\Desktop\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\tr\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\module\hotSearch.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\min.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\install.rdf (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\ru-MO\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\en\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\es-419\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\close.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\it-CH\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\lib\jquery-2.1.0.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\googlelogo.png (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\include\tools\about_blank_hook.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\2369.tmp (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\uninstallDlg2.xml (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\defaults\preferences\fvd.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\module\search.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\checked.png (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\scrollbar.bmp (37 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\checkbox.png (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\include\tools\misc.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\vi\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\properties.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\en-US\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\defaults\preferences\preferences.js (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\logo.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\module\mostgrid.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\2339.tmp (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\loading.gif (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (486 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\bg.png (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\pt-BR\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\addonmanager.js (531 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\loading_light.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\include\tools\popup_image_helper.js (693 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\unchecked.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\2349.tmp (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\zh-TW\locale.properties (1 bytes)
C:\Users\Public\Desktop\Google Chrome.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\style.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\default_logo.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\UninstallManager.exe (14022 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\Thumbs.db (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\ru\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\fr-BE\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\aes.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\restoreprefs.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\2399.tmp (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\remoterequest.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\it\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\module\stat.js (4 bytes)
%Program Files% (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml (553 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\lib\jquery.autocomplete.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\lib\doT.min.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome.manifest (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\Thumbs.db (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\QQBrowserFrame.dll (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\quick_start.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\fr-CH\locale.properties (2 bytes)

The process QQBrowser.exe:3536 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\XTab_Setup2121.exe (148 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\WebDataJs (40 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\474.db (155 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\wpm_v20.0.0.1953_0302.exe (988 bytes)

The process 01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe:3680 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\375.js (685 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\339.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\221.js (419 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\234.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\288.js (969 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\354.js (5118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\7500741a9065ecf69dfd112421772ba4.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\d6ec1dab117f4ac2f2f5d541daed79e2.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\2e0fa692e5e7d961bb9d81cfa1ac2966.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\1.js (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\crossrider_statusbar.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\242.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\255.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\icon24.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\5febde0bacdab7a8f3ec6ce44e0b706b.js (964 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\button3.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\d4ed991ff40a229a0622e0606a37327b.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\install.rdf (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\72.js (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\83f6d845993575c3d94fcc78e4f7ef92.js (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\2141b52706ef745b2a22e75e33895245.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\bedd2ff3c8cd163718841dffba2e2bef.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\9.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\update.css (144 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\skin.css (909 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\9941ee745cddfe1005b7e7089b614a4b.js (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\ffCoreFilesIndex.txt (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\9136010c804a2840f7d7c27e5d1afcd7.js (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\2c336850160e00c5eb623004e5ec3aca.js (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\button5.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\281.js (461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\183.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\userCode\extension.js (358 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\184.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\6889d563da5c48a8ce768e0edc93745a.js (618 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\182.js (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\253.js (741 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\ed25e4865e773eba7e25f1996c5a4bce.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\options.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\panelarrow-up.png (921 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\180.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\button2.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\6c7811f10cfb98b9f1763b5345d85e98.js (357 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\22.js (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\670dbbe403c6360b6052e5f363ed450b.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\379.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\438b972f6294cdfbae9eca34e441ad3e.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\345.js (663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\button4.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\browser.xul (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\be027ac44fbc92bdd651ab8bc10b05b3.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\21.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\195.js (414 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\220.js (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\13.js (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\01582ac40322b6d7683825c62a0263ad.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\223.js (829 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\e055ba096a4270f84e5bdb65a438e474.js (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\1cfe04157632e78d46fbd4494cd08061.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\390.js (829 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\c74ac2e4f6f4f31cc4cb7288d9c2f772.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\177.js (816 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\29f86db80793dfda37ea151f81b1eb0a.js (651 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\5f3def1ffe21b50407f4186bf271625a.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\4a3c378be3c0a1c88251e33fb294c23b.js (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\a23949c9b6c9e24ee54e99e4f08ebb4f.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\d558fdbf24bb49e9fd8ea5834f2d8296.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\14.js (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins.json (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\16.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\defaults\preferences\prefs.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\27b108c0cebbe4aab1ad8c391e83b331.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\c12defd337be815c0c356e8185da5647.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\200.js (813 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\207.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\98334486106663b4a30c7033eca32d66.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\acbac258ab8930f55df2737a7623316e.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\button1.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\102.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\246.js (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\dda43c892e467b84c5c5a65c0f78f43a.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\1cd092e31d00a3d88980638b1aacad86.js (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\91.js (6772 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\fcd1e3efcc56376494881a5840f44668.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\popup.html (353 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\75993412f37946fca43501df135b9101.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\icon16.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\12870b8beedc10c7c2e7042a752c1a96.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\d3a5f2653762702a2d5ebd74ef211e17.js (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\icon48.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\252.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\9431c4a640636e5a4800c356296cd644.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\64.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\4.js (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\385.js (805 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\manifest.xml (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\78.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\47.js (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\options.xul (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\62284fa1d9293d5cff57e6447dac23c8.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\28.js (506 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\b445e40fee926becbc6a7fa6a5bf3e58.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\locale\en-US\translations.dtd (429 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\98.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\search_dialog.xul (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome.manifest (634 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\7.js (689 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\391.js (801 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\background.html (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\userCode\background.js (640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\dialog.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\d274b38a69a3c51f8a7bff7fc4721094.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\icon128.png (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\installer.js (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\33b7793cc2e4404931497edf64c26ed3.js (947 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\376.js (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\b2d1b826ecaf80956e7bcf1153760d27.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\17.js (2473 bytes)

The process powershell.exe:2172 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Z9YJCFQI1MV9W6A67Z2Q.temp (196 bytes)

The process powershell.exe:2876 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\M7HQKF4UAF82FVOBWXHD.temp (196 bytes)

The process powershell.exe:2728 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KK2R8BFBENLRQWIY85BV.temp (196 bytes)

The process appshat_generic.exe:3884 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi6124.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AppsHat Mobile Apps\Uninstall.exe (164 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\setup[1].exe (747439 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi6124.tmp\webplayer_installer.exe (8184 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi6123.tmp (10027 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi6124.tmp\appshat.exe (796935 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi6124.tmp\inetc.dll (808 bytes)

The process HPNotify.exe:3284 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Program Files% (x86)\XTab\conf (1480 bytes)
%Program Files% (x86)\XTab\BrowerWatchFF.dll (24 bytes)
%Program Files% (x86)\XTab\BrowerWatchCH.dll (24 bytes)
%Program Files% (x86)\XTab\IeWatchDog.dll (24 bytes)
%Program Files% (x86)\XTab\BrowserAction.dll (49 bytes)

The process cmdshell.exe:4076 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Program Files% (x86)\XTab\HPNotify.exe (675 bytes)

The process WebPlayer.exe:3544 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\home[1].htm (2911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\logo_illust[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\css[1].css (155 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\loading[1].gif (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\567f43cb72fe3ac6419369953394cadd[1].png (48808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\6a12dc1a298e870b610a58a56ba0f5ec[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\cc3148e57a2928cd1ada1bbea553c3c2[1].png (1160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\jquery.smooth-scroll.min[1].js (194 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\83a4cee7a59522b93ed0ae1fa73ce8f3[1].png (2888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\0692c2494a7331a77c05954f79c5480a[1].png (8415 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\config[1].json (778 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\7c9d412c730603d1d82b98a548a71bac[1].png (8048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\logo[1].jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\442a5f30204dd385d17de5848683274f[1].png (14528 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\5dbc29649669598ff43174b9ee730008[1].png (2888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\btn_bg[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\3d8bbea6bcae57d705c676f7050a7d51[1].png (4648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\jquery-ui.min[1].js (121499 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\lightbox[1].js (5015 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\e54e8c720dffffa619c3b0eacec9381a[1].png (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\ddb3b88cf98eb0220c9e6c252e376749[1].png (14770 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\3YEwT2a1878zysq92S8_9w[1].eot (1831 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A38GVI67.txt (225 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\b85261679e262228a562f693b3e6ef6f[1].png (25186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\lightbox[1].css (426 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\5.0stars[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\jquery.min[1].js (55196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\c16ddcefe8d9f0d1f850dfcd8f36687d[1].jpg (4844 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\ac5196fbf245580eee113296dff14d0b[1].png (11125 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\3.0stars[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\13ca8e322e15bc394d66a37bec12e3b4[1].png (28899 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\da84c206c2019448521379d2ff837774[1].png (4648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\1f8ffa22b53dfc2f6b7f1850bb6b73e8[1].png (16853 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\58d196b3e886a838d021adc8c8848f1e[1].png (1160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\a6ae526a0a22dcfc743a66d44a3e09e3[1].png (30704 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\00c73f6d4e4eb25289dddb86e2d1e319[1].jpg (1928 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\52d5414e7372639389ab7e9e4d479aee[1].png (28804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\59982d8527c0da41e35817e8fc15c0fc[1].png (4648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\36d7cd00f07003a67021237993257d08[1].png (8991 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\3.5stars[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\product[1].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\7d4f668f3d1818d01b6b9684b669d0db[1].png (5696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\e94782c9200f8de809a50327879df1cc[1].png (20166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\4f263f4be4c4396c9078d1874c05b928[1].png (5568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\close[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\7fb9f4ca0fa96299334c18ee76c7b68b[1].jpg (4196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\78HVEMLQ.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\scripts[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\a64a4b5c68c364d30083fbd0b0363585[1].png (22958 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\ace33f0a1eddf74bbe8d1bfac70deded[1].png (10360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\4.0stars[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\style[1].css (181 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\bg_main[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\589b1e936e1f038dc45bd8ffff59b359[1].png (18109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\f3ad8b396434c21b4c214fd667ee391d[1].png (1928 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\4.5stars[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\f1ed3cd0cae7a3524376e6f9369c7ab8[1].png (6969 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\b147a5a09b49b133d347bd975a4c5616[1].png (1160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\f4e4b853ddab3b763f0af17d513631bd[1].png (23469 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\d586df222f5069b6c396373d67d0163b[1].png (26324 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\7e5817bad781bbc2d2e43b350ccb53db[1].png (4648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\analytics[1].js (16603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\0d2eb87d6982e1321cd3e3735ca5ca4c[1].jpg (7352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\07fce0a4ff78cc7e6376e227f046ce06[1].png (41304 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\23428f8768d928d2bd45dd3b0c4d0057[1].png (20904 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\bbbde9554589bda63791709a6785e0a3[1].png (11295 bytes)

The process WebPlayer.exe:456 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\bg_header[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\btn[1].png (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\gui_btn[1].png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\jquery.min[1].js (54904 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\flvplayer[1].htm (1156 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\flv_02[1].jpg (7736 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\jwplayer[1].js (88375 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\logo[1].png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\config[2].json (905 bytes)

The process appshat.exe:924 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn6B9E.tmp\xiwrlae.dll (2119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn6B9E.tmp\rypiyr.dll (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn6B9E.tmp\Mfuyqgtg.tmp (394440 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn6B9E.tmp\zwqnxb.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn6B9E.tmp\Bxaze.exe (1490062 bytes)

The process webplayer_installer.exe:3644 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\storage.js (979 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\WebPlayer.exe (7533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\web_player\initialize.js (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\common.js (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\initialize.js (66 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\main.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\main.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\Uninstall.exe (843 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\jsonstorage.js (651 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso9CAD.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\config.xml (823 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\json.js (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\shortcut.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\web_player\web_player.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\installer.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\xhr.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\tray.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\stub.html (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\event_listener.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\utils.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\io.js (751 bytes)

The process webplayer_installer.exe:3388 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\storage.js (979 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi6F75.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\WebPlayer.exe (7533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\web_player\initialize.js (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\common.js (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\initialize.js (66 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\main.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\main.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\Uninstall.exe (843 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\jsonstorage.js (651 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\config.xml (823 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\json.js (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\shortcut.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\web_player\web_player.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\installer.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\xhr.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\tray.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\stub.html (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\event_listener.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\utils.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\io.js (751 bytes)

The process Bxaze.exe:3424 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Program Files% (x86)\App Lid\utils.exe (76402 bytes)
C:\Windows\Tasks\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5_user.job (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.dll (46916 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\igzjjofm.dll (13 bytes)
C:\Windows\Tasks\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5.job (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\rypiyr.dll (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy6F37.tmp (662695 bytes)
%Program Files% (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505.xpi (2321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\raqkdgbq.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\uxdfkxs.dll (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\mipntrzne.dll (30112 bytes)
%Program Files% (x86)\App Lid\Uninstall.exe (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\zwqnxb.dll (23 bytes)
%Program Files% (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5.exe (7385 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\System.dll (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\451461 (4095 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\ipgeoapi_com[1].json (40 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\installer.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\loubc.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\kbfew.dll (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\353336 (91765 bytes)
%Program Files% (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe (9147 bytes)

The process cscript.exe:3144 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\32x32[1].ico (892 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe (204 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\icons\main.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\config[1].json (905 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\icons\shortcut.ico (242 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\Uninstall.exe (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\icons\tray.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Play online FLV files.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\flvplayer[1].ico (1150 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\scripts\default_config.json (940 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\scripts\config.xml (824 bytes)
C:\Users\"%CurrentUserName%"\Desktop\FLV Player.lnk (2 bytes)

The process cscript.exe:1172 makes changes in the file system.
The Application creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\scripts\default_config.json (791 bytes)
C:\Users\"%CurrentUserName%"\Desktop\AppsHat.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\shortcut.ico (6242 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\config[1].json (778 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\main.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\64x64[1].ico (4955 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\scripts\config.xml (819 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\Uninstall.exe (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\16x16[1].ico (1150 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (204 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\AppsHat.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\tray.ico (1 bytes)

Registry activity

The process smt_istartsurf.exe:1504 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "85 7F 9C 66 2E 7B D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\biclient.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\474.json,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4C 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "D4 86 A7 69 2E 7B D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process ProtectWindowsManager.exe:3688 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 04 00 00 00 09 00 00 00 00 00 00 00"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
"AutoConfigURL"
"ProxyServer"

The process ProtectWindowsManager.exe:3640 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\services\eventlog\Application\WindowsMangerProtect]
"EventMessageFile" = "C:\ProgramData\WindowsMangerPro"
"TypesSupported" = "7"

The process %original file name%.exe:2884 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\biclient.exe,"

The process ProtectService.exe:4012 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 05 00 00 00 09 00 00 00 00 00 00 00"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
"AutoConfigURL"
"ProxyServer"

The process ProtectService.exe:3988 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 51 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\IHProtect]
"ptid" = "smt"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"AutoDetect"

The process XTab_Setup2121.exe:3788 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\XTab"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
"{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" = "1"

[HKLM\SOFTWARE\Wow6432Node\supTab]
"ptid" = "smt"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"TopResultURL" = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IETR02"
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4F 00 00 00 09 00 00 00 00 00 00 00"

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0]
"(Default)" = "SupTabLib"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURL" = "http://www.bing.com/favicon.ico"

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\XTab\SupTab.dll"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
"(Default)" = "IETabPage Class"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32]
"(Default)" = "%Program Files% (x86)\XTab\SupTab.dll"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}]
"(Default)" = "IIETabPage"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved]
"{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" = ""

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\Version]
"(Default)" = "1.0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
"DisplayName" = "Bing"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"FaviconURL" = "http://www.google.com/favicon.ico"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}"

[HKLM\SOFTWARE\Wow6432Node\SupDp]
"dir" = "%Program Files% (x86)\XTab"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"FaviconURL" = "http://do-search.com//favicon.ico"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}]
"(Default)" = "IIETabPage"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}.ico"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"TopResultURL" = "http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"TopResultURL" = "http://www.istartsurf.com/web/?type=ds&ts=1429509248&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PROTECTEDMODESECURITY]
"CheckedValue" = "PMIL"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback" = "http://www.bing.com/favicon.ico"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"DisplayName" = "Google"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"DisplayName" = "e"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PROTECTEDMODESECURITY]
"DefaultValue" = "PMIL"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{E733165D-CBCF-4FDA-883E-ADEF965B476C}.ico"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"AutoDetect"

The process FLVPlayerSetup.exe:2432 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\biclient.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\474.json, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\474.db, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\wpm_v20.0.0.1953_0302.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\XTab_Setup2121.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player]
"Publisher" = "Somoto Ltd."
"EstimatedSize" = "243"

The process wpm_v20.0.0.1953_0302.exe:3600 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4E 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process biclient.exe:560 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "CC BC B5 5A 2E 7B D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 49 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process biclient.exe:1144 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "CC BC B5 5A 2E 7B D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4A 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "D2 79 99 61 2E 7B D0 01"

To automatically run itself each time Windows is booted, the Application adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"network_saymediagroupapnx_1" = ""

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process biclient.exe:2984 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "2D 85 33 3A 90 73 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1351514833"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 48 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "biclient.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "CC BC B5 5A 2E 7B D0 01"

To automatically run itself each time Windows is booted, the Application adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"network_saymediagroupapnx_1" = ""

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process F121.tmp:2564 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "D2 79 99 61 2E 7B D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4B 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "85 7F 9C 66 2E 7B D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process QQBrowser.exe:2876 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Mozilla\Extends]
"AppID" = "[email protected]"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Search Page" = "http://www.istartsurf.com/web/?type=ds&ts=1429509248&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://www.istartsurf.com/web/?type=ds&ts=1429509248&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
"Publisher" = "istartsurf脀L"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Search_URL" = "http://www.istartsurf.com/web/?type=ds&ts=1429509248&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
"(Default)" = "%Program Files% (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1429509248&from=smt&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\UninstallManager.exe"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName" = "istartsurf"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://www.istartsurf.com/web/?type=ds&ts=1429509248&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\istartsurfSoftware\istartsurfhp]
"oem" = "smt"
"Time" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Start Page" = "http://www.istartsurf.com/?type=hp&ts=1429509248&from=smt&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = "http://www.istartsurf.com/web/?type=ds&ts=1429509248&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL" = "http://www.istartsurf.com/?type=hp&ts=1429509248&from=smt&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command]
"(Default)" = "%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe http://www.istartsurf.com/?type=sc&ts=1429509248&from=smt&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1429509248&from=smt&uid=267123711_198339_B48A115F"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1429509248&from=smt&uid=267123711_198339_B48A115F"

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E\@""%windir%\System32]
"ie4uinit.exe"",-738" = "Start Internet Explorer without ActiveX controls or browser extensions."

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.istartsurf.com/?type=hp&ts=1429509248&from=smt&uid=267123711_198339_B48A115F"
"Search Page" = "http://www.istartsurf.com/web/?type=ds&ts=1429509248&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.istartsurf.com/?type=hp&ts=1429509248&from=smt&uid=267123711_198339_B48A115F"

[HKCU\Software\Mozilla\Extends]
"UID" = "267123711_198339_B48A115F"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://www.istartsurf.com/web/?type=ds&ts=1429509248&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"
"DisplayName" = "istartsurf"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.istartsurf.com/?type=hp&ts=1429509248&from=smt&uid=267123711_198339_B48A115F"

[HKCU\Software\Mozilla\Extends]
"ptid" = "smt"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.istartsurf.com/?type=hp&ts=1429509248&from=smt&uid=267123711_198339_B48A115F"

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E\@""%systemroot%\system32\windowspowershell\v1.0]
"powershell.exe"",-111" = "Performs object-based (command-line) functions"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
"DisplayName" = "istartsurf uninstall"

[HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\UninstallManager.exe -ptid=smt眀L"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName" = "istartsurf"

The process QQBrowser.exe:3536 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Application deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process 01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe:3680 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Tempo]
"(Default)" = "tempo"

[HKLM\SOFTWARE\Wow6432Node\App Lid\Sxuc s6UHdkkBMI3TPbMDdOjupuw7F18Q7PshVRAk FZxDEu/apwrp/9MdF8gTh0dCgXajutsY2KOoFd bv1IitpbTes0RLNENToBGpPazaoliQi1tkegTAcOIGyiV3QRp6V6OquZlyL /e6vfFjGnQ2gaaJ1Jlo4GCXzibNflw=]
"llN1Jcd35X4oPnbdFkuoaACNUqQF3snJnuz/hEY7eN/KVqlSiUdbHUs0LaqrObNekoMAj 6UjKIgs U8d5qa1I/EEhPonbr1w3ffKbLitE1rN/cC9quJsxaJcPzDykUgzwFqrF/ Gzt 478ht9jhE3pvsTEzQ23gIYgcxI94mLs=" = "1"

[HKLM\SOFTWARE\Wow6432Node\App Lid\U/mwtMJQRCKR0dU2rxQ4oph6X45x6O83/tPa4qzbRFFQlpD8vi6EOqZi22NegCITusO1G3TtiH4LD Z8Lxftub6x5B8oXx7BwmBtVZA3jXV8s 2z06x6XpZkQN/5ATUtsPzEooip2Zh6xCXLYw dv uJG8jyegsaBUbTRn9nZDo=]
"Ul0n1X03IbQ6xiPBCEDslxZ9fsRrLJ/vqSZLr9gZ0O KUCestLVRWje2vR4RIlDDKH6ZKOwvlLyt17ra1z7xzZbKWwqNFFUjlmufcqRV4ch2iTPwfFjrdfz6c e4uUdC3qjqU0STqs6kBy2ggedKg6oa4w0h8SvBpRP2bxSQ61k=" = "1"

The Application deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Tempo]

The process powershell.exe:2172 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

The process powershell.exe:2876 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

The process powershell.exe:2728 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

The process appshat_generic.exe:3884 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "24 44 E0 75 2E 7B D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "D4 86 A7 69 2E 7B D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]
"NoRepair" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]
"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Local\AppsHat Mobile Apps\Uninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]
"NoModify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 50 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]
"DisplayName" = "AppsHat Mobile Apps"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]
"Publisher" = "Somoto Ltd."
"DisplayVersion" = "1.0.0.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\Uninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat]

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process cmdshell.exe:4076 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "D4 86 A7 69 2E 7B D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 52 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "17 83 84 76 2E 7B D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process WebPlayer.exe:3544 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1351234145"

[HKCU\Software\WebPlayer\AppsHat]
"start-on-windows" = "true"
"Config" = "{""group-name"":""AppsHat""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "BC 2E 70 7F 2E 7B D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "20 B1 FD 78 2E 7B D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\WebPlayer\AppsHat]
"last_config_request" = "Mon Apr 20 08:54:40 UTC 0300 2015"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "WebPlayer.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 57 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\WebPlayer\AppsHat]
"Version" = "2.13"
"first_run_complete" = "true"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
"WpadDecision" = "0"

To automatically run itself each time Windows is booted, the Application adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"AppsHat" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process WebPlayer.exe:456 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "17 83 84 76 2E 7B D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\WebPlayer\FLV Player]
"last_config_request" = "Mon Apr 20 08:54:29 UTC 0300 2015"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\WebPlayer\FLV Player]
"Version" = "1.1"
"first_run_complete" = "true"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\WebPlayer\FLV Player]
"Config" = "{""group-name"":""FLV Player""
"start-on-windows" = "true"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 55 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "20 B1 FD 78 2E 7B D0 01"

To automatically run itself each time Windows is booted, the Application adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"FLV Player" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process Bxaze.exe:3424 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\AppDataLow\Software\Crossrider]
"Bic" = "f1455de99fbc9c9080e7ed2fd747836eIE"

[HKLM\SOFTWARE\Wow6432Node\Tempo]
"(Default)" = "tempo"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\App Lid\Installer]
"BundledFirefox" = "1"

[HKCU\Software\InstalledBrowserExtensions\25286\Status]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\App Lid]
"Publisher" = "Lid"

[HKLM\SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider]
"Verifier" = "b2eb32d323f5359842a735827d51a4f5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "84 A7 0F 78 2E 7B D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\App Lid]
"DisplayName" = "App Lid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "24 44 E0 75 2E 7B D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\App Lid]
"UninstallString" = "%Program Files% (x86)\App Lid\Uninstall.exe /fcp=1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\App Lid]
"CrPublisherId" = "25286"

[HKCU\Software\AppDataLow\Software\Crossrider]
"Verifier" = "b2eb32d323f5359842a735827d51a4f5"

[HKCU\Software\InstalledBrowserExtensions\25286]
"65743" = "App Lid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKLM\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\25286]
"65743" = "App Lid"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\App Lid]
"DisplayVersion" = "1.36.01.22"

[HKLM\SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider]
"Bic" = "f1455de99fbc9c9080e7ed2fd747836eIE"

[HKLM\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\25286\Status]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 53 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\App Lid]
"CrAppId" = "65743"
"DisplayIcon" = "%Program Files% (x86)\App Lid\utils.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\InstalledBrowserExtensions\Lid]
"65743" = "App Lid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\InstalledBrowserExtensions\25286]
"65743" = "App Lid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKLM\SOFTWARE\InstalledBrowserExtensions\25286\Status]
"Installed" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Tempo]

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process cscript.exe:3144 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "17 83 84 76 2E 7B D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player]
"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\uninstall.exe _?=C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player"
"NoModify" = "1"
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\icons\tray.ico"
"NoRepair" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 54 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player]
"DisplayVersion" = "1.1"

[HKCU\Software\WebPlayer]
"FLV Player" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player]
"DisplayName" = "FLV Player"

To automatically run itself each time Windows is booted, the Application adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"FLV Player" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process cscript.exe:1172 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "20 B1 FD 78 2E 7B D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat]
"DisplayVersion" = "2.13"
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\tray.ico"

"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\uninstall.exe _?=C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat"
"NoModify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat]
"DisplayName" = "AppsHat"
"NoRepair" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 56 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\WebPlayer]
"AppsHat" = "1"

To automatically run itself each time Windows is booted, the Application adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"AppsHat" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

Dropped PE files

MD5 File path
447013bc6abd3a3f663a1fe7cdebd114 c:\Program Files (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe
4eea1048ef95c49a2fe5e7e32122a7b4 c:\Program Files (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5.exe
afb246326bbe7f10270ec63997088ae0 c:\Program Files (x86)\App Lid\Uninstall.exe
8ac380009e5b490b9bc5db1ccb916d3a c:\Program Files (x86)\App Lid\utils.exe
33a33e52e9c7db9063cbac82fa9e28d4 c:\Program Files (x86)\XTab\BrowerWatchCH.dll
9def3a62487338e892ce4fffa8efa5d2 c:\Program Files (x86)\XTab\BrowerWatchFF.dll
5785680870eff9ba7b4f58c726552013 c:\Program Files (x86)\XTab\BrowserAction.dll
7e4e734d5adbbc4026a5db2e63c29d40 c:\Program Files (x86)\XTab\CmdShell.exe
8c15f35314eadbe08375dd47ad62439a c:\Program Files (x86)\XTab\HPNotify.exe
e6aac50b9fc19546c5e524c47be5d66d c:\Program Files (x86)\XTab\IeWatchDog.dll
e98c5cfa4051bfa3e2cb0afb10ff4cab c:\Program Files (x86)\XTab\ProtectService.exe
fc60e0ceb67207edd48ed4acbea5de98 c:\Program Files (x86)\XTab\SupTab.dll
3e29914113ec4b968ba5eb1f6d194a0a c:\Program Files (x86)\XTab\msvcp110.dll
4ba25d2cbe1587a841dcfb8c8c4a6ea6 c:\Program Files (x86)\XTab\msvcr110.dll
ff73e8efe2b7f0f134dda89694299ff5 c:\Program Files (x86)\XTab\uninstall.exe
f94557f8fd41731a3d180383a516fbe3 c:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
f94557f8fd41731a3d180383a516fbe3 c:\Users\All Users\WindowsMangerProtect\ProtectWindowsManager.exe
a9f1ecb4159ecaf56bbe555f81374f25 c:\Users\"%CurrentUserName%"\AppData\Local\AppsHat Mobile Apps\Uninstall.exe
3a2c68e9cbafd44cb7522aa5e917f196 c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\setup[1].exe
e29e668bce9be148ad5cbf5b5b814552 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp
2d10a980cc1539c4ca29387e82267b4d c:\Users\"%CurrentUserName%"\AppData\Local\Temp\FLVPlayerSetup.exe
518879abe3170dabd172dfffcd165598 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe
92c732231b7909edeff180174c6ef499 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\biclient.exe
d851e6f35015abef9a726b0738dded8b c:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe
3663b55452d8e814f62d6fae8eb32d65 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\XTab_Setup2121.exe
f94557f8fd41731a3d180383a516fbe3 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\wpm_v20.0.0.1953_0302.exe
17a1bf52f906b9e27948baa72f68e95b c:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe
4f9236be13917b89f7a03dea85f220fa c:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
4f9236be13917b89f7a03dea85f220fa c:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
d8ba5f4e6a1594d0e07c886dac0f5f8c c:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\Uninstall.exe
a5bfd6a87161d5dfa81cb5c2c6d29488 c:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\UninstallManager.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.1.0.0
File Description: Powered by BetterInstaller
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 28860 29184 4.36907 33e8227bf6edbf3997e3d0895494668e
.data 36864 140 512 0.818223 1b0351714f371c0ba066871d4e504b00
.rdata 40960 3196 3584 3.54441 88a268b1fac88e9fad865c68cf3abce2
.bss 45056 110088 0 0 d41d8cd98f00b204e9800998ecf8427e
.idata 155648 4932 5120 3.53424 11c816edc4ef9cc4aa5511f8a707232b
.ndata 163840 36864 1024 0 0f343b0931126a20f133d67c2b018a3b
.rsrc 200704 17800 17920 3.95009 38aa1bb4b24ba9d1eca880d3aa08b1cd

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 849
3fe02ef6a2ede61ce4dac40da7715dcd
1e49cbf272b0b1cc3bcc98a4a55de57c
3ee49800cc3c2ce74fa63e6174c81dff
a26baa97f75e71909c5f08ce93549cf7
0a6e78dcc9fb156b4ff298b1e5fe1941
8625ca1db67bb0868ba6d89d9c34550b
b061e2a27452f74226d698e1b3e124bb
59d588e9c97e25cc1f254ff12a0f0466
3ecfcbcb3382c6b67c0ae0e142ed465c
27041c39dd84a6fbc8448ff79cc0859f
3d4d819e4d48435d3fefe71bed7d6166
4a9672b0b84140521ef864faabe7c0c2
c57649a6d18cc7a956f3b1a8d308bc00
dae072ac30542541f1bc197350361e0f
751756f478d3600211e5b226e19343d9
12069d8d4502849e2b48e60ebcb03464
d341d306b8444298cb6097cd6e1b33e7
da91bce76cb09a85213527c60e5407a0
f67fac16f3528c9770c88b99fdeab9ab
cb7a667d4c8cf75d21d42ea5013e6fa0
42e27ac06103be5048016f0e6e8c6049
b94c654cb53b386124980e1ffb455e9e
cfe4fd52a52f8fd3b1ea8cfbb8b80626
f730160cf51d9436dafdc0d7e73723fb
107e4dff93c730f0dfd7b0fba2aba7c7

URLs

URL IP
hxxp://installer.betterinstaller.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
hxxp://d110jf50ovcr9h.cloudfront.net/images/Tokyo/tokyo_sprite_full.png 54.230.47.181
hxxp://d110jf50ovcr9h.cloudfront.net/images/Tokyo/tokyoLightGrayStripesBG.jpg 54.230.47.181
hxxp://installer.betterinstaller.com/installer/ajax
hxxp://d110jf50ovcr9h.cloudfront.net/sponsored/speedbit/eula-youtubeaccelerator.html 54.230.47.181
hxxp://d110jf50ovcr9h.cloudfront.net/sponsored/istartsurf/eula-istartsurf.html 54.230.47.181
hxxp://www-google-analytics.l.google.com/ga.js
hxxp://d2z5psu5fxw71b.cloudfront.net/affiliates/filesfrog/eula.html 54.230.44.250
hxxp://d1h8rlkib3jo2q.cloudfront.net/sponsored/swiftrecord/eula-swiftrecord.html 54.230.46.28
hxxp://www-google-analytics.l.google.com/r/__utm.gif?utmwv=5.6.4&utms=1&utmn=2049705111&utmhn=bi.bisrv.com&utmhid=619721783&utmr=-&utmp=Installer_Init&utmht=1429509221563&utmac=UA-31676879-1&utmcc=__utma=1.1939043997.1429509222.1429509222.1429509222.1;+__utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=2074943951&utmredir=1&utmu=qhCAAAAAAAABAAAAAAAAAAAE~
hxxp://mirror.frogdownload.com/software_files/flvplayer/flvplayer.png
hxxp://mirror.frogdownload.com/software_files/flvplayer/1_0/FLVPlayerSetup.exe
hxxp://installer.betterinstaller.com/pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=1&index_in_screen=1&index_in_session=1&display_height=80&0.11032366185080816
hxxp://installer.betterinstaller.com/pinger?event_type=offer_accepted&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=1&index_in_screen=1&index_in_session=1&0.8132998426318714
hxxp://installer.betterinstaller.com/pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=2&index_in_screen=1&index_in_session=2&display_height=170&0.48965568079393257
hxxp://installer.betterinstaller.com/pinger?event_type=offer_accepted&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=2&index_in_screen=1&index_in_session=2&0.22718169464830057
hxxp://installer.betterinstaller.com/pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=3&index_in_screen=1&index_in_session=3&display_height=50&0.9417944086509177
hxxp://installer.betterinstaller.com/pinger?event_type=offer_accepted&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=3&index_in_screen=1&index_in_session=3&0.42232040220655387
hxxp://installer.betterinstaller.com/pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=4&index_in_screen=1&index_in_session=4&display_height=90&0.8520016936197526
hxxp://installer.betterinstaller.com/pinger?event_type=offer_accepted&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=4&index_in_screen=1&index_in_session=4&0.1553293651109247
hxxp://installer.betterinstaller.com/downloader/network_saymediagroupapnx_1/flvplayerzief/4dfa5bcd08236142b5420a1deefa56ef?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=4dfa5bcd08236142b5420a1deefa56ef&muid=AD2252CE007468623BD139B0ADEC3423
hxxp://installer.betterinstaller.com/installer/ajax-bidl?offers[youtubeaccelerator][exec_args]=/S /MAG=smtyc &offers[youtubeaccelerator][offer_indexes][slot_number]=1&offers[youtubeaccelerator][offer_indexes][index_in_screen]=1&offers[youtubeaccelerator][offer_indexes][index_in_session]=1&offers[swiftrecord][exec_args]=/np 1 /is smp1ua &offers[swiftrecord][offer_indexes][slot_number]=2&offers[swiftrecord][offer_indexes][index_in_screen]=1&offers[swiftrecord][offer_indexes][index_in_session]=2&offers[istartsurf][exec_args]=-silence -ptid=smt &offers[istartsurf][offer_indexes][slot_number]=3&offers[istartsurf][offer_indexes][index_in_screen]=1&offers[istartsurf][offer_indexes][index_in_session]=3&offers[appshat_madness][exec_args]=/S /affid=appshatmadness /bi_sponsored_sub_process /run_bi&offers[appshat_madness][offer_indexes][slot_number]=4&offers[appshat_madness][offer_indexes][index_in_screen]=1&offers[appshat_madness][offer_indexes][index_in_session]=4&uid_orig=226e81ab89188549baf0d586a6bc816b&uid=4dfa5bcd08236142b5420a1deefa56ef&tokyo_csrf_key=f0f823c7f8f0bdf7ff04422eebdc0b84&tokyo_csrf_timestamp=1429509229&ffInstalled=false&dfz=false&affid=network_saymediagroupapnx_1&sid=flvplayerzief&country=UA&hostBrowser=ff&unique_id=6d203980cf5a21ffee449394f4bf280e
hxxp://installer.betterinstaller.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
hxxp://installer.betterinstaller.com/installer/ajax-bidl?offers[youtubeaccelerator][exec_args]=/S /MAG=smtyc &offers[youtubeaccelerator][offer_indexes][slot_number]=1&offers[youtubeaccelerator][offer_indexes][index_in_screen]=1&offers[youtubeaccelerator][offer_indexes][index_in_session]=1&offers[swiftrecord][exec_args]=/np 1 /is smp1ua &offers[swiftrecord][offer_indexes][slot_number]=2&offers[swiftrecord][offer_indexes][index_in_screen]=1&offers[swiftrecord][offer_indexes][index_in_session]=2&offers[istartsurf][exec_args]=-silence -ptid=smt &offers[istartsurf][offer_indexes][slot_number]=3&offers[istartsurf][offer_indexes][index_in_screen]=1&offers[istartsurf][offer_indexes][index_in_session]=3&offers[appshat_madness][exec_args]=/S /affid=appshatmadness /bi_sponsored_sub_process &offers[appshat_madness][offer_indexes][slot_number]=4&offers[appshat_madness][offer_indexes][index_in_screen]=1&offers[appshat_madness][offer_indexes][index_in_session]=4&uid_orig=226e81ab89188549baf0d586a6bc816b&uid=e1b82b8d0881034aa57a76140e007cf2&tokyo_csrf_key=0fe0a9dfbcdf77f1a5e7c4c01423235f&tokyo_csrf_timestamp=1429509230&ffInstalled=false&dfz=false&affid=network_saymediagroupapnx_1&sid=flvplayerzief&country=UA&hostBrowser=ff&unique_id=6d203980cf5a21ffee449394f4bf280e
hxxp://installer.betterinstaller.com/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=1&index_in_screen=1&index_in_session=1&0.00898924775765847
hxxp://installer.betterinstaller.com/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=2&index_in_screen=1&index_in_session=2&0.852214463004196
hxxp://installer.betterinstaller.com/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=4&index_in_screen=1&index_in_session=4&0.5420718257062946
hxxp://installer.betterinstaller.com/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=3&index_in_screen=1&index_in_session=3&0.048555798166990904
hxxp://d2otsfra4otprh.cloudfront.net/mag/ytaiesmt_smtyc_setup.exe 54.230.46.48
hxxp://d2z5psu5fxw71b.cloudfront.net/images/Tokyo/tokyo_sprite_full.png 54.230.44.250
hxxp://a1726.d.akamai.net/sd?is=sm
hxxp://www.girlliuxiaowei.com/home/smt_istartsurf.exe 208.43.230.100
hxxp://installer.betterinstaller.com/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=1&index_in_screen=1&index_in_session=1&0.07194952895934337
hxxp://installer.betterinstaller.com/pinger?event_type=install_fail&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=1&index_in_screen=1&index_in_session=1&0.06204252352919859
hxxp://installer.betterinstaller.com/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=2&index_in_screen=1&index_in_session=2&0.4692559837122088
hxxp://d2otsfra4otprh.cloudfront.net/mirror/nerocrossrider/appshat_generic.exe 54.230.46.48
hxxp://theswiftrecord.com/mg?alpha=WngeFh5qQllOKh5NMTwRWzxNGx5aPhxnGixnaFMFL19fBmp9dwNkcis4HxlKAh8GN2pTCwERVTB3PEx5SXAkG2wiLwJZFQpLQzZrVi9y
hxxp://theswiftrecord.com/fp?alpha=Z2o/FEhOYSxYKUppED5HZi5sGUhnNillCUBrfgsUYH4yFA5lGztiVxEvJGFvJnpLM0d6GFNlCGZla0wvf0tLHTt4bXR+R0UwWAdeQj5EGVckazxYFnByaGBNGQQ/Vl1iPn4ATDcQNmskYC0jDxo9eTJAN2YUURIXemxuSkgwfB0ZWHQvLEobKzMvARlPek8rWndxKUxGYWdjeEgZFDlTSWMycwVKIhFqciJnOCQbCTp/Khdld0gFAFgmYQ4QATdhGlwubT0uUBBpanZGRE4pWQYuUWBrB0B8bWppSRECPVRCMHg/DyprSGs9YSY4V0dPbiJuFHYJUFIfCX9rbHJIJ3oaQDN7b3t5SkIzLwwVEmM7Z04gdjFYFnhobXVPZAA/UV1gOBVzOUZUXltsFnYP
hxxp://theswiftrecord.com/ii?alpha=amYHExM6QGhBBXhiKDkcayJUHhNqOgs7Hl9VEwJWODpNVFZ/F2QiJD5gC3cXZS9AEnkzVjxTKCJtVE8Eai17F3sGZFsPFj46ExJQTyV8PEBHOVwCTjkyRCxEEQwFIHtrMChzCzlrdRZgbCZoF18/dQY3ch4YYBQgc2kgRnZpQm1OIwlgU0kYOToQE1gWYm9/ETZ6AkdPfmdEO0ZKekcOAjViE0VKYFhScyk9cmlXHVB9A0Zxag5gE1F2fldJAG0ybUQwWxgaXBheWQdJBVIvMSgcTyNfFhA7IE5/FRgVVwhLemgYQ0N9F3o8Lip7WEoUcmBlHzE+Ty5SQXFwNg1aOWY4UDxbOhRTBUUqAVATVCUoIk84cBFEUX19VWkTHRhGBE0qbghQBn9LVD5tYjQaC0IgL0EaPjRHZGQPITwPDF1/Kx5NPEAxER92f2tVQwUPcC87HCxsX0APcSpEPlURAQVNDmw1TVhHMhoHb3hoLh4TSDQCCERvYBRsBxEpNFs5VDNwLgUxWzkbAmFFVW9nUEI5LC4cXAluPD5qNxZidWFPVBNacCc9eFFuWFJ1GzFmX1ATamBhVgwZcxABJS8jDV9xOnUiQDASJB4CA25kQhtHACx8fCUuH1srJCk=
hxxp://theswiftrecord.com/if?alpha=amYHExNwKw9gTCFuKDkcayJUHhNqOgs7Hl9VEwJWODpNVFZ/F2QiJD5gC3cXZS9AEnkzVjxTKCJtVE8Eai17F3sGZFsPFj46ExJQTyV8PEBHOVwCTjkyRCxEEQwFIHtrMChzCzlrdRZgbCZoF18/dQY3ch4YYBQgc2kgRnZpQm1GNgkHHVpJZ0NPTwJtPy0hcm8jRREXaj4UYhcKTghTD20yRQUSIRgHe31rIRsXRiAkVxAdKE9kSAQ+IAoQRzolL0YzdiYaaRg6Og8WWB9kcX0PKXwEQE5qNAcwb0NbCDRsemgYQV9/TwoCJDZwRFIBKmAEQnI4SS0HDjUmAw0IEmooUTpHOxNLBVxjT0IZUSVhegFIOF4UGj8gCzBNTVQVLx98cQ5HVWZFWXV3eCIFFFwxdgJHfylFK1cIJTVGD1Q8aGsZdQV6RRlKeGZASBEbEy8qTXE5WVJXGT0LK0ZIGGYVXihiGBwAYVwKYWs2JlsYCyAhREtmagxoEVNgPQdCBW85fhNvAWJPDWcxOBEcQhNwMSJFJQxQHgwpdQYwTkIFcS9gEkZNUUliSQoRDgdaagMWcn1kOyg7UjwNQRAdER5HOiMdSidAIRRTBVgqcmUlb3YFJFJzanUXCSUwB1dUVWpZW2U=
hxxp://installer.betterinstaller.com/pinger?event_type=install_fail&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=2&index_in_screen=1&index_in_session=2&0.8620905277575275
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action1=xa.geoip&action2=visit&action3=smt.visit.istartsurf&update1=ref,smt&update2=identifier,installer&update3=version,6.6.86.1606&update4=nation,us&update5=language,en 65.255.35.142
hxxp://dqoup4b5zs0bi.cloudfront.net/infv5/index/3428/bnd 54.230.44.181
hxxp://installer.betterinstaller.com/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=3&index_in_screen=1&index_in_session=3&0.5228130437645384
hxxp://dlrkbt247pbk6.cloudfront.net/3428_3b67a5ef5d450c1556c543c6323981d9/1.pak 54.230.45.186
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.dlzip1.istartsurf.finish,2 65.255.35.142
hxxp://log.very911.com/install.gif?bundle=istartsurf&ptid=smt&uid=267123711_198339_B48A115F 184.173.191.224
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.hp 65.255.35.142
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.regok 65.255.35.142
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.ds 65.255.35.142
hxxp://download.dynect.mozilla.net/?product=firefox-34.0.5-complete&os=win&lang=en-US
hxxp://www.google.com/ 173.194.113.209
hxxp://gp1.wpc.v2cdn.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar
hxxp://www.google.com.ua/?gfe_rd=cr&ei=g5Q0VYiUCsTBNPqAgaAF 173.194.113.223
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.nt.ff.tab 65.255.35.142
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.finish 65.255.35.142
hxxp://dqoup4b5zs0bi.cloudfront.net/infv5/index/3428/3rd 54.230.44.181
hxxp://d2z5psu5fxw71b.cloudfront.net/3428_92a5d683c188790231b1aa2af09de41e/2.pak 54.230.44.250
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.wpm 65.255.35.142
hxxp://xa.xingcloud.com/v4/sof-windowspm/?action0=xa.geoip&action1=visit&action2=install&update0=ref,wpmvt&update1=nation,us&update2=language,en 65.255.35.142
hxxp://xa.xingcloud.com/v4/sof-windowspm/?action=visit.heartbeat.wpmvt&update3=version,20.0.0.1953 65.255.35.142
hxxp://xa.xingcloud.com/v4/sof-windowspm/?action=visit.heartbeat.wpmvt 65.255.35.142
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.ient 65.255.35.142
hxxp://installer.betterinstaller.com/pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=3&index_in_screen=1&index_in_session=3&0.5049814859640564
hxxp://installer.betterinstaller.com/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=4&index_in_screen=1&index_in_session=4&0.3828528966074728
hxxp://cds.c5z6s5a3.hwcdn.net/smt2b/all/hat/row/setup.exe
hxxp://xa.xingcloud.com/v4/sof-ient/267123711_198339_B48A115F?action0=xa.geoip&action2=visit&update0=ref,smt&update1=nation,us&update2=language,en&update3=version,2.8.8.2102&update4=chptid,smt 65.255.35.142
hxxp://xa.xingcloud.com/v4/sof-ient/267123711_198339_B48A115F?action1=install.smt 65.255.35.142
hxxp://up.soft365.com/Fan/rebirth?uid=267123711_198339_B48A115F&ptid=smt&ver=4.0.1.1716&dname=istartsurf 174.36.247.67
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=100&n=init_start_funnel_step_name&rnd=1429509267
hxxp://bigspeedpro.com/webplayer/flvplayer/config.json
hxxp://bigspeedpro.com/webplayer/flvplayer/32x32.ico
hxxp://xa.xingcloud.com/v4/searchprotect/267123711_198339_B48A115F?action=visit.heartbeat.smt&update0=ref,smt&update1=nation,us&update2=language,en&update3=version,4.0.1.2105 65.255.35.142
hxxp://bigspeedpro.com/webplayer/flvplayer/flvplayer.ico
hxxp://bigspeedpro.com/webplayer/flvplayer/html/flvplayer.html
hxxp://bigspeedpro.com/webplayer/flvplayer/html/images/logo.png
hxxp://bigspeedpro.com/webplayer/flvplayer/html/jwplayer.js
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.8.2/jquery.min.js
hxxp://bigspeedpro.com/webplayer/flvplayer/html/images/btn.png
hxxp://ipgeoapi.com/ 23.21.240.96
hxxp://bigspeedpro.com/webplayer/flvplayer/html/images/flv_02.jpg
hxxp://bigspeedpro.com/webplayer/flvplayer/html/images/bg_header.jpg
hxxp://bigspeedpro.com/webplayer/flvplayer/html/images/gui_btn.png
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&app=65743&appver=0&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=D8EC08FCD9F84930B2B635022F4942AEPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_43&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1073750533&asw3=-2147483648&asw4=32768&crtnm=na&mdat=&procstarttime=1429509267&procruntime=3&rnd=1429509270
hxxp://s3-website-us-east-1.amazonaws.com/installer-error.gif?action=sesamy&app=65743&appver=0&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=D8EC08FCD9F84930B2B635022F4942AEPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&error=0&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1073750533&asw3=-2147483648&asw4=32768&crtnm=na&procstarttime=1429509267&procruntime=3&rnd=1429509270
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=3&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000820&country=ua&app=65743&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429509267&asw=0_1073750533_-2147483648_32768&browser=ff&rnd=1429509267
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=200&n=init_end_funnel_step_name&rnd=1429509271
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=300&n=deploy_start_funnel_step_name&rnd=1429509271
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1429509272
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=500&n=deploy_notification_start_funnel_step_name&rnd=1429509272
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1429509272
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=700&n=deploy_ch_start_funnel_step_name&rnd=1429509273
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=800&n=deploy_nova_start_funnel_step_name&rnd=1429509273
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=900&n=deploy_ff_start_funnel_step_name&rnd=1429509273
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1429509276
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1429509276
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1429509276
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1429509277
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=10000&n=deploy_end_funnel_step_name&rnd=1429509277
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=finished&LFMR=_ffDll_0&app=65743&appver=&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=D8EC08FCD9F84930B2B635022F4942AEPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_43&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1073750533&asw3=-2147483648&asw4=32768&crtnm=na&procstarttime=1429509267&procruntime=11&rnd=1429509278
hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=install&app=65743&appver=&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=D8EC08FCD9F84930B2B635022F4942AEPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&installtime=1429509267&lifetime=0&silent=1&crtnm=na&procstarttime=1429509267&procruntime=12&rnd=1429509279
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=4&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000820&country=ua&app=65743&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429509267&asw=0_1073750533_-2147483648_32768&browser=ff&rnd=1429509267
hxxp://bigspeedpro.com/webplayer/appshat/config.json
hxxp://appshat.com/images/64x64.ico
hxxp://appshat.com/images/16x16.ico
hxxp://appshat.com/home
hxxp://appshat.com/css/main.css
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.7.2/jquery.min.js
hxxp://appshat.com/css/product.css
hxxp://appshat.com/css/style.css
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js
hxxp://appshat.com/css/lightbox.css
hxxp://appshat.com/js/scripts.js
hxxp://googleadapis.l.google.com/css?family=Abel
hxxp://appshat.com/js/jquery.smooth-scroll.min.js
hxxp://appshat.com/js/lightbox.js
hxxp://appshat.com/images/logo.jpg
hxxp://appshat.com/thumbnails/banner/images/assets/c/1/c16ddcefe8d9f0d1f850dfcd8f36687d.jpg
hxxp://appshat.com/thumbnails/banner/images/assets/0/d/0d2eb87d6982e1321cd3e3735ca5ca4c.jpg
hxxp://www-google-analytics.l.google.com/analytics.js
hxxp://ssl.gstatic.com/s/abel/v6/3YEwT2a1878zysq92S8_9w.eot 216.58.209.195
hxxp://appshat.com/thumbnails/banner/images/assets/7/f/7fb9f4ca0fa96299334c18ee76c7b68b.jpg
hxxp://appshat.com/thumbnails/banner/images/assets/1/f/1f8ffa22b53dfc2f6b7f1850bb6b73e8.png
hxxp://appshat.com/images/4.5stars.jpg
hxxp://www-google-analytics.l.google.com/r/collect?v=1&_v=j35&a=562580968&t=pageview&_s=1&dl=http://www.appshat.com/home&ul=en-us&de=utf-8&dt=Apps Hat&sd=32-bit&sr=1716x901&vp=1018x770&je=0&_u=AEAAAAAAI~&jid=455226075&cid=200198676.1429509281&tid=UA-42656881-1&_r=1&z=506450127
hxxp://appshat.com/thumbnails/icon/images/assets/0/7/07fce0a4ff78cc7e6376e227f046ce06.png
hxxp://appshat.com/images/5.0stars.jpg
hxxp://appshat.com/thumbnails/icon/images/assets/f/4/f4e4b853ddab3b763f0af17d513631bd.png
hxxp://installer.betterinstaller.com/pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=4&index_in_screen=1&index_in_session=4&0.32016598541050323
hxxp://appshat.com/thumbnails/icon/images/assets/6/a/6a12dc1a298e870b610a58a56ba0f5ec.jpg
hxxp://appshat.com/images/3.0stars.jpg
hxxp://appshat.com/thumbnails/icon/images/assets/e/5/e54e8c720dffffa619c3b0eacec9381a.png
hxxp://appshat.com/thumbnails/icon/images/assets/5/d/5dbc29649669598ff43174b9ee730008.png
hxxp://appshat.com/thumbnails/icon/images/assets/8/3/83a4cee7a59522b93ed0ae1fa73ce8f3.png
hxxp://appshat.com/thumbnails/icon/images/assets/5/8/589b1e936e1f038dc45bd8ffff59b359.png
hxxp://appshat.com/thumbnails/icon/images/assets/2/3/23428f8768d928d2bd45dd3b0c4d0057.png
hxxp://appshat.com/thumbnails/icon/images/assets/f/1/f1ed3cd0cae7a3524376e6f9369c7ab8.png
hxxp://appshat.com/thumbnails/icon/images/assets/7/d/7d4f668f3d1818d01b6b9684b669d0db.png
hxxp://appshat.com/images/4.0stars.jpg
hxxp://appshat.com/thumbnails/icon/images/assets/5/2/52d5414e7372639389ab7e9e4d479aee.png
hxxp://appshat.com/thumbnails/icon/images/assets/3/d/3d8bbea6bcae57d705c676f7050a7d51.png
hxxp://appshat.com/thumbnails/icon/images/assets/0/6/0692c2494a7331a77c05954f79c5480a.png
hxxp://appshat.com/thumbnails/icon/images/assets/a/6/a6ae526a0a22dcfc743a66d44a3e09e3.png
hxxp://appshat.com/thumbnails/icon/images/assets/c/c/cc3148e57a2928cd1ada1bbea553c3c2.png
hxxp://appshat.com/thumbnails/icon/images/assets/1/3/13ca8e322e15bc394d66a37bec12e3b4.png
hxxp://appshat.com/thumbnails/icon/images/assets/f/3/f3ad8b396434c21b4c214fd667ee391d.png
hxxp://appshat.com/thumbnails/icon/images/assets/a/6/a64a4b5c68c364d30083fbd0b0363585.png
hxxp://appshat.com/thumbnails/icon/images/assets/e/9/e94782c9200f8de809a50327879df1cc.png
hxxp://appshat.com/thumbnails/icon/images/assets/4/4/442a5f30204dd385d17de5848683274f.png
hxxp://appshat.com/thumbnails/icon/images/assets/5/9/59982d8527c0da41e35817e8fc15c0fc.png
hxxp://appshat.com/thumbnails/icon/images/assets/b/1/b147a5a09b49b133d347bd975a4c5616.png
hxxp://www.theviilage.com/windowspm/up?ptid=wpmvt&sid=WindowsMangerProtect&ln=en_us&ver=20.0.0.1953&uid=&upv= 208.43.69.149
hxxp://www.theviilage.com/searchprotect/up?ptid=smt&sid=IHProtectPlugin&ln=en_us&ver=4.0.1.2105&uid=267123711_198339_B48A115F&dp=0 208.43.69.149
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?da951187161dc203
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0ef92f05e7b796c6
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt?9d35fd032a234bd7
hxxp://crl.globalsign.net/root-r3.crl 108.162.232.197
hxxp://crl.globalsign.net/gscodesignsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQpEOCqbmTiQA9OjY//t2aa8NSkuwQUGUq4WuRNMaUU5V7sL6Mc+oCMMmsCEhEhZyg35kUM7JUe4UHDT5+Nwg== 108.162.232.197
hxxp://crl.globalsign.net/root.crl 108.162.232.197
hxxp://crl.globalsign.net/gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv+0+18N0XcyAH6gvUHoCEhEhZ1N/ArcYWNWqP8XWy7QmXA== 108.162.232.197
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k=
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U=
hxxp://www.bigspeedpro.com/webplayer/flvplayer/html/images/gui_btn.png 78.138.126.82
hxxp://dlrkbt247pbk6.cloudfront.net/3428_92a5d683c188790231b1aa2af09de41e/2.pak 54.230.45.186
hxxp://d1z9ocnzqrnjt0.cloudfront.net/mirror/nerocrossrider/appshat_generic.exe 54.230.46.48
hxxp://bi.bisrv.com/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=1&index_in_screen=1&index_in_session=1&0.07194952895934337 78.138.127.15
hxxp://www.appshat.com/thumbnails/icon/images/assets/d/a/da84c206c2019448521379d2ff837774.png 78.138.127.8
hxxp://install-cdn.theswiftrecord.com/sd?is=sm 87.245.216.114
hxxp://www.appshat.com/thumbnails/icon/images/assets/b/8/b85261679e262228a562f693b3e6ef6f.png 78.138.127.8
hxxp://install.theswiftrecord.com/mg?alpha=WngeFh5qQllOKh5NMTwRWzxNGx5aPhxnGixnaFMFL19fBmp9dwNkcis4HxlKAh8GN2pTCwERVTB3PEx5SXAkG2wiLwJZFQpLQzZrVi9y 8.34.112.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=900&n=deploy_ff_start_funnel_step_name&rnd=1429509273 54.231.2.124
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=100&n=init_start_funnel_step_name&rnd=1429509267 54.231.2.124
hxxp://bi.bisrv.com/pinger?event_type=offer_accepted&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=1&index_in_screen=1&index_in_session=1&0.8132998426318714 78.138.127.15
hxxp://www.bigspeedpro.com/webplayer/flvplayer/html/images/bg_header.jpg 78.138.126.82
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1429509276 54.231.2.124
hxxp://www.appshat.com/css/style.css 78.138.127.8
hxxp://errors.neomapobjectrack.com/installer-error.gif?action=sesamy&app=65743&appver=0&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=D8EC08FCD9F84930B2B635022F4942AEPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&error=0&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1073750533&asw3=-2147483648&asw4=32768&crtnm=na&procstarttime=1429509267&procruntime=3&rnd=1429509270 54.231.2.124
hxxp://bi.bisrv.com/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=2&index_in_screen=1&index_in_session=2&0.4692559837122088 78.138.127.15
hxxp://download.filesfrog.com/software_files/flvplayer/flvplayer.png 212.7.199.182
hxxp://ocsp2.globalsign.com/gscodesignsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQpEOCqbmTiQA9OjY//t2aa8NSkuwQUGUq4WuRNMaUU5V7sL6Mc+oCMMmsCEhEhZyg35kUM7JUe4UHDT5+Nwg== 108.162.232.204
hxxp://www.appshat.com/thumbnails/icon/images/assets/5/8/58d196b3e886a838d021adc8c8848f1e.png 78.138.127.8
hxxp://install.theswiftrecord.com/ii?alpha=amYHExM6QGhBBXhiKDkcayJUHhNqOgs7Hl9VEwJWODpNVFZ/F2QiJD5gC3cXZS9AEnkzVjxTKCJtVE8Eai17F3sGZFsPFj46ExJQTyV8PEBHOVwCTjkyRCxEEQwFIHtrMChzCzlrdRZgbCZoF18/dQY3ch4YYBQgc2kgRnZpQm1OIwlgU0kYOToQE1gWYm9/ETZ6AkdPfmdEO0ZKekcOAjViE0VKYFhScyk9cmlXHVB9A0Zxag5gE1F2fldJAG0ybUQwWxgaXBheWQdJBVIvMSgcTyNfFhA7IE5/FRgVVwhLemgYQ0N9F3o8Lip7WEoUcmBlHzE+Ty5SQXFwNg1aOWY4UDxbOhRTBUUqAVATVCUoIk84cBFEUX19VWkTHRhGBE0qbghQBn9LVD5tYjQaC0IgL0EaPjRHZGQPITwPDF1/Kx5NPEAxER92f2tVQwUPcC87HCxsX0APcSpEPlURAQVNDmw1TVhHMhoHb3hoLh4TSDQCCERvYBRsBxEpNFs5VDNwLgUxWzkbAmFFVW9nUEI5LC4cXAluPD5qNxZidWFPVBNacCc9eFFuWFJ1GzFmX1ATamBhVgwZcxABJS8jDV9xOnUiQDASJB4CA25kQhtHACx8fCUuH1srJCk= 8.34.112.140
hxxp://www.appshat.com/js/lightbox.js 78.138.127.8
hxxp://www.appshat.com/css/lightbox.css 78.138.127.8
hxxp://bi.bisrv.com/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=4&index_in_screen=1&index_in_session=4&0.5420718257062946 78.138.127.15
hxxp://www.appshat.com/thumbnails/banner/images/assets/1/f/1f8ffa22b53dfc2f6b7f1850bb6b73e8.png 78.138.127.8
hxxp://www.appshat.com/images/5.0stars.jpg 78.138.127.8
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js 216.58.211.10
hxxp://www.google-analytics.com/r/collect?v=1&_v=j35&a=562580968&t=pageview&_s=1&dl=http://www.appshat.com/home&ul=en-us&de=utf-8&dt=Apps Hat&sd=32-bit&sr=1716x901&vp=1018x770&je=0&_u=AEAAAAAAI~&jid=455226075&cid=200198676.1429509281&tid=UA-42656881-1&_r=1&z=506450127 216.58.209.206
hxxp://fonts.gstatic.com/s/abel/v6/3YEwT2a1878zysq92S8_9w.eot 216.58.209.195
hxxp://bi.bisrv.com/pinger?event_type=offer_accepted&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=3&index_in_screen=1&index_in_session=3&0.42232040220655387 78.138.127.15
hxxp://bi.bisrv.com/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=3&index_in_screen=1&index_in_session=3&0.048555798166990904 78.138.127.15
hxxp://www.appshat.com/thumbnails/icon/images/assets/4/4/442a5f30204dd385d17de5848683274f.png 78.138.127.8
hxxp://download.filesfrog.com/software_files/flvplayer/1_0/FLVPlayerSetup.exe 212.7.199.182
hxxp://bi.bisrv.com/pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=2&index_in_screen=1&index_in_session=2&display_height=170&0.48965568079393257 78.138.127.15
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js 216.58.211.10
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=500&n=deploy_notification_start_funnel_step_name&rnd=1429509272 54.231.2.124
hxxp://fonts.googleapis.com/css?family=Abel 74.125.143.95
hxxp://www.appshat.com/thumbnails/icon/images/assets/f/1/f1ed3cd0cae7a3524376e6f9369c7ab8.png 78.138.127.8
hxxp://www.google-analytics.com/r/__utm.gif?utmwv=5.6.4&utms=1&utmn=2049705111&utmhn=bi.bisrv.com&utmhid=619721783&utmr=-&utmp=Installer_Init&utmht=1429509221563&utmac=UA-31676879-1&utmcc=__utma=1.1939043997.1429509222.1429509222.1429509222.1;+__utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=2074943951&utmredir=1&utmu=qhCAAAAAAAABAAAAAAAAAAAE~ 216.58.209.206
hxxp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/4dfa5bcd08236142b5420a1deefa56ef?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=4dfa5bcd08236142b5420a1deefa56ef&muid=AD2252CE007468623BD139B0ADEC3423 78.138.127.15
hxxp://bi.bisrv.com/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=4&index_in_screen=1&index_in_session=4&0.3828528966074728 78.138.127.15
hxxp://www.appshat.com/images/4.5stars.jpg 78.138.127.8
hxxp://www.appshat.com/home 78.138.127.8
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1429509276 54.231.2.124
hxxp://www.appshat.com/thumbnails/icon/images/assets/5/9/59982d8527c0da41e35817e8fc15c0fc.png 78.138.127.8
hxxp://clients1.google.com/ocsp 173.194.122.3
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1429509272 54.231.2.124
hxxp://www.bigspeedpro.com/webplayer/flvplayer/32x32.ico 78.138.126.82
hxxp://stats.neomapobjectrack.com/installer.gif?action=started&app=65743&appver=0&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=D8EC08FCD9F84930B2B635022F4942AEPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_43&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1073750533&asw3=-2147483648&asw4=32768&crtnm=na&mdat=&procstarttime=1429509267&procruntime=3&rnd=1429509270 54.231.9.108
hxxp://www.bigspeedpro.com/webplayer/flvplayer/flvplayer.ico 78.138.126.82
hxxp://www.google-analytics.com/analytics.js 216.58.209.206
hxxp://bi.bisrv.com/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=3&index_in_screen=1&index_in_session=3&0.5228130437645384 78.138.127.15
hxxp://www.appshat.com/thumbnails/icon/images/assets/0/6/0692c2494a7331a77c05954f79c5480a.png 78.138.127.8
hxxp://www.bigspeedpro.com/webplayer/flvplayer/config.json 78.138.126.82
hxxp://www.appshat.com/thumbnails/icon/images/assets/6/a/6a12dc1a298e870b610a58a56ba0f5ec.jpg 78.138.127.8
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= 23.57.107.27
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=700&n=deploy_ch_start_funnel_step_name&rnd=1429509273 54.231.2.124
hxxp://bi.bisrv.com/pinger?event_type=offer_accepted&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=2&index_in_screen=1&index_in_session=2&0.22718169464830057 78.138.127.15
hxxp://www.appshat.com/thumbnails/icon/images/assets/f/3/f3ad8b396434c21b4c214fd667ee391d.png 78.138.127.8
hxxp://bi.bisrv.com/pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=4&index_in_screen=1&index_in_session=4&display_height=90&0.8520016936197526 78.138.127.15
hxxp://www.appshat.com/thumbnails/icon/images/assets/e/9/e94782c9200f8de809a50327879df1cc.png 78.138.127.8
hxxp://www.appshat.com/thumbnails/icon/images/assets/0/7/07fce0a4ff78cc7e6376e227f046ce06.png 78.138.127.8
hxxp://logs.neomapobjectrack.com/monetization.gif?event=4&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000820&country=ua&app=65743&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429509267&asw=0_1073750533_-2147483648_32768&browser=ff&rnd=1429509267 69.16.175.10
hxxp://www.appshat.com/thumbnails/icon/images/assets/d/5/d586df222f5069b6c396373d67d0163b.png 78.138.127.8
hxxp://www.appshat.com/thumbnails/icon/images/assets/c/c/cc3148e57a2928cd1ada1bbea553c3c2.png 78.138.127.8
hxxp://www.appshat.com/thumbnails/banner/images/assets/7/f/7fb9f4ca0fa96299334c18ee76c7b68b.jpg 78.138.127.8
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=10000&n=deploy_end_funnel_step_name&rnd=1429509277 54.231.2.124
hxxp://stats.neomapobjectrack.com/installer.gif?action=finished&LFMR=_ffDll_0&app=65743&appver=&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=D8EC08FCD9F84930B2B635022F4942AEPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_43&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1073750533&asw3=-2147483648&asw4=32768&crtnm=na&procstarttime=1429509267&procruntime=11&rnd=1429509278 54.231.9.108
hxxp://ocsp2.globalsign.com/gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv+0+18N0XcyAH6gvUHoCEhEhZ1N/ArcYWNWqP8XWy7QmXA== 108.162.232.204
hxxp://www.bigspeedpro.com/webplayer/flvplayer/html/jwplayer.js 78.138.126.82
hxxp://www.appshat.com/thumbnails/icon/images/assets/5/d/5dbc29649669598ff43174b9ee730008.png 78.138.127.8
hxxp://dl.newinputinfoservice.com/smt2b/all/hat/row/setup.exe 69.16.175.42
hxxp://bi.bisrv.com/pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=3&index_in_screen=1&index_in_session=3&0.5049814859640564 78.138.127.15
hxxp://www.appshat.com/images/64x64.ico 78.138.127.8
hxxp://www.appshat.com/css/main.css 78.138.127.8
hxxp://www.appshat.com/thumbnails/icon/images/assets/2/3/23428f8768d928d2bd45dd3b0c4d0057.png 78.138.127.8
hxxp://www.bigspeedpro.com/webplayer/appshat/config.json 78.138.126.82
hxxp://download.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar 93.184.221.133
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl 87.245.216.33
hxxp://www.appshat.com/thumbnails/icon/images/assets/1/3/13ca8e322e15bc394d66a37bec12e3b4.png 78.138.127.8
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl 87.245.216.33
hxxp://bi.bisrv.com/pinger?event_type=offer_accepted&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=4&index_in_screen=1&index_in_session=4&0.1553293651109247 78.138.127.15
hxxp://bi.bisrv.com/pinger?event_type=install_fail&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=1&index_in_screen=1&index_in_session=1&0.06204252352919859 78.138.127.15
hxxp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423 78.138.127.15
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0ef92f05e7b796c6 87.245.216.25
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= 23.57.107.27
hxxp://www.appshat.com/thumbnails/icon/images/assets/7/d/7d4f668f3d1818d01b6b9684b669d0db.png 78.138.127.8
hxxp://bi.bisrv.com/installer/ajax 78.138.127.15
hxxp://www.appshat.com/thumbnails/icon/images/assets/b/b/bbbde9554589bda63791709a6785e0a3.png 78.138.127.8
hxxp://bi.bisrv.com/pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=3&index_in_screen=1&index_in_session=3&display_height=50&0.9417944086509177 78.138.127.15
hxxp://www.google-analytics.com/ga.js 216.58.209.206
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= 23.57.107.27
hxxp://install.theswiftrecord.com/fp?alpha=Z2o/FEhOYSxYKUppED5HZi5sGUhnNillCUBrfgsUYH4yFA5lGztiVxEvJGFvJnpLM0d6GFNlCGZla0wvf0tLHTt4bXR+R0UwWAdeQj5EGVckazxYFnByaGBNGQQ/Vl1iPn4ATDcQNmskYC0jDxo9eTJAN2YUURIXemxuSkgwfB0ZWHQvLEobKzMvARlPek8rWndxKUxGYWdjeEgZFDlTSWMycwVKIhFqciJnOCQbCTp/Khdld0gFAFgmYQ4QATdhGlwubT0uUBBpanZGRE4pWQYuUWBrB0B8bWppSRECPVRCMHg/DyprSGs9YSY4V0dPbiJuFHYJUFIfCX9rbHJIJ3oaQDN7b3t5SkIzLwwVEmM7Z04gdjFYFnhobXVPZAA/UV1gOBVzOUZUXltsFnYP 8.34.112.140
hxxp://www.appshat.com/css/product.css 78.138.127.8
hxxp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423 78.138.127.15
hxxp://www.appshat.com/thumbnails/icon/images/assets/f/4/f4e4b853ddab3b763f0af17d513631bd.png 78.138.127.8
hxxp://www.appshat.com/thumbnails/icon/images/assets/5/2/52d5414e7372639389ab7e9e4d479aee.png 78.138.127.8
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=200&n=init_end_funnel_step_name&rnd=1429509271 54.231.2.124
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1429509277 54.231.2.124
hxxp://www.appshat.com/images/4.0stars.jpg 78.138.127.8
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1429509276 54.231.2.124
hxxp://www.appshat.com/thumbnails/icon/images/assets/5/8/589b1e936e1f038dc45bd8ffff59b359.png 78.138.127.8
hxxp://bi.bisrv.com/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=1&index_in_screen=1&index_in_session=1&0.00898924775765847 78.138.127.15
hxxp://www.bigspeedpro.com/webplayer/flvplayer/html/images/logo.png 78.138.126.82
hxxp://www.appshat.com/thumbnails/banner/images/assets/0/d/0d2eb87d6982e1321cd3e3735ca5ca4c.jpg 78.138.127.8
hxxp://www.appshat.com/images/bg_main.jpg 78.138.127.8
hxxp://bi.bisrv.com/pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=1&index_in_screen=1&index_in_session=1&display_height=80&0.11032366185080816 78.138.127.15
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=800&n=deploy_nova_start_funnel_step_name&rnd=1429509273 54.231.2.124
hxxp://www.appshat.com/thumbnails/icon/images/assets/b/1/b147a5a09b49b133d347bd975a4c5616.png 78.138.127.8
hxxp://www.appshat.com/js/scripts.js 78.138.127.8
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?da951187161dc203 87.245.216.25
hxxp://stats.neomapobjectrack.com/apps.gif?action=install&app=65743&appver=&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=D8EC08FCD9F84930B2B635022F4942AEPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&installtime=1429509267&lifetime=0&silent=1&crtnm=na&procstarttime=1429509267&procruntime=12&rnd=1429509279 54.231.9.108
hxxp://www.appshat.com/thumbnails/icon/images/assets/8/3/83a4cee7a59522b93ed0ae1fa73ce8f3.png 78.138.127.8
hxxp://www.bigspeedpro.com/webplayer/flvplayer/html/images/btn.png 78.138.126.82
hxxp://www.bigspeedpro.com/webplayer/flvplayer/html/flvplayer.html 78.138.126.82
hxxp://www.appshat.com/images/3.0stars.jpg 78.138.127.8
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl 87.245.216.33
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt?9d35fd032a234bd7 87.245.216.25
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=300&n=deploy_start_funnel_step_name&rnd=1429509271 54.231.2.124
hxxp://install.theswiftrecord.com/if?alpha=amYHExNwKw9gTCFuKDkcayJUHhNqOgs7Hl9VEwJWODpNVFZ/F2QiJD5gC3cXZS9AEnkzVjxTKCJtVE8Eai17F3sGZFsPFj46ExJQTyV8PEBHOVwCTjkyRCxEEQwFIHtrMChzCzlrdRZgbCZoF18/dQY3ch4YYBQgc2kgRnZpQm1GNgkHHVpJZ0NPTwJtPy0hcm8jRREXaj4UYhcKTghTD20yRQUSIRgHe31rIRsXRiAkVxAdKE9kSAQ+IAoQRzolL0YzdiYaaRg6Og8WWB9kcX0PKXwEQE5qNAcwb0NbCDRsemgYQV9/TwoCJDZwRFIBKmAEQnI4SS0HDjUmAw0IEmooUTpHOxNLBVxjT0IZUSVhegFIOF4UGj8gCzBNTVQVLx98cQ5HVWZFWXV3eCIFFFwxdgJHfylFK1cIJTVGD1Q8aGsZdQV6RRlKeGZASBEbEy8qTXE5WVJXGT0LK0ZIGGYVXihiGBwAYVwKYWs2JlsYCyAhREtmagxoEVNgPQdCBW85fhNvAWJPDWcxOBEcQhNwMSJFJQxQHgwpdQYwTkIFcS9gEkZNUUliSQoRDgdaagMWcn1kOyg7UjwNQRAdER5HOiMdSidAIRRTBVgqcmUlb3YFJFJzanUXCSUwB1dUVWpZW2U= 8.34.112.140
hxxp://www.appshat.com/images/16x16.ico 78.138.127.8
hxxp://bi.bisrv.com/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=2&index_in_screen=1&index_in_session=2&0.852214463004196 78.138.127.15
hxxp://www.appshat.com/thumbnails/banner/images/assets/c/1/c16ddcefe8d9f0d1f850dfcd8f36687d.jpg 78.138.127.8
hxxp://www.appshat.com/thumbnails/icon/images/assets/3/d/3d8bbea6bcae57d705c676f7050a7d51.png 78.138.127.8
hxxp://www.appshat.com/thumbnails/icon/images/assets/a/6/a6ae526a0a22dcfc743a66d44a3e09e3.png 78.138.127.8
hxxp://download.mozilla.org/?product=firefox-34.0.5-complete&os=win&lang=en-US 63.245.217.36
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl 87.245.216.33
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= 23.57.107.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= 23.57.107.27
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js 216.58.211.10
hxxp://logs.neomapobjectrack.com/monetization.gif?event=3&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000820&country=ua&app=65743&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429509267&asw=0_1073750533_-2147483648_32768&browser=ff&rnd=1429509267 69.16.175.10
hxxp://bi.bisrv.com/pinger?event_type=install_fail&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=2&index_in_screen=1&index_in_session=2&0.8620905277575275 78.138.127.15
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= 23.57.107.27
hxxp://www.appshat.com/images/logo.jpg 78.138.127.8
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1429509272 54.231.2.124
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= 23.57.107.27
www.gstatic.com 216.58.209.195
apis.google.com 216.58.209.206


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
ET POLICY Executable served from Amazon S3
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN Win32.Sefnit
ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
ET MALWARE Win32/Toolbar.CrossRider.A Checkin

Traffic

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=375377, public, no-transform, must-revalidate
Last-Modified: Fri, 17 Apr 2015 14:10:10 GMT
Expires: Fri, 24 Apr 2015 14:10:10 GMT
Date: Mon, 20 Apr 2015 05:57:34 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015041
7141010Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.A..2.....:...:......20150417141010Z....20150424141010Z0...*.H........
........c.8.c..d8..6_.S.O..~Q.0..biaE3.C......MY.W.J.'gu...5.U.X......
.....p..R.........7.ErNBD.....7.5..Z..k.8S.Y..=.h...]_.<...[t.?..D6
...6([email protected].../A".....:.v....'.._.'.thz.}.e..W...RC..5.1f/.Z..61
.~.7......F...>.FO...dw.G(5U'.[;;......T..`P. ... .......#0...0...0
..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
......m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...n
z(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*].
..*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...
:.C.Q.i~rl..<..krS..8.B..o][email protected]...
U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.veri
sign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS inco
rp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U..
......0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H
<<< skipped >>>


GET /pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar HTTP/1.1
Host: download.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Range: bytes=1200000-1499999
Connection: keep-alive


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Content-Range: bytes 1200000-1499999/47994403
Content-Type: application/octet-stream
Date: Mon, 20 Apr 2015 05:54:11 GMT
Etag: "4b1e700-2dc5623-508c5f506dac8"
Expires: Mon, 27 Apr 2015 05:54:11 GMT
Last-Modified: Wed, 26 Nov 2014 16:59:55 GMT
Server: ECAcc (frf/8709)
X-Backend-Server: ftp2.dmz.scl3.mozilla.com
X-Cache: HIT
X-Cache-Info: not cacheable; response code not cacheable
Content-Length: 300000
,................L'...UM*..b...."..A.(.P`*.v..f...1.%.`.Xu...X# .d .".
 .B2!.J..U....Z1....ff.Q..)........v.S.B.D.. .U@X..`.AN....A.F.Q.E..U.
4..#=.Vy.b$..H.x...J..V&.Z.q...d....<.v.Q..*..p...,.1`%.Q.........H
.E..k*..Uj ..c ...S..I.Y....gz.aR.. .j...<\.xxE)..t.B..M.R.|..(...,
.Q..QD[_>.c..YcaA"X!T:...[j\...;2J...3.4.{.Mm.,..Q2....t<.Jw7..@
.al .......U .3....<....e%....R.....K.S=.3(.........K.>.|.%Q<
..,..H...X(. ....zg... tAh..Q...,...X1.H.E]kR.V.Q..q,ol.....Z..Hc....X
!.R....1mT...J.E..U.A#....mU...U.....s5.1 ...V2%h.c..........S.....b.&
.*YAj)G...F..#2....U.....C...d..ihR. .D`..J[m..Y.e....7Vv...D#1...X.A,
Z...|.t..KK..X.Z..|.c2..x........X2...Q....%......a.......-.L...S.....
.`...c#....V.... .`..[eB...1Q.b.....w..b....,.dr.Fg..w.b[.....4(.e,6n.
]..y...VWA....e.(T....e.P."cm..[......~G...l....h.f|..[[.m..8....%\K{a
H...6...Ls,....h.2h..p..aHR.K.b..DHu^.u.....W.b/k..l....'2.4M)M.Nhq..L
.-...e..^d...e.2..j`..B...%X1..6.-X...(.J..$r..:. d..... RN..c....(e"S
...f.`=..y..~.........1/r5a....;..Sm.?..2G..Y-Ar..VU.]R.N.......L.!.b.
?.....{..p.....5H.6...0..N..)t..\[email protected],...e.kG..WV.~..p...=...o
A......A..f."1;.0A.,..Ldk....9/.#.x.\..=/z.#S.>.xyL...A ..}W...X...
.`....ij.PEET....>k......w..N...{M5.P....#..G.C.z\..X..#.#...|2...6
..3.g.}(..6..u"..g....W.5.t_`A...^.......r....7pt....._..4.Fi...=..=..
E......yh..........?Yw..t...{.Z.q^._.J..........I.,h...3..\?.cg..N. ..
.....E...5(..Q.Sl....l.."...l..\M.s.....[g[UaZ.......,......C6..F..c..
M...H.A.!...M....VF...aG.=.%r...js.)..B]..' #....c5a..i.....^) QH.
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=83916-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache



.....T.H.3..E.VW..|....}..t..}..t..}..t............}....S.....|....M.;
H.........|....z..t...|.....Q..........|....B.......|......U.;Q.|.....
..>.....|......U.;Q.}...|.....Q.K........|......H.;M.}...|.....P...
.........|.....<...R..|.....Q..........|....E..B.......Q.U.R.E.P..|
.....R.........................|.....Q..........|....B..............t.
3..q..........~.......^..........u.......K.........A.....|....y..t...|
.....P..........|....A.......|......M.;H.|.............|......M.;H.}..
.|.....P..........|......B.;E.}...|.....R.Y..............P.M.Q..|.....
....U...........}..u.3.......E................../t6...........\t(.....
......t.........Q...:t...x...........x.........x..................t...
....Rj.................P..|.....D...Q........3.......}..u..U..U..:....
E..........................................t<.........../t.........
...\u.......................................R......P.S............;...
..u.3.f.............. .......3.f..E............./t/.........\t#.......
..t..........:t...t...........t.........t....................*........
...p...........l.....l.....h.....p...f..f..f.....l...f..f...f....p....
....p.....l........l...f..f....u.........`.....`.....\.....`...f..f..Z
.....`....f..Z....u...`... .\.....\.....T.....P..............L.....L..
.f.H.f..J.....L....f..J....u...L.....T.....P.......................Pj.
.m.............|.....D.....D...........@.....@.....<.....D...f..f..
:[email protected]..:...f....D........D.....@[email protected]..:....u.........4.
....4.....0.....4...f..f........4....f.......u...4... .0.....0....
<<< skipped >>>


GET /smt2b/all/hat/row/setup.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: dl.newinputinfoservice.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Mon, 20 Apr 2015 05:54:23 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429283461"
Last-Modified: Fri, 17 Apr 2015 15:11:01 GMT
Cache-Control: max-age=1142
Content-Length: 12513156
Content-Type: application/x-msdownload
X-HW: 1429509264.dop010.am4.t,1429509263.cds045.am4.c
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@.......................... 
......./........ ..............................p.......... C..........
......................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]...@....... [email protected]... C.
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..
<<< skipped >>>


GET /images/Tokyo/tokyo_sprite_full.png HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: d110jf50ovcr9h.cloudfront.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 26401
Connection: keep-alive
Server: nginx
Date: Sun, 19 Apr 2015 04:52:49 GMT
Last-Modified: Tue, 14 Apr 2015 08:31:54 GMT
ETag: "552cd07a-6721"
Expires: Sun, 19 Apr 2015 05:02:49 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
Age: 579
X-Cache: Hit from cloudfront
Via: 1.1 9a1a4611d27801314004f312097d7f2c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: iokPr7O5nGIlj5bTQnaBgHm_frAYkLOO-YXF7UInD3ZQ7PgG3hbnSA==
.PNG........IHDR...............-)....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:080CC8DDBD6511E3B018CC78
0203A0F9" xmpMM:DocumentID="xmp.did:080CC8DEBD6511E3B018CC780203A0F9"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:080CC8DBBD6511E3B0
18CC780203A0F9" stRef:documentID="xmp.did:080CC8DCBD6511E3B018CC780203
A0F9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>..!C..c.IDATx......G}.....9....,....;...Mx.
1..!.l...`............{..%.q...o..qp ...1.flA0..E.d......vW..W/S..3..I
gF:....5=..=}..3....._.B>......!...%.....RJr....e...m......M...uW*.
.v..j.J.b.~.w.7QI/....{.@...)]....}.Ugf......eM.u..].N."c%.,.V...;.5..
}.v.......A...l>.;.>O....Lo..ku^......3.8....x./M.G]5y.(P....p..
.X..^.z.....R._ ..m..u/|.......:D.Z....\........;\....k.....|x>7\."
....RLi.$.%ZWo\......o.]]q...|.r.......Y.3.mal...d{{..W.....fQ.-......
.j5..e.....6............k(......b^k.....|miA....A$..(;o.??D.p.S5S'..KW
.......=....>..H..f.5....N.t...6 .......0w.0.`.......x.y....S{.
<<< skipped >>>

GET /sponsored/speedbit/eula-youtubeaccelerator.html HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: d110jf50ovcr9h.cloudfront.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 19 Apr 2015 04:56:08 GMT
Last-Modified: Sun, 26 Oct 2014 17:24:16 GMT
Expires: Sun, 19 Apr 2015 05:06:08 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
Age: 110
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 9a1a4611d27801314004f312097d7f2c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 43vNS_Dls2ZemSV60bafZBk4JCa_3D6ooryYkx9qAevluEqX-zF25A==
2d9.............]ko..y.....&J.K.D...h........[,.n...F...5.af... @.F.^.
I..y.s..9.:..H.D.9s...y/~..._=.......]...o?{~.,.;:>~..g..._|...W./.
g.G...:_6e[V.|~||.r/..j..........OGU=;.xs..c=....Q..9......<.....e.
d`..?....m=[...h.u.j..vU<.k....w.un..e...^.......>z.I....}.QM..r
9.nF......o.......O....r...?......I..z.}q{.M.i....>...K.,...>y.\
.....'{..m[....i.....~..d......Gu....b...o....p..o..;H?..>.v..{.:..
....0.........................'._......?.l....o..Q.....9..q.C.]..4....
70...w.a.v]/.~......zn\M..o..U.U.,.-.....q.........B........WE.~Q...u.
S.w.. .`K.j.^`X.......g....e.(......_?.6..p^.../.."o..w.>......FM..
. ..u[....|.p......;...I.{..Q..i.|.w.w...c..G.jU,'....d.S..~f.)r......
.A...w...9.. R....g..Y...x..'..{.(.<._.5N.......3...c.F.....24c0..)
..wYMn.........e?z.....-.zV..e....U..G..\.([V."...i.l............i.(..
......).r..~..]}.)y.&....Q6.W%X.Cm.<z..b.OM.dYX.?.>d......{...k.
.......y1m.eG...{....#........&.._./.....O.U./..Ev2... y[..EQ/....mS`.
O....>....x.7....l............a...q.W.c.#./......^\..... ..Y6/...).
|9. .l.5>...*.-....YW./.a...lV].......r,...q.:Fi1..<kA...__.....
.....x..Ap.?...Z..=......q.4.)....R[.9~...*.*(....'.Yi..p.B.n......e'.
..I.T.;.L.^-..Co...j0u..j...dc0B^..I.r.....-.(...n......1.-...'.*.....
..M^....&...y~..-...;W....UV.8.,.c.'...QLd 4x.....fmU....<...M..pRN
3\{S`AX..6..X........'_._....q2.8.?.QF.M.0.>.l^......6.I:...4DvY.7E
!.=....m.C.....U.}...c.....??.......[e...H..-.c:-.%vj'..A..2.K|..%]...
...{Ga....EQ..Z|Q..6?..4?z|................H.%.....{....\b[.......
<<< skipped >>>


GET /webplayer/flvplayer/config.json HTTP/1.1
Accept: */*
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Cache-Control: max-age=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:28 GMT
Content-Type: application/json
Content-Length: 905
Last-Modified: Mon, 10 Mar 2014 13:59:58 GMT
Connection: close
ETag: "531dc55e-389"
Accept-Ranges: bytes
{."group-name": "FLV Player",."program-name": "Play online FLV files",
."about-text": "FLV Player v1.1\n(c) 2012 Somoto Ltd. All rights reser
ved\n\nTerms and Conditions:\nhXXp://software.filesfrog.com/FLV Play
er/eula\n\nPrivacy Policy:\nhXXp://software.filesfrog.com/FLV Player
/pprivacy",."title-icon": "hXXp://VVV.bigspeedpro.com/webplayer/flvpla
yer/flvplayer.ico",."tray-icon": "hXXp://VVV.bigspeedpro.com/webplayer
/flvplayer/flvplayer.ico",."shortcut-icon": "hXXp://VVV.bigspeedpro.co
m/webplayer/flvplayer/32x32.ico",."uninstall": true,."url": "hXXp://ww
w.bigspeedpro.com/webplayer/flvplayer/html/flvplayer.html",."width": 8
54,."height": 542,."cache": 86400,."alwaysontop": false,."program-vers
ion": "1.1",."start-on-windows": true,."title": "FLV Player",."tooltip
": "FLV Player",."minimized": true,."update-url" : "hXXp://VVV.bigspee
dpro.com/mirror/nerocrossrider/flvplayer/flvplayer_update.exe".}...



GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.wpm HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Mon, 20 Apr 2015 05:54:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.54 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/1.6.2..Date: Mon, 20 Apr 201
5 05:54:19 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encod
ing: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-
version: v4..48..{"stats":"ok","time":"1.54 ms","message":"store 1 act
ion and 0 update "}..0......


GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.ient HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Mon, 20 Apr 2015 05:54:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.27 ms","message":"store 1 action and 0 upd
ate "}..0..



GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=178475-
User-Agent: Better Installer(Mozilla)
Host: d1z9ocnzqrnjt0.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 107083
Connection: keep-alive
Date: Sun, 19 Apr 2015 05:23:12 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 178475-285557/285558
Age: 1722
X-Cache: Hit from cloudfront
Via: 1.1 e5f6d747af660cb1af4be9da161afb6f.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Ixc51EZvHKPID5oReEDFzh5mYvkQ9B8uF-dIA7X71uPytknUjZ1wvg==
w.N>.Pq..A)...[N......B.x../.>[email protected]..
N.Z......j..&...h....A.hO..\....'.....sj.`.....H.S.|.s=.......I.)L>
...c....i.>.....G.u..H.D....P......qC0<.(...m..y.dm.\1N.m...v.T`
- .Ss. .G2..rk.......N{[email protected].......}......6P$....2
.52..!.x....L.R. [email protected],.].\...a..........k
.....A.....P....u`..I.///....b~.y..^...P...z..p..:.d.....R.4....U. ...
../.M]..~.........(...... y.).. ..In.I.)..ua.*..N!Q.......1.e..b)F5...
x.bS..f..|q.H..K...V.`.^...x!Su4_"?...uc.tY.m...%....r..be.z. ....0.^.
....]y........)... .u_/..V..6).v..\.7n-z.q.............Y.w.oBk..f..}..
[email protected]. .*.b.;..).....|.\@c..)......H.P..;......!"...gN.......9W..
.. ......NJJJ....N|..)T..aU..1....5~.G...=d.m..Qfl..?.yO|e...`.sXm$Op;
."p................t=V.........Q....f.r0.........i...M......E....Y.../
....N.7/.;.....|..R...(./.4..{)..~.M....).......f.w...6.^.0TB...H..c..
.....^-a.G`0ub..|a;.C..T.<..N/......^..>."....f..$..d.=.X0..x4R.
..W...=.....`..w.$\a/.~R.~<.....jS.q.es....-.....#W#.D.4H...tw...&.
A.w/...t...[H"D....9E].....A....B<D.7[.2.3.!.......P.......R..R._.I
...y........([email protected].\D.k.2....3..".".......
.p...?_X.........$v.....,......\.V..EV.G...........Z.DO....B..V...%.D.
...].n..`...H.!..=<.. Y.*l..].j.u.d.o.M.i...>..m........$K..@...
..]~.H.z.p.O.?.i.&.U.....U."<..o.S#..x.....s..g.[.....A.6~'-.1D....
....`Pim2....;.xsV2.'7.#..jlW.1-..4......h ..~...oV..."...]|..i=.....V
(.....e..!..EU.d....ui..9).....^P.o.g..e..H.1x.....\.#..D....G.w.p
<<< skipped >>>


GET /webplayer/flvplayer/32x32.ico HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:28 GMT
Content-Type: image/x-icon
Content-Length: 4286
Last-Modified: Thu, 01 Nov 2012 15:08:11 GMT
Connection: close
ETag: "5092905b-10be"
Accept-Ranges: bytes
......  .... .........(... ...@..... ...... ..........................
!!!V""".!!!.""".""".""".""".""".""".""".""".!!!.!!!.   .   .   .   .!!
!.!!!.!!!.""".""".""".""".""".!!!.""".!!!V............""".............
......................................................................
..............................!!!.....!!!V............................
......................................................................
......................!!!V!!!.........................................
......................................................................
..........!!!.!!!.....................................................
....................................................................!!
!.""".........................................666.lll.................
iii.888.ZZZ.............................................""".""".......
..........................................................QQQ.........
....bbb....................................."""."""...................
..........ddd.KKK.........................888.........................
000............................."""."""...............................
..TTT.....................;;;.................................888.....
....................""".""".....................qqq.........>>&g
t;.................BBB.........................................$$$....
.................""".""".................FFF.............CCC..........
...LLL.........................ppp.jjj.^^^.aaa.....<<<.......
..............!!!.""".............***.................KKK.........
<<< skipped >>>


GET /images/64x64.ico HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:39 GMT
Content-Type: image/x-icon
Content-Length: 32038
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-7d26"
Expires: Mon, 20 Apr 2015 06:24:39 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
............ .h...F...  .... .........00.... ..%..V...@@.... .(B...:..
(....... ..... [email protected]{.[[
[.;;;/WWW.........................................jii.....efe.233.&%%.
!  ..--.[[[I............................[\\.,**.....]]\.011........."!
!.322.jhg?........................WWWg"!!...~.[ZY.   .........&$$./--.
`^^.........................vvu;#"".zwv.^\[.*)).........*((.755.wuuU..
..........................,  .rpp.`_^.))).........-  .ECC.............
....................544.ccc.RQo...?...2.....,*1.FEE...................
..............'&R.......x.! F.43?.KIJ.WUV.OMM.a__.mll/................
....}u..%%w.=<N.CA@.*((.&$$..,,.200.?==.jhh.gcd.NNNW........111gUTT
.....trq.YWV.?<<. .#.........#!!.301.QOO.xst.a__.{zz.110/....311
.^[Z.SQV.(';...T...8...............&.;::.`[\.vrs.QON3....(''.!...** ..
.....2.--....9...........#.! ".766.ZXX.omm.lll.........443Q''&.   ..-,
.A?=.$"".............&&&.<::.URR.cbb_................]]\.433u2//.20
0..,-.%##.........0//.FFF.\YY/................................sss.[[[/
>>>;ECC9][[%jgi..............................................
......................................................................
.............................(... ...@..... ..........................
......................................................................
......................................................................
.......................................vwy.ded VVWSAAA]555]POPMhgf#YYZ
..................................................................
<<< skipped >>>

GET /images/16x16.ico HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-47e"
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
............ .h.......(....... ..... .....@...........................
........ppo....Mmnn.:<<.,* ., ,.EDD.}}}9........................
...._^` \[[.....Z\Z.,//. "!.........544....Y....................ttt.BA
A.755.....YYY.)**.........!. .....SRR.~}}%....................KKK.1/..
....XXW.''&.........$"".(%%.XWW.||| ....................eef. )).....\Z
[.&&'.........&$$..**.yxx.........................yxzq, *...x.cbV.''".
........ ...522....k.........................|q[-,$.hg..BA{...B...9. .
:.20:.DBB....Q........................LIeU..X.......y...H.1/D.FDM.QPS.
NLL.fdc.wwvsjii.................XV.g..p.75H.@?9.20'. *$./.,.1/..643.WU
V.lij.gee.....NNN-AA@O..|o....sqn.][N.:81.!. .........#!!. *(.GEE.uqr.
qmn.ppp.$$$. * .^[[..~z.caa.43B. .G...1............... .334.NJK.}xy.fa
b.HHI...../-,.0/2.......J.. ....@...............%. **.DBA.oll.olm.||}.
=;=.!  ........., A.A?d...&............." !.,-,.CBB.a`_....u....TTT.MM
MI@@?.-,*./-).30*.)&$.#!!.............022.MKJ.mkkw................VUU.
VTTKJII.DCC.;9:.,  .%$#.*((.=<=.YYYwged/srr........................
......................................................................
.......................................HTTP/1.1 200 OK..Server: nginx.
.Date: Mon, 20 Apr 2015 05:54:40 GMT..Content-Type: image/x-icon..Cont
ent-Length: 1150..Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT..Connec
tion: keep-alive..ETag: "5214ef07-47e"..Expires: Mon, 20 Apr 2015 06:2
4:40 GMT..Cache-Control: max-age=1800..Accept-Ranges: bytes...........
... .h.......(....... ..... .....@................................
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=167832-335664
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 20 Apr 2015 05:53:57 GMT
Content-Type: application/octet-stream
Content-Length: 167833
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Thu, 23 Apr 2015 05:53:57 GMT
Cache-Control: max-age=259200
Content-Range: bytes 167832-335664/671328
...}..u..x&.........._.....].V.u...u..[&..........^........u......Y...
.#.....V.;.t.3.^]...U...}..u...&..........^.....]..E...t.j..p..0.u....
.....].j.h..H..9z...e..3..u........u...%.........l^...........]....t..
[email protected]...@u..}..G.=....v....}.....u.V.....Y.e..V.....V.....YY.f..
....N....t.....F.j._.-.E...u W..#..Y..u.....H..M.....N..............N.
.~..F....f...E...........E...y....u..{...Y...U...=..H..u..lx...u...v..
h......s..YY][email protected]
..u..6.<.@[email protected][email protected][email protected][email protected]....
u.j..S...Y.......u.j..B...Y.3....u........y.j...u..Y..TpG....I........
.H........y.j...u..Y.......y.j..~u..Yj..Us..Y;.t.P.ku..Y.R....E..t...M
...j.YQPVh..@..|....E.9u.u.P..t....u.....E......M.PQ.....YY..e..E..E..
}..u.P..t....t...E......E...w...............U.... .E.VWj.Y..vG..}....E
..E._.E.^[email protected]$.......t$.......
tN......u........$......$..........~.....3.........t..A...t2..t$.....t
......t....A..L$. ...A..L$. ...A..L$. ...A..L$. .......U..WV.u..M..}..
.....;.v.;.............r..=..I..t.WV......;.^_u...I........u..........
r)...$...B...........r.......$.$.B..$. .B...$...B..4.B.`.B...B.#......
F..G..F.....G..........r....$...B..I.#......F.....G..........r....$...
B..#.................r....$...B..I...B...B...B...B...B...B...B...B..D.
..D...D...D...D...D...D...D...D...D...D...D...D...D..............$...B
... .B.(.B.4.B.H.B..E.^_........E.^_........F..G..E.^_...I......F..G..
F..G..E.^_....t1..|9.......u$.........r......$...B......$.\.B..I..
<<< skipped >>>


GET /gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv+0+18N0XcyAH6gvUHoCEhEhZ1N/ArcYWNWqP8XWy7QmXA== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Mon, 20 Apr 2015 05:57:23 GMT
Content-Type: application/ocsp-response
Content-Length: 1474
Connection: keep-alive
Set-Cookie: __cfduid=daf081460aee8263ae79dd9da4c4624b31429509443; expires=Tue, 19-Apr-16 05:57:23 GMT; path=/; domain=.globalsign.com; HttpOnly
X-Powered-By: Servlet/3.0; JBossAS-6
ETag: 77334e04c345e114607d8981ba971d701260a56c
Expires: Mon, 20 Apr 2015 06:01:02 GMT
Last-Modified: Sun, 19 Apr 2015 18:01:02 GMT
Cache-Control: max-age=180, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1d9e9c8505b2046d-FRA
0..........0..... .....0......0...0......6.K....Z....a.B&Y.....2015041
9180102Z0u0s0K0... ........k..vY.d..X.R*.....C....n......>..t]..../
Pz...!gS....X..?....&\....20150419180102Z....20150420060102Z0...*.H...
[email protected]_.W.7.C.:..>.|.....b...#..../8i..q.g..F(D..G|.......q&g
t;.^...[..RJ6.:.A4.;.M9;.....[..b...>D..F..3.3......_N.....Y]"... .
$x.Lo.tfw8..MX...S.qu.?H..s-....j....p.....B........G....QIHT.!o._..B.
N......l...,~...ib.].Xy.9{....,..||.3.'.:K7..x.M....)g..."....y....0..
.0...0...........!:.D.....3...7..(0...*.H........0Q1.0...U....BE1.0...
U....GlobalSign nv-sa1'0%..U....GlobalSign CodeSigning CA - G20...1503
03092435Z..150603082435Z0}1.0...U....BE1.0...U....GlobalSign nv-sa1:08
..U...1GlobalSign CodeSigning CA - G2 OCSP responder - 21.0...U....201
503031024000.."0...*.H.............0...........z..N#.)I{6&_.f.. ..*.-W
....Z....."......(.u:..9...ET...}.._Z.sr);:.....~.t..&4.~....d....- ..
.p{..7.E}......:C.. R../.J.w...Q.-.c....Y!.r:.."..X...V............&&z
,K..Z...sg.PN.:C.....0f...o..(..w.s.6..%.}.ktU..HmK........!1hy`..(.w.
`a......=s..,cYt6).-........0..0...U....0.0...U...........0...U.%..0..
. .......0... .....0......0...U......6.K....Z....a.B&Y...0...U.#..0...
.n......>..t]..../Pz0...*.H..............."...Y...f.=...d..........
Q.n.S.....=..5[.F..F..=*.S..;....6.j...VNR|#.h.=..' ..T..PD.J.......k.
...3..h....s...y.'.?....m...k.....V.^..uynl....6....<.[....x..#.Q..
9.P%s)-.I...m.?.j*.2..?;.P..X7w.........$.*.t.....5.p....4U.....R..Dc.
.q....'.e#uA*.FG].xz~...
<<< skipped >>>


GET /sd?is=sm HTTP/1.1
Range: bytes=327045-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP001C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Tue, 21 Apr 2015 05:53:56 GMT
Date: Mon, 20 Apr 2015 05:53:56 GMT
Content-Range: bytes 327045-523271/523272
Content-Length: 196227
Connection: keep-alive
6.C.......4..e.(.....7.dQ.I......l....J..:.W<.m7Fd/.!.I.s.....z...Q
.(O.....h.........V...E....T..K....K...".}..O%.K...D..Me.."..b....9.D.
.Q..L?..`......`..!|X.=....vt5..2w...%.q.$R....).. ..t..f...&......V.6
......V...J...}l..),"[C...ro U..g$4...?JO/#.p...[T..}l....m......R....
.B.-c..........D..../....$..r3..........!!.o..#'[email protected]......
.....)n:S.`....ZP.:Ih.!.\..Za[P....u.@.'.....0.8..^.6.............R...
J...T.e.a:._y.".$y......x......9.N..aL[..2..Z$....[.y,u...0^..a..pJ..P
[email protected]..^%2i..rJF..C..0c...}..&....z`.2h"'.;.L.
n.....j4........b..47.....B...8....\.}Ta`.<........K....<..."..j
.oj}.}..<aQ.........iIy..'.6E...........EI.@....>......m........
.|.}[email protected]@"....G4...C..A...o.6...97..H...%.[g.
.."[email protected].~P....*[email protected]....`......m/.........yY.&g
t;.....=...VEd.-.........q.V0..,.i.H:...X...73....Q..E.%.......h..q.bH
O!.c...H...|..<....}....%....9..>M.......fd..>..\....._4eh...
./.C [email protected].........=.p...........L....
}..Id....x..Gq.M.^.w.I'..a.\Ca.v.7#..vP..^..m..&..X.k.L.L.....r.......
...S|.r....l=.YYr..`9..........e.y!..p...o........p[......-..S........
..J...x....g~........F....E....W.....D0....-p].Wx...'...d0m;9..a......
k.........c1.;...........`w.k.{O......P..E``.<b.......c[}.}.....Iy.
..j?,.s....}T>...*.V.|...L9........M..68..v]...M.H......ycr......'.
U....a...K....Z.J~..GCB&..7F.1.l.! .&.m.O)@y...x%.%..c>.#.....>.
(KCN...m.y....J...;.s.G..i.U...}...~..z^P......B....H.>.5......
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=435233, public, no-transform, must-revalidate
Last-Modified: Sat, 18 Apr 2015 06:50:09 GMT
Expires: Sat, 25 Apr 2015 06:50:09 GMT
Date: Mon, 20 Apr 2015 05:57:29 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....2015041
8065009Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a.
.eR&.....Y.)..".\....20150418065009Z....20150425065009Z0...*.H........
..........3..9..A..A....kqk......".R.P.....A.......A.7.......WT...=p.m
.b...az.K..#..`.j\...g...._..v.OV...Z.......yr...m..bi..}."......O.."3
..4.......... l...e.[Y....6p..yh.....u..r]A....j...U..z...ae..'.7.'.7 
..../.......`|....$..DU.p......n. :.:.........n.-......0...0...0..3...
..../...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign,
 Inc.1705..U....Class 3 Public Primary Certification Authority0...1412
02000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporatio
n1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1
 OCSP Responder Certificate 30.."0...*.H.............0..........'.....
.Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; )....
.0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|
o....S..v.).)[email protected]#qh...u1T.].G0.]E...=._.....
. ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0
c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......
0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .
....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H
......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D.....
......e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=481474, public, no-transform, must-revalidate
Last-Modified: Sat, 18 Apr 2015 19:40:18 GMT
Expires: Sat, 25 Apr 2015 19:40:18 GMT
Date: Mon, 20 Apr 2015 05:57:29 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015041
8194018Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
..M.s.Q~...@?j.......20150418194018Z....20150425194018Z0...*.H........
.......$c.!|..m..L.Z..N....u."%x..'.9.R...C.ZU3F.F:.J7.....F...X..?8..
).H34< .-...q..w.F...%.*........1.b#GA`U*....H.e.p-.r....5..oK.1r..
.S.. *..H/83.b.1...`..(....c4.f...d\.>....aO>.4.%...a...`.;/....
.hO%......"...O.......7............p.......4|U...p....s.P;.....#0...0.
..0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U...
.VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of us
e at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Cod
e Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0
...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Term
s of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign C
lass 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0....
.........m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d.
..nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F
*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."
...:.C.Q.i~rl..<..krS..8.B..o][email protected]
...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.v
erisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS i
ncorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...
U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...
<<< skipped >>>


GET /software_files/flvplayer/1_0/FLVPlayerSetup.exe HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: download.filesfrog.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:52:50 GMT
Content-Type: application/octet-stream
Content-Length: 279752
Last-Modified: Tue, 16 Jul 2013 14:25:52 GMT
Connection: close
ETag: "51e557f0-444c8"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................0......]........................................t....
.......M...........,..8...............................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@[email protected]\......
.....v..............@....ndata...................................rsrc.
...M.......N...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h ...Pj.h`[email protected]...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /v4/searchprotect/267123711_198339_B48A115F?action=visit.heartbeat.smt&update0=ref,smt&update1=nation,us&update2=language,en&update3=version,4.0.1.2105 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 20 Apr 2015 05:54:29 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.58 ms","message":"store 2 action and 4 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 20 Apr 20
15 05:54:29 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.58 ms","message":"store 2 ac
tion and 4 update "}..0..



GET /pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=4&index_in_screen=1&index_in_session=4&0.3828528966074728 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:24 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:54:24 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /home HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: symfony=v7adogfuin8m1i81fnmboibci1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
17ad.............].r.Hz.....VYv".|.-M.:X..EE...OM......$8.(Y....n..\%.
.U*..H^![...d'[email protected]...}S..z
[.W...>Q%...:N.,..4.....i..l.T.....s]....;....T.p.r-.<)......y..
.F.8]....u....h.4...z..[d.j. B..9.......).&<X_)....,..q<.8......
........b...h.$<Z_I....C....]L..J..e..J...g...M.....l.....8[..y....
z .N...aC..<[.f..."r..1.q4....p{2I........,..<eI8.._..Ys..$.r.".
......O..'t2!i.'..iF.<B.....a..3..a..O.e.J.8.. ...._4..._.6 :..qR..
q<..8.31......|.' l>Q.....}~.2...yF.1.E.......t.::...q...Y(.]..s
.G49...mN.....^.BF.|......2>.6..c..... ..Au..6g ./..lu.....L..Z)&0c
.....V....PLH<........Cs.......P[d.......^v.[...c)o#.....1|..&I.OY.
.:...0..w..s.Pl.....g..."i.0.2}K.]......^*..q...Y.lI .H#......\....~.O
...,U..........6-...3Z<].....<..4.....3_... ..l&..B...1.;.q.....
..d.....:.~.e....H.Y......l....Y.}......O....:.?.T..~.[H?....?<.&.t
..&....<}....f......[4...<...#.........'..nG.;.Yy }q....pp4.^...
.hz1f.*^.......M..A.s)..<.^..... ...7O...c?>_.c..nu......B..Rn..
f".u....h9. O.}U.9..W.:VV......Y..8..*...St#.*&M<.../.L...W.wy....a
9..G..D........U..5H#...? ./..Gc/....8-.?0...._..G.....e..3.....v.....
bI.,.......4.z....E....,.E.A].x..`-G...^[..A...[G.,.8u....;`\.F...c6.t
...f..a....UlD.fN.......w;1...,[email protected]~d?.s.r........|.
q..'B.)b.p.^.^..W...d.......e...u>~..).K.DHUg..w..y.....:....u.2l.G
.pt.x...[...'.S.$.S..Y._...P.:...Kq.Uw.s....S.l..........{.....T.7U..U
.o.S.C......yDG..;0...$I.(...3q .>B&}2.f.H..Ib........1p.A.....
<<< skipped >>>

GET /css/main.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: text/css
Content-Length: 0
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-0"
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
....


GET /css/product.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: text/css
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Content-Encoding: gzip
221............}T.n. .}N...S^.Jnb'.*....K.......i.E..q.vp..HN....{..^.
..A.V_..V.q.TG...L..|...p....R.h/8........w..o.p.<....p......20..E.
!cX.C.......Z.|...........Ip.SR=m......Y."a......'.]...v`...-.....W^B.
]....Bl$..b..Wk...............M.w.2.^.. .g_0):......3D3.BfE&..>l).V
=....M...S.*......#&F]..."...L.2..T..|R{E"....'%W}.b.8.G....7.J..E-u..
.5k^;......_7b`..M-:....t.........Il@y...?.5Gqh.e^h5....L....%...Q)o.r
m0.=...anT>k......y#........\c.A...E.P..s..B......q..F.C...$...F..q
>.j=..."...gj4m..........w...... ;....K.(~r........8....vE....&....
....0......


GET /css/lightbox.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: text/css
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Content-Encoding: gzip
487.............WM..6...W...$..._k.h.o...$.6.....(.0%.$.]o...!)....|..
...E.g...7.....A..r]Ob)=F.........7zW.<..`....!TrI..E.p$9. ...*^...
w....}uh........R...!*..h.~..1....p!S.r. ...<U...[....1U..W.....>
;.uw.....%..................P .g..m......m........r0............%.....
..IqN..<f..&.e.}B......x.....p...l.$..H"hj .6. ........{:.)n.g&.*4.
W\.....-..7Y....q..D_.e..XrY.p((. ...>q. A.V.`*.....|_$N.......x...
.^9.!e...q....v..B.EF!u>.q....U....8.{...5.....W..7.....8!?[..N?q..
...........:.t.....%4.......T..<s.k.xR...[B.im.(..&.....y...`.R...r
.enB.B.L.b...=......G.$...Q.......@9h..J.IB.L..NE.....C.cH....m.W.o...
.........-G.....>.yy....5C.MX.......rk..bl...B_......51^..e.e.. .9.
xpW....k......E.T.M...}.'X..,x..j.%Y.'.|...'....y.<n....y.........]
}.....o....H...wA..z..h.8.[.......\7PK."..]'..C...M.-]J.....J.X..w..mq
...R..j.b.o..S{xB....e......E....... .. %.gG...........&..3-.^..4j.l..
t)..%(..C. .W....K%..P..6...t...p..Kej..oW#E=.*Y.=.\. ........v...s...
..p}K3B..03W{.._io.....]...>.*Q..~..Z..........62$..Pv&.<....!..
xm..l.....m'..vC3./b\.......%}...f.y;.v.Yry...}.r.#V..yTqf.!SIC31....b
.....v=..H.|..C.b.l0`\.v.f.uU..4......w....B.O^.....E..^H]d%.A..T?F..)
4........0......


GET /js/lightbox.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Content-Encoding: gzip
bde.............Zyo.......SUXJ..JR..:....t..q..X.A.P.H..".<|..w....
K...N`.3..y...h...4^o.ev....O...7.4........A....,w.........H..a...^g9.
f9gq...mP.Y:g.q...#...Z...7..."Q../F`$.i.#[email protected].....(.<^V
D..].`,....o..g..D..b..Y.h1:b..s.~YU..l.....y..A..4b...a.W.-...~......
,..e..YP...L.-...$N/.........~.AX..0:...E.....,.?ve.N ...$.....%....U.
.f.fJ./.m.q..(.o.mP..U.)..8...J2.*fb.q..b....M..4..xY. ."/.....|]-yz..
i..7>mF...fZ....';.[..p>.z..$(yQ....HP..Z..z....F..2.,[.0...e1z.
.1.x..#.H).v....e^.e..-N...xJX....$.......B].7.`M.E.oNd.8..]l. ='6....
.../9.&t"..'Y....z...V..MI.o..2..H.Gq...PK^..'...F..!{.R~.=.....v..f.j
.#.e..R.r:c..1v.c...*...>.a.....{........:V,aL.i.VtiI.....'....R.6o
..y-H......{*.:@'IV..rAB..w......a..r.j.....u.A.N?iL'..'..X<.k.b...
...JM.....yY.iS.B.....&.....#.gh.b.C=.X..e...O.k.a..0,..7p..Xr......L.
.%bjcZ.|a.........%3.J..h.h.".[4..T..9$$.n".._.......:...[f..7...^..z.
...|.....6..pt...A,4..s.rg../<.t2.k..<..5/gJb........[-......ow.
.. MP.5$0..........z..3O..].<.n<..v.. ....#..sH...... 8.Q..8L...
...QV..q..B....s7t.]7..1 ........`....V......&...H.ui. ..`..e.$....4..
P..yx,=..1-.n.h..A.#|......^*.....[..t......M.:..V..{R..$"..).?gB.m.lc
n..g.....3.|.c......Nf.o.YN..x..%.2.."_q2!..gy. .......p...}...^.y3...
.Q...p?.aN....=..a.....m.kR(N.=U#....=..Q;r........Y..y..X.!...;..m..!
..7.....6.....%...j.]!.....)V..~.. _.sTo.9..p.._r....d*!...2.F.!.$<
.4....OP..Y...~.8.....(.6....2N......=".......|.U....o........#.[..i.J
.........&....S(.M.......$o.ia.$}.C.}v8..s...U....Ca.^....l...7.. 
<<< skipped >>>

GET /thumbnails/banner/images/assets/c/1/c16ddcefe8d9f0d1f850dfcd8f36687d.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: image/jpeg
Content-Length: 59629
Last-Modified: Thu, 13 Jun 2013 18:30:24 GMT
Connection: keep-alive
ETag: "51ba0fc0-e8ed"
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......JFIF.............`Exif..II*.......1.......&...i...............Pi
casa............0220..................................................
......................................................................
......................................................................
.........................i...........................!..1AQ."aq.#2.BR.
...$3brv......%CSVstu......45Ude.....&DFTcf.............6E............
.......................M..........................".!2.1ABRbqr....#Qa.
....$3......4S...Ìs...5................?..U....hB4!....F.#B.....hB4!
....F.#B.....hB4!....F.#B.....hB4!....F.#B.....hB4!....F.#B.....hB4!..
..F.#B.....hB4!....F.#B.....hB4!....F.#B.....hB4!....F.#B.....hB4!....
F.#B.....hB4!....F.#B.....hB4!....F.#B..........#B.....#B.....hB4!....
F.#B.....hB4!....F.#B.....hB4!....F.#B.....hB4!....F.#B.....hB....C...
..........:rF@'.8...B.E-([email protected].!....B.".........Y4X.z.BU...L7&
0....~...u.(Jg.@l4..........)BQ....go..6...?.:/F.. ..)Z.$....\}.......
..=$.d~.yh...~..N....Q...ZR..X.....}.F>z)BP~...J..$..tR..O....:.*..
).moB...f.....].L.8..o.R....A..........n.?..?ts.*.K..-.q.y...s...c....
..H\.V8.......`.....9...G..l.U..h........_-f..Q......oO...,...PrX.I.&g
t;X.)B..3.@..<r<O..u.(\.....?..mi...xGg.(...?.p.J.x...j......._.
yk.^.R....&H..~~?.B.-..w...FT?A...?.Y..6....U]..-......)B...q........:
)B....:.w~..?w\....................\...H..4!d...|..../"....>Z..'B..
...F.#B.........z..RQ[ig...% .........i.ZG*.<H...h..U......KIW..H&]
...:7.....]IV. ........hB4!....F. ....jKO..).:J.Z:.(....T....>.
<<< skipped >>>

GET /thumbnails/banner/images/assets/7/f/7fb9f4ca0fa96299334c18ee76c7b68b.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: image/jpeg
Content-Length: 43783
Last-Modified: Thu, 13 Jun 2013 18:07:09 GMT
Connection: keep-alive
ETag: "51ba0a4d-ab07"
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......JFIF.............`Exif..II*.......1.......&...i...............Pi
casa............0220..................................................
......................................................................
......................................................................
.........................d...........................!.1AQ.."aq.#2....
....$3BRSTbr........%Us.......4tu.....&Cc...6De..'7EVd................
.................J.........................."2..!1ABR.3Qaq....#4Sbr...
...C.....$..cs.....D............?...q.8.....@.[.....}...`.....<....
....< .....C..x.<...(`.<1...]p.k..\.......0.q..Qp...J....Qp.K
[email protected]..\8....0.x..... '.o...~7..&..S}B7...0......q.;
.K....@. ........V. ..`...`..............n.G..%du..K......|..t.oG.4...
C.:..;7.a|HV ....-q.;.....@; .....ew..^h..;"..1'.0'D.....{.j.S......G.
...,:...Rt....z...I=..../*.w....}...Ap.M....M...fg...#b.wo.IdP..^.@.'J
....'.....a.S....C..~LK..s.b;....."xb..$.....C..*..2F....es.'MB...=.G.
1S...3..J........5.......XX,.R.....*.cV.X.@>..fU.=A!w.Q...%.&....8.
....7...?%..j8..|..&...1.].V..I..Y."...Aw!T...1.ua..*..A...J.........C
.....N.G..v-..P..-..4.".x..Y.=........S>......g...5..A.@5-.,....%..
.}.\.........8sf.....4....AE.... ...AE.....LJ....\.A...0.C....E...p...
......I...I...*c_..jt........UZ..tC..GxS.!......4.|u-..C..(5.}......4$
W[.......].-.`...&...G..L..I.8.t...r....>.&!..K.........0Z.|.......
.0Z.|........0Z.|.......`..|............v/...< g......M3.'q.....J..
[email protected].)2B.][email protected]&...4k"E5
<<< skipped >>>

GET /images/4.5stars.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: image/jpeg
Content-Length: 2275
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-8e3"
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......Exif..II*.................Ducky.......P..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C50CBA34D0FE11E2A837F7F58
4958E09" xmpMM:InstanceID="xmp.iid:C50CBA33D0FE11E2A837F7F584958E09" x
mp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:D2ECCA94C82C11E2B97E98D68EE09333" stRef:d
ocumentID="xmp.did:D2ECCA95C82C11E2B97E98D68EE09333"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
......................9...............................................
.....................................!.......1"a2B34AQ.bc.............
........!..1A....a2...Qq."BR%.b#...3.$............?...3...y{....oT..w.
..W<.>V....*....e..,..X}P....O..d...<.......5MuV6.w.3....o/q$
Tb."*.[.K..J...h.....]..........\v.-I..f.$~...H.........Z.....U33\.7.J
.N.GA<-..-.....RK...L..}..........i..[.V.m.k.v.T..ze.b[.u..2...6"..
..).q....?.:.n#t&..g..`.."*.D.;.. ..1'..2...L.*....eTIW.LOtaAO.`&l
<<< skipped >>>

GET /thumbnails/icon/images/assets/0/7/07fce0a4ff78cc7e6376e227f046ce06.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 514647
Last-Modified: Thu, 13 Jun 2013 17:01:53 GMT
Connection: keep-alive
ETag: "51b9fb01-7da57"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /images/3.0stars.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/jpeg
Content-Length: 2022
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-7e6"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......Exif..II*.................Ducky.......P..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C0AD31E0CD1411E28C01DE2AF
24957C3" xmpMM:InstanceID="xmp.iid:C0AD31DFCD1411E28C01DE2AF24957C3" x
mp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:D2ECCA94C82C11E2B97E98D68EE09333" stRef:d
ocumentID="xmp.did:D2ECCA95C82C11E2B97E98D68EE09333"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
......................9...............................................
.........................................!..1...Aa"2qB3Q..Rbc$&.......
................!1A...a2....Qq."BR%...b..#...$............?....Y..n...
VN\..(.Yy..........L...\.(- ..V|.....3......N.*..6i<MSJ.X.".,..isy{
."....U......%t.6..W~..d.......IjP...T........#V..[..%.`.f._....Si....
.W"t.:...B=./.....%...E36e..3i^..a'.}h..E.Q..Wy........r...G.tQIU.!.C&
%.\.s.....s0M.n..s,[email protected]..$......&UD.{..z...?...n
<<< skipped >>>

GET /thumbnails/icon/images/assets/5/d/5dbc29649669598ff43174b9ee730008.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 41466
Last-Modified: Thu, 13 Jun 2013 17:56:48 GMT
Connection: keep-alive
ETag: "51ba07e0-a1fa"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......sBIT....|.d.....pHYs.........B(.x
....tEXtSoftware.VVV.inkscape.org..<... .IDATx...wx......]....{....
.j.)..K.@B .` |..PB...K.....j:..eS....{..%...|.l....{ggvg..{....9..; e
.{.=...$..A..A..\...A..A.....A..A.BH...A.D/...A..A.BH...A.D/...A..A.BH
...A.D/...A..A.B<...A..A..s.......?x.....v...N.$.. ...y,...o.U.....
...p{<..v.V...A......W7.v......;.......1.....l%[email protected].=.....{..~./..
>._T..l.|[email protected].=..v=.....k....^n..`.... E..$... ."..a..'....k.q
[email protected].. . ..1h.....@...../.VB... .....c!..
...0~.a..V..c:i.4........J["$... .....B..S&_:..i........Y|.!.....@....
[email protected]=1P\t....E.WK.D#...~...
.....A....{.I..J.o)..........~....0....I...A.........J.o/.............
..k.......9....A.....O......[.k..c..!I.......|.....M......A..A..[.;...
....}j.r.\...:........P.s..... .. ....N...V_.,-...q.s9q...../.\..}....
9q.2..A.....c!6...fT......[[email protected]%....7)
...aC.Q... .. ..................~.DQ.|.^.....`Y..}.9}...... .....O8...
.........UhGQ..I.....w..(... .. ..........o ........`.E.....j.$... ...
.?.......`Y.TC.,...P..c.?x...... ......8.....&_..w....rl.....o.hW...o.
 .. .9..p.9R$......../IR.......>M3.v]nw..c.|A.>e... .B.{.:m..(..
...]....~.vK.j>.......$... .....L...1..`Y.....7..Q.o.nY]...:.|I...A
...7M9..~.... .......|.iB...5.u....k...A..A.p....*..."4t....-...s.@Y..
.@q.*..H...A...7M9dF.q.......cP .S.. [email protected]...,
..t...?9A....k.8.....I...A.D..X.=p.I...0.2......:.@. !=`.e.b.|/..B
<<< skipped >>>

GET /thumbnails/icon/images/assets/5/8/589b1e936e1f038dc45bd8ffff59b359.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 275725
Last-Modified: Thu, 13 Jun 2013 18:08:34 GMT
Connection: keep-alive
ETag: "51ba0aa2-4350d"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:3212C012122068118A6DE6ECBB0B76D8" xmpMM:DocumentID="xmp.did:1AA1
385C0AE811E286AAD4663D41448D" xmpMM:InstanceID="xmp.iid:1AA1385B0AE811
E286AAD4663D41448D" xmp:CreatorTool="Adobe Photoshop CS5.1 Macintosh"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FB41A5FD2B2068118D
BB8B5619EC708E" stRef:documentID="xmp.did:3212C012122068118A6DE6ECBB0B
76D8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>9..U..1;IDATx...{...U....w>............i
L.......B.@".JK....U...)...ZEj...UT..I..F..ID......B....s`<.o.....|
...z.s....Y...........~..^k].Z...p.....;..}{:t.....3..uk.......92....5
...Mw....{...i{{{~..^?.;vl>V.W....g.{}...q.=...W....W..............
....\...w.....:O.Y..u.q. ..k..\W.... .....>...8.}.x...{..........}.
.>^.p\.#u.:......s../........x...c..[........^.....9^.V.2.9^}.X5.5~
.{.^...x-|><n..gY?.1s..z.....Q..{..s....zo]..?...s.2..:?.9..r|r.
....^8..,37rO... ..1..r..39...^...?.Q.S.I. ....x|>..\s.b=....!.
<<< skipped >>>

GET /thumbnails/icon/images/assets/f/1/f1ed3cd0cae7a3524376e6f9369c7ab8.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1



.......1.&77. ..........I..).....s.3.U ......!..pn>.....wY.Y...[..e
....Z.y..m]l<P...z.3s3.;q.3s3..3..Q..... .k.SwQ...3.0nl....S.$.l.A.
.;.U....._..~..N.*0a..n...L.~.....0..d.A. .Vx..Yw.o.V.ihfm{....2.|.v..
...ej....&.z 'm..K.7.*R........K.<.........{.-.Y....{......d-X.....
.. ...........y8..}.Nii).>.......$??....[).A..0a............v....B.
.,.fq.........'.....<.U......}...F....%........b..*..m.a..<.(.Zq
......p.....e..q.......").GSK8.C..:.z.m.....g..)V.Qs,v1....?.....AGD..
......\.hD..7A)B,..~e.........B&!..}.....(j @..W.2}:.G......)hy.W."..g
0..].,....t...7./[6.s.....,z..&.u.rr2../Z.......<.b..=.....-77./}.K
.Q....|...}...z#.D...D'.........!..A.........7..I!..N..........>.;.
YSs.....i..,........ ...........,.d..**.OY...8O...<.n..........Wd..
.......n..FDQ......,?N]K/.........x.#.].?\@.j....Y.afV.L.......B.$"..U
4.D..o..=..{i].7P....B..e.O6?.e.8.`W..s....#T....?...q0. _!...I.>.@
g'..Nkl.1.3...... ......?.....{.e..YTUU9..]s.5......CBB.k......e..AB.Z
.uv..<...$(2rz*R.(..Q..q........ea..(...8b........HHu..TM.8.^.G.Y0.
.......ttvSq.$....:x...'.=..J......\..)?......#.. W......q..=...R.m...
&.....R.b(D.n....%.)>..T*h..b&.'@...4l...R.}?a..7p...2...9~..4o.2h.
 ..i......{..Q....SU.{.43...("PF".`......#....s..f1.....pw....`c.#... 
.Q@."..B9...t.t.?NUuu..h.....<.tw..S.N.../..%..$..a.Yg...q...\.f.'?
...K.Z....|...9s8....s.B.`tw.y...R.............'O...x....w...o.....j..
....!...r...c....5}....i.t...I..{.a.]....H%0:......lC."%..ah.Y...t...i
J..d.}.....|..NS*...N.....'....n6l....7........I.G1.5]..!.(.......
<<< skipped >>>

GET /images/4.0stars.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/jpeg
Content-Length: 2194
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-892"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......Exif..II*.................Ducky.......P..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmp
MM:InstanceID="xmp.iid:D2ECCA94C82C11E2B97E98D68EE09333" xmpMM:Documen
tID="xmp.did:D2ECCA95C82C11E2B97E98D68EE09333"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:D2ECCA92C82C11E2B97E98D68EE09333" stRef:d
ocumentID="xmp.did:D2ECCA93C82C11E2B97E98D68EE09333"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
......................9...............................................
.......................................!..."..12BAQa..b3c&............
..........!.1A...a2...Qq."B.%.Rb...#.$............?....3s....b.v..Q@..
.\g.F^.v.G.`$.*.yAiX...............Zy.UU..Q.j.....7.3......2.F*""...].
.d......w.tl.!..=..I-J.U^J.R.Y...y.j.B.}Z"_S..0.>..>.=.X8......Q
.O.....<.../....."..R.......X..|.;..!Fkm].....7..I...e.9.E%T\......
s!.D.......Q..a...]PF^..U&....)..1F..i..(.6.Z..%J.............n...
<<< skipped >>>

GET /thumbnails/icon/images/assets/3/d/3d8bbea6bcae57d705c676f7050a7d51.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1



.|......-b..l .p.D....8..0^.......=>.......E...I}...z.....(........
.M.......C.}J^K..mpk.....}.v.Q..`0..`0..40on.o..x..u..........H.......
.<.{.}P...`..q..vy..e.....g..C..F:&...&9c.8.fx.R.{..5.....F.`......
..~.(..{..[D.....r/.|...)oG.3...9...../le.}!.W...A" ....[...*..Y.UR.(.
e.....Q.e...._~...Q........W>..sV.......7........J~~...r. ....E..Q-
.....V..............~\>.Uk..E../Jm.v..g....G.:.8~.'.p8A..D........t
............L>......\..|...........J.....g..w{.....$.........V..}Kz
..~...TJD.<.]L..z.8.b..`41Q...?...Uf;.".F.............v...S.?.o.<
;..*,....3...q.....w.5....5.~...]Gq..R....s..!...^nE....]...cX..B.....
M4.a...O|...(....G.......hp#...#./...z<O.G{...\&..B..9....321..?...
...</7.d.n.^...........)v...u.wt......wv...|...~..5T...O..s..'.\.h.
......7$..%..........D;tv.c.......;.).......k..o....@|..;::...S|A...Cy
.....8xK..<.......`S}[email protected]_}i....
...c.....^."....m*9K{-..........gE#.{..8Z..\Q6J..6.Y.Q.8...F...J..U...
^..5jE. ...}..('A..n../..(Z;....!6.. .SF6~............4.{.2lh..3.h...Q
.....ce2y3..<..t6....Q.t..lF.J..;Ac.F=.X<}..|<GF.8;hH.@.'....
7>...r.D.t.>....3='}......[..y.}..?...[.r......\......x..q_...v)
%.......eIr......W?..O...'..b/>......p...L?H.\.."A6{fwf.U..........
YY .........{................?...........m.#..!.....p....QT..H./.4L...
..{.T.e`..}Q...t..n......?...........5^U.....PF.E. t..s]P4....9..:.7..
...,... ..r\)i.../Rn..X.....u.!Pz........D.A..Y......#..tR....-...9,[.
...1...B.,..c.e=1.[......0x....y........t.=....N..<."l.n..q....
<<< skipped >>>

GET /thumbnails/icon/images/assets/0/6/0692c2494a7331a77c05954f79c5480a.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1



....y.. [email protected].*...U..lI..g.-.rHO.......:8..#..#W.5....O......
...5...~...w...............@z..\z..3.....Nf.e.......R.....auQ*]....%..
.......`..xJ.D....6.%#...T....h2.f.,a-.2...b.v.d...4D...N.6.,.........
......;;.}......O.fu7...E2$.....M.e.r.=..Q..Ap..t.Qe.o..}mS.....K.k.Kl
.n.........%...@|......y...g.s...},.v..........b........?.../.Fs&4.s{s
7p.W6.....g.9........3.Wk..dI....7"....nJ....[GVjn.K.O....\_......u...
a...[M.....P......$......K.x.*...KsF.z^?.jK....u..z.X.^f#..;...NK..E..
<[email protected]..........{...z..On..J....~............_^.9H...<..
.. \.,O/4.Az........i...s(G....g..#.Cb.c?....q..B4F..Wa.....v...U....T
9 %M..5.$....R. .b.r..$-.?[.................[\0... .H..p......_;.... 9
w]m.ZNy.y.2..fU.p.....%....:..[.u.C.j..#.a.,.....YH.5...I..O.........H
..e.VH..m.F8....~.j..?....{...^]q......O..w.e...=0.......?......@h....
.9<<..=.g...s....Nk....(.oN.fY'#.....n[0./....V...pSQ...........
. .}..)..8a..."........9.$.:...N4..~.....\...o.<FH{.Z....h.[..`cZ..
.*^.!.&.N.!=.v.k.Wx6...&....KVO..,.K......G.._=._...|d.!oM...`.G..US..
...3.....u......i34.4......B.....eN..I .W!M5...4.9..h...p.u.`s....O.9.
..}.k.%.\..<......[....=l`7....J...|h2........%...c/.9}.,.]..|.]..J
J..%........!g.4.[..L.0..... ...s.4G......[{..8.X..5............ =.q..
..'....?...p...%fkP..=........h.}hu...H.Y..U...0....c]2. 2./|..'.....\
..[<..........ic...tz,>...8...-.._.......'.>b....M...h{....`.
...?t.I.a..'.....}.k.M-.fw..w..8 .....e\.\..o..N.....U.q..,kY...U.....
.....A..|)Un..X......$i.|...]?R`..p..)s. .a.#..w......C.|.B.....Z.
<<< skipped >>>

GET /thumbnails/icon/images/assets/1/3/13ca8e322e15bc394d66a37bec12e3b4.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 428661
Last-Modified: Thu, 13 Jun 2013 17:46:14 GMT
Connection: keep-alive
ETag: "51ba0566-68a75"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......tEXtSoftware.Adobe ImageReadyq.e&
lt;....iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:FD7F1174072068118C14E27DC24655EC" xmpMM:DocumentID="xmp.did:8786
860B6FBE11E195A29E3F354856C3" xmpMM:InstanceID="xmp.iid:8786860A6FBE11
E195A29E3F354856C3" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 2012030
5.m.415 2012/03/05:21:00:00)  (Macintosh)"> <xmpMM:DerivedFrom s
tRef:instanceID="xmp.iid:FE7F1174072068118C14E27DC24655EC" stRef:docum
entID="xmp.did:FD7F1174072068118C14E27DC24655EC"/> </rdf:Descrip
tion> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
.hY....xIDATx...{...u.........2?..vb...qLk....$!.....r..mZ.........*..
...T.J.)...R.(.....ab.....I.43...n..}.......z.X._=c. .x..3....{...<
.Y......x]...u....:^..x}c].q....:^..x..#.8^..x...u........u....:^.....
..:^..x...u....x...u....:...u....:^..x....:^..x...u....x...u....:^G.p.
...:^..x..#.8^..x...u........u....:^.......:^..x...u....x...u....:...u
....:^..x....:^..x...u......y..y.......x....:^_zu.).....k...8e.....O.o
..x......q........_............*^{....x....... ..}.F......_8..f...
<<< skipped >>>

GET /thumbnails/icon/images/assets/d/a/da84c206c2019448521379d2ff837774.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 79723
Last-Modified: Thu, 13 Jun 2013 17:01:05 GMT
Connection: keep-alive
ETag: "51b9fad1-1376b"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /thumbnails/icon/images/assets/e/9/e94782c9200f8de809a50327879df1cc.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 317939
Last-Modified: Thu, 13 Jun 2013 17:01:07 GMT
Connection: keep-alive
ETag: "51b9fad3-4d9f3"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......pHYs...#...#.x.?v...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /thumbnails/icon/images/assets/b/8/b85261679e262228a562f693b3e6ef6f.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:42 GMT
Content-Type: image/png
Content-Length: 384145
Last-Modified: Thu, 13 Jun 2013 17:44:34 GMT
Connection: keep-alive
ETag: "51ba0502-5dc91"
Expires: Mon, 20 Apr 2015 06:24:42 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x.... .IDATx...K.u.....yYk...~.) .s*...P
.B..!.T.BAu.."....#IC;j......`...D.-..B4$i...((E..K........s.1..1...}.
_1.R.?...p..]{.=.\s...g<c,..7....*.5.......*.............j.&.._....
...."B .j....(..k.@...#(..;.wX.c.>6.k.....'".....H....{....).......
[email protected].....?}...... ......M...}...|A...}......m=<........c..G
..<..}... |....x._|8....F..Y.>.......A.c...x...........n?.......
0...y~7.....&v.......<....7.....}.|\....<..yH.i..y.........'(...
......z.a..~.......{..O......./.9.8..0.>g..........~.8..;..>>
.o.-.w..X...)g._..*.&...U.K..S....7.......n....h.....NX......>..q..
5A.4OO.p...kQ.......?/...i....~.SD.;r....~....g.~".~:...#.....(.. ..@.
p.4..Ia.h5?...........,....... .............|...c..<.a.....[x.N....
v.?.........3h.D}...;w.t.O..;[email protected]...>...l....
y.N........~.g..|..A....._7l.......<..|.o.v..}...U......y.C..D....a
[email protected]....~)z...r..6../=.`..w.@...#x....\....R.!....
}...~...k.=...z.......d......>..?......)t'.|.O......y|r.;......>
..G.?.t..4.h T..5..WQ.oL._D..T.=.n.~k.....X..}.?...D.n..H"..@..".~.ND.
.......Z....<9Pr.....* n.Bx...........5............<..q..n@v'...
XQy.K.......A..9v......l..q.O.#........'....s..W..#.|../..e.vv.....(T.
.........>@.E.>Y.....%.}.......l\..._.9.....w..@t....~..........
..C..S.......v.......a...T.....>./b.............W?.ch..gw....O...D_
.a..[.O................?.?..........=...p.}B.........`DD....U....)=...
O....N....C.1....#....S.......?.k.4~.......B..\.1W.}...Bt......<
<<< skipped >>>

GET /thumbnails/icon/images/assets/b/1/b147a5a09b49b133d347bd975a4c5616.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1



......d?....:.Yz.....}..Z..x.[o...!#......[...G.U?.H..T.#... @':7...$.
Rh..MD0. ....'&......~......W.&n...s....I.NX....w.n....|.....d_..x..[1
...z...v.YE..P..N.#..l `....0....f.....t....m...........u.ou&.....)...
...{.....p..wKc..U....S..)...g..... ....6...t=n*#F..&D.r.....!%.\;&.,4
=...u.z.!.dl5|.\zp.........'..wf..)...}Zn...y..G.~L....Uk.(.....L..D..
..0id..1.......[.7..a....}...U..t.......&.... ......|."/?.>...qk..j
.....P.Z.....b.1#M.l.......o=} [email protected].*TM..,....f.....P
.ixL......0..H..i. /..l...Th.B.&../.I(OB..%..l.%....)_.....wT .`...0..
2.....?.3....N......y.Q.-.#..... .Q.?...z.:...Z/..}sU.(O..Zy.\2.w.....
X......*..r......y....;S.:{>h=...........CX"~U.m/1&.c...:z.i..M/..=
......o<W......@.[.......v(........N.r..%...w...r.UM.X. ...`ar.2..5
.~KOVX.s.}7.._....s'g...F..g$..."<..`.w\.*5.233.C...1.- ..6D.<}.
.~Y....b..... ......TP......!.(.p.m..o.It.!.....L............r.%5O.GXz
G[....:_.pC..W.|...%`.........". ....gdF.. ..H.(...6.....W.`X.T.*..;..
;V.....I.,...U...}....v...73..M<.G;[email protected]~.L.~/...
O$.&4^...S...O.._.T..B.....j...%.........6.c..)\o...%...!..... 4*sf..Y
.g^Id......].-.a.*y.!.. &...8'...1plNu..X.Q.b.....2..([email protected].
[email protected]@@.c..9.][email protected]{.I.?.~.#^...._......vW....f.G..z..e.,.2Q.8
..*.o...Y..&..............<J...JB...^.w.t.2.q..W.......w.hq..l4....
.....D.3 .....2.8.P....;.3.s..Xm.....-o.[}"|k.h.H..-.X.....]..2..@..._
A.........i..<f6..}.`j..{.v..........5...,......}.....A'e.x...I...U
0Ae8......-.....X....S.X...,.Ud5....<z.#Z.hlo.Y..i.......I.&...
<<< skipped >>>

GET /images/bg_main.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1

GET /images/btn_bg.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1

GET /images/close.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1; _ga=GA1.2.200198676.1429509281; _gat=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:42 GMT
Content-Type: image/png
Content-Length: 1200
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-4b0"
Expires: Mon, 20 Apr 2015 06:24:42 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR...............1R....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:75A8A812CEB911E2AE0AE7EB
A740C145" xmpMM:DocumentID="xmp.did:75A8A813CEB911E2AE0AE7EBA740C145"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:75A8A810CEB911E2AE
0AE7EBA740C145" stRef:documentID="xmp.did:75A8A811CEB911E2AE0AE7EBA740
C145"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>he.....$IDATx.b455...`..|...EKK......%%%...
[email protected]..(.........Yrrr999.......r......f..q..U....
...~.....&..7o.........ijjN.4....X.srr..................WTT.:u..3gp...
......?xBA\\.........x.... 55u...@vLL..'O.\.@N<........c.g..r......
.1p..].......!By.PRR".G..*U.=..#[email protected]`.
..
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=251748-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 20 Apr 2015 05:53:57 GMT
Content-Type: application/octet-stream
Content-Length: 419580
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Thu, 23 Apr 2015 05:53:57 GMT
Cache-Control: max-age=259200
Content-Range: bytes 251748-671327/671328
F......u,....... ;.t........@;[email protected].(i..Y.F.....W.......F.
.>.H....N. . ..N...~.WP.u...v......E..N.. .F..=....M....t....t.....
..............I......H..@. t.Sj.j.Q.Jz..#.......t-.F..].f....j..E.P.u.
...].f.]...u......E.9}.t..N. .........%...._[^....U..........f9E......
.SV.u..M.......u..N.3.;.u..E..H.f...w.f.. ....K.....j.f9E.s..u......Y.
...E.Yt,........... .U.Rj..U.RPQ............E.t...E.8].t..M..ap.^[..3.
PPj.Pj.h...@h..G....pG....H.....H....t....t.P...pG....U.....SV.u..M...
....]......;.sT.M........~..E.Pj.S.z....M...............X.....t.......
..........}..t..E..`p.........E........~1.]..}...E.P.E.%....P.....YY..
t..E.j..E..]..E..Y...-.....*...3..]..E..A.E.j..p..U.j.RQ.M.QV.p..E.P.h
.....$....o........E.t...M.......}..t..M..ap.^[....U...=..H..u..E..H..
..w... ].j..u......YY]...U....<S.u..M.......M..E.3.;.t...;.u%.x....
..........8].t..E..`p.3.3..O...9].t..}..|..}.$....V.u.W.]..]..M..x....
....~..E.P..E.j.P......u........E..........A...;.t....E.G...}.-.}.u..M
.....}. u...G.}..E.j.Y9].u%.}.0t..E......7..<xt.<Xt..E......$.M.
9M.u..}.0u...<xt.<Xu..G.....E..}..E..R..Wj.j..U.......]........M
..E..U..M.......C.....t......0..%....tP.A.<....w... .p.;u.s;.M..M..
;M.rQw..E.;E.rG.E.9E.u.;M.u.3.;E.r3w.;u.v,.M...}..u;.E..M...uA3.9E.t..
M..M..E..E......Q.u..u.W.....3......E..U..E....E..E..E...............u
'..uT...t.9].w.r..}..w...u>9u.r9w..}..v1.o....E...."...t..M...M....
.E..t..e...]....M...u..E._^..t..M....E..t..E..M.........E..M..}..t..E.
.`p..E..U.[....U..3.P.u..u..u.9...H.u.h..H...P.=......]...........
<<< skipped >>>


GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.regok HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 20 Apr 2015 05:54:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.61 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 20 Apr 20
15 05:54:08 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.61 ms","message":"store 1 ac
tion and 0 update "}..0......


GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.nt.ff.tab HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 20 Apr 2015 05:54:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.58 ms","message":"store 1 action and 0 upd
ate "}..0..



GET /network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:52:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Encoding: gzip
600a...............z.F.>..<.w..:qH.Z.t'.a...m....Nz$E...$$.2Iy..
...Z. .....Ba.l.3..L[.P.*.r.......%.O.ic.....?.qo..}.m4.M.e.HF.|....r9
..!.'.d.],.|/......Y.>.......O.F....G.u.I..l.X..q:?...[....l....."~
.n.....w.........Y?...x.~....t...W...t...\....d.&._...y.LO.....1.\.&.2
..........f..zM..t9....a.-.._0..K../...5.?....t...~~....l........r.}..
K...4.`.>y....q.).7^.._\O..g..l6]DW..<..:..... ..ON...y..s<xr
9...?wz9.a.....O......J.E.9..ez..'..1k...w..l...AG.O...r...d6...>..
!.....c..f.>.....}..Y..............O/.y..a.......t6...,9.d.t....e..
.............-...m8DA[...;..z.H/.9....{.D.N'.Y...mf..f......4.&..>.
@..n...ef..N...S|X......i...M....~..).....<....g...Y.?Mf.....?..g.J
......}..........t..S.^....k.u\Z..d3.F...............=t.4..O....t.p...
..s.Yb.f).\.... -.l:...N.Fu..u.uZ*...YJ..1V,.0...{.G...)...i.r.GSv.k..
...-.;.v.b.....X..4...>.....*9H....9.k'....?.p'.!...........zww..!.
........C..f..;.`.w..........A............O..BQ.C..d..Y...a.=5.....\..
A.*........e..:w.............wQ......-.....C.._..._...._.~,wk?.......v
x...{.j..~.....bv.|...P..../...{o(_......W....\.w.b=s......[........]?
>w..{..~.......x>......z9...O.".<...E.x$.2.kBD..?..<..^<
;.........`.b.|.S../.r........!....g...'a`~..ez...4.W.-.](e...J.bp....
;g....t6.\N.Em.a/LZW.ty9.^e..:.Y..:....r...#(.2.o..."x.u...(....-..V..
.Q......M.J....^.5N...h..N[W...77.(miO6v.q?9JO....[.8....}}....|rmo.:l
m.|....7./G.b..c..0n]...|..f.B..:.v(.7T(.....[:7.6[u-.7....p}[.&(.~...
.8.O.O..".....<};.8$.;o.....}y...B:......m.R...kx1...U....J...z
<<< skipped >>>

POST /installer/ajax HTTP/1.1


x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Content-Length: 2739
Connection: Keep-Alive
Cache-Control: no-cache

country=UA&uid_orig=226e81ab89188549baf0d586a6bc816b&uid=226e81ab89188549baf0d586a6bc816b&affid=network_saymediagroupapnx_1&sid=flvplayerzief&cli_id=&softwareName=FLV Player&installerVersion=2.1&osVersion=6.1.7601 Service Pack 1 64bit&ieVersion=4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)&defaultBrowser="C:Program Files (x86)Mozilla Firefoxfirefox.exe" -osint -url "%1"&defaultBrowserName=ff&originBrowser=ff&hostBrowser=ff&tzo=MTgw&muid=ad2252ce007468623bd139b0adec3423&cu=false&cd=false&tokyo_csrf_key=554983c8a2b9682757b4198cbee27eb3&tokyo_csrf_timestamp=1429509168&unique_id=6d203980cf5a21ffee449394f4bf280e&clientIp=193.138.244.231&ffInstalled=false&dfz=false&avdr=lDKrp/3VMDh61tuJfJlrKXs1VI6ezbhGnJBKbIRjXeIYfcyodTGERY6ZOIke
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:52:50 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Encoding: gzip
f8d.............\ks.... ........?...8.i...m&N..T..DB.b.`I......g..)Z..
.#If2.@<v......>x...T1O........H^.x.d.i.E....U$x&..K...7..{..KM.
[email protected]..&..LM...b........T...Y.....k.....{.q......Y...H..h.".
gD,}..T......H......!/P1..E.....<..9.a..I..<x.....73...$.<...
1..X..J.Y..q.x..T.#1..7....2.]...b......<ca..X.g.UH],..."-W....w:V.
nh'f.h.... ..*......:....XH=S.f.<.#.B.&.{a'..eb........M..b...zJ...
...1.&.|......T.{.../d.....G.s"r..N...=.;.\.?....*...}.?......'.s"...h
>.........l..O...Ji.....JE....S?4...(.z.....1m.'....R......w8..-f2.
.."[email protected].,....s..=....$.4.}.....U..../.....`CCH.
k.@.)h(.R.......?...M.?..Z..d..<2.;y.Qf.i..b.y...f.A...]...SS.4.a..
..%...|,....tX...r5G......e..W>....lf..}.=..N..>.|.h.(7.pF..5.!.
.....#^.....&8........X....r....<I&.......3..7..Nk.|/O#<.i...w.;
[email protected]'......I....O....t...\.l.G...F...........L^.z...... ..tJb.....
.......x.4...[...2.)..G.. ..<....F.#.{...e.#..D.!0#!.P#k...X...$1y.
.......k.2=.f"87cSa. :c...O~.".......K.Tf......p..\....."..(....?.....
.?.y{...}~...R....r._.E.....n%6V.g.&.U....F..9.e6#..... '...cmo.;.FY.]
..*..=.F....[w<!.;f...V{..%./e.*Rj.......i......M.._bw.......N.-...
...o'.Q,.[...7.I..-O.}.3..R...`-;O.1...of....?....q8....._.P.<.|. .
........;...................r....0j.{..*;I..k.s._8Z..a.......x..d..2..
o........'........~.....B...y.g...&..3..............$Gya..<j74?g..w
<...9x....d.....E....nz..a.?..p..{k.& [email protected],..Eo*.(..{.
q...8.p?...v.f..n..... ..CD.=......#...g....u..kp..^.It..._.mk..[.
<<< skipped >>>

GET /pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=1&index_in_screen=1&index_in_session=1&display_height=80&0.11032366185080816 HTTP/1.1


Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmc=1; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:52:59 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:52:59 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /infv5/index/3428/bnd HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Host: dqoup4b5zs0bi.cloudfront.net
Accept: */*
Accept-Encoding: gzip, deflate
Connection:keep-alive


HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Date: Mon, 20 Apr 2015 05:55:26 GMT
Location: hXXp://dlrkbt247pbk6.cloudfront.net/3428_3b67a5ef5d450c1556c543c6323981d9/1.pak
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 6c3aacb4f18d43a0ee96c2937098272d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: zKbyoVbbYCtV4izmbBH7MBD4k4dS1SmkcPgFjHaDCAMYgoTXegpFnA==
HTTP/1.1 302 Moved Temporarily..Content-Type: text/html..Content-Lengt
h: 0..Connection: keep-alive..Date: Mon, 20 Apr 2015 05:55:26 GMT..Loc
ation: hXXp://dlrkbt247pbk6.cloudfront.net/3428_3b67a5ef5d450c1556c543
c6323981d9/1.pak..Server: nginx..X-Cache: Miss from cloudfront..Via: 1
.1 6c3aacb4f18d43a0ee96c2937098272d.cloudfront.net (CloudFront)..X-Amz
-Cf-Id: zKbyoVbbYCtV4izmbBH7MBD4k4dS1SmkcPgFjHaDCAMYgoTXegpFnA==..



GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=321583-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 964746
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 11 Apr 2015 06:58:38 GMT
Content-Range: bytes 321583-1286328/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 aeb7836a7f4320ebda5a45c21ac97728.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 1nVSXObVgmNV549bPSh2Iwrg1xPKN8JuN0oNbzx__-c2vixLtm3ywQ==
.`../r"k>F-O../......I......(..vWPN.. ...J......."..j&.b.n.........
........V...O_.Zj...~4..T...}TMZ.....y.s.i.....G..b......[.x....,3....
Q....%.'.M.m.}........j..E...........m......>.P....y.x".G.2c....}.'
.Q.....eP../..... h....9.8m(....'}"..(.U.N.....6E.._._&J.rv...iS.....t
...^^!......g..X..$.../...|..l...!.E..Q9..#.$.I...Y..<G............
_.`TKq`....*...E.R...h............H^A.W.2=....%m..9s...p..WS ...n....6
_..U...d...N........*......aqj.......e......f...J.u.4...3...&j.=~..3..
E..x.a....X..".G.J.aQSF1..4.b..O...L.....a.[..,............8..!M......
...#v..$..Gv}h../.6o.x.:/.r..5lF....5W.4..s..\q~.D >{.wJ/..DA S....
MOb....Y'E.0..\Ah.9.....{.:...-)kj[..q.-....n>.IC..2......m-...*f"J
mmVr....".o..n....\O$..V~p*I...x[&..d{......R0.L.>C.Xn....0..]....$
..L..5=k.q.....A.l..I.'..g.....$.....u{.c......).;Ke\H..?.x...8......{
<.p.....=D.........W.....B.R.p.E....U..HM....#..S.3f<r..1|:...N"
P}O..U... .5.JZ..x..>8..m......H....E...N...Y.._.\..x...S..<..*`
=.@[email protected].......)Y.b.@H/..?..n9b......4....x["..i.wH.....c...iP7k.s.r.
........V:;M..=I.d..........K'[email protected]......
..........S....?_..F...#-Of..`:......&.. E..Rg/..{...E..f.....n...O.5.
..'zd..*.T.....A..#!"@.>.......AW...$ra....M....... <O.>l[...
....n...c.g.).*N..A=..[6q..'..2..Zg..h}........'>...^kGT......,i...
.m|y....I..V...D....#.]............s.k...E.x....Z........J?..{m.......
...T.).*.4".....cv._....7S[2O.)<.f&D.`...73t...^{.._k'..{.ref...gS.
..=(..Q.4.4F...O....J.t...9t.;..!OH.'....x(....6.!.............p:.
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?0ef92f05e7b796c6 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Feb 2015 00:37:01 GMT
If-None-Match: "80b4d90ca4fd01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Feb 2015 00:37:01 GMT
ETag: "80b4d90ca4fd01:0"
Cache-Control: max-age=604800
Date: Mon, 20 Apr 2015 05:57:22 GMT
Connection: keep-alive
....


GET /msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt?9d35fd032a234bd7 HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 200 OK
Content-Type: application/x-x509-ca-cert
Last-Modified: Fri, 20 Feb 2015 20:14:50 GMT
Accept-Ranges: bytes
ETag: "05934e1494dd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 867
Date: Mon, 20 Apr 2015 05:57:22 GMT
Connection: keep-alive
0.._0..G.............!XS..0...*.H........0L1 0...U....GlobalSign Root 
CA - R31.0...U....GlobalSign1.0...U....GlobalSign0...090318100000Z..29
0318100000Z0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1.
0...U....GlobalSign0.."0...*.H.............0.........%v.y.x".......(..
.v....r.F.C....._$..K.`.F.R...Gpl.d...,...=. .......y.;..w...I.jb/.^..
h..'.8...>..&Y.s....&.....[...`.I.(.i;...(....aW7.t..t.:.r/.......=
...3.. .S.:.s..A. :......O..2`.W....hh.8&`u..w..... [email protected].^....w.
d.z._....b..l.Ti....n...qv.i.........B0@0...U...........0...U.......0.
...0...U........K...E$.MP.c.......0...*[email protected].
...A.....(.3.k.t...-..........sgJ..D{x..nlo.).39E....Wl.....S.-.$l..c.
.ShgV>...5!..h....S......]F...zX(./....7A..Dm.S(.~.g.........L'.L.s
sv.....z..-....,.<.U...~6..WI...-|`..AQ.#...2k.....,3.:;%..@.;,.x.a
/....Uo.....M.(.r..bPe.....1....GX?_HTTP/1.1 200 OK..Content-Type: app
lication/x-x509-ca-cert..Last-Modified: Fri, 20 Feb 2015 20:14:50 GMT.
.Accept-Ranges: bytes..ETag: "05934e1494dd01:0"..Server: Microsoft-IIS
/7.5..X-Powered-By: ASP.NET..Content-Length: 867..Date: Mon, 20 Apr 20
15 05:57:22 GMT..Connection: keep-alive..0.._0..G.............!XS..0..
.*.H........0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1
.0...U....GlobalSign0...090318100000Z..290318100000Z0L1 0...U....Globa
lSign Root CA - R31.0...U....GlobalSign1.0...U....GlobalSign0.."0...*.
H.............0.........%v.y.x".......(...v....r.F.C....._$..K.`.F.R..
.Gpl.d...,...=. .......y.;..w...I.jb/.^..h..'.8...>..&Y.s....&.
<<< skipped >>>


GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=249864-
User-Agent: Better Installer(Mozilla)
Host: d1z9ocnzqrnjt0.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 35694
Connection: keep-alive
Date: Sun, 19 Apr 2015 05:23:12 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 249864-285557/285558
Age: 1722
X-Cache: Hit from cloudfront
Via: 1.1 736078b6424b08eb7ad988335713bb74.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Bg3QIZilz2UrKb3ztVyGXCQT4z1X1RPeB3ME6O68rAdXB5WZdFPZnA==
..X..9f.q...%.@_e../xo....nFE5..b:.....I..}..ELr.......b.....=..Bq.G._
...|.eh:..B_]...'.q.T..XMz4N.@.....?.....Kg.I....f&.\.B6...........f..
Ff...,...i0E["...A/#.).....P..]..,.[..$.../..Q..>'...F.1.=.h.C ..l.
..Vc..^K]....z.Dp.<6.. .=..%$`.G...'..h..'"#......!^..}F7g..[.K..n~
.s..4fo%.K.....M...-......GM|V.......N..o...(.,........1...=...J{....~
v..C...HwM'rg=...Y..Y>Rj.[....=Xh%P.F(...Ph.D&..S.....EF..7....\.Z.
&/`..1q......(./..A.WWs.....L...:^.`....:......z.7.m.c.Xj(...z.....z._
.Y.Z.<..m....-F..-r.......yV....;\~....P...`qR..ue..Pad"..8.f&1/.w%
.e...m.....M].c..C.}.%_.s.WQxQ..1.WO.Ea.76.~..r.&..9..%8.0.......xE..$
..a/..*z.;khi.k".<}.....v....0)..a.&..Z..n..a|P.gjT....C.....[..W.g
.4.k|a.Zw-....k...?.{.......ZM......_.>i.@.`<#...y.S.<.;..kf.
.u.....6....$..}2..6.....h.U#.......j..=.{.4..}....@)..K...%...z^cxR."
.b....j.....T....U?is.3..L.D-v..{P....P....\...*..........NI.n.y...M..
..@...?d`N..k^...}....o5U.(..:'..|.c..wQ....)..T..y..uz.8......H...A..
..'}5....W.....u...@ ...s)........x..d.X.zz.p.....(.......c1..g.......
S..Q....Ae..&P;7./...A...%)'....~.q.T.3..j2..1..S.C..Dq.`...c.yZOpP..1
...z...D.3.f.__.F:.H......I..@.~...t..c.p.W.U."...1].>9..d:...i.6..
.....G{.mh..'...d..|{....:<.TZ..2I...._yI.fpG....S.??,[email protected]=r
.....{z.Q...Q.~.......t......1.]..Sf(.QD...6.%...5\.&HW......h.n*.j.cn
k..]....fz....W@... ..w...}.8...h.`n...........9>o.0.....pa.....U..
\e..%J.....`....OF.{.P &.....v..bk..n.c.M&..(.....8e.YZMw..R.M]Qa....o
.p.$g.D._.C...5........F.Pu{..n6...[.....T.&..N^[email protected].`2.
<<< skipped >>>


GET /images/Tokyo/tokyoLightGrayStripesBG.jpg HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: d110jf50ovcr9h.cloudfront.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 3430
Connection: keep-alive
Server: nginx
Date: Sun, 19 Apr 2015 04:58:20 GMT
Last-Modified: Tue, 14 Apr 2015 08:31:54 GMT
ETag: "552cd07a-d66"
Expires: Sun, 19 Apr 2015 05:08:20 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
Age: 330
X-Cache: Hit from cloudfront
Via: 1.1 7a981189c594199c5d260b7ce93a44db.cloudfront.net (CloudFront)
X-Amz-Cf-Id: lf2tLG0mS2Lc1_tnniiedhG1l7lG5VdG16S3IBU_rMJkcZ73AA5Lzw==
......JFIF.....H.H.....C..............................................
......................C...............................................
..........................D.."......................................".
...................U......a...........................................
.................?....................................................
......................................................................
......................................................................
.................................' x.eo...r...V...' x.eo...r...V...' x
.eo...r...V...' x.eo...r...V...' x.eo...r...V...' x.eo...r...V...' x.e
o...r...V...' x.eo...r...V...' x.eo...r...V...' x.eo...r...V...' x.eo.
..r...V...' x.eo...r...V...' x.eo...r...V...' x.eo...r...V...' x.eo...
r...V...' x.eo...r...V...' x.eo...r...V...' x.eo...r...V...' x......@.
[email protected]....]..l....]....=... }w..... }w...0
[email protected][email protected]....]..l....]....=... }w..... }
[email protected][email protected]....]..l....]....=... }w..
... }[email protected][email protected]....]..l....]....=...
 }w..... }[email protected][email protected]....]..l....]...
.=... }w..... }[email protected][email protected]....]..l...
.]....=... }w..... }[email protected][email protected]....].
.l....]....=... }w..... }[email protected][email protected].
...]..l....]....=... }w..... }[email protected][email protected].
...l....]..l....]....=... }w..... }[email protected]..................
<<< skipped >>>

GET /sponsored/istartsurf/eula-istartsurf.html HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: d110jf50ovcr9h.cloudfront.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 19 Apr 2015 04:58:42 GMT
Last-Modified: Sun, 26 Oct 2014 17:24:16 GMT
Expires: Sun, 19 Apr 2015 05:08:42 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: RefreshHit from cloudfront
Via: 1.1 7a981189c594199c5d260b7ce93a44db.cloudfront.net (CloudFront)
X-Amz-Cf-Id: aum3iZom-vsws-5XwUT8ZrQHkLs6o0doPgopEjqy6sB773QdcXPSmg==
139c.............Z.s...... ..4.Z....m......g..........#y.>X|.b:....
....R.f&q........]<...o......Y.En.~....s39...}|>..q.....W_]....s
U.....J.........m7....v;.~<.......-.:....'.h.,k........"/..{.9...Ou
...l.?........;......oo.>....M\......G/.....S...f.....V..k..]...\._
...eW......d.1....{z.v....vy....r\...4.zvVvy~..}6........im..z.Y....k.
..Y.6.M.t...........O..O?.....a...M.V....nk.q.W.....w.....7..7.....~..
..>.....V....u.4.).RK....[...B....z....h....;H.....^Ze..o^.W..*].b.
.....~.5?>.?z..,.lw..\;....n...r..5A....*..lK.......|weW_..M......'
.z.......i.l......>....f.k_.p.E....v.$.4...x...y.^9I.zr.4..e.`...Q.
..f7.Wf.k.gS..~.:.....n.....W>..;J..&:...P......<.k..x........k[
C#g..].......(c...)~x......................^...y"...}.N.....)....<_
Ve{......ts;<[....g..`.4..K..#.]?.#.rE.%.{fR...Ilu....'..S..c.l....
'..=.{od...H....=>...}fN.r..G...H.............Ac.../.|........Cc.S.
...Z..\..h.....;.&iL.v..Sf........>..v ...6H.%.....j.\.....t.....7%
<[email protected]>.a/Bi|..1[[email protected]....]..)..|......X^.....<.G\.B..*3I
68..R.f....-.w...........u....E.2...w&u....q...... [email protected]..._...B.
rgZ_....U......>.j.m2....w.C...Z...M...w.^g. .....HO1....g.r... ..6
.P.o...... i.......z.B...9../[email protected]_....2....7.%
. .B....^.[.?N.....w.74........ 6.E_.j["kB..k..x.2'.L.N..Z6..ZN.E\!.7}
z....T...MyJp.aoY.1....x.\...iP.t.....3*.)...4.p...4.l.li.kD.W.......J
...n.=......f"..O@s|n.....m<B.J".Y.<....C.....!;#7.p..2..&.A.{.K
.....s.mp1.g.K.{P.. M....@....]]../.H.z.!X".b.....hL.W.e....vM...)
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1552
content-transfer-encoding: binary
Cache-Control: max-age=372573, public, no-transform, must-revalidate
Last-Modified: Fri, 17 Apr 2015 13:24:57 GMT
Expires: Fri, 24 Apr 2015 13:24:57 GMT
Date: Mon, 20 Apr 2015 05:57:44 GMT
Connection: keep-alive
0..........0..... [email protected]
7132457Z0s0q0I0... .........z`.V.<N.v...TM)(.r...L_.6....a"I9....J.
8........c..uU..$.;.....20150417132457Z....20150424132457Z0...*.H.....
........Y.4.<..&r.....&.>'.TqX.E...*...............Lp3.p.MU..^..
...!e4.xN..1u.#.ox.....5.....j....&.....E...H=}..S....l..5{.........BO
.......8[.~2:[}..W.SVd.y..%\f.x.op...]uE..W0.......}.. .S..Fp..".....:
Iw ....M.....9l.>G.........;.#.>.B..... h...&.4.dARH..8(...r...5
0..10..-0..........y.P}~.EY....T]. 0...*.H........0..1.0...U....US1.0.
..U....VeriSign, Inc.1<0:..U...3Class 3 Public Primary Certificatio
n Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized us
e only1.0...U....VeriSign Trust Network0...141202000000Z..151216235959
Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Tr
ust Network1?0=..U...6Symantec Class 3 PCA - G2 OCSP Responder Certifi
cate 30.."0...*.H.............0..........6..]......w';.r........I..c..
4.... .........TyW......hd_.....!C.k......SE<?o.H.. .me.c..9N.&....
e.^-..a.....i\:..*."..u...|....".Nf3.~.L...QW...p.....-]UV8U...J&.<
./.G.....I...4.T....#I*.i.E0\..~q$.I.......X?G....f.t......v.l.U.Ld.I.
..B.....=...Sf...H.s.........0..0...U....0.0l..U. .e0c0a..`.H...E....0
R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.sy
mauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U.
...0...0.1.0...U....TGV-B-2740...*.H............1.`...i.....H.C.i.9~.i
..Z.r.*$..(./.ag9.....J.Q.~.`.$?b..C....<.h.........d&....3.kV.
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=402806, public, no-transform, must-revalidate
Last-Modified: Fri, 17 Apr 2015 21:49:58 GMT
Expires: Fri, 24 Apr 2015 21:49:58 GMT
Date: Mon, 20 Apr 2015 05:57:44 GMT
Connection: keep-alive
0..........0..... .....0......0...0......%bn.$..5.......?'4....2015041
7214958Z0s0q0I0... ........N.E.~.?Q.n.j<a.....3...>c."t..d.1..#.
...M....=....x..":...K.....20150417214958Z....20150424214958Z0...*.H..
...........y...eJ.K&.u&..HV..M'.m6K.,........N.Ou.{..



GET /?product=firefox-34.0.5-complete&os=win&lang=en-US HTTP/1.1
Host: download.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Range: bytes=1200000-1499999
Cookie: optimizelySegments={"245617832":"none","245875585":"direct","245677587":"ff","246048108":"false","869421433":"true"}; optimizelyEndUserId=oeu1401956287616r0.2603029596469415; optimizelyBuckets={}; __utma=150903082.1617578787.1401956289.1401956289.1401956289.1
Connection: keep-alive


HTTP/1.1 302 Found
Server: Apache
X-Backend-Server: bouncer1.webapp.phx1.mozilla.com
Cache-Control: max-age=60
Content-Type: text/html; charset=UTF-8
Date: Mon, 20 Apr 2015 05:54:04 GMT
Location: hXXp://download.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar
Keep-Alive: timeout=3, max=500
Content-Length: 0
Connection: Keep-Alive
X-Cache-Info: cached
HTTP/1.1 302 Found..Server: Apache..X-Backend-Server: bouncer1.webapp.
phx1.mozilla.com..Cache-Control: max-age=60..Content-Type: text/html; 
charset=UTF-8..Date: Mon, 20 Apr 2015 05:54:04 GMT..Location: hXXp://d
ownload.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US
/firefox-34.0.5.complete.mar..Keep-Alive: timeout=3, max=500..Content-
Length: 0..Connection: Keep-Alive..X-Cache-Info: cached..



GET /3428_92a5d683c188790231b1aa2af09de41e/2.pak HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Host: dlrkbt247pbk6.cloudfront.net
Accept: */*
Accept-Encoding: gzip, deflate
Connection:keep-alive


HTTP/1.1 200 OK
Content-Type: binary/octet-stream
Content-Length: 2937235
Connection: keep-alive
Date: Sun, 19 Apr 2015 10:04:54 GMT
Last-Modified: Sun, 19 Apr 2015 09:11:25 GMT
ETag: "481d84916afd9afb59e27c5103cccb3a"
Accept-Ranges: bytes
Server: AmazonS3
Age: 71362
X-Cache: Hit from cloudfront
Via: 1.1 25fc09eeaefe839a7e3228cd299c020a.cloudfront.net (CloudFront)
X-Amz-Cf-Id: pLvAx578HwsPw_iA7WssEzEY2OWl0J_RTTIoweqkdDzufg2GRRFe7g==
................,.............474.db...W.J.P.iWa4...<..A#.<y....
\..-2...a7."....}.zx....(....N.J8...t.J.-Q..C$....G.!;Q`..%...D.>uZ
....s.L........* ...i.5A.`.....j._\.....e.M. ..}.....\[...............
u97LI0N5PK..........bF]=..............wpm_v20.0.0.1953_0302.exe..S.nM.
...m....m..m..m..l..m.:.\...E....s{.*F.5j.......z.......T.C.t.f.,f..y.
^.a.....P.3.O^:.~L....(.......Z..,...R...xN......*g...2.._.i.y..A[7..K
%...W... Jn.ET.d3.8.A.Rpi>..E..}.......Eb.L/..../.Q.../..q.........
..[.VZ..4_..J.4.(...{..SQ....f....*.....1.}BO..........gD..?..|od...W.
.].6..a.E....*Rz...&...G.....5.dW ..nD7&..4C2......zb.Be..[....T(b...r
j..4X....g........u>Y..~..D!...5.Z...w.....w.[...N......M.........i
....l..3..."..W7.D.t.........Cv.r.-........N..1..B...<.......zI....
...G.F#Al...;..L..[.j.g.w._...~z.../......s...h]..R........K...1....v}
~..].....Rd]?a....#.".]r..-..x....Z...z|`.......x..)..4/...........N..
aQG...lq.4`..`....d>.....wGyf.q.RzN.....9,.t.Rr..=......M.%....l[&g
t;..Bt.<...D..G..S4.$s.g..... ...Y.N.h`..Y...3.5.m."..Pfc%j..$.....
R...J..i..x...?J.T.)L..@%......F9..L.#..`}7....q.%....sj.]. ...r.../z.
.Ff.<x-b.d..P..pE..l`k.?:n..Aq.....<..F.....^..r...7.b\....}.,$.
p)<..Q.....U.>.D.....@}4u.....N....#..A 4g2.uU.r}"......#X....d.
{.)..........R..m.DR.d.2.......o#....30O......(g(H.Aro...0.P....tt5.7@
W4;....BR.J1^Lf....H'..q...HMA..of.]w#..?..I..~>FL2.T.v:.&\..${.KB.
.....o.Z.R.&.<....Zf)...".D<...@_.....WE....*.[\.b..W._?.S{.x..,
....pP...qC\. ....zC....9:.Yc[a..^.~..%2...h...=a.h..Y...'ia;V..&.
<<< skipped >>>


GET /3428_3b67a5ef5d450c1556c543c6323981d9/1.pak HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Host: dlrkbt247pbk6.cloudfront.net
Accept: */*
Accept-Encoding: gzip, deflate
Connection:keep-alive


HTTP/1.1 200 OK
Content-Type: binary/octet-stream
Content-Length: 2211109
Connection: keep-alive
Date: Sun, 19 Apr 2015 22:02:55 GMT
Last-Modified: Sun, 19 Apr 2015 21:15:26 GMT
ETag: "bd672bcfb912270b29f4c1dd097905a3"
Accept-Ranges: bytes
Server: AmazonS3
Age: 28271
X-Cache: Hit from cloudfront
Via: 1.1 a91cbae24982da55d450a613d1626660.cloudfront.net (CloudFront)
X-Amz-Cf-Id: AoynGaunmvf3rt35acmcDLTL0werfInRgNHYUmH4l5rFAV_wJ8TDQQ==
...... . .......!.............474.json.....5.9s..[.:?..y....xL..@a....
..w..sN.....^.9....'.t.."....u...........N5..g(.......{.)..Q.!..Dk..ze
f....s.{.kM.S.*:.......6|.&...M..ZWYr.....uA....R/..,...0..........g..
]V3..n.`...}..g_j.......i.n..;.........Ts..C......o.l.'7u..........l..
.z.ZJ......S"Z....f....W..m..^....$m.=...O.Z...k.=..i...`_...;......kV
........V..8?V.;...*......EF...^'...?*..n.r&....o..wv..}\S.,......N...
.4.w...6.......:....s..)......C.eg..4..........~........P.F.E.i....0..
....c.....9..feKn.q.x......y.........................PK...........F..3
.e....K......uninstallDlg2.xml.\m.....^.......z.f.N...mo..As..$(..@K..
.L.../...w(Q.d.k9.6^T..."....gH....o..1.'"...,gh[...G.-gV&...X(..E8...
.'.Z.........E.....(........q"sQ.@}=..Fd..X.8.!...Y..........|.o..1..Y
......%; t..hfI...Q.c.....S..8B.~.x..S%....p.G......u..m.R~%..E.......
.{.gp..9..?.'..k.\..I...]........K..B.$...q...5^.]..1...O......s...-.b
..L..M.s......Z.^qy.....ul.!7....N..2....!;.)..'K...t..4..5.O...q.....
....u...9...:iG4.P....Ek.....(..D.C......ng..{.oP.....{....t..nd8.`. .
c.x..!.;.$7........ve.........p4.s.P....C..l=7e.7.......\0"t=,"..(`f..
[email protected]*.6E%#....)..~N..6........1T.(......3.0...f.......7..xb
...v.&..C..q.`)n..e.Y.L1....j.'"$.q.=~..D.4...5Rq.....B.<(...m.Z...
.z>"...7 .fp..J.&..>*....e.mOl.)#.g@.*....?.?.=..8..f.....B..Q.G
.4.......!.!...`.2.V.....%....hQ.-.Q..^{[email protected]............\..:..
Kv.s....../OW.`N6(..&.....(5."....m..C....c.C..?{C^......pbT..*-...j..
F...R.......U..'o.OJUu.]^4..^........x~ I..0[nV....PA.O...8.'.r.BY
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=321582-643164
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 321583
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 20 Apr 2015 05:53:51 GMT
Content-Range: bytes 321582-643164/1286329
X-Cache: Miss from cloudfront
Via: 1.1 0eac6f4cd808ad19eeecf0b9c481ec2d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: o-qkfaXsrHj7NJQHLMAUsvecOmDJtP47Z8Z9Rxyn5qODHu2210U-sw==



GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=1125538-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 160704
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 20 Apr 2015 05:53:51 GMT
Content-Range: bytes 1125538-1286241/1286329
X-Cache: Miss from cloudfront
Via: 1.1 0eac6f4cd808ad19eeecf0b9c481ec2d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: CiVJ4qLfcxcf8kZq8UDAaY6E6bNoWikn0gQEBa1upIOdolB8tY2F3A==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 160704..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT..Accept-Ranges: bytes.
.ETag: "b8e31d44765d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: AS
P.NET..Date: Mon, 20 Apr 2015 05:53:51 GMT..Content-Range: bytes 11255
38-1286241/1286329..X-Cache: Miss from cloudfront..Via: 1.1 0eac6f4cd8
08ad19eeecf0b9c481ec2d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: CiVJ4
qLfcxcf8kZq8UDAaY6E6bNoWikn0gQEBa1upIOdolB8tY2F3A==...M.......3...?../
....d..L:.M..6Jbl3...@....|\.V..I.=..q....Y6...|..?..I.z.i.H.'.%....t\
..{:4CK...e..Va.S3.2.......R.........l.?...p.\.M.?...e1...V.....Sw..4G
WU.y.....*O}"HSj.i.D../S.....z.n.>.`:...y............h..D!.R../V.*&
..?2B.G../F..6H...^yt...I...;!.......DN.....E6..!....g.S.?.!}G.. .*..O
...:..(-w. ._q.T.w...T.PZ..b..e0.AG..X.8..|.{a...n.......c.V.Y....T..x
.....6V.............)...S.$..%..y.'.........t..NN...,....._.>8..In.
....2.....Ey.Y5..a.`Q.....<....n0.XA.....^.?8PI...~.D...yE..2.&q..T
......t........}..R...O.P....Y....5..S.L..I...../....8k....*tx.w.`...E
.....B.v/.......]%X.h.j.....o.2...D...(>7a.....9...Y...iH.f.....r.5
"V..B.9x.vPh..Z.;.......y.,}.:.:.>..[..#9KA..'.W.../....Iw.9.......
k.o..d....R...t..yM{.............../h...A.........9.....-.5..X.W,z.../
u0. ..6..#nv.wK......k}.....BB?mC...f..a.O.B^....W.Q.f.R...M7.....I`W.
R..|v|....{...........L6.6.w....5L9 ..#1.5=c...K..x~/..o..V...1.....^.
...Zr../@...; `....D...'..6"[email protected].>.Cg|....N.h~
<<< skipped >>>

GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1


Range: bytes=1286242-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 416 Requested Range Not Satisfiable
Content-Type: text/html
Content-Length: 49
Connection: keep-alive
Server: CloudFront
Date: Mon, 20 Apr 2015 05:53:55 GMT
Expires: Mon, 20 Apr 2015 05:53:55 GMT
X-Cache: Error from cloudfront
Via: 1.1 0eac6f4cd808ad19eeecf0b9c481ec2d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: iqK_vWqaW-zVfRKCQ44Vi332kZKOsRbFLWGsAoqYBb6VnjmKwi529A==
<html><body>Sorry, invalid request</body></html&g
t;.....


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1


Range: bytes=1286291-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 416 Requested Range Not Satisfiable
Content-Type: text/html
Content-Length: 49
Connection: keep-alive
Server: CloudFront
Date: Mon, 20 Apr 2015 05:53:55 GMT
Expires: Mon, 20 Apr 2015 05:53:55 GMT
X-Cache: Error from cloudfront
Via: 1.1 0eac6f4cd808ad19eeecf0b9c481ec2d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: NG4ObBbf7xuwXuHOzl65QjErhpNJDsPdYuO8nJ9_G_ryHzBIWVv2dA==
<html><body>Sorry, invalid request</body></html&g
t;.HTTP/1.1 416 Requested Range Not Satisfiable..Content-Type: text/ht
ml..Content-Length: 49..Connection: keep-alive..Server: CloudFront..Da
te: Mon, 20 Apr 2015 05:53:55 GMT..Expires: Mon, 20 Apr 2015 05:53:55 
GMT..X-Cache: Error from cloudfront..Via: 1.1 0eac6f4cd808ad19eeecf0b9
c481ec2d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: NG4ObBbf7xuwXuHOzl6
5QjErhpNJDsPdYuO8nJ9_G_ryHzBIWVv2dA==..<html><body>Sorry, 
invalid request</body></html>...



GET /software_files/flvplayer/flvplayer.png HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: download.filesfrog.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:52:50 GMT
Content-Type: image/png
Content-Length: 2657
Last-Modified: Thu, 01 Nov 2012 16:29:07 GMT
Connection: close
ETag: "5092a353-a61"
Accept-Ranges: bytes
.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:3D9FF6339817E211AAD2F68344BFAC9B" xmpMM:DocumentID="xmp.did:AB58
A333242311E2A1AEB9ECD25482C6" xmpMM:InstanceID="xmp.iid:AB58A332242311
E2A1AEB9ECD25482C6" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B0562F3E2224E2118345
DE06D65C47EA" stRef:documentID="xmp.did:3D9FF6339817E211AAD2F68344BFAC
9B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>...r....IDATx...YHV[...fV.e.H..6P......."."..
,.zh.u.*........&"zI.P"...l H.l.F.h......u......v_:.=...........OL....
..i..;2........jG...<.kzQ..C..].v..m.Jll.o.....P}}}.......ySh....Y8
.....7Q~.E.....\iAT...N.:.1FGsW..-.u...{...2j.(i....}.....wO.<x ...
./_...-.|Z. ....M.f...P($...2u.Ty....={V...%>>^.....N.].~]..>
,.......f..... .9.1..wo.7o...4H....9..l."../...4.9..-[.....Kmm....w..(
WH....`..!Cd....>........g.0`....u...qC./....u.L..3G./^.i.y4.\Q.@..
a.d..5..}{M..w..E.}..I...(...T...>T=....;w.Hff..!=..}.....`....
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 20 Apr 2015 05:53:57 GMT
Content-Type: application/octet-stream
Content-Length: 671328
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Thu, 23 Apr 2015 05:53:57 GMT
Cache-Control: max-age=259200
Content-Range: bytes 0-671327/671328
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........*...D...D.
[email protected][email protected][email protected][email protected]...
[email protected]............
[email protected]......."....
@.......................................... ..............."..`.......
[email protected]................
...............text....P.......R.................. ..`.rdata...^...p..
.`...V..............@[email protected]...$O.......,[email protected].
....... ......................@[email protected]..................
@..B..................................................................
......................................................................
......................................................................
......................................................................
............................................U..j.h.NG.d.....P....T.H.3
.P.E.d......M..E....Q...e.P......M.......E.....j.j..M..K...j.j..M.Q.M.
.K....E......E..M.d......Y..]...U..Q.M..E.P.pn.....P.M..4.....].......
..........U..Q.M.j.j..E.P.M.Q.U.R.M..a.....]..............U..Q.M..M...
....E...]...........U..Q.M..M......P.E.P.M..d...P.M........]........U.
.....M..E..H.;M.r..M......;E.s..M.......U..B. E.;E.s..M..Q. U..U..M...
... E..E..E.;E.s..M..M.... U..E..H. M.;.w..M.......U..B. E. E..E..M..Q
..U. U..U..E..H.;M.s.j..U.R.M..?....E.;E.tS.M.Q.M.......E..E.P.M..
<<< skipped >>>


GET /css?family=Abel HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: fonts.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css
Timing-Allow-Origin: *
Expires: Mon, 20 Apr 2015 05:54:40 GMT
Date: Mon, 20 Apr 2015 05:54:40 GMT
Cache-Control: private, max-age=86400
Content-Length: 155
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=1
@font-face {.  font-family: 'Abel';.  font-style: normal;.  font-weigh
t: 400;.  src: url(hXXp://fonts.gstatic.com/s/abel/v6/3YEwT2a1878zysq9
2S8_9w.eot);.}.HTTP/1.1 200 OK..Content-Type: text/css..Timing-Allow-O
rigin: *..Expires: Mon, 20 Apr 2015 05:54:40 GMT..Date: Mon, 20 Apr 20
15 05:54:40 GMT..Cache-Control: private, max-age=86400..Content-Length
: 155..X-Content-Type-Options: nosniff..X-Frame-Options: SAMEORIGIN..X
-XSS-Protection: 1; mode=block..Server: GSE..Alternate-Protocol: 80:qu
ic,p=1..@font-face {.  font-family: 'Abel';.  font-style: normal;.  fo
nt-weight: 400;.  src: url(hXXp://fonts.gstatic.com/s/abel/v6/3YEwT2a1
878zysq92S8_9w.eot);.}...



GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=587412-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 20 Apr 2015 05:53:57 GMT
Content-Type: application/octet-stream
Content-Length: 83916
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Thu, 23 Apr 2015 05:53:57 GMT
Cache-Control: max-age=259200
Content-Range: bytes 587412-671327/671328
MMMMMUuzt.............................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......(... ...@...............................~r......YRO..M"..M"..M".
.O$..S(..S).xH0.~L3.wG0.wH0.rE..xI1..YB.\TP.XRO..K...N!..O"..N"..N"..O
$.xI0.pE..ZSO..h:[email protected][email protected]_]..F...E..
.C...D...E...C...n5..l6..f>...n...s.[TO..L...I...J...I...s-..r...p0
..o1...j..._...k...l...m.ZTO..Y...K...I...w*..v,...h...i..i...Y...S...
{$..z&..x'...e...f..m...k...l...m...n...o...n...j...m...k...q...}....$
...*...*...7...?...D...;[email protected]...
............qpon......................................................
......................................................................
......................................................................
.................................................................(....
... ...................................|WR......Q3..O1...b.sP?..Q2..Q2
..Y9..^G......`[email protected]..............
<<< skipped >>>


GET /pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=3&index_in_screen=1&index_in_session=3&0.048555798166990904 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:51 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:51 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=3&index_in_screen=1&index_in_session=3&0.5049814859640564 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:25 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..



GET /sponsored/swiftrecord/eula-swiftrecord.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: d1h8rlkib3jo2q.cloudfront.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 19 Apr 2015 04:56:07 GMT
Last-Modified: Wed, 11 Mar 2015 08:59:19 GMT
Expires: Sun, 19 Apr 2015 05:06:07 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 464
X-Cache: Hit from cloudfront
Via: 1.1 161fdcd8b4be71364ff5e2c537400f09.cloudfront.net (CloudFront)
X-Amz-Cf-Id: zNWwvItwzaJwOZEAK4scWv_c5EfBS3m3kCoR9Fua5nwzgBMsov8_BQ==
36d5.............}.r....s. r8.c*....n.r..!..`....K..8@ [email protected]@.gb".Cf~
..d.Z{.K. %_:b......'.e_......i.d...]..f.....y...;<>............
..y...U1X...d5.....q.r..._..o........;..w....g............j...........
...a^........r8...7.........u....zu{..|.....qZ...E...U.yu<.k~..M5~.
...7.jZ-.......w.h6\.M.o.W....dU.....|S...l8....|uXO..>}.z.9}v;.M..
o...rX...-.._...o.JN.V~......b..N1...G.~U..i.........U. {/.^hh.Z3...I.
....].)...c.|c?..X{..<....[SL... ...../...?./O..~.W.....v.z.k./...&
lt;.-......E..?h..w........=.|h.......=R.....{~.....{......t/O;.N...P|
x.9y..N..O.....{...Z.:...89o....>..........>>.\`..3|......6..
k.;.....o.;............~....=..\...4U..V..d^..'u....k.mq>....,Zw...
..U.......^..eY...X.R..E5/@U....0.]..rT-.|.,.N..b8..;(.....Z.{........
....0.l......Xc.uQ.......j........c.....t2...._....Jj......XV.....z...
.v..........G.....G......S...u7...W....ZN>.G..U..<..&....;...C..
.-..rY.G%..d..i.9....d:..s.W.Q.6xY..]j?..K.......O.^/.>..p...&.d~W.
c.......p9.?(n..y.<.5|^a..?..Ln.p.8...wh;z.....w..l..jU....M......G
.3. ..n.|........x(o V....5...O.J........z.....}.x9H~<......~.W..r|
[email protected]..@.$.H..zP/#..9R....B..X.
4t...C}P,....s....H,d..tU.6n..@qgY\.E.....#.......g.8.0.bY..Y...b..1.e
.X...V.=.~.,..(L....AW..QY.<..W.9.....#.4&...| ........L.d.m._8....
.D...EU$..r.Zc..z..f....f.6..(.IRX.'L.[].k..i..WH...o}h......8}mo9...u
.b.P...&.i..Tkl.S.18...B.- .1e.....6.v=. X0>..~.,]Q....F.U...#q...%
......4....U55.r.3R................i1 ..!..u..^.:...II..U..N.<N
<<< skipped >>>


GET /utility.gif?report=fdata&f=1&c=000820&i=100&n=init_start_funnel_step_name&rnd=1429509267 HTTP/1.1
Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: CzeFI58LpwUnhfGxDwaT5arFxRAZ2zRAgpVZ6cUaHInJwvVOz Q2vgNtgza3SkTyy0DAVQalNe4=
x-amz-request-id: 6B714CEB86D24B5B
Date: Mon, 20 Apr 2015 05:54:29 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: CzeFI5
8LpwUnhfGxDwaT5arFxRAZ2zRAgpVZ6cUaHInJwvVOz Q2vgNtgza3SkTyy0DAVQalNe4=
..x-amz-request-id: 6B714CEB86D24B5B..Date: Mon, 20 Apr 2015 05:54:29 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /installer-error.gif?action=sesamy&app=65743&appver=0&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=D8EC08FCD9F84930B2B635022F4942AEPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&error=0&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1073750533&asw3=-2147483648&asw4=32768&crtnm=na&procstarttime=1429509267&procruntime=3&rnd=1429509270 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: /wVRri8ko2psh/IjoEVdCGX2amj66rY/cPgtLeBT NQMwmPolbDAuU3BIihAiPZd c8D/fGV8Nk=
x-amz-request-id: 5D4A6BF4112A446A
Date: Mon, 20 Apr 2015 05:54:31 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:13:52 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: /wVRri
8ko2psh/IjoEVdCGX2amj66rY/cPgtLeBT NQMwmPolbDAuU3BIihAiPZd c8D/fGV8Nk=
..x-amz-request-id: 5D4A6BF4112A446A..Date: Mon, 20 Apr 2015 05:54:31 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:13:52 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /utility.gif?report=fdata&f=1&c=000820&i=200&n=init_end_funnel_step_name&rnd=1429509271 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: T4oiZ4xuP0SOSElLCROuaCC6FELhzZt3qGdbXbw04ZQtk6SEDxrOjgSj2McSw99LDt9DrPAX4/4=
x-amz-request-id: CCAE353170D6974C
Date: Mon, 20 Apr 2015 05:54:32 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=300&n=deploy_start_funnel_step_name&rnd=1429509271 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: hJQ6c9E33FaU5CmSvulo2UfqAtWchKExIQJMNLhSN4TR62MGZUXeG94dh/BaRQigjQjxTdPLPT8=
x-amz-request-id: BEE006565EBF6346
Date: Mon, 20 Apr 2015 05:54:32 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: hJQ6c9
E33FaU5CmSvulo2UfqAtWchKExIQJMNLhSN4TR62MGZUXeG94dh/BaRQigjQjxTdPLPT8=
..x-amz-request-id: BEE006565EBF6346..Date: Mon, 20 Apr 2015 05:54:32 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /utility.gif?report=fdata&f=1&c=000820&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1429509272 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: YazXQ5k57Lil21XjE/zHLe2QAkM6 6k3En3f2oEnZiijfNxlbIZUElZB3auOfrIa GXcmjieIGI=
x-amz-request-id: E92BEA2B314929C0
Date: Mon, 20 Apr 2015 05:54:33 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: YazXQ5
k57Lil21XjE/zHLe2QAkM6 6k3En3f2oEnZiijfNxlbIZUElZB3auOfrIa GXcmjieIGI=
..x-amz-request-id: E92BEA2B314929C0..Date: Mon, 20 Apr 2015 05:54:33 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /utility.gif?report=fdata&f=1&c=000820&i=500&n=deploy_notification_start_funnel_step_name&rnd=1429509272 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: 0m9ScJ58Ams8ecGKGceQKRZ7hLYoereQ/A1t/gFsSY06Fr6e2M5xLIkZoLXfq8NIK Yl8Oh3TBw=
x-amz-request-id: 85E01EC032C193C5
Date: Mon, 20 Apr 2015 05:54:33 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1429509272 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: SRhzYCG8n2f/szxuHkirG2CmPQ0k P/TbQu2HcgcS46KtOpcxHTxlLqwU1fqsz5sqB7AV3yurx4=
x-amz-request-id: A456837CDCD39500
Date: Mon, 20 Apr 2015 05:54:34 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=700&n=deploy_ch_start_funnel_step_name&rnd=1429509273 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: j3zdkBthMkqpLtXjhZXVENrFaVAKJiqN3v7baJOLrdP0Yp2TXGkwPYmxmssLkzA3nYs0OsNECpk=
x-amz-request-id: E5C590CFF8E39051
Date: Mon, 20 Apr 2015 05:54:34 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=800&n=deploy_nova_start_funnel_step_name&rnd=1429509273 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: fCOnMuXnFmI10a4rr9br 6lkhsjTzXKW5HsDzCdRIHsUQMxG3rxbfzxG3L9A1Tw7dQjOM0bxgOw=
x-amz-request-id: 9CF101AC64C9DD96
Date: Mon, 20 Apr 2015 05:54:34 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=900&n=deploy_ff_start_funnel_step_name&rnd=1429509273 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: uPpkUBUaNi PPSng1CE9lXqFT3g7o2A1h5jGKygH5x8P801GnVHNpJdOghAYQYKYt 0JTTfJcrY=
x-amz-request-id: D93585EAB9C45FF4
Date: Mon, 20 Apr 2015 05:54:34 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: uPpkUB
UaNi PPSng1CE9lXqFT3g7o2A1h5jGKygH5x8P801GnVHNpJdOghAYQYKYt 0JTTfJcrY=
..x-amz-request-id: D93585EAB9C45FF4..Date: Mon, 20 Apr 2015 05:54:34 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /utility.gif?report=fdata&f=1&c=000820&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1429509276 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: oRvlPzN8l2Q0yMsRW86ESuUwlfMFWxXB4KWcVW QNOdvJePgMX/WmSKS7ZFmGq3/DpY7Q30lwvs=
x-amz-request-id: C8475B3DF759EA98
Date: Mon, 20 Apr 2015 05:54:37 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1429509276 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: JKTDgVEwiaONS9UUzachvHTLYZUlFC9UeNyiBzEo534V/gsdqZWneBT3rILO GHQPlMprQnxJQ8=
x-amz-request-id: 7BC4B80D24B4BCF6
Date: Mon, 20 Apr 2015 05:54:37 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1429509276 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: FDbFmmW/9tQjDD3xt7U0OGctsyIiiXjdaaGtRMGl5zzT7HiOR3Sn 6khzbHyoGm E3wkWFJHBU8=
x-amz-request-id: F2A2DF3289A2ECED
Date: Mon, 20 Apr 2015 05:54:37 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: FDbFmm
W/9tQjDD3xt7U0OGctsyIiiXjdaaGtRMGl5zzT7HiOR3Sn 6khzbHyoGm E3wkWFJHBU8=
..x-amz-request-id: F2A2DF3289A2ECED..Date: Mon, 20 Apr 2015 05:54:37 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /utility.gif?report=fdata&f=1&c=000820&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1429509277 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: Q6wrXJ/GgiU5SCI4xwnQlE foT4VaPcw WxulgzCBLngrKjXaNgWsziAe9jSF/kO0pkjxcOVdZI=
x-amz-request-id: 0517DD821C658350
Date: Mon, 20 Apr 2015 05:54:38 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=10000&n=deploy_end_funnel_step_name&rnd=1429509277 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: 48uQiAG6gRDtJYynyLDM7IW/VbqCrW2EGuqYDgYgwfDsDR1wdIlpyGT6kfUwSoCehCMT5rJ Vso=
x-amz-request-id: B1F4BEEFE92D1F32
Date: Mon, 20 Apr 2015 05:54:38 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 48uQiA
G6gRDtJYynyLDM7IW/VbqCrW2EGuqYDgYgwfDsDR1wdIlpyGT6kfUwSoCehCMT5rJ Vso=
..x-amz-request-id: B1F4BEEFE92D1F32..Date: Mon, 20 Apr 2015 05:54:38 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;..



GET /pinger?event_type=offer_accepted&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=4&index_in_screen=1&index_in_session=4&0.1553293651109247 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmc=1; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:49 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:49 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /searchprotect/up?ptid=smt&sid=IHProtectPlugin&ln=en_us&ver=4.0.1.2105&uid=267123711_198339_B48A115F&dp=0 HTTP/1.1
Host: VVV.theviilage.com
User-Agent: Mozilla/4.0
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:56:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14p1
1..0..0..



GET /mg?alpha=WngeFh5qQllOKh5NMTwRWzxNGx5aPhxnGixnaFMFL19fBmp9dwNkcis4HxlKAh8GN2pTCwERVTB3PEx5SXAkG2wiLwJZFQpLQzZrVi9y HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: install.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Mon, 20 Apr 2015 05:53:58 GMT
Content-Length: 2004
7TlDMXayBTZjPNpCfk0p mEHOXm4LhwmPYkOFWFg42ADNTfxBRZVEv0DJEtaozNUJFupFz
85JpJWcQkVlQBTQkXBeVRzNM86C3BhzmVWCjDDSQY1aL1lRRg19zs1Jj rHl1tYaRXBRZE
qi4hZnrkPUw6T7ETMSFhuX9HPiS9OFlgXMZuEycu TkJKDHHZncMIdF0ATlsrk9OGCXARU
slO7crSjth4QYXAEetL009ceBzBTEW/xplYme1LRgpIq05ci1LkWJVP3q1ZUkmZ9h5YE1 
vV0 A03pIAQNJ98PU3l4iCFcfi38EAEZSbM4M1tH83AVMUmuX1Bsaqh7TS9y9H55YFzGbn
98Lel3X2pmzWUpTSHnZRAzbq5ocBwq3gJTeTSuNEM7Ye4aARRNkSobbmHkXB4xWbZdJ2Vl
rXxHcXKxL2t2X8FvEycm7TkWYT DbH0OJ s3TyRovmlbUT2JDhVhYOJpAzU38QUWVRL9Ay
RUQKMzVCRbqRc/OSaSdlE0Pqw5fW9R33htQRP4JwxqdNIrKU0y/nkANVSqYUNffMUSHS92
 T1XZybrARYTfr4nGmI1u3EDOFbxXXtsdqJqbDwksSpqQljWaFo/euo0CXd2jStsHCDoeg
c0OPFqRxE1zktTJiK6O1s1efwHBhJV8zBNbnOjJU9mFv8LZHNh4zUAFRuLCy0tEsNqRXVi
tnc2fWDIZ3EKNvF0GSNGl01TCSn5Eh8wePd6WXYv/RA9FkW6aVVpYu1zWnZfpQ94YHCka3
Q8PK05LTtexmddMWLqOhdndu9ocQYy lYdNXmgLhwbJ8cUFG94sitLYCz6EVFNTr4nHGI7
o3oONVmpXSd3drRqX3Er jVrIwqKOB0/NPUlACYpg0FOPBO9OVcge79kBEdk B4CKjSvPV
15IuQGLyt4rSQMQ2Lsb1R4GKsecXZhj25POHLiMnptXJ8pVGUw6TYRYXf3aGkaIb0vGyV2
pyAEGynZBBQNO68xWXIA4BAQHArlLQ5rZOQzVD1JuQhycWDjNUQ8PKs5IyNVy2pSaWK2IR
dxdtwlfk0t zdPaS7nLlIENs5FS2ESkAt4NW qBRIDQP1xTUp 4m0ZJ1W7C0FfU6hhRjIn
qwBTQkXBeVRzNNowF3d6zmdZMxHxfBsjbqpgSiE....


GET /fp?alpha=Z2o/FEhOYSxYKUppED5HZi5sGUhnNillCUBrfgsUYH4yFA5lGztiVxEvJGFvJnpLM0d6GFNlCGZla0wvf0tLHTt4bXR+R0UwWAdeQj5EGVckazxYFnByaGBNGQQ/Vl1iPn4ATDcQNmskYC0jDxo9eTJAN2YUURIXemxuSkgwfB0ZWHQvLEobKzMvARlPek8rWndxKUxGYWdjeEgZFDlTSWMycwVKIhFqciJnOCQbCTp/Khdld0gFAFgmYQ4QATdhGlwubT0uUBBpanZGRE4pWQYuUWBrB0B8bWppSRECPVRCMHg/DyprSGs9YSY4V0dPbiJuFHYJUFIfCX9rbHJIJ3oaQDN7b3t5SkIzLwwVEmM7Z04gdjFYFnhobXVPZAA/UV1gOBVzOUZUXltsFnYP HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: install.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Mon, 20 Apr 2015 05:54:02 GMT
Content-Length: 0
....


GET /ii?alpha=amYHExM6QGhBBXhiKDkcayJUHhNqOgs7Hl9VEwJWODpNVFZ/F2QiJD5gC3cXZS9AEnkzVjxTKCJtVE8Eai17F3sGZFsPFj46ExJQTyV8PEBHOVwCTjkyRCxEEQwFIHtrMChzCzlrdRZgbCZoF18/dQY3ch4YYBQgc2kgRnZpQm1OIwlgU0kYOToQE1gWYm9/ETZ6AkdPfmdEO0ZKekcOAjViE0VKYFhScyk9cmlXHVB9A0Zxag5gE1F2fldJAG0ybUQwWxgaXBheWQdJBVIvMSgcTyNfFhA7IE5/FRgVVwhLemgYQ0N9F3o8Lip7WEoUcmBlHzE+Ty5SQXFwNg1aOWY4UDxbOhRTBUUqAVATVCUoIk84cBFEUX19VWkTHRhGBE0qbghQBn9LVD5tYjQaC0IgL0EaPjRHZGQPITwPDF1/Kx5NPEAxER92f2tVQwUPcC87HCxsX0APcSpEPlURAQVNDmw1TVhHMhoHb3hoLh4TSDQCCERvYBRsBxEpNFs5VDNwLgUxWzkbAmFFVW9nUEI5LC4cXAluPD5qNxZidWFPVBNacCc9eFFuWFJ1GzFmX1ATamBhVgwZcxABJS8jDV9xOnUiQDASJB4CA25kQhtHACx8fCUuH1srJCk= HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: install.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Mon, 20 Apr 2015 05:54:02 GMT
Content-Length: 84
HIqg7XoW0OLpDwPpnZE7Gsfi WUYhefgCBWGxr16CJ6 p21DqOXHSALa4b5oA83y7RQWoo
uzZE0RvvWPrQHS....


POST /if?alpha=amYHExNwKw9gTCFuKDkcayJUHhNqOgs7Hl9VEwJWODpNVFZ/F2QiJD5gC3cXZS9AEnkzVjxTKCJtVE8Eai17F3sGZFsPFj46ExJQTyV8PEBHOVwCTjkyRCxEEQwFIHtrMChzCzlrdRZgbCZoF18/dQY3ch4YYBQgc2kgRnZpQm1GNgkHHVpJZ0NPTwJtPy0hcm8jRREXaj4UYhcKTghTD20yRQUSIRgHe31rIRsXRiAkVxAdKE9kSAQ+IAoQRzolL0YzdiYaaRg6Og8WWB9kcX0PKXwEQE5qNAcwb0NbCDRsemgYQV9/TwoCJDZwRFIBKmAEQnI4SS0HDjUmAw0IEmooUTpHOxNLBVxjT0IZUSVhegFIOF4UGj8gCzBNTVQVLx98cQ5HVWZFWXV3eCIFFFwxdgJHfylFK1cIJTVGD1Q8aGsZdQV6RRlKeGZASBEbEy8qTXE5WVJXGT0LK0ZIGGYVXihiGBwAYVwKYWs2JlsYCyAhREtmagxoEVNgPQdCBW85fhNvAWJPDWcxOBEcQhNwMSJFJQxQHgwpdQYwTkIFcS9gEkZNUUliSQoRDgdaagMWcn1kOyg7UjwNQRAdER5HOiMdSidAIRRTBVgqcmUlb3YFJFJzanUXCSUwB1dUVWpZW2U= HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: install.theswiftrecord.com
Content-Length: 78
Connection: Keep-Alive
Cache-Control: no-cache

alpha=amYHExMYZDExYzRwAnd9TTlUAAwQMgYyf21IRSVeKGY3eUlsS1sJGT15W3kbaidcKl1TXUAs
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Mon, 20 Apr 2015 05:54:02 GMT
Content-Length: 41
{"status":"OK","url":null,"message":null}..



GET /monetization.gif?event=3&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000820&country=ua&app=65743&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429509267&asw=0_1073750533_-2147483648_32768&browser=ff&rnd=1429509267 HTTP/1.1
Host: logs.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Mon, 20 Apr 2015 05:54:30 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1389114507"
Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
Cache-Control: max-age=86400
Content-Length: 35
Content-Type: image/gif
X-HW: 1429509271.dop005.am4.t,1429509270.cds058.am4.c
GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Mon, 20 Apr 
2015 05:54:30 GMT..Keep-Alive: timeout=10, max=100..Connection: Keep-A
live..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07
 Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 
35..Content-Type: image/gif..X-HW: 1429509271.dop005.am4.t,1429509270.
cds058.am4.c..GIF89a.............,...........D..;....


GET /monetization.gif?event=4&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000820&country=ua&app=65743&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429509267&asw=0_1073750533_-2147483648_32768&browser=ff&rnd=1429509267 HTTP/1.1


Host: logs.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Mon, 20 Apr 2015 05:54:38 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1389114507"
Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
Cache-Control: max-age=86400
Content-Length: 35
Content-Type: image/gif
X-HW: 1429509271.dop005.am4.t,1429509278.cds058.am4.c
GIF89a.............,...........D..;..



GET /v4/sof-windowspm/?action0=xa.geoip&action1=visit&action2=install&update0=ref,wpmvt&update1=nation,us&update2=language,en HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Mon, 20 Apr 2015 05:54:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
3d..{"stats":"error","time":"0.07 ms","message":"uid is not set"}..0..
HTTP/1.1 200 OK..Server: nginx/1.6.2..Date: Mon, 20 Apr 2015 05:54:19 
GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunke
d..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v4
..3d..{"stats":"error","time":"0.07 ms","message":"uid is not set"}..0
..



GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=35695-
User-Agent: Better Installer(Mozilla)
Host: d1z9ocnzqrnjt0.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 249863
Connection: keep-alive
Date: Sun, 19 Apr 2015 05:23:12 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 35695-285557/285558
Age: 1722
X-Cache: Hit from cloudfront
Via: 1.1 7f7973dbad51e74b2ad2ed854cd62fbf.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 7cuV6469gSBMdSHZJOUUYVUwm3nTQcgPztv2ttoP19ZDHzhpUaSbgw==
[email protected].>>>.555.,,,.&&%.!!!.............
....................$"".)''..,,.200./--.*((.866.QOP.qpp....=..........
......................................................................
........................................776.........%##.=<<.ecc.
............ihf.OON.>>>.444.   .&%%.#!!......................
...........%##.,'(.0...100. )).-  .@>>.XVW.~}|..................
......................................................................
.....................................AA@.   .....&$$.<::._]].......
......kih.POO.>>>.444.   .%%%.#!!............................
.#%%.''&.-)).1...0//.*((.200.HFF.`^^..................................
......................................................................
........................_JJI.##$.....##$.<<<._^^.............
kih.POO.>>>.444.   .%%%.!  .........................!!!.$&%.(
((.-**.3.0./--.*((.644.LJJ.ecc....k...................................
......................................................................
..................9UVU.&&&.....!!!.999.___.............lki.PPO.>>
;>.555.,,,.&''.!##..  ......................  ."&%.())./ ,.4/0./  .
 )).:88.RPP.hee....3..................................................
......................................................................
...!`_^.,  .....   .444.YYY.............kmi.OQN.>>>.545., ,.&
%&.#!#.......................... ..#"!.)&&./,-.310.,)(.-**.><<
;.SRR.nnm.........................................................
<<< skipped >>>


GET /webplayer/flvplayer/config.json HTTP/1.1
Accept: */*
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Cache-Control: max-age=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:29 GMT
Content-Type: application/json
Content-Length: 905
Last-Modified: Mon, 10 Mar 2014 13:59:58 GMT
Connection: close
ETag: "531dc55e-389"
Accept-Ranges: bytes
{."group-name": "FLV Player",."program-name": "Play online FLV files",
."about-text": "FLV Player v1.1\n(c) 2012 Somoto Ltd. All rights reser
ved\n\nTerms and Conditions:\nhXXp://software.filesfrog.com/FLV Play
er/eula\n\nPrivacy Policy:\nhXXp://software.filesfrog.com/FLV Player
/pprivacy",."title-icon": "hXXp://VVV.bigspeedpro.com/webplayer/flvpla
yer/flvplayer.ico",."tray-icon": "hXXp://VVV.bigspeedpro.com/webplayer
/flvplayer/flvplayer.ico",."shortcut-icon": "hXXp://VVV.bigspeedpro.co
m/webplayer/flvplayer/32x32.ico",."uninstall": true,."url": "hXXp://ww
w.bigspeedpro.com/webplayer/flvplayer/html/flvplayer.html",."width": 8
54,."height": 542,."cache": 86400,."alwaysontop": false,."program-vers
ion": "1.1",."start-on-windows": true,."title": "FLV Player",."tooltip
": "FLV Player",."minimized": true,."update-url" : "hXXp://VVV.bigspee
dpro.com/mirror/nerocrossrider/flvplayer/flvplayer_update.exe".}...



GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=160792-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 1125537
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 05 Apr 2015 12:15:49 GMT
Content-Range: bytes 160792-1286328/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 9a1a4611d27801314004f312097d7f2c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 71AqeBmRiwOKobkzCVOi8wWslTR6Ye2bd9k5QevuxKCj2PkigFvrww==
......'oS.l.g......*. .=.....8..;....#.?U... .i....=..{}...z..N..8s2.u
[email protected]}..j..bP.&.k.Z%...0..T...SG.9....w.........U..d[3XR. 
.1.......... I...T.H'..F,4........j..y.7F..~eF^Lt...........a...q.,.|.
..M3.]....).......FT.^..k.Ad...0MVn;.R....7W;~..,....8..e..umjZ..o.jfK
[email protected].~.%.6.I....F..<.(.O..^<..r.vOh..J...:.....,.sY...
C!2.;O........N:..2. ..F.Q...?g_..n..S..9r l.{...P..fLJ.)......ED..Y..
.e..w.......J....}....... B..y.....}..5.ib.-....6.......&....i....u...
d.aV.Z....a....Q..h.z  N{....Y!N...n.....W...5.f.Z.j. ..O..h.M=k....,.
.O....S .k..j1V...K.E..OYB.].40...A.._u...<...y....}j..].B....7e.D.
..:2........`?I....>.4y.N.#&[:.I..(D.W...r..abD.a..N.....t...0P4q.&
gt;....hV.....;..Ud.OZ..I.....(...p.E.."..{...'..^.X2..U..w.._...(.(..
............z.&.g...E...9.&z.F(...J...EH.......%!...o-aG...:.3.7.....V
.....|.q....<...........&w.......}..G&.w........x...%4?...4.......s
a...vo.G$.Hm...]C..T.F..Kc"j...../.(;...p".v..........[.D..0:#.|..q.c.
a?..r....$;^|.!....\..).K..>......Sm..]s...C....t...._.F....#!..T.z
W<..).*...L.l..Sk...$.2d.C...$....CX7...`.i..X.......(.....T....:SG
.1:.c......z..$%...e.=M#7.^.....:.%...k/.......(.........3.._1.k...]..
.............dh. ....9......!.>..L N....R.h?c......B..Q0s...o......
[email protected]..{.t?....WT.&.../.W...}.../B...T.LAr,.......!E..(....E
.. .T*S#..V6.K......O.F.....j....2z..P|C..e.......x.. k...W.....h.".9.
@Vl......K.=.RP......w..A ...@~x....J.....`..V..T".X...<[email protected].,
...1....0..B....X.v`.F.a.;#^u...n*as. ..U[...|.j.;.{y ....;.v1;W..
<<< skipped >>>


GET /root.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.net


HTTP/1.1 200 OK
Date: Mon, 20 Apr 2015 05:57:23 GMT
Content-Type: application/x-pkcs7-crl
Content-Length: 649
Connection: keep-alive
Set-Cookie: __cfduid=db2e335a4f7515e50183ab35504e4a6b81429509443; expires=Tue, 19-Apr-16 05:57:23 GMT; path=/; domain=.globalsign.net; HttpOnly
Expires: Wed, 15 Jul 2015 00:00:00 GMT
Last-Modified: Mon, 23 Mar 2015 00:00:00 GMT
Cache-Control: public, max-age=7408957
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1d9e9c8405a60f63-FRA
0...0..m...0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.
0...U....Root CA1.0...U....GlobalSign Root CA..150323000000Z..15071500
0000Z0..0*.........D.....141125000000Z0.0...U.......0*........)E.....1
41125000000Z0.0...U.......0*........ ...h..141125000000Z0.0...U.......
0*........,^.....141125000000Z0.0...U......../0-0...U......00...U.#..0
...`{f.E....P/}..4....K0...*.H.............&...f#...5.[4........{pV.#.
F........:...*Q.....Mx9}....,.S.D.>@.Ju.[)c...`.?.j~...-..{.FHj....
.#.C2.[.,`.......)...Bj2........n...........%......p.6......Q.....1..p
d......F.........mJO.!y.W.......V.M).N.R.....V..|...7.ry. ..gy..I\....
.....j....... .z.E..".HTTP/1.1 200 OK..Date: Mon, 20 Apr 2015 05:57:23
 GMT..Content-Type: application/x-pkcs7-crl..Content-Length: 649..Conn
ection: keep-alive..Set-Cookie: __cfduid=db2e335a4f7515e50183ab35504e4
a6b81429509443; expires=Tue, 19-Apr-16 05:57:23 GMT; path=/; domain=.g
lobalsign.net; HttpOnly..Expires: Wed, 15 Jul 2015 00:00:00 GMT..Last-
Modified: Mon, 23 Mar 2015 00:00:00 GMT..Cache-Control: public, max-ag
e=7408957..CF-Cache-Status: HIT..Accept-Ranges: bytes..Server: cloudfl
are-nginx..CF-RAY: 1d9e9c8405a60f63-FRA..0...0..m...0...*.H........0W1
.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....Gl
obalSign Root CA..150323000000Z..150715000000Z0..0*.........D.....1411
25000000Z0.0...U.......0*........)E.....141125000000Z0.0...U.......0*.
....... ...h..141125000000Z0.0...U.......0*........,^.....141125000000
Z0.0...U......../0-0...U......00...U.#..0...`{f.E....P/}..4....K0.
<<< skipped >>>


GET /webplayer/appshat/config.json HTTP/1.1
Accept: */*
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Cache-Control: max-age=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: application/json
Content-Length: 778
Last-Modified: Mon, 27 Jan 2014 15:16:30 GMT
Connection: close
ETag: "52e6784e-30a"
Accept-Ranges: bytes
{.."group-name": "AppsHat",.."program-name": "AppsHat",.."about-text":
 "Apps Hat\n(c) 2013 Somoto Ltd. All rights reserved\n\nTerms and Cond
itions:\nhXXp://VVV.appshat.com/eula/ahd\n\nPrivacy Policy:\nhXXp://ww
w.appshat.com/privacy/ahd",.."title-icon": "hXXp://VVV.appshat.com/ima
ges/16x16.ico",.."tray-icon": "hXXp://VVV.appshat.com/images/16x16.ico
",.."shortcut-icon": "hXXp://VVV.appshat.com/images/64x64.ico",.."unin
stall": "Apps Hat",.."url": "hXXp://VVV.appshat.com/home",.."width": 1
024,.."height": 795,.."cache": 86400,.."alwaysontop": false,.."program
-version": "2.13",.."start-on-windows": true,.."title": "Apps Hat",.."
tooltip": "Apps Hat",.."minimized": true,.."update-url" : "hXXp://VVV.
bigspeedpro.com/mirror/nerocrossrider/appshatmini/appshatmini_update.e
xe"..}....



GET /analytics.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Mon, 20 Apr 2015 05:36:02 GMT
Expires: Mon, 20 Apr 2015 07:36:02 GMT
Last-Modified: Wed, 08 Apr 2015 20:30:30 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 11178
Age: 1118
Cache-Control: public, max-age=7200
Alternate-Protocol: 80:quic,p=1
...........}{W.....|.....'.$@/....w..m.=.].$BJHR..R.......l.2.9.}...y.
.%..t...H...(...evG....X...v...&.....8.....B..=...}.;oT(E.]e&.e.;2>
..q..W..[......2....Z.2.gIp&su...2.&.,..,.Tfdn....u...N...w.<......
T.o...3.....p@..%.p.$F..........M6..,.....O..D..D.2C.O..l...xH-.T....S
.Z*..sJN&CjfB.gS.u.]PbBM.fJc8A......L....%.$ .._....Jhs,g.....(.<..
..i.f.....<[email protected]*J.0...e=.Fg...9
..b,..../.q...I.c<..v............X..*).......4.H..u.7o.U.....hI...%
../c7TR.i..,...t{"M..t.U....z=r_iou5..Q|<.S.t.~.Kn|.kno.....h..%}3.
ZH..G..<}.....W......}w....O..|...U...~...F...l.../~].n476.........
A.Nd...h......v....A........s....!.<"/..s.LQj.R...3......>.T.j .
.Fm...Z.."...z..2..m..K..4.&..E.D..H(B........vU/[email protected] t..Q....n...
V.}.V.>.......%n,B.\.f3.....{{|L......q.....N....U8.o..||......Z(.7
.?.5t.|<.w..D...5.C....C1St........6.`.7....Hh.Q...L..#;..V...o....
/...........ZA0..bu.`{...cpFch....z.....fNN3.H..t.f.z....B...P.;....)`
.....x.z............Jh:.......O.....Ls32Y.6(L......Z...R.p....g....S..
\.#.&..q<..sq!o......"i...$.pR..@....?..t9.!..#E.......AQ1q.:XhL'{.
...L.]...}..e..F.....(...CL.$....)3!.C....k...I.O.-..{.G....\.ZX*K....
.g...b.....q...z.....sq.t....L...MhZ...wZG.G....Db.:..mC."X_.tm1..[..T
.^......7B.$.TP.A_#.........K? ...}O.>...K...P..D.G...F....{...O../
....$N%.....g.j.Z.7E..3D...n."u...6M.dE}:#..?......Y.}PI.....$....pj..
f3\BR.-T.!.....c.vj..D(..q.a`Js..g......Yq. .t'.L.c.u..u..i..j..-.o.j7
T..f.5..F.4..<....K.Spt.........GK..`%*jk...H1...c......t.=.\.8
<<< skipped >>>

GET /r/collect?v=1&_v=j35&a=562580968&t=pageview&_s=1&dl=http://VVV.appshat.com/home&ul=en-us&de=utf-8&dt=Apps Hat&sd=32-bit&sr=1716x901&vp=1018x770&je=0&_u=AEAAAAAAI~&jid=455226075&cid=200198676.1429509281&tid=UA-42656881-1&_r=1&z=506450127 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Mon, 20 Apr 2015 05:54:40 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
Alternate-Protocol: 80:quic,p=1
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Mon, 20 Apr 2015 05:54:40 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..Alternate-Protocol: 80:quic,p=1..GIF89a..........
...,...........D..;..



GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=503496-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 20 Apr 2015 05:53:57 GMT
Content-Type: application/octet-stream
Content-Length: 167832
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Thu, 23 Apr 2015 05:53:57 GMT
Cache-Control: max-age=259200
Content-Range: bytes 503496-671327/671328
PARAMETER...TEARDOWN....PAUSE...PLAY....SETUP...ANNOUNCE....Refusing t
o issue an RTSP request [%s] without a session ID.....DESCRIBE....OPTI
ONS.Got invalid RTSP request: RTSPREQ_NONE..Failed writing RTP data.Ca
nnot pause RTP....Cannot write a 0 size RTP packet....Got RTSP Session
 ID Line [%s], but wanted ID [%s]...Got a blank Session ID..Unable to 
read the CSeq header: [%s]....: %ld...Got an error writing an RTP pack
[email protected].._E..0E. `E. `E.........@0E.......
......D...t.G.N............HE..$E.."E.p.G...F...F...F.................
....................................EHLO %s.HELO %s.STARTTLS....AUTH %
s.AUTH %s %s..No known authentication mechanisms supported!...HELP....
%s %s...VRFY....MAIL FROM:%s SIZE=%s....MAIL FROM:%s AUTH=%s SIZE=%s..
..MAIL FROM:%s AUTH=%s....MAIL FROM:%s....%I64d...<%s>....<&g
t;..RCPT TO:<%s>....RCPT TO:%s..QUIT....Got unexpected smtp-serv
er response: %d.STARTTLS denied. %c.STARTTLS not supported..Remote acc
ess denied: %d....Authentication cancelled....Command failed: %d..MAIL
 failed: %d.DATA....RCPT failed: %d.DATA failed: %d.........SMTPS not 
supported!....AUTH=...localhost...........Failed to alloc scratch buff
er!.SMB.....`.G.0FE..... [email protected].......
..............NT LM 0.12..curl....i386-pc-win32...?????...\\..pop.POP3
..........G..PE..VE..NE.....0VE.._E. PE. `E. `E..........OE.....n....@
..D.....G. ... ........HE..$E. \E...G...F...F...F.....................
....................n...........CAPA....STLS....USER %s.APOP %s %s
<<< skipped >>>


GET /sd?is=sm HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP001C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Content-Length: 523272
Cache-Control: private, max-age=86400
Expires: Tue, 21 Apr 2015 05:53:55 GMT
Date: Mon, 20 Apr 2015 05:53:55 GMT
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................Z....... ...0.......p....@.........
................. ......k........................................s....
......................................................................
.............p...............................text....X.......Z........
.......... ..`.rdata.......p.......^..............@[email protected].......
.....p..............@....ndata.......p...........................rsrc.
...............t..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h [email protected]...\r@._^3.
[.....L$...nD...Si.. ..VW.T.....tO.q.3.;5.nD.sB..i.. ...D.......t.G...
..t...O..t .....u...3....3...F.. ..;5.nD.r._^[...U..QQ.U.SV..i.. .
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=419580-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 20 Apr 2015 05:53:57 GMT
Content-Type: application/octet-stream
Content-Length: 251748
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Thu, 23 Apr 2015 05:53:57 GMT
Cache-Control: max-age=259200
Content-Range: bytes 419580-671327/671328
.<...Q..8...QRP.0>.... ......^]..u...4...Q..0...QRP..>....(..
....^].-rF.?rF.hrF..rF..rF..rF..rF.=sF.QrF..sF.........U..V.u.........
...Z=..............0.....4...^]..U...E..M..U.............].......U...E
..M..U.............].......U...U...|!.M.....r..E.......@............].
.E............................]......U...U...|!.M.....r..E....... ....
........]..E............................]......U.........T.H.3..E..E.S
VW.8..............3...t.....x.....d.....h.....l.....p.....\.....`.....
T.....X.....P.......;...U. .4......U..E. .0....E..5P.G..E............`
........E..U........z....................M..U..m.... .................
.......z....................E..M..m....................9.......j....M.
..P.............9M.|....U.;U.v..E..M....E....P....E....T..............
.......................}...I.........|..........U....E......E.........
.......M.RPQV..:........E...u.......u....P....M. ..P......T......T....
.|....].x-..=7.A.v$..|....E..5H.H.....................^j.h....SP.Z*...
......RPSQ..................2........................;.|...;.w........
................................tk............R......Q......R......Q..
....R......Q......R......QR......$..t.h4.H.W..=....._..^[.M.3........]
.........t].............. .\$........\$........\$.........$Q......$..t
.h4.H.W.u=....._..^[.M.3........]...P............xF................t.Q
P..0...h..H.P..........0...h`.H.Q........................ ............
....................................PQVS.......\.....`.....|[.....'..v
.j.jdVS.....R......P.......#..|2....t,............j.jdQR.2(..VSRP.
<<< skipped >>>


GET /downloader/network_saymediagroupapnx_1/flvplayerzief/4dfa5bcd08236142b5420a1deefa56ef?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=4dfa5bcd08236142b5420a1deefa56ef&muid=AD2252CE007468623BD139B0ADEC3423 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:49 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Encoding: gzip
600a...............~.F....<..N.....Nw.2........I..... .....KD...g.O
v....B..e;...L[.P.*.r......N.....q........,N..W.qg.-.Fr...."....._.y0O
f......`.}\....c...};=.4mD.............".....T...w..y:.../.Y.9<.O.,
...y..o\.....^..g..W.s1./N..,9...?..Ev2......r1...,=Yd.........zM&.d1.
...a.-f./.~......P....O..A6.G.??...|:X|.g..|..F.}....7..X......z...f.W
....S....".N..e0?./.n..Y.)......&k.'..../G#<..N..>v.t`>.d.O:.
~@..(2..\f'.{.....<.a.......t..d.....-&..8..x.....t9.a0..R......4..
...-p1.....I?..\d....>K.....d:...<9...l....e......Q.../.y..."9..
..(hk..{'.QO..E<...}r.....x....l3s.4..>...'.$.-S,...n...ef..N...
.>,.w.jg.$.bl3<.....j.'..d0...I:.0.M..$..'..'~8..V.M......2{.9..
....l..3.^....k.u\Z...S.F............V..}t.$..Of...d.p.....s.Yb.f)._..
.. -.t2.g.N.Fu..u.uZ)P..YJ...V,.0.e.{.............h..t...b..%b...W.p..
...=..#7.'...M...d>...c.v...........:.........o..gY?Mv....z.`f...1.
}..............Z....NK........|...p:.3.s.....@G. *.C..i<.....[_W...
..jk.C... ....._^|...}...}....~.......k..~...............Z........{M..
.........|..n..[_9...r9......r. ..v..n.^.k.w.......]......B,..p.vg.5.r
:....".<...y6. .r.aBD..?.....^..........>|....Se ....8w..zeJ..R)
s.t..#.>.5..p/./[email protected].. K."x.u.
..(..........4.{......RY.{..I:.l2\....Y.2.4Ss#....dk......8.R...K.....
....... {..akC......y}q..;.....q.*L...V........C...By4..f.......kI....
.....7AR.9.......bR....;.............#.%..q.2~6.....ol.R...kx>...U.
...J...z..5I.u ...#.A.U.....S]c...EI/...k../J.6.vQ.UH......t...kk.
<<< skipped >>>

GET /installer/ajax-bidl?offers[youtubeaccelerator][exec_args]=/S /MAG=smtyc &offers[youtubeaccelerator][offer_indexes][slot_number]=1&offers[youtubeaccelerator][offer_indexes][index_in_screen]=1&offers[youtubeaccelerator][offer_indexes][index_in_session]=1&offers[swiftrecord][exec_args]=/np 1 /is smp1ua &offers[swiftrecord][offer_indexes][slot_number]=2&offers[swiftrecord][offer_indexes][index_in_screen]=1&offers[swiftrecord][offer_indexes][index_in_session]=2&offers[istartsurf][exec_args]=-silence -ptid=smt &offers[istartsurf][offer_indexes][slot_number]=3&offers[istartsurf][offer_indexes][index_in_screen]=1&offers[istartsurf][offer_indexes][index_in_session]=3&offers[appshat_madness][exec_args]=/S /affid=appshatmadness /bi_sponsored_sub_process /run_bi&offers[appshat_madness][offer_indexes][slot_number]=4&offers[appshat_madness][offer_indexes][index_in_screen]=1&offers[appshat_madness][offer_indexes][index_in_session]=4&uid_orig=226e81ab89188549baf0d586a6bc816b&uid=4dfa5bcd08236142b5420a1deefa56ef&tokyo_csrf_key=f0f823c7f8f0bdf7ff04422eebdc0b84&tokyo_csrf_timestamp=1429509229&ffInstalled=false&dfz=false&affid=network_saymediagroupapnx_1&sid=flvplayerzief&country=UA&hostBrowser=ff&unique_id=6d203980cf5a21ffee449394f4bf280e HTTP/1.1


x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://bi.bisrv.
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:50 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Encoding: gzip
535.............Xmo.8.. .?.Im'i.....n....kw....l.....I.....?.V...rs.. 
P$.D.....u.f<..N....L..K..A1#........\.......B1..%....qnnL9....4.Fg
...).....J3%...0.~.f...0..0../.H....|...u.4....`8.!.H".f..;._:....._kQ
..............)....=t)...R..4.H.....w..\.J.V....:...7...... ......'?..
...%.q..=...D....ZVA..'A.%<w5...q......).qm.r....../,..&..B........
..S..|......?..K).[I.v_....(MJ..v..c..90AzK.rk.|..].m....k!..{........
..I........m....(AW.g.O.;.e.....(IAMV]s.......R .?.%..{a3..o~...(.....
p<...H...O>\....K....3.3Z.1...`.9.....0U........._.......:..}.Q.
...,ClL...T......{...Z.l...l4....F$.s...4..........%.N.....QL..&..F..g
FA"....G.....B.].r..Y...T...Z;..YL.:..k.......x.......p.... .3....|5..
d...ri...eN@~@i...}..reT...c...h.......H6...../.b.n[8r.'.b7c.....t....
d'...d...D..........Z......D_,...Wy.......&....Ls....w....q..id.".....
%..s$|..!x."....e.......[D.lj.#....Z..Hn.....-.^..I ..p....c.i........
.Ca....\..p.....d3p... $6...;....2V....T2w.x9X\..../.BT..~..<.qV.:F
:o.L.R.V..a..v.u6.%Q}.R.a.X.k]F.Y.......x....PR..oi.-a.:..x..,=....x#.
....y..M....N.H.Z.p<....%~t.....k.sV.Cp......T.......YY.93Q.RA}..w=
._....8........{*.q.Y....v....j.....=.V.....:i.8...@....|.`Y.(m.....1.
Z=}.G%...8.*...G=.<..`8.........5.os.l.Mt.t.O...0.....H.{.>i.<
;5M ....;$q....z..$j.%{.....i.B.r,H..u..y...".. j......Q..'i2...?.A...
..4..&.B.....(...;.............B.....0..
<<< skipped >>>


GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=142780-
User-Agent: Better Installer(Mozilla)
Host: d1z9ocnzqrnjt0.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 142778
Connection: keep-alive
Date: Sun, 19 Apr 2015 05:23:12 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 142780-285557/285558
Age: 1722
X-Cache: Hit from cloudfront
Via: 1.1 0eac6f4cd808ad19eeecf0b9c481ec2d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 9jE2YxnXBU7bkDtvXDh3xBr0PqqiXrjYEKiil_CBPDu7JCWOntmLmw==
..<......O.. ..o...U ...h..y.O..X..C............2.[..,..."m...~b...
.......V:...!.......;n .f.P..i?.|...B..w..?5w{...z9.].8*..3..(x...z/E_
...oz...#.".2:...z-.&ng...&y.......H|.q$...Y.....G..M..E.*N...&..z...U
.`....t.?T5.m..<.<...BK..nY_#[....YI?.4...!h.Y..>.....c.M....
F..j..Ht7.gN...z..(..l..\u.~...].Ub...M!..<{.P.M.MM.ne?..<.:....
O.,=.h.....Z.b.........Y....R.s.e.I).i..fpk.j.O0........].2|.0.C``....
...m_z.=W..^...C:............Q...xbR.....t...eF.V.....aR..2o..w.>..
r!U......Xs%.Wm.&.LbX0{.P........@..\w.......>.../.bW........X....^
e8......Lq...[.3a...n*..........2..!c_ .......{...Z.lf...z..o...~*..l.
...G..2.w.8.#.*........DH..-df.][email protected]...'k.... ....m.
=....X..J........e.... .R.7.........!..\..C..G/./..y..*=.......,..V..r
...%-..]......mlD ..P.>..];X...{......%.=5....c..u..o...O.#....)..}
.Q....Vi.f.Yg.Y.C$..(b.........~L<.../oG.}..fa.0.H.....:.c..[7au..G
..Y.*.....(N...._E}%..V9. .... .Nr.lvi....1.&.i...1.~.....V...J..=v&..
T.*.'...X.V.f.Za2......|Z....?...h..I,..,?..7.0.....}.w....../......C.
...).6tr*.....B}HM ./........Rf....b>X.;.4.UV...m3.0.V>.~.P....S
.....o..../.Xk.j......jd(7[...v.!S.r7JZ. .x.o....8.i...4..D.~....../..
..F^j........C.,..b.N.T1.....>...!..b..u....OfE..QR~Fe:...Z.....H.o
.*..5w.....l4%....6........,w.|.A-..<l6.e....'...1S3...C....\.._.I.
........ ....~h%.....<LEZ.).g..ma..Q*..=2w...Z...Xx..N.I..\....%.=.
.9z...B...oX}.s...F.....^.O..-..4......k..9.%F.Kn...yd..r,=.[..[. .P]a
...~...8.3..,\.t.XM..%...;..w.d..'...Q..D.zMg6SWc.....A..k .W.$...
<<< skipped >>>


GET /sd?is=sm HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP001C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Tue, 21 Apr 2015 05:53:56 GMT
Date: Mon, 20 Apr 2015 05:53:56 GMT
Content-Range: bytes 0-523271/523272
Content-Length: 523272
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................Z....... ...0.......p....@.........
................. ......k........................................s....
......................................................................
.............p...............................text....X.......Z........
.......... ..`.rdata.......p.......^..............@[email protected].......
.....p..............@....ndata.......p...........................rsrc.
...............t..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
..........



GET /pinger?event_type=offer_accepted&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=3&index_in_screen=1&index_in_session=3&0.42232040220655387 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmc=1; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:37 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:37 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Tue, 14 Apr 2015 05:02:07 GMT
Accept-Ranges: bytes
ETag: "2711f7277076d01:0"
Server: Microsoft-IIS/8.5
VTag: 438486457400000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Mon, 20 Apr 2015 05:57:34 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Si
gning PCA..150413163223Z..150713045223Z.a0_0...U.#..0..........X..7.3.
..L...0... .....7.........0...U......Z0... .....7......150712164223Z0.
..*.H.............WK....e.\.-.n......./......."]..E!.. //=...[....w...
 ..........#...[.l.J..f|..... .s......w...J._.......3.[..#.z....ko.I..
Q{....e.nV......F..d}..rF\H.jlH]dQ.E....x......W............j....&L. 2
.$.?...X?.#.(.....pK.v.......y..r....t......=.AW......K.G.gJD.b...



GET /sd?is=sm HTTP/1.1
Range: bytes=457863-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP001C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Tue, 21 Apr 2015 05:53:56 GMT
Date: Mon, 20 Apr 2015 05:53:56 GMT
Content-Range: bytes 457863-523271/523272
Content-Length: 65409
Connection: keep-alive
[email protected].............%...a...A*..P..=>(..;.....v..@
j....|)[email protected]%..=(..$.9.lP..n.4...S......!0.....<...9.T.5-.:.
L.=.E...........W.4r.lk..c...'.P~..............D.-k.q.=co$.0....\L..&_
&z.].HN....)7..|.[.Q;.Aa<.....0]....K.....g`x..Pw...L!!.........fR.
Dht_H....X...h..n.....~.n.... v,[email protected].:../..Q.'
......AD...^...'.....If.X........u..g.....D.1aW.w....3..J9....VQ5.].. 
A.?...t......>N.V.u.Q.....}..dT<b.*..s.t..W.1(......; ..!...^Q.l
...P....ZC....iLU....o4..<..8.ld...\O..........o.|...J.........KB$.
.|n.x...~...'}....Y.v..`~..^..~z.TU..T.......=p~..W.,..K...d........lb
O#R.`.3y.m...6..o..."2C[.X[q.....ws.x..^...[..L(..5'.g.T.x....Q./!u.8.
.......*...g..~....).FY...Y.F.M..G.By......r.eE..dI..b. ..>C.....aS
I......"X..1.......L..7.1..Jj.E.D..........m.C..../o.n...[.I.v..SP....
e......'Bxn..H...dp.O....#:..{..?..^....O.. ....MD...D'N.*.....6.M..R.
P.a.............d..;...h4T.....(./BsjpD.......hH0..,.2.B..5...!.M.. 1.
...B.@...'.E..x~....f..N..=!.1....:.J....gj....C.._. G".......o.Q9.O..
#.u........T.....(...W#.(.CIt=...*.>dn*..n.b.."............[..=.,$.
\..R..`k(%...q.|l..M../.0(..L#9....F.Z.G<...W`.X.H\.e.;.....j.M....
..........q..H........S..`..e|)[email protected].?.>.\..i;...0.....
G......./...V.V. .j.w|....X.>r....ifZ.X...g.../sU2..p6.$....R......
..,.....X..!S~.Wq..u...^.......*>..(.d....e..|I....nx...W....C2*..)
.j;{Y..mw*BW.....nu.. F...(......3wXt.g.zL..*.l...O@ze......'.4...A..1
!........Y....V..G5s.p.9...\[email protected]\U......'@1...L.e.tq...
<<< skipped >>>


GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=71389-142779
User-Agent: Better Installer(Mozilla)
Host: d1z9ocnzqrnjt0.cloudfront.net
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 71391
Connection: keep-alive
Date: Sun, 19 Apr 2015 05:23:12 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 71389-142779/285558
Age: 1722
X-Cache: Hit from cloudfront
Via: 1.1 7f7973dbad51e74b2ad2ed854cd62fbf.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 9Pq1Uz6LXVSZjv-4xhk1Ujyze6-vcj_Jla9A2050AtOGAaO8R-3VIQ==
...IK.#.ikv7..=....\z....if.J^.;,5!.._...MR..w.OX..&.....p:.........5.
L.iT.L.O.....7D.]b..........3.. 2=v.a.....^k....xp .`..y.1>...A.Q!.
.._.J.D.......j..].8v....>.P.\ei%..OU[.V.p.*ky..E*.D0).-l.B.....*..
aG.b^..T.yqu8.Np.'.Z&V`..-..2l..Bu.l ........4X.U..9p..}E|..J...".m..:
[email protected]$h...8D.s"..]......3.. .$..H.Sf.z.....q.Ke.....b......
.IO[[email protected].....].<.........g.mG
..as..ez|.C.......=p.^U|.`s6.).\).]........2j.....N....a...i\.m.<..
....8......z....=....i.s.2...r...n.=h.D".O.MN..a.S..f. .S.i....N>.O
;...>..4%.{.L....... m.....%.Hw.U<...."...ns.Z....).)`o:....O...
.0..SDt..|V.G...iU.d P..x..{`i[.X.Uh..@..`C...;6.\..y.]-W.... ...G9`.%
i~.G.......r#`...`...G....Z..KQA~'vL2XAM..(o......jU.....3........7...
[email protected].`....u...G......H.N.|..;#..G.n]J.Kx......t.i
f.8u.^....L..L..;..# 6...p ...........U..KU%....F...>....L.sZ.Cm.!.
.cllj...&.:......p..y.....ds_.....W..t2.,.I...Z..c.T?/&O...8..q..<:
Cp.....7&.D7.....e,2.)..G..FP.l. .N....(......I.......4&...8.1;...M...
=.2..%;.V).>[email protected].!..GHUZ.nnh..........n#.....F.v.S...
Zy.m..........;..k...3..(. .k.............,H.D.L.....K...`[.. C..7X.uq
.zV.t...m..`..H.....s.e..R.7...4.F..`.b!..N.pY...=%K...s.Tt*9.rR..A...
.xt.hR.k..25...=`...7.........&=....vK.A...4.d7y.....(....7.(..l.k...h
.C.w|..yP..#...lNI..\8....c...I&.h.[.=p... ...._......).;.>"@.....@
.n@..)...,....80.W......kh..z8.......W3S..E...3..H....^.t.L.\........3
G..b.....!.^....U......d..k.X...84P..%V........O._.rg.7.g..`G4.$u.
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=803956-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 482373
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 05 Apr 2015 12:15:49 GMT
Content-Range: bytes 803956-1286328/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 9a1a4611d27801314004f312097d7f2c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: obU70R1J3Aww58V0hE1Y0wn-lVOC8fa_pw9RpOGZUxJUaZel3rxiHQ==
.P........}..X..).....h,*S...iN. ..%.-W...#..;..'dI7.K..M....'.N.?(L..
#5.....L..f..b.Y....!......JP..{O....f.. L%btTB...bo...iN..iI..Su.....
..Y}>..s"..i mh....@._U].....G.>..9.^..`...."!......i(...s.&..g.
...7.p7.Q......H..^...@i6....|.,.".5`T;r$.;....K............>UX(...
N.X..,[email protected]=..J.a...w.'.{\A>.&...*....y\.GY..&.."r..y......
....!2.^..7..cE...'[....a)..wC..2.3....6t..u..1...6x.A.............2!.
W....Y;.N........v..a..f.x{f\O'LM....../=.....s..hXKE......;~t...P.=..
...|W.7........,..wC..m_...........w.......!..{Z.b..fu.pE.T&...eP".. 5
..4\J]........5V..........L..WyS...._....b.....4..u.czY..I...1..t.G.U.
....d}.moe)..Q...6X....X..ia...1....8`.n..O....-..."./^....QDW..P.....
.w.......w.Y^..[...2/q.s/i.....N..#.....fa....P.....r..%m.m.m.B...\k..
.p.j.g8t.....7./..vG........P.m.L.....?.<g....P....#'... ..D..7|n..
..#[.3.U..}....D...=..?. e.`...;p.. i..........<..wC._.51........Q.
"Ar....&.e......W....u6"...]..I.9.6...r....m. 9n...v."...*.X."..25...6
..-0..&3.I..&y6>.{.}m/[email protected]..
..8,{'L.bv..V:...V%[email protected]........!=Z...o...'. ....\..2%_$.B{.D.H.
...._.dD.....=Q..:z...Z.}RJF.o.W(.X!...<...].7.;9R....];=....GH..Fm
....A:'} .1........)...vJ...$7.;). 1..y......"v>.bF:.-50;#....,..9.
q..........iN...4.6uJj....F ..a.d...1..re........_.\p..m.ZX..9...t.[..
.D..`y.......p.kg.4....q1......U..W.:..>...<P....r..B. C.<).~
....K9..,.y... .. 4........~.0@>.BM...$hh...:7...P}0.A*TC...N..Ch..
O.T.L..U.n..B..@{.,*n..}N..fi..~..6..}C.Hg.......p.;.ZS.W.i..0...:
<<< skipped >>>


GET /sd?is=sm HTTP/1.1
Range: bytes=392454-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP001C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Tue, 21 Apr 2015 05:53:56 GMT
Date: Mon, 20 Apr 2015 05:53:56 GMT
Content-Range: bytes 392454-523271/523272
Content-Length: 130818
Connection: keep-alive
...l..:B\k..I.V#...B.............. !...z. 3).5.9..........y..{.u;U};.*
..?.g........ ..B.7XE.N(...#{...qLc...<.....r.J...9.........e....`.
2.........|.I}6...%....F....4....[9....... (.....C..G~...Y0gs-.a..3..j
..M..8. M ...78^c.x&W.20..."s..zL....w..hKI..)p.....{..G.c..h..7... W.
..:.:zcJx.k;.i.}.........vE:..\...7.5...........28.w....F"....f..s..M.
[email protected]..{..U$.&.XQ.........t...Y.3......08$.F.....u0C......
.Z.9.4ZPb.XB}.IPKm..y{j..=S..Ly.<[.VW.7^S.R l.....$Y3-.=b...*c&..8.
C.IP.O..../....b.....&<p..=.\G..3.r..,.>GIo.....7.q`bie.L...S1._
..ZhG.J8E........U..Q.$...z.-!...FGh./Q[1...'..f...[H.Z...0.H...Qv...Q
[email protected]..#.3i...p.....GH.....$........xr..'Zs... Ni.M..e....Gg_g\.....H
P.y.-..a....R?N.7'.z....W$....7..5O.....H..`.Y....g.._cCzz..wS.s......
..Oa...p.k...h1.........g.C...X]/.*.fG...<.%......j".F.M....p..w..-
."#.(..)...6.y.=h......P..J.,|.p....(.9y...|[email protected],.*...
....N..W/.Y..H.ED.....UT.<...K."._1......\j......)r.....\.s.......v
.v..m..i.n<.l.s..7^<!....,..)..\.?..... .r...IW.0..HQ4?....K;Di.
|...2.....[h.#]...*.......M.&.....C.;..u....N..Y.SV.....0.(...1KBA70..
T...FyP....L.UiO?.,H^.c....E1....a.Z....v$.75.(..(..F...............,w
lB[.~...S.?{<./5.i..;.....T.W..F....|5u.%{.I#7r..Y)F..L.wW.....DQ.X
0X..........,..v.....]..[j......S.5..."...V"^..9......&.9..\........{.
.!0.Z.(Yqfx.....%..T...I^.M<...P.. ^..q. -s..(..m.........ss.......
.....o......)z...rR3.t..QG .T.A...AjK......9...Ca.Ej.L...BB.gK.a..2...
.....)T.............((..A.....&.H5........y> ..v..G......S...H.
<<< skipped >>>


GET /downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:50 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Encoding: gzip
600a...............~.F....<..N.....Nw.2........I..... .....KD...g.O
v....B..e;...L[.P.*.r......N.....q........,N..W.qg.-.Fr...."....._.y0O
f......`.}\....c...};=.4mD.............".....T...w..y:.../.Y.9<.O.,
...y..o\.....^..g..W.s1./N..,9...?..Ev2......r1...,=Yd.........zM&.d1.
...a.-f./.~......P....O..A6.G.??...|:X|.g..|..F.}....7..X......z...f.W
....S....".N..e0?./.n..Y.)......&k.'..../G#<..N..>v.t`>.d.O:.
~@..(2..\f'.{.....<.a.......t..d.....-&..8..x.....t9.a0..R......4..
...-p1.....I?..\d....>K.....d:...<9...l....e......Q.../.y..."9..
..(hk..{'.QO..E<...}r.....x....l3s.4..>...'.$.-S,...n...ef..N...
.>,.w.jg.$.bl3<.....j.'..d0...I:.0.M..$..'..'~8..V.M......2{.9..
....l..3.^....k.u\Z...S.F............V..}t.$..Of...d.p.....s.Yb.f)._..
.. -.t2.g.N.Fu..u.uZ)P..YJ...V,.0.e.{.............h..t...b..%b...W.p..
...=..#7.'...M...d>...c.v..A......I:.._.{..._.......[....p..w0.....
...?|....../8...5.......9../<.....t.g|.2......VATn..-.x..u.......u.
o......RW|.c.....>j...o.........c.W..............._.......... .k...
.k.ws.[..{M....<...r~o}.r........W~.......n.~.......{..{7..?.X.....
..k..t..=KEJy0...l.@..<..........C....3.....?}.<8....@.}.-q.....
....R.~..1F.}<k...^._.........8..I.r.-...e.........1n...........W..
E.z..-$Q..'./.A'h.i......Y...h. ..tF.d.8=h...e>h..F.e-......'..q...
...`...=...>..'W.........?.y...4.wj?.....U.,g3..;.:,..a..qM..h.-.Te
3Si.U..~..k).7..o...s.....0...z ..w.....).!..y./F.K....d.l.6.....&.x..
..|.F...k.3..7..<.k.x.V..YG .2...og.....Q?..^.t1.~._.^mn.....2.
<<< skipped >>>

GET /installer/ajax-bidl?offers[youtubeaccelerator][exec_args]=/S /MAG=smtyc &offers[youtubeaccelerator][offer_indexes][slot_number]=1&offers[youtubeaccelerator][offer_indexes][index_in_screen]=1&offers[youtubeaccelerator][offer_indexes][index_in_session]=1&offers[swiftrecord][exec_args]=/np 1 /is smp1ua &offers[swiftrecord][offer_indexes][slot_number]=2&offers[swiftrecord][offer_indexes][index_in_screen]=1&offers[swiftrecord][offer_indexes][index_in_session]=2&offers[istartsurf][exec_args]=-silence -ptid=smt &offers[istartsurf][offer_indexes][slot_number]=3&offers[istartsurf][offer_indexes][index_in_screen]=1&offers[istartsurf][offer_indexes][index_in_session]=3&offers[appshat_madness][exec_args]=/S /affid=appshatmadness /bi_sponsored_sub_process &offers[appshat_madness][offer_indexes][slot_number]=4&offers[appshat_madness][offer_indexes][index_in_screen]=1&offers[appshat_madness][offer_indexes][index_in_session]=4&uid_orig=226e81ab89188549baf0d586a6bc816b&uid=e1b82b8d0881034aa57a76140e007cf2&tokyo_csrf_key=0fe0a9dfbcdf77f1a5e7c4c01423235f&tokyo_csrf_timestamp=1429509230&ffInstalled=false&dfz=false&affid=network_saymediagroupapnx_1&sid=flvplayerzief&country=UA&hostBrowser=ff&unique_id=6d203980cf5a21ffee449394f4bf280e HTTP/1.1


x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://bi.bisrv.com/downl
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:51 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Encoding: gzip
531.............Xmo.8.. .?.Im'i.....n....kw....l.....I.....?.V...rs...
0,.D.....}.f<..N....L..K..A1#.Iy.Nv-y.`....Y]..s....J..67..L..~.H.3
....j.KrY.......i.`.i.i..].....H....|...m.4....`8B..$.S34.../.i.......
..\h.r....i...S..eIg.R.-...ViP.,.....$c...X. ;..t...ox...1.w..1...Nqr.
 ..K....{n)...9$7.....N..jx.j.c......k.S0.........._X^.O......%...../.
.....W.g..../..o%...`../.4........R....-E..#...p..QBB!..l..=.Z8..Z. L&
M..7..x.....n..C...>=...aGO/x.$%5yu.E*..~.WJ.0.4.H...V....z..Q...5 
.x.- ..E..|.z!.".,.*.g.g..c>.7.^w....ia.~..w...9..H#.K...u5`.&..s..
Y...0.3.....G..B......;1.h....f$.s...4........^.-.N....C).~..~..z.3. .
.Q....l....y....@...$.=3....D...N......n3<9.j6.t|.7\;.(........_M.7
....\.j.f........h_..B.U ..X......'.>?/...{....................?..C
/<........:1..0et..u..D.R....U....7.*.y..3.....\..e..rs..z9.>..#
..S$..!..D1.../.6..Rd\.5...5...Y.E....9Rn....<..V..|z.......b|..M!.
9.....n{.H...*.D.<....s..0G%..S,.X!.......sR.X..G.S.....`su..{...Q.
7..y...g..c..V.. ul'..V.`..../..#......].2*....%N%u.........}K.m..6...
.}d.A=t....6..H...6I(..;. .....`.ln....ds...]..I....ox0.S#.f..k.fe...D
.K..a ..X...3Tp^1"..'...T&.......... %../...g..8..i.u..p.';.:89....e..
.... ..<j..U....Z.0,.....x..vXo;........=..;.3>.r<.}.<.G..
.]....4,..~......O<......A...`.R......c#R......%~!.*.....(...gc6...
i...%A..&c.....on .^....t'. 8.............:.....0......
<<< skipped >>>

GET /pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=1&index_in_screen=1&index_in_session=1&0.00898924775765847 HTTP/1.1


Accept: */*
Referer: hXXp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:51 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:51 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /install.gif?bundle=istartsurf&ptid=smt&uid=267123711_198339_B48A115F HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: log.very911.com


HTTP/1.1 404 Not Found
Server: Tengine/1.2.2
Date: Mon, 20 Apr 2015 05:54:10 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 668
Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>
..<head><title>404 Not Found</title></head>..&
lt;body bgcolor="white">..<h1>404 Not Found</h1>..<p
>The requested URL was not found on this server. Sorry for the inco
nvenience.<br/>..Please report this message and include the foll
owing information to us.<br/>..Thank you very much!</p>..&
lt;table>..<tr>..<td>URL:</td>..<td>hXXp://
log.very911.com:8080/install.gif?bundle=istartsurf&ptid=smt&ui
d=267123711_198339_B48A115F</td>..</tr>..<tr>..<t
d>Server:</td>..<td>us-pub00.v9.com</td>..</tr
>..<tr>..<td>Date:</td>..<td>2015/04/20 00:
54:10</td>..</tr>..</table>..<hr/>Powered by T
engine/1.2.2..</body>..</html>..HTTP/1.1 404 Not Found..Se
rver: Tengine/1.2.2..Date: Mon, 20 Apr 2015 05:54:10 GMT..Content-Type
: text/html; charset=utf-8..Content-Length: 668..Connection: keep-aliv
e..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html&
gt;..<head><title>404 Not Found</title></head>
..<body bgcolor="white">..<h1>404 Not Found</h1>..&l
t;p>The requested URL was not found on this server. Sorry for the i
nconvenience.<br/>..Please report this message and include the f
ollowing information to us.<br/>..Thank you very much!</p>
..<table>..<tr>..<td>URL:</td>..<td>
<<< skipped >>>


GET /Fan/rebirth?uid=267123711_198339_B48A115F&ptid=smt&ver=4.0.1.1716&dname=istartsurf HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: up.soft365.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14p1
Content-Encoding: gzip
14........................0..HTTP/1.1 200 OK..Server: nginx..Date: Mon
, 20 Apr 2015 05:54:25 GMT..Content-Type: text/html; charset=UTF-8..Tr
ansfer-Encoding: chunked..Connection: keep-alive..Vary: Accept-Encodin
g..X-Powered-By: PHP/5.2.14p1..Content-Encoding: gzip..14.............
...........0..



GET /ga.js HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Mon, 20 Apr 2015 03:54:47 GMT
Expires: Mon, 20 Apr 2015 05:54:47 GMT
Last-Modified: Wed, 08 Apr 2015 20:30:30 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 16075
Cache-Control: public, max-age=7200
Age: 7083
Alternate-Protocol: 80:quic,p=1
...........}.W........_/.>.!aj..f....--....Y.!MHB.0....o..-'.......
{K..y.....d.Wig.....r.H.P.. ............"..a?..;..P2...C.R.&..e....o.e
x"...e.....[..C.K...G:....de...d.F.,..|.=..Fn..9..//5$X...Co..=..'z2..
.`0..%[email protected]...#.^a.......Kh.'.C.....I.]......tp..:.sO...x..
.8...t0<....\b;=. .z.e>.1..#.v.j......<q...#[email protected]...}H1.C..
.R.5...z..XWb.2.t.......B.....[(i.....P...x.....9.nM...."...^.....c.. 
R......t...Z..q.hl......;.c.....9.@g_.(..n.hO....|......t`.|.)H..Z....
.l..f .j......J...%._.KN......Tf..g.^.b....r.I..z...UK.\^^.m....}..DA/
.......g.A........0.........".c0.....$~I....D#......{...}.=..j...m....
@.....k.?$....J..Q......}.g......~...6.l<]..x...d?.\...w.3].._.X@..
|....}.C..$0.|.53...Q.8.....i.0=Vr.h.........<.a>.....4.:...ttg.
.....f....'.T.`=..........a...oB...Q.q......3N5 ..<....R....4......
....K..I.i#..C..$#i....`Ja..:..z.*...O...?..41.!.w}......T............
.........y..pE^r..n....A..............q..`.i>;........ .).......m..
P61I.jK.nG..Vj......9.....2....Tv. ^. ........OZ....U.9399].).,.p..\..
\YW..j3..H%...........e.c.....[[email protected].=...R...
.]....xz.`.<..7........r1..87.....7.iL}u..Yu;T. X..d.GT L Uy.....q}
......./...=. ..<#u%..4h...mZJ......p.m...,,<..4.,o$..E.a&.-qy9Z
^6i-,@...".6.7.......-f;.`..f.2...?./.S<[email protected].%.|.
.:.J5.Vy...........%5....... ..g.*..v..".......K..e0....H.....n..6a...
q..I..8..:.q1`......Z*'[email protected]... X.1.....
.B.km._.Uzr..2.D..2..n..}8.wu.O....38..}5.c.`.. ....`...MC.....#A[
<<< skipped >>>

GET /r/__utm.gif?utmwv=5.6.4&utms=1&utmn=2049705111&utmhn=bi.bisrv.com&utmhid=619721783&utmr=-&utmp=Installer_Init&utmht=1429509221563&utmac=UA-31676879-1&utmcc=__utma=1.1939043997.1429509222.1429509222.1429509222.1;+__utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=2074943951&utmredir=1&utmu=qhCAAAAAAAABAAAAAAAAAAAE~ HTTP/1.1


Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Mon, 20 Apr 2015 05:52:50 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
Alternate-Protocol: 80:quic,p=1
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Mon, 20 Apr 2015 05:52:50 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..Alternate-Protocol: 80:quic,p=1..GIF89a..........
...,...........D..;..



GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: d1z9ocnzqrnjt0.cloudfront.net
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 285558
Connection: keep-alive
Date: Sun, 19 Apr 2015 05:23:12 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 0-285557/285558
Age: 1722
X-Cache: Hit from cloudfront
Via: 1.1 9a1a4611d27801314004f312097d7f2c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: K0yMrxU92MKUApTSuzn4r92_lW95q2W5AdHRRJqv3nZld9svdvufdw==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................................................................s.
......@...............................................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
[email protected]..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>


GET /v4/sof-ient/267123711_198339_B48A115F?action0=xa.geoip&action2=visit&update0=ref,smt&update1=nation,us&update2=language,en&update3=version,2.8.8.2102&update4=chptid,smt HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 20 Apr 2015 05:54:24 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.64 ms","message":"store 3 action and 5 upd
ate "}..0......


GET /v4/sof-ient/267123711_198339_B48A115F?action1=install.smt HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 20 Apr 2015 05:54:25 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
49..{"stats":"ok","time":"59.11 ms","message":"store 1 action and 0 up
date "}..0..



GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=71390-
User-Agent: Better Installer(Mozilla)
Host: d1z9ocnzqrnjt0.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 214168
Connection: keep-alive
Date: Sun, 19 Apr 2015 05:23:12 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 71390-285557/285558
Age: 1722
X-Cache: Hit from cloudfront
Via: 1.1 9a1a4611d27801314004f312097d7f2c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: u1ulFXJ_dlbl_d6U5_UiOL2xrH4iqphMytx_xZ2Gvy2W9owYXLcIzw==
..IK.#.ikv7..=....\z....if.J^.;,5!.._...MR..w.OX..&.....p:.........5.L
.iT.L.O.....7D.]b..........3.. 2=v.a.....^k....xp .`..y.1>...A.Q!..
._.J.D.......j..].8v....>.P.\ei%..OU[.V.p.*ky..E*.D0).-l.B.....*..a
G.b^..T.yqu8.Np.'.Z&V`..-..2l..Bu.l ........4X.U..9p..}E|..J...".m..:.
[email protected]$h...8D.s"..]......3.. .$..H.Sf.z.....q.Ke.....b.......
IO[[email protected].....].<.........g.mG.
.as..ez|.C.......=p.^U|.`s6.).\).]........2j.....N....a...i\.m.<...
...8......z....=....i.s.2...r...n.=h.D".O.MN..a.S..f. .S.i....N>.O;
...>..4%.{.L....... m.....%.Hw.U<...."...ns.Z....).)`o:....O....
0..SDt..|V.G...iU.d P..x..{`i[.X.Uh..@..`C...;6.\..y.]-W.... ...G9`.%i
~.G.......r#`...`...G....Z..KQA~'vL2XAM..(o......jU.....3........7...o
[email protected].`....u...G......H.N.|..;#..G.n]J.Kx......t.if
.8u.^....L..L..;..# 6...p ...........U..KU%....F...>....L.sZ.Cm.!..
cllj...&.:......p..y.....ds_.....W..t2.,.I...Z..c.T?/&O...8..q..<:C
p.....7&.D7.....e,2.)..G..FP.l. .N....(......I.......4&...8.1;...M...=
.2..%;.V).>[email protected].!..GHUZ.nnh..........n#.....F.v.S...Z
y.m..........;..k...3..(. .k.............,H.D.L.....K...`[.. C..7X.uq.
zV.t...m..`..H.....s.e..R.7...4.F..`.b!..N.pY...=%K...s.Tt*9.rR..A....
xt.hR.k..25...=`...7.........&=....vK.A...4.d7y.....(....7.(..l.k...h.
C.w|..yP..#...lNI..\8....c...I&.h.[.=p... ...._......).;.>"@.....@.
n@..)...,....80.W......kh..z8.......W3S..E...3..H....^.t.L.\........3G
..b.....!.^....U......d..k.X...84P..%V........O._.rg.7.g..`G4.$u.x
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache



......................................................................
........................................U....\.}..t .}.F.E.u..H.....6B
[email protected]@..e...E..E.P.u....r@..}.
[email protected]... M.......M....3.....FQ.....NU..M.........
[email protected]@..u....
E..9}[email protected].}.j.W.E......E.......@[email protected]@.
.u..5<[email protected] [email protected]...\r@._^3.[
.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G....
.t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i........7
B.3...W.M..M..F...t.9M.t.$.B.F.;..7B.sD..i......|...B......t.j.R......
....u([email protected].;..7B...r.3._^[.....}..t..}[email protected]....
....N....L$...7B.V3... s495.7B.v,.P.W....u.3.G...z.t.....$...F......;5
.7B.r._^...U.......6B..e..SV.....W.=.7B..E..E.3.9.tK;.sE.5.7B.........
u(.E...t..<[email protected].#....M...;.u.C......;.r.;.t..E..E...}.
 r..E._^[.....D$...}.@..@B.... .Q..H.....V.t$..j.....7B.k.....8.t\P...
[email protected].... ..|$..t/[email protected]
.....t$....r@...}.3.^[email protected]$...;...
..U..........6B.SV.u.Wj.Y.}..E.3....E..U..........@B..].........M.....
@..M......A.......$..(@.SP.2;...........B.9]...{...S..`[email protected]
SP..........SP..:[email protected]@.......u...<r@.........
9].u"..`7B.j....7B.......M....`7B..j......7B...`7B..Y....E..4.`7B.3...
;....#M..D.....C....4.`7B.V.........B..5@r@.;.t.RQ...E.....B.;....
<<< skipped >>>


GET /webplayer/flvplayer/html/images/btn.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.bigspeedpro.com/webplayer/flvplayer/html/flvplayer.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:30 GMT
Content-Type: image/png
Content-Length: 14251
Last-Modified: Wed, 17 Oct 2012 10:26:56 GMT
Connection: close
ETag: "507e87f0-37ab"
Accept-Ranges: bytes
.PNG........IHDR.......N......I......tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:2C3B8F32184511E28CB5ECE8
B8027028" xmpMM:DocumentID="xmp.did:2C3B8F33184511E28CB5ECE8B8027028"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2C3B8F30184511E28C
B5ECE8B8027028" stRef:documentID="xmp.did:2C3B8F31184511E28CB5ECE8B802
7028"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>.4....4.IDATx..}...E..W}....-7..f.YH.......
....:...........3....../:#>.....l..........lH..,$..7......U..SU.Uu.
{O..9..s..S]]]].[..T.CDH.vl.>...........j...kz..O........L...4../..
.,..y....jz....q...;G....Y....%TS5U..FZ...8@l(..B..S~.U.....o.........
1k...........R~,....:{.m\M...J\.[....8....c..E..w.c2?....B.p.q/.,?.@..
...TM.8.8..\..K..?.3...B...B}.*.......s..L.Um.j...r.uO..._...,....&`x.
...OpPx.(.9...~8.28.......Ey..Y.;.~...[F #.].I(.!...9....\F.E...e0K>
;f.'...m.<@\..O.\t.-..^...q^......]..Iy<.5.....r...W......y..u..
..#............/D..].o......k.p!..e.9~. .....J..7.'...{.g..'.6.<
<<< skipped >>>


GET /sd?is=sm HTTP/1.1
Range: bytes=261636-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP001C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Tue, 21 Apr 2015 05:53:56 GMT
Date: Mon, 20 Apr 2015 05:53:56 GMT
Content-Range: bytes 261636-523271/523272
Content-Length: 261636
Connection: keep-alive
$P../9.,.....d.z$...TK......?RU..kD.M..n.r..Ol;[...`..{......_.=....5.
.Nc..r...te..C..jI..^.....k...'OM[3.rW.!).7...t...l......`7....=WK{.&l
t;Q....#.r. Juq..z..5....FD..:..)H...'.j...R..B...y.e...{H.:.k&...l.V.
p4....</{[email protected].@.....>B..y....7....Q...=..(.....
.....G..... ....o'...J.E%.K.;......d.....S..w.vJ......:..(^...G....Z.Y
3{s...S..me..L...n...()..=.Y. .0.B.....EA#O.Q...O..%..;0c....?.f.>.
Ry...h.p...<..k..x.'...[9......b...9.q-FA...4.]...SFo..=....S...z..
C/..].b.l..:..2...7_L...b...O....E.7P.tk.57.p.uL.M....q]..aF.i...f.2.z
....c.w#.."d2...*>..z...r......s..<..0...F..b.I.mjD.;.V.v....R..
...@.]c....R..U.df.....|....).>......Q....*....;C_.l.....a...i..Gt.
.g.n../.Q.. 8w....b.a...N}z.-.S-3.Z..u....9*..`.8.1.!2./........o2....
....j.eK..:...^...a......I...~o.i.........r...hi.*m...._......e.Y.aYF.
3c.7....;.p.*g.|O/Z.......b.........I...t..5..".np......?...U........b
X`9.....F..^...~.p5.g..?..j...F);Q..A..S..Dt.........agR.B..l......5.K
...T.....q..1.........r....&....KV.{..)j...p.3.N.~.f....i........e...C
..|.a.WE....KD.,^.hH.].*....8..)..}]y...Z.F .r...{.?*..2..#.M.Q....8#e
..s1....t...&e*..#.d.1.u.....EY.....p.W~I... .#.C.#....m..0i.vV....~..
.lq].>.[.!.....\....X.'.....l..1x...a.D....g..X..#......n...w..Y...
Gya,..v0.nH%.................x..,.`|.X..3.zo..<!9-1....2.[..Q#..K..
iP..k.....}5..1X.p7m$...py........c.b..C...U0.............G....Z>..
.....}.P|k4.].....A#....Z EC.~0.,.....09.j..2.K....g....7{.0..R....i.`
2...U..;z..w....R......w.....^...g.F}.$g.:..H..}.W."..0..N]~>..
<<< skipped >>>


GET /gscodesignsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQpEOCqbmTiQA9OjY//t2aa8NSkuwQUGUq4WuRNMaUU5V7sL6Mc+oCMMmsCEhEhZyg35kUM7JUe4UHDT5+Nwg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Mon, 20 Apr 2015 05:57:22 GMT
Content-Type: application/ocsp-response
Content-Length: 1493
Connection: keep-alive
Set-Cookie: __cfduid=df65a90914d609f52e68e4639fdcd29521429509442; expires=Tue, 19-Apr-16 05:57:22 GMT; path=/; domain=.globalsign.com; HttpOnly
X-Powered-By: Servlet/3.0; JBossAS-6
ETag: 086613a968a9e418aeadbc957441caade2a2c024
Expires: Mon, 20 Apr 2015 08:53:34 GMT
Last-Modified: Sun, 19 Apr 2015 20:53:34 GMT
Cache-Control: max-age=180, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1d9e9c81cfe30899-FRA
0..........0..... .....0......0...0.......9e.K.....__..........2015041
9205334Z0u0s0K0... ........)[email protected]...^./.....2k.
..!g(7.E.....A.O.......20150419205334Z....20150420085334Z0...*.H......
.....0v.r.>........*....x..d...r....l.b.qexy..l-u.. .....xI...SDC..
1.O..[.s.p.1/.0u....u............e4l.]..h...m....]...G0(.UC..yD..!Z.1.
..Ev......7t.Z.t..&f.3.v..(.....(.&..#.iOy.e.J..Y.d...u2.D.\.....m.&.a
.....w.._rr...A*O...{m.=....l.hp\2;..1$......v.L..l=......0...0...0...
........!J .v...._......60...*.H........0Z1.0...U....BE1.0...U....Glob
alSign nv-sa100...U...'GlobalSign CodeSigning CA - SHA256 - G20...1503
24152349Z..150624142349Z0..1.0...U....BE1.0...U....GlobalSign nv-sa1C0
A..U...:GlobalSign CodeSigning CA - SHA256 - G2 OCSP responder - 11.0.
..U....201503241623000.."0...*.H.............0.........8..|Z.....|j...
...q..*d....Q...{.;G....%.!(9.gD...k.. ....(....~&.(........a'.o...%..
ap...x...5*.........Vx.......55.....7..5....kL..E1M...L....?...s....#.
..,n........../...'..:...z..R.....w...Fw.n...nd.e....0v.^.......">G
..}|..z.Y*<:./.D&.j.9.)../...rD.A........0..0...U....0.0...U.......
....0...U.%..0... .......0... .....0......0...U.......9e.K.....__.....
...0...U.#..0....J.Z.M1...^./.....2k0...*.H................}[...xH..t-
N..e...cSd..0.4.&.m......2J...r.....4.d..m... .>..uS.w...4.>.(..
.A.....h...:=..\q.l.hf.t"...=........=..Z...Z.....K.v...Y. ........'B.
C...U3........h?....b...!1.<h.%4...o.h.{..!.!Y.G....."...H.Q.q.>
..a.<.......G.7..X.OM..>7|b.....i.q....u..kF..
<<< skipped >>>


GET /pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=3&index_in_screen=1&index_in_session=3&display_height=50&0.9417944086509177 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmc=1; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:24 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:24 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=335664-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 20 Apr 2015 05:53:57 GMT
Content-Type: application/octet-stream
Content-Length: 335664
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Thu, 23 Apr 2015 05:53:57 GMT
Cache-Control: max-age=259200
Content-Range: bytes 335664-671327/671328
..M.u..C.PWj.Q..;.......M.....E...;..}..t)[email protected]....;..._
^[..].3.......E._^[..]....V......Q...............t.Q..h..G.Q.........7
...^......^.........V........Q............W..(......t.Sh..G.Q.b......_
.7...^..O..A..G...t......_^.h..G.......h..G.R............u..B.........
._^.......W3...b...t.Qh..G.P.........7..._.............QRP..G..j.j.j.j
.j.j.j.V..j....,3........_........U..3..}.....t..8...3........]...U...
..SW.}...8......T............E..M..E.....u..l..._[..]..{..t.S........_
[..].V.M..U.R.E.PSQ............uk.{8..M.t....t..U........M...tM.C8H...
.......$...E..........QW.S..........u ..8..........t.S............z...
..^_[..]......(.................V.....QW..............................
`.....Q............3....H....y....I.m-E.v-E..-E..-E..-E..-E..-E..-E..-
E..-E..-E.....V.0Wj.j.3.....H......(......G.t..._^............U.....SV
.u...W..(...3..}.....6...9.,.....*....M...t..................9.p......
...9.,.........9.D.........9_.u ............t.h..G.....H........h..G..
...H.............u._^.C.[..]...T....U.RWSPV.L.......E...t.S....H..E...
._^[..]..E.;.t....... ................l...S.. .....$.......H..........
............}....G...t.P....H.....G..........._^..[..]._^3.[..].U..V..
....$......(...t...............D....Q...,....t...D....t.V.............
....u.WV.w/.........U......^].......U...}..V.u.W......u .G,..t........
t........u........W......GTPV.|[email protected]@...._3.^]....
........U..V.u.W.}.VW..........u.9.t..._^]..0.._^]......U..QV.3Wj.....
.j.V.FP.FT..B..j.j.V..B..j.j.V..C..j.j.V..B...E.P.........4..u.9.t
<<< skipped >>>


GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Thu, 29 Mar 2012 18:19:50 GMT
Date: Wed, 15 Apr 2015 17:44:32 GMT
Expires: Thu, 14 Apr 2016 17:44:32 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33673
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 389408
Alternate-Protocol: 80:quic,p=1
...............F.?..<E..).b..(.........v..i.......E.,^"Y*.E......m|
#2...,.g...n.q$....;..v.f.y.o>.}...W....=.z.jq.77.Mq9/.|....^..?.[.
.r..c.....,.....&..m.g.^...\f.{z8....\e..O.<..?..^.O....oe~....u...
;."...U.w.....t6.....xs.Di/Ye.T.M|....]......:_foW~..<.z.v.{Y.]..O^
0.z.|......*DO..j.{.=_{.Cz....-U.n.x..=.../. '.x.{.Jo{|..j....n..l7..4
/.....T.{.rZ.3........C.jU..<..p.......'.V....e.J........?.m....fG.
..{......P.....t..?.B.X....k..s.c.K..-.".pS.n..P.6...:.Y.T5.4\.W;...U.
.44....;..,e.=...^..S?]c.i.C..O.h......_.....GK5.M..8....4.4.E..Q.<
...m.{[.....O.....=.lI..8....n....2.?.{/.....?&....}_...v5.....w..}..G
..w4.....l.V.......i.mw..&4Yi.@[&..........i.>.S%..aA0..fQ.hK..pP..
....<_......(.]..\-.R..z0Ym."....rPt........o.g..zM..!.P...p...Mi.l
w.rYx..|4..V.......0F..|4....<....1..-..S/....|Nx...;........".w.3.
{..Q>Z.i....x.Ut...:Jx. .3..f..G@Z.:.y..g4\j.v..B..]>...c...[.. 
z......\...:\.%.p...AB{[email protected].{?..d.[..dC....h...!X.V.w.[Q..
...:.h9\.i...........1.Ae.yr.W.........M.]..k...y...c.y.J.P..O..G....i
AJZ.{[email protected].}0.........^......&..5.....`.F.Y....<.......
....@[email protected]..`......V....78M.X yM.b.x(u....Q..f.l...f....E....
3.#..l.l...`1Y.t.N...M...o..ZR!.D.<..}.JFJ.bF..A.z.....z3.a....x.D.
..S9.D....N.n..j1...)f...$..?.z.Q>.....Q.3.'.n..P....x..|..v.....&l
t;...F..~..M.eh)..Q6..x..]..O.......G(@..N.H.... .Ip../.pjz....h.....t
UD..V.h2..........].Y4.N5........7j.}...3. [email protected]..}n4Pz..5.....h&
gt;...$...X0....U..S...u;...BV.A._ F.P.........T.F.6..I..b.%*..:..
<<< skipped >>>


GET /webplayer/flvplayer/html/flvplayer.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:29 GMT
Content-Type: text/html
Last-Modified: Tue, 20 Aug 2013 14:01:34 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
b27.............Zmo.8..^....t....l.i.......]........Z.m%...d..6.}g."Q.
e...6..H"9......L.x.......MV.:...o.b4.....kVR..h^.r.m.....>.o......
M..y....|...3Z...y$.i.R.x.z.s.....]L}.[J...t.f.6f.......G.j..m...x.F .
<.JR....}zM?.../.F....|-..I</..?6,......D=..q:..<.G....J.7.8.
.nx.O.M.|!..7k..p..%..TC...2.B....C.N-).c..`.%.T..tK.\O.....g....{.t..
.1.t........../6iX.<..~V......i\..r........I.f..;.....>........K
~5/S..&qx..W,.y..<g.r..o...5.,....{[email protected].....\a..../..=...#Ff32.
...e..% _'...b...{[email protected]...%.BW...>..=.`(....>6.\...\
.:..0.%.VZ......9.o..Z.4.......l....<I.mY^}ta..`.-.C.>...oJ.8..D
....._...tH.2.{.-.......>`.....t.0....z.M.......J..L......Mp.v..p..
]...bS.<})C .bA#..f..<_..{H...].......{.&RJO.\.......T..q.......
.qz.Z...:.40..].D$.5Wl4....3.]tj......o...m(..]x6iS...."....]..4p..v.^
.>...a.e.7i4.x.c......g....b....M.....-y.... ,l.@....>..k......g
-.u...,.NM.,hQ*.......&..ZtxO.F.5..Nj.`........L.l.;A*..;9i..h.5...t..
.......".....n.3q.d..{.dE.".D..'[email protected]..:..!.?.....@.;..o.3.t.
.-..iz..8.2..1...4'Pba.............X.*...*.^[email protected].....<%..........
...6ED... .....J...m...g.....Q....2.4..^.........@E.. ..H#..!...vk.l..
. ^...a5lo...J.0.......P..b......V.n.{..0.8.U.._9...(.zz...`.......FO.
R...............H....D.....kO..1A.D*:....<.9.E/.....eO.....HM}..AWl
f.......P.ZB....c..1T.........'....!..#R..<o.r...=c.."....I"....5*.
..Ma.%....M..{zU........wJr.1Z.>..4...&.zi....2N..[....F........j..
.!.....j..R>..Z.............|......(......`..Y....$.d5...%.....
<<< skipped >>>


GET /software_files/flvplayer/1_0/FLVPlayerSetup.exe HTTP/1.1
Range: bytes=69938-139876
User-Agent: Better Installer(Mozilla)
Host: download.filesfrog.com
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 20 Apr 2015 05:52:50 GMT
Content-Type: application/octet-stream
Content-Length: 69939
Last-Modified: Tue, 16 Jul 2013 14:25:52 GMT
Connection: close
ETag: "51e557f0-444c8"
Content-Range: bytes 69938-139876/279752
.].`...4L.\d,.2?d2.......-..=....%*.?9:[email protected]..$...e..=
..#..5 ..I6.9..(..e....}....H.-.d{.D.....k.Uuu......NT.....zn...A.3...
....'..}..._....gU..g.e.X....>.M...W.........L.....S......>.zR..
.q...=.....T.....T....z..../..'.ur...Z;..........s.~=......W..... Uz].
.U....2...Tm...n.z......VV..A.'.S.g.).....yNe..........cuF.......pD.^.
.a2.|.~o.......Z.WG.|..`.=...A.B...O...D.I..S..25.1.h..A....z.U.a..../
"%u97..l.4#..../3ww...i6...^..).f..'[8.[..S...iw.KyI2..7ou>.W......
0.`.l.T. ..=....4.S....{.-...z0...zz<P..M..9.3.r......y%..nJ4...s.L
....Lj..-...i.2........1.q4....g.-.'..i...& N..).m..)..MQ.>.9..9...
{Xev......ue[f2W....lK...z....LK.fX.....mB..3..g..R"x....-.....)....,x
...b......)2.zS.a.o.Ms}.<..M..9..f...[S6.n....|s|.z....N...7k... .P
..-.Gf*...&3......... .L].2.e..xI(c.9.Ky.3.L-...v...a..5..q...f...Y.2,
u{.K1.LM...x.y...........t..[...T.?....@.=....!^..L...tqOu....{..p..1S
...}k`...=S..&c.......W ..!.p..2.eI..U.-.C&.-.C&....Lj[..L.Z..LjZ.....
............!....!.j..!..V.C&.-.C&5...L.K....X...............O........
.T.?.G.....I...^n[.,....?...5..C&..O...........zO.........).,....#\$.7
SC....L.x.x.....p....'#].'.Px....K....G....M..F....m...F%w.....*.4h...
t.&...mk.O..



GET /pinger?event_type=offer_accepted&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=2&index_in_screen=1&index_in_session=2&0.22718169464830057 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmc=1; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:24 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:24 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=4&index_in_screen=1&index_in_session=4&0.5420718257062946 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:51 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:51 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0......


GET /pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=1&index_in_screen=1&index_in_session=1&0.07194952895934337 HTTP/1.1


Accept: */*
Referer: hXXp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:57 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:57 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0......


GET /pinger?event_type=install_fail&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=1&index_in_screen=1&index_in_session=1&0.06204252352919859 HTTP/1.1


Accept: */*
Referer: hXXp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:57 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:57 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0......


GET /pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=2&index_in_screen=1&index_in_session=2&0.4692559837122088 HTTP/1.1


Accept: */*
Referer: hXXp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:58 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:58 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0......


GET /pinger?event_type=install_fail&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=2&index_in_screen=1&index_in_session=2&0.8620905277575275 HTTP/1.1


Accept: */*
Referer: hXXp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:03 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:54:03 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0......


GET /pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=istartsurf&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=3&index_in_screen=1&index_in_session=3&0.5228130437645384 HTTP/1.1


Accept: */*
Referer: hXXp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:05 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:54:05 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /webplayer/flvplayer/html/images/logo.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.bigspeedpro.com/webplayer/flvplayer/html/flvplayer.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:29 GMT
Content-Type: image/png
Content-Length: 6594
Last-Modified: Tue, 16 Oct 2012 13:39:24 GMT
Connection: close
ETag: "507d638c-19c2"
Accept-Ranges: bytes
.PNG........IHDR.......:.......}.....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:E486967A179611E2AA41CD2D
25E03266" xmpMM:DocumentID="xmp.did:E486967B179611E2AA41CD2D25E03266"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E4869678179611E2AA
41CD2D25E03266" stRef:documentID="xmp.did:E4869679179611E2AA41CD2D25E0
3266"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>:=A....6IDATx..].xU..^.Lw.Mr..H......7 ..J.
q......Z..W....m?.. j... ._...6.u...".P.d..20...Mn.;.....I...{3.......
{..g...........Mo=..~Sz............Do:Ht..M.I......]n.A...7.$:H...D...
t`....A...Q...p...D...t.. ...t:H.. [email protected]...<s.<
;.?y..O*..2..x......vI....s...=.....c*....j..c.w7.G(......O...k.....X.
u...;........._..\.I..>/...3...W........*._.s.(?By.....x<8  }...
8...O.=...y..3][email protected].<.k\.....{......#.AJ...! ...$p<.....
.. ....f..._.5...< ..\..Qf..T4q.b..=f..r..2Y....;..5.....&..9....f.
...2.k,\(..=.rF..w....%.........X..]Y...E.r.....X.N>!..H"....7.
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=596233, public, no-transform, must-revalidate
Last-Modified: Mon, 20 Apr 2015 03:30:31 GMT
Expires: Mon, 27 Apr 2015 03:30:31 GMT
Date: Mon, 20 Apr 2015 05:57:44 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015042
0033031Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
....^[email protected]...*.H........
.....|G#(.}&......W.._..vp/[email protected]%.od.'...|g........j....
..k..d.^.y.U.._n...AM{$.../...S....f8.8{%.........y...\nZk...{.J.z.i.`
F=..#...Q.Y6%.....W....e.m.H.n.,x=.C...........fx.1.......^......$.P.&
*..5....6% ...... #.-.7....@(^.P....s;....O....o......#0...0...0......
....r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign
, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at http
s://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing
 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....V
eriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use 
at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Co
de Signing 2009-2 OCSP Responder0.."0...*.H.............0.............
m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V
7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*...
.{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.
i~rl..<..krS..8.B..o][email protected]
.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.c
om/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by
 reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........
0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H......
<<< skipped >>>


GET /software_files/flvplayer/1_0/FLVPlayerSetup.exe HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: download.filesfrog.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:52:50 GMT
Content-Type: application/octet-stream
Content-Length: 279752
Last-Modified: Tue, 16 Jul 2013 14:25:52 GMT
Connection: close
ETag: "51e557f0-444c8"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................0......]........................................t....
.......M...........,..8...............................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@[email protected]\......
.....v..............@....ndata...................................rsrc.
...M.......N...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h ...Pj.h`[email protected]...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /webplayer/flvplayer/html/images/gui_btn.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.bigspeedpro.com/webplayer/flvplayer/html/flvplayer.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:30 GMT
Content-Type: image/png
Content-Length: 4604
Last-Modified: Wed, 17 Oct 2012 11:22:34 GMT
Connection: close
ETag: "507e94fa-11fc"
Accept-Ranges: bytes
.PNG........IHDR...^...W.............tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:F16002E4184C11E2853791FB
849D6E2F" xmpMM:DocumentID="xmp.did:F16002E5184C11E2853791FB849D6E2F"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F16002E2184C11E285
3791FB849D6E2F" stRef:documentID="xmp.did:F16002E3184C11E2853791FB849D
6E2F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>./{v...pIDATx..].TT....`f.^..N((.Ybu}...Z]#
I.5{..C.j..f.Z..{.[Y.wK.....ia*Z.....Z] [email protected]#.b........f.c...^...9.
.....g....=.....>...A [email protected]./.....k~ [..B..A.^!..^"...0l..&..(..z.
..C.A>.\J.!.....c..d6Z...n.M.5[..Z..6.S...q...X....q....z...&.n.u..
....c`w...G2.c..M.G~....-...c..._[......G6T......._.*.......g...y..|lS
....."..|.....9.9.y4.D.Lv...D~.....-.b..-.u{y.%...:mGJ......x...Q...T.
N. ...1.....OC.....t..g..4.^[email protected]".g...K.7...6.e...g..A.....
.9.....t< Lo.&6..e..?...K....7g...f.....Q^..Y.6...#_.@.#..5,..#.Y{.
[email protected] ..cA.@v......~.....I..#.rf5[.o
<<< skipped >>>


GET /pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=2&index_in_screen=1&index_in_session=2&display_height=170&0.48965568079393257 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmc=1; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:11 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:11 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /sd?is=sm HTTP/1.1
Range: bytes=130818-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP001C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Tue, 21 Apr 2015 05:53:56 GMT
Date: Mon, 20 Apr 2015 05:53:56 GMT
Content-Range: bytes 130818-523271/523272
Content-Length: 392454
Connection: keep-alive
.Y#./[email protected]}R...;B...,..vgQ4...W..O&..
..=.......s../y.wa.h.0p$.Vf.J...JD..j5..........;...Y.....:k.tT=..x./.
...E..n...........$.s=.....)8p.E....B..c.$..Vj;.,.t.D|6d.B.lp.>Y.C.
........w.^|..Yx.P`N..j.RN.. ...~...Lok.....o..m%`,@,.....J.S...jM@...
..#...J..h..U^...`.RV.,^z..1.d/>?.u.\......{.r.l....M........e.&...
[.6<..M.......h.^...H.)..6.........../.O.]........W}. ...$..x9.9.i.
......)..~..b.T.........f...<8...C..$>YC............t..R.....`.*
[email protected]..`.....i...X.y...1.KQ...w,d.....4Oxn..
..... (....6.MY. .u...".Q.Fn.D..<..o..M.......&ZYJ.b5.24o...M...j..
$...l>.`rlx~..~F6Zh..>..`...i.y..-.e.....2.. ..CCkx...&.g.....j.
.Y......V.5...5.[....z.J.....R..x..u..i...|.....Y.s..-s.1.>...F....
.G...YWH.0.H.... .6=AQ.s.......%..3n.S.,..RY.D%...l.G^..Ny.QMb...>.
.=.1:h8.2.......%.Qv.=.g.i.........{.~.o....5.1g[...._ .C.o.=.....%...
[..[..i....Z/.z..i..UP.......8...sX..Y......iYI...C.(E7..S..9...H,L...
e..^ N.7...x.Qp.J.T....xz}.....&.%...<,. ..{s.=..Vp.........'./....
..Zv9.m..P.f..8....w...`..pJ....>a.'(....s'...l|t.....WO ..)3......
2.....F...@...#.v........29.#..w.-...nN..S"w..b........4.HY.......>
.v..?......>.#..\...sA.......W....^pS.z......9..%Q.l...7.}...[..*&l
t;  rq.L:....[.$7=.=B.mE-......)s..KM...........!..s..xa2...v3..uF...g
O.G'.B.e..-...z#..ck{`.v....`gx....Eg........`[email protected]...'.A....
.Z...LVAQd.q..( ...........6...6....P"..~.9......47..T.....IE..([.S.O.
|o.1{Ue..?C^-................T9P.pb..B#.....0_B....:#....v....8<
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=167832-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 20 Apr 2015 05:53:57 GMT
Content-Type: application/octet-stream
Content-Length: 503496
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Thu, 23 Apr 2015 05:53:57 GMT
Cache-Control: max-age=259200
Content-Range: bytes 167832-671327/671328
...}..u..x&.........._.....].V.u...u..[&..........^........u......Y...
.#.....V.;.t.3.^]...U...}..u...&..........^.....]..E...t.j..p..0.u....
.....].j.h..H..9z...e..3..u........u...%.........l^...........]....t..
[email protected]...@u..}..G.=....v....}.....u.V.....Y.e..V.....V.....YY.f..
....N....t.....F.j._.-.E...u W..#..Y..u.....H..M.....N..............N.
.~..F....f...E...........E...y....u..{...Y...U...=..H..u..lx...u...v..
h......s..YY][email protected]
..u..6.<.@[email protected][email protected][email protected][email protected]....
u.j..S...Y.......u.j..B...Y.3....u........y.j...u..Y..TpG....I........
.H........y.j...u..Y.......y.j..~u..Yj..Us..Y;.t.P.ku..Y.R....E..t...M
...j.YQPVh..@..|....E.9u.u.P..t....u.....E......M.PQ.....YY..e..E..E..
}..u.P..t....t...E......E...w...............U.... .E.VWj.Y..vG..}....E
..E._.E.^[email protected]$.......t$.......
tN......u........$......$..........~.....3.........t..A...t2..t$.....t
......t....A..L$. ...A..L$. ...A..L$. ...A..L$. .......U..WV.u..M..}..
.....;.v.;.............r..=..I..t.WV......;.^_u...I........u..........
r)...$...B...........r.......$.$.B..$. .B...$...B..4.B.`.B...B.#......
F..G..F.....G..........r....$...B..I.#......F.....G..........r....$...
B..#.................r....$...B..I...B...B...B...B...B...B...B...B..D.
..D...D...D...D...D...D...D...D...D...D...D...D...D..............$...B
... .B.(.B.4.B.H.B..E.^_........E.^_........F..G..E.^_...I......F..G..
F..G..E.^_....t1..|9.......u$.........r......$...B......$.\.B..I..
<<< skipped >>>


GET /webplayer/flvplayer/flvplayer.ico HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:29 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Sun, 28 Oct 2012 12:58:25 GMT
Connection: close
ETag: "508d2bf1-47e"
Accept-Ranges: bytes
............ .h.......(....... ..... .....@...........................
........... ...........................-..............................
......SSS.........zzz.KKK.UUU.................................(((.mmm.
............nnn.............***.....................444...............
..kkk....................................-............|||.....jjj.....
~~~.................bbb........-....QQQ.............................BB
B.................AAA.........>>>.........{{{.---............
.....***.zzz.........................^^^..............................
.......^^^.........................___................................
.....ggg.................................................ZZZ..........
...<<<.........===.................RRR.....;;;.;;;.....~~~...
......BBB........ ....]]].................................|||.........
....... ........!!!.....................ppp...........................
..............................VVV.............VVV.....................
................   .000.........ooo.000...............................
......... ........................... ................................
..................................................



GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?da951187161dc203 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Mon, 20 Apr 2015 05:56:55 GMT
Connection: keep-alive



GET /pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=appshat_madness&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=4&index_in_screen=1&index_in_session=4&display_height=90&0.8520016936197526 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmc=1; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:37 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:37 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /sd?is=sm HTTP/1.1
Range: bytes=196227-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP001C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Tue, 21 Apr 2015 05:53:56 GMT
Date: Mon, 20 Apr 2015 05:53:56 GMT
Content-Range: bytes 196227-523271/523272
Content-Length: 327045
Connection: keep-alive
...v~t/..**[email protected]%-P.....0L.r....P8.C?k.......4!....tqQ.nJ.\.r.v.
.&k...}.9..t=;d...Fe0.....b.g.."S,......a..J0.Y:.....o..]...G..4U.Xu..
.L..x..F..8.(...C'...*`.i....9..K(..[.......!..<..3Z............,.g
. '...yO.......J-...;...._.|"..g.....jD">.........*W.l9.0....@ .C..
....hm.E.m.......j.&.V...r..t-e.JW.../Q..V.1n/n...Q.z.p }Sv...t..t....
.g5C:..&@........$\ ....i..7..C B..q..6%."..zg..3......../O...{..^.._.
[email protected].|i[9...qF0{.....-Mo'...p.N'....=..#........g.4.]...7....O&l
t;......Ag..y.....w....C.....0a.......Ui.B......]...X.X.".w=a.sa1.....
..I&..x....E_.a..K.1.~.`..p{...h....S....Pz./...G.a...O...[/......j2'y
.y.t..._.4.o.....!.......%.m..q..S...A&..*b>...C........D8...b5..=.
s.......xHc~9..5?$...g.c.]PG..m..............q....BG....|.A..Zs..;_. .
[email protected].}.YC...Y....Y..%m.3.^}.."
../..I.u.[...z..>.......y.-6<.wU..%0/..7qJ.n!......r....7b!.....
......P..{.6......0...oB...S0F...../..=}2i.e_/...........[.i.V.}..[..i
.1...... .....h.).-}.{..f...u...f'0.....%........t.4......R....M.....p
.,..E..A.o.u5b..n..&....u.<.(.(LK... .g.........#.>.O..B`.|..0.1
.?.......07....(5.'..P..d.!7...._o...<..v^&...._A3n[S.F.._..${V{...
.#,[..;..<.\n.._..uH...*.I..mN&Q...N#H.q.n.=.!...48.......SN..2.4'.
......g..6WY.D......._..W*.v..=.>[email protected].........|D9i/..y.|W@
...... .8..t...M....q..x..$P..i..?%$......j...z.C..@.,p.vW..!y..v.I...
.~"9...X>......NA....5j.E...q[.....Y...h...O=cS.fU..D.]..<....r.
.3f.....3..!x..[t..SO. ....u1.m{Z"..Jw....O*..SG*..?TYb......x.~..
<<< skipped >>>


GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.ds HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 20 Apr 2015 05:54:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.22 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 20 Apr 20
15 05:54:08 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.22 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /windowspm/up?ptid=wpmvt&sid=WindowsMangerProtect&ln=en_us&ver=20.0.0.1953&uid=&upv= HTTP/1.1
Host: VVV.theviilage.com
User-Agent: Mozilla/4.0  
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:55:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14p1
1..1..0..



GET /ajax/libs/jquery/1.8.2/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.bigspeedpro.com/webplayer/flvplayer/html/flvplayer.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Fri, 21 Sep 2012 18:24:20 GMT
Date: Wed, 15 Apr 2015 17:44:35 GMT
Expires: Thu, 14 Apr 2016 17:44:35 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33430
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 389394
Alternate-Protocol: 80:quic,p=1
.............v#G.........".N.LI}.....r).J[Uf....:......07..,...c....W.
...=<.P.}.\-D,.....n..;G.................w.t9?....zr: .|.........n.
n....U.......qp..^.%..a<....u..[/.V.<N.~...f......"...a:.:g.@%{[
.wx......Y.E..q.[,....UN...X.yY..O.n.[..Y... ..<:...v...}.~.or?.gQ.
.......H.....}.|K.-.G....7....o......z..]..:g!.......r...........y.,.t
....6.l.,..z.x...{...t.f.4..\........a.s..:....e.T...l..\..Q.8.yb.t..x
...^.y1_m?..\......(...b[,.r.4.`<K.......n......~po......[z.....n..
1.|....k.s.*...\.,e..8B.....,.cw.;Xs.R...5>f8.....#.\.40.........w.
/3p..$.4...L..%.5.3.$./.P..$...\.Z.......j.J*..;..|.#...mN.A...A?..G..
.:L..x.^..y9..3..3.7.&Ofz?{;/P)m.t.....2.....\......T.}1..0..Nz.|1.N..
kz.Z....B.............7......9....F..x....3j.#..|......6.w..........W.
i.y.{.,@[email protected].^..=..L...Y...&T."..j._.{b.......Yt..hJ
.ROZ?...Y.....^.e.L.Pf.....1.../......f... yT....2......)..Y..-....7..
..{.|=...j.0Ci$.`....^.VY26.....HhHIoIU..}....z.:P...n.Z....v>...l.
..G..B.....R..T.}.p..6r..A.=)...-!..........gY>..f.g.<.....R}.. 
..w...3...7.W..ih..zx...!.H.\.n..~.vi...--..P..u.....[.r.........[..^.
B.c!..|..\6.`."x].....Y...o.N..-.C."......=...V.t..|.~:........#.{L..V
........;..J\ g..g"...........a...]ZB.N.y..,h.&... .0?9....a>....6.
B.$..b@.{1.}...... ......P..=.Y...b..cA:....98..,......".M......I.L...
..p<B.;io..8.K.#.7....[.2.9.........z...6.O.....Y.p./?..>..JS.. 
......&..X./...Sv.@u..'M........Z..o../.?L...n.y.|.o!.~7D.P....g...8s.
f.....7.?.g*...N.... ......_}.M.P.i,u.$.0....d...5u.#%....W!....l;
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=643165-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 643146
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 20 Apr 2015 05:53:51 GMT
Content-Range: bytes 643165-1286310/1286329
X-Cache: Miss from cloudfront
Via: 1.1 dec3494a83e4ff26e9c5f110614a5970.cloudfront.net (CloudFront)
X-Amz-Cf-Id: zzuY1QrI18FTBaDXK1pIC0IDhLnBltoQq3SmR9ur81o81py1pJQaeg==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 643146..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT..Accept-Ranges: bytes.
.ETag: "b8e31d44765d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: AS
P.NET..Date: Mon, 20 Apr 2015 05:53:51 GMT..Content-Range: bytes 64316
5-1286310/1286329..X-Cache: Miss from cloudfront..Via: 1.1 dec3494a83e
4ff26e9c5f110614a5970.cloudfront.net (CloudFront)..X-Amz-Cf-Id: zzuY1Q
rI18FTBaDXK1pIC0IDhLnBltoQq3SmR9ur81o81py1pJQaeg==.....E.oDW...*/z....
[email protected].....;.ht..^[email protected]._o.[.
Ru.....mT.............d.u .K.6M.,....../.p./z.8A.;.2-...p0W6^F.....V.o
P...U...qV...y...W................Z...h..T...y.....M..*M........?O$..}
s.......r...7..D.uBDE#.nqJ....!,......".M..#... ..oRox.tY%....`...D6f.
c...)s...JOF\....r..2......kF 7\...p/../q.H..1`.A..a.N......K..0.j...n
... ...R-..F.mB...jq.ED..J.S...........u.@.:5p>....}n^B..*'...x...B
......&..K......q....U%[.=H../.IR..y...<.=........J.=Y^....%.......
*....H...'W..)Vy..q..o. -.k..*.l(...>.Lys.=..?#..A...E....Ht....4.h
/......i........^.q..LI..y.....X..f........Gpu.....p.5(...5..W.*Z.....
.M..)......?.....;N.>5u.bC..,..kDa...n....Cu.....6......K...../....
..m...6...OgF. D....m.:...a}$..s.....K.H0(`..g.....y.....R..>.u9...
[\.>.h.........g....i_....;..U.#.$9....V.T.>.He..L.=...8......\.
-y..2~..~.'c............xT....=E..e...b._...>.'.z...&rs.}.....3?...
..n.T....".fu...b.(..tI2Z.../.8s.c.6..........9.GH\..\C.P%_>..V
<<< skipped >>>


GET /css/style.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: text/css
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Content-Encoding: gzip
53f.............X.n.8.=._..1....%.8../s.o.(..9.D..;I.....&jq...4.R.X.{
....$.Z......f.o3JxUN.7w3....x....V...g.x%..UF..R.c]$G%............^..
...b...qvUQU.:Y......K.}/k.......|..1.....n.-S|.8#......l......../..B&
gt;'...#.]../.:!.w.7/......g^.C....3...J...|.e.b...=....2...._...wp...
7....j....I.ee.a.L..{3Y7/....d^....Z.........f6.L..jv.....ql.mA-...Dau
......x.^...........8......:.l..u]1x..7`Z....5.5.`...?.n...-..d.)..)F.
...z..n......"3.Bh...E.r....Nl.W..R%...k..I.... 49`...{ue>.'....L..
...........c.*iN.......?....L.B..%... ...1.b...._....S`.9..S.....B....
.2y.....`.....Zugx.:O)}........C.?]....%......(4...d...... ..0./.!.S..
%.%...d...f.b.J.i..-.][email protected]>0"..(
....L./...4[..;n.x..=.(..A...P.T..AD.X .\x......D.Gq6&p)x.b._...7..D..
.''....C..jA,.......Q..7.. #..3.{...1..p..:..Y....P...0g ..&.......k{.
E....JV.......=..y:[email protected].. `.[.\t"..g8...b*X..aZ...\...'.<Z
/........a..0.v.n..4|.......G.S. D..g7..;.....m./.U..j}`..~....yP...#"
....3;T%.g.1....Y^B.....J.........|..:.s.5.l...C....M.W..fk.......c...
.K..a..}."......n...#....._.iV....u.-d..f...:=..|..T..Nr...E.P6.hK{7..
.r...#=.P..T.6.t...S....x......Oaq........#..:9....5Xa.q{..I!........8
.Z)..BQ.x..?6..{^.<Q...|[email protected].}w...e..!..........(....3..P
..6...M.t..t.Z8%....9.....5...o.H.....P.......c..p..CTu..~..[..PP.....
...... ....la..5 bv.@......|.......0......
<<< skipped >>>

GET /js/scripts.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Content-Encoding: gzip
1ff.............T.n.0... ...S.!%-b..zp..P.h..g..V....H.9....zDJ.....`.
..vvv..|....52.)..[.w._5.......JW...2.W.*..j.. X.....~} *.>?[]|....
Q..&s.[.....tA.7..D...n.Z!s.^....c|.8..l/..J..w..L).XU'.FLvV.0...w...(
.........s.........S_2....w.V{....|.|.3.".f"....X....v)Gq.g..kG..z6...
.B...E..G.B...........4.k=.h0...4..kJ;.. ........u@.(...M.{ 2:..sa....
...CBx.......:..>k.....T..d1..........'.d.......9.n."...c:quU.tP...
F.:.g.-Z...q{...z....W.Nw...O..4.....x.;y}K...$E.E...T...X..%.Y...-...
....)C=...x......>:....G.&.|......0..HTTP/1.1 200 OK..Server: nginx
..Date: Mon, 20 Apr 2015 05:54:40 GMT..Content-Type: application/x-jav
ascript..Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT..Transfer-Encodi
ng: chunked..Connection: keep-alive..Vary: Accept-Encoding..Expires: M
on, 20 Apr 2015 06:24:40 GMT..Cache-Control: max-age=1800..Content-Enc
oding: gzip..51e.............Vao.6..._...!6,m..6H...-.a-.-......:I.iI.
.......(9.........;...G._..y.........]Q....U...Y7....%.b...5|/...u.{.D
.-....p.mxu.]......7..w..Q......o/F.wE.X.43....**.]?@..*.|4B{ZI.k..&..
.L..._n<.....?N....5....F_$...1e8.?<<..D...$..J.#p=.).f..2 Ov
.ysl...ef.].....Y.4.4....i.oo.H.V`.*.$...BB0.....yJ...WK.......!p....Z
S...k.1.,V.l6.......G.......qpS.~d2U3.2{:.iU...v......r.un....x .s.7..
.pG.....aA..M.....j..%......c.S...}....d.9.>QUm|k.!OMF0X`u....u4..z
Zp..M.....G"N..6,..|18....b.!<L..3$.......r&..C ..l..'.........Y.:.
..O...L...h...k..Uz....C`..X..h...$H...b.....0Y..),.Y..\..8...._"...V.
..0..._..4..'.....4.{gYQ....:x..]w~4......oD..r/x9.W.).........P8.
<<< skipped >>>

GET /images/logo.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: image/jpeg
Content-Length: 5807
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-16af"
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......Exif..II*.................Ducky.......P..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmp
MM:InstanceID="xmp.iid:B61A1BBFD29B11E28771DAFB2D1987AB" xmpMM:Documen
tID="xmp.did:B61A1BC0D29B11E28771DAFB2D1987AB"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:B61A1BBDD29B11E28771DAFB2D1987AB" stRef:d
ocumentID="xmp.did:B61A1BBED29B11E28771DAFB2D1987AB"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
....................>..............................................
...................................................!1AQ"...2..aq..B#..
....Rr.3.SC.5.......................!..1Aa".Qq......2..B...b3$%.......
......?..u.......i...>#...-..LPv.....t..T.J..5........*jO....5UP...
t..O.h.nP*;.jOJu=?-.%(.%!.Ggh.H#@l. |..UN..~.....C...(e....YA!....8.).
[email protected].\.jY".......z.b;......6..7...M...6..X.&i..Tw.%... ...
..=.c.\$.1l....q;.*.).M..nij..;.....:........J...x..z.....5*......
<<< skipped >>>

GET /thumbnails/banner/images/assets/0/d/0d2eb87d6982e1321cd3e3735ca5ca4c.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: image/jpeg
Content-Length: 41132
Last-Modified: Tue, 18 Jun 2013 14:44:30 GMT
Connection: keep-alive
ETag: "51c0724e-a0ac"
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......Exif..II*.................Ducky.......Z..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmp
MM:InstanceID="xmp.iid:239F818ED74411E2966EC7DEDA92E1D8" xmpMM:Documen
tID="xmp.did:239F818FD74411E2966EC7DEDA92E1D8"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:239F818CD74411E2966EC7DEDA92E1D8" stRef:d
ocumentID="xmp.did:239F818DD74411E2966EC7DEDA92E1D8"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
......................................................................
.............................................!..1A..Q"..aq...2#....B..
3...Rr.s4.C.$..b...5S.D..t%.........................!1.AQ...aq."2...B.
...3..R#...b.cr..&'............?...O.Rj.....WQ...3........u...F.ZUr...
VV.f..m....`.VP........Z.]7h....%[email protected].=.K....Z....#..3.........
Zkk.V.P$..T..p..$[..j...iM..I'.b. .".. .8...v...]... q.V..#....5..../.
......9..l5...u... [email protected]/0.D.........]....F..Q
<<< skipped >>>

GET /thumbnails/banner/images/assets/1/f/1f8ffa22b53dfc2f6b7f1850bb6b73e8.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:40 GMT
Content-Type: image/png
Content-Length: 173932
Last-Modified: Thu, 13 Jun 2013 17:00:48 GMT
Connection: keep-alive
ETag: "51b9fac0-2a76c"
Expires: Mon, 20 Apr 2015 06:24:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR.............X.h.....sBIT.....O... .IDATx...w..G.8.^U.
...9h....%Y.ec..9c.1`...8L<8...w...3..q&...q..c.c.. ..........6....
.....LOOO.J ~..i>.....W..zU...0...{.N... .f........\.!S...9K.[..4_.
... ..D$N.O..}....'.\.QQSU..\Y..$.R....9.......@B........ .......a..zh
.._&.#..$.$_..[....W0.IB..........S...[..A..B0....B..........}.S.e.}..
....}..8...\c.D2...\[email protected]`*99.y....#1.lHa..k:.
........'..)....`n.e 2.f....S...........P..G?.zi.(..I........a.S...B..
<.....cID...a ......._.'.c....!g..=.R.....i.J....:[email protected]
5.Y[gG}....J...i..\p......y8....(.Qg.H...3x.....OD..x,..Ec.h$.....h\I.
..).....$......D,...D(.@%. ."..f..e...t9.^...r..^...qI.D........T....R
.."I..lvrz....h...P;.8.........pa...B...4strL.L.".us.i...0...}F.B.....
.......\... D.#...?Uf..M.9.......Y.e.6.F...K..D..U..;wr..-RM..M..P'...
..=...'..._|........315.,..nH..6...s.....A^.y.%.\.:._J.R.Lb6...9Y....&
lt;...Y.9......*.....  ..U&N.U.....^.R..dQmC....TUcL.9...!.a.J)..T5...
..........@4.@!.v{..].......|^...r.....!..$I._I.V...7..jBpMc..TU....h4
............?..D...!...........}^..f...g...T.4.Pb...X|lp....=.... ..7.
.......A._0k~.......B7..9>M.......uV........sl....kc.X.......U...,.
uS..QR..B9A."M...........o..?....*/D.S).D......., .Hyz.|X.9A .yI.t...0
?..{...e`2...$j.....Tb...b.9.)....v..X.$....8;...}.h.`[email protected]
..T..H(%...F..f.F.......ER[QVW[UW_S^^RT\T\T$I.....s..O .iVla...S=.`..)
A"@0...P.....................,.....,..ym.....0...!.M........u..G.Vy.]f
o[.2..Ad..l...p..6'fj..a..L.3..T...:.....2..k/.o....Y..p.7,..&Rczd
<<< skipped >>>

GET /images/5.0stars.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/jpeg
Content-Length: 2286
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-8ee"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......Exif..II*.................Ducky.......P..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:E712C81ACD1411E29568FF5E7
C4F2C36" xmpMM:InstanceID="xmp.iid:E712C819CD1411E29568FF5E7C4F2C36" x
mp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:D2ECCA94C82C11E2B97E98D68EE09333" stRef:d
ocumentID="xmp.did:D2ECCA95C82C11E2B97E98D68EE09333"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
......................9...............................................
.....................................!..."..12BA&Qq.b3c...............
......!...1A..a2....Q"B%q.R.#.b.$..............?....3s....b.v..Q@...\g
.F^.v.G.`$.*.yAiX.........?o.%<........OST.n.m...:?.Q.W2EF*"".....F
./.....w.tl.!..=..I-J.U^J.R.Y...y.j.B.}Z"_S..0.~..xT.f.Q..W"x.:...X>
;.O/../.%zO.......f.~x*.O..D.$X....w..ZJ..o)'.Kq.|.E..Qr.T2bPu..1..x?N
j...!59.yK...B"[email protected].$.u..dI&..Vg..2.$..&'..X..\<.....h....
<<< skipped >>>

GET /thumbnails/icon/images/assets/f/4/f4e4b853ddab3b763f0af17d513631bd.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 309779
Last-Modified: Thu, 13 Jun 2013 17:05:34 GMT
Connection: keep-alive
ETag: "51b9fbde-4ba13"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......pHYs...#...#.x.?v...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /thumbnails/icon/images/assets/6/a/6a12dc1a298e870b610a58a56ba0f5ec.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1

GET /thumbnails/icon/images/assets/e/5/e54e8c720dffffa619c3b0eacec9381a.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 53266
Last-Modified: Thu, 13 Jun 2013 17:53:06 GMT
Connection: keep-alive
ETag: "51ba0702-d012"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS5q..6....tEXtCreation Time.3/8/12bk
.... .IDATx...y.\.u/.jw.9G....c. C...;.  .&..2z..H.\..$..y....../..O|.
..I.5J.3v0F.....{.D0...f.1...61H.q.....{....=..VU..N.....].j....k..k.)
%0....../D.V..`0..F......`0.c.v.......C...`0..........`0....0....1.`..
.`0..1.;.....`.!..`0...c......`0.c.v.......C...`0..........`0....0....
1.`...`0..1.;.....`.!..`0...c......`0.c.v.......C...`0..........`0....
0....1.`...`0..1.;.....`.!..`0...c......`0.c.v.......C...`0..........`
0....0....1.`...`0..1.;.....`.!..`0...c......`0.c.v.......C...`0......
..B.S..C...g...?..g.....G..5\..B .,.....m.Jb[....- N.....a0..R}.r..1..
.w...g..".....S.....T.NF&n.f.%D.................0... .......T...'.w.).
i .e.R._a......g<eT..c9..x...(............%*.`xA.R.<...$jW......
.ih&.vaan../.LV..[...>.......M.X'.z...,.8b..e.W......8...J..`..S..Q
.......J..Ie..}z...G........D..t?..h.T....L..0..k...:p..1t.]y.....t...
...x.......y|y..../........%X9N.}.b2r..8..o..f0.....(a...H..j.R={.....
.K.....O9...W...a..16u..G..h.5.......#R...0....0... .:_.8^.......<t
x.go~.v...a7..5.9c-......R.J.B.>..b..:g./..8~....K..`..S...A.......
Ag.?......LW..g7..T"5..CxM....~.^ ..&....~cF...{[email protected]
$.N.....Qi].3q.f.s...q..H..N...Mcl.......~.....9.......S..fZ....!.....
0... .:A.x.H.....w7......'[email protected]
OF.....`.5...".j.r..........w-.S2*.0G....Q.i..R.2.._........P..=..."..
d....`..S_<...p.....\.5?...g.w....3.y.E~^)..q&.`..h.M>..~..B
<<< skipped >>>

GET /thumbnails/icon/images/assets/8/3/83a4cee7a59522b93ed0ae1fa73ce8f3.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 48422
Last-Modified: Thu, 13 Jun 2013 18:07:09 GMT
Connection: keep-alive
ETag: "51ba0a4d-bd26"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>

GET /thumbnails/icon/images/assets/2/3/23428f8768d928d2bd45dd3b0c4d0057.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 288086
Last-Modified: Fri, 14 Jun 2013 16:44:16 GMT
Connection: keep-alive
ETag: "51bb4860-46556"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR.............{.C.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:9D2D46458C206811B0C8A4DF2123BC4C" xmpMM:DocumentID="xmp.did:77F1
49EBC46E11E2B747C631FF1479F9" xmpMM:InstanceID="xmp.iid:77F149EAC46E11
E2B747C631FF1479F9" xmp:CreatorTool="Adobe Photoshop CS5.1 Macintosh"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0280117407206811A8
98904B6C307B73" stRef:documentID="xmp.did:9D2D46458C206811B0C8A4DF2123
BC4C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>6..i..a.IDATx...k.d.u%v...>2.....H....^.
.....v.x"..v.?.o.'..?h.c ..c4.([email protected]..^k..U.A..%....b...2...
U....k..GO...{.!..A....|p..U..X5uh.......U}....Z.........~...qip....Uk
7;.w..pq..g.4..7...\p....ir.8..2...;..&yT..........s5.^;7.....6..d....
.'."..L..<....M{..J..B...s..=..'..>.].._...O)xZy.$O..C.._.=.Y..&
lt;|.]..B.N)z~.,/.B.....z...W....../'.4f.f.J......[|.|*'#g2..4.....&."
. _.n....i.{goY.....).....^.n8.......M.....w{...uu.g...^.|....]<w..
......".*T.{7.....{...q.......R?..a..4MyJy..9......?.....y<...x
<<< skipped >>>

GET /thumbnails/icon/images/assets/b/b/bbbde9554589bda63791709a6785e0a3.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1



..h... .....u......u.$.[.......K.q.J./..b..e...\..._r.....^.t*.?......
HD.Cx2..>w9.Bm..._r.k|...........I}O8B.w...ck.s.a.$<../c..>..
x.oZ.O.l........pp=.w,........!!....qP..`.t$/AIT'0 ..\..m1....cA[....8
.JT.u..X/.&rL.@[email protected]`....9.xG....>.e.6.9r....
.....#...m"..U.. s..xY.X."[email protected])........1L5.)cm..w......
c5~*c..dk.I......._....R...c.-._~.B.C.i...e..Wc....S........kQ!.@. z.2
...=.7..qeO...!......K..[...F(...e.;..<gs..)........_.e.d..G$.3..B9
.^~....!7.....<.. #....Q.5..l=.......B....>#.1.. .r..U..'.iG....
.<.[X.!gf.(.......G...z........3......./rO.!*,I..:.1m.EoCx.&...j...
..~.:.r...~.o.|.2%.....>.....D...../*1g..sL..nQ........k9/P...!....
h..OBx..Q.K...-..H.g..M.zG......w.@......=..q.i...g*Z.g.....*.,_......
.....yF...L...D.9&..D.?.._2......w.B..1..........<B.G[r6_.i.....n)9
....C2..f.....-..3..\0...........0y......0.X......jP....j...xd.>...
......... ..Yf..z..|...>0s........Q. 87......m.^ .[L...........C..f
.....z..z.:.9....G.<..<..2.....fb.....T..rn...^..`*}/|...o......
..........0...GP.3..x<..`. iIX....cYG,Z{..^.q..P..x,5.} y.j9.X6....
s........\J..........Q.3..a)..........~H.>.c.k....>}..n..../....
....{..(...H@:.c.....V...pb._..b}.5....n..=......s.X.....wqK....e..cr$
.r|....0.............4M.`...*z%@0"...8.c......L\.f....t.E.U.....g:`.u.
..OT....y..%N.$<......-...-....H. ..._s6.1j.......1...".`...5....i.
.Z3....cV.1*...4.Y/.....,\.l._....-.:w.x5..X....K^zM....$C....k&...t:.
M...r..a...mK. .....*.b.5?...[.o..{..~.y$..u.......]...<8.U,...
<<< skipped >>>

GET /thumbnails/icon/images/assets/7/d/7d4f668f3d1818d01b6b9684b669d0db.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 98253
Last-Modified: Sun, 28 Jul 2013 10:29:06 GMT
Connection: keep-alive
ETag: "51f4f272-17fcd"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR...,...,.....y}.u....sBIT....|.d... .IDATx...y.m.U....
=.s.}[email protected].`CpD..J....$.2D).e.....bp..!.`[b(...B...Zj..
.o...;.aO.1.......O.#..}V..{.y..i.......o..X.*V..U.b..X.*V..U.b..X.*V.
.U.b..X.*V..U.b..).}...*.$.....%../...b._P........X......}..|@........
.......~........p.~..?...v....C..s...<...>.sX.*...../G..Pnu=....
|...x.o^...b....c([email protected] .[.
..`}..V..qpb......H2."[email protected]......~.M.s<..z.....D.e.@`.E..
...X.....p..<....8...u38}!..*."..........8.0"[email protected].*.(..*(..!T..
_....l._.~.....z. .<....g3.....w.~.m....q..s.. ....{xx..p0..c.4....
...?..Gz..@.~|z.. .;u...yfY..{..s.z'.33.9....5u.9.....$].W..l..c..g..V
<.S,[email protected]/....L..................v..y!.:c....>D
.)yB)%.......p."F*......CH..A.....u....!D.[3s....B.1..~q.`w...........
....>.`. .... ..*.9wKc,....\[email protected]...*..B...?....7.k#@U.T
....V..|o.T ...i....o......g.:}..R.O.X.>.*[email protected]..
..1.......s..YJ.....\p.t..8..`...........#B.`.#...9.s.....M....^.r....
.}z.......f .q.\!.={........-.........v.'........g.....S..@......../}.
\......5../.i..y...r........s.........}......'....P2`M........5l.!8...
..........3@0..,.u.M... .1..RI..b*N....CJ..4.w...J.q.!%.c`\ .sp).8....
...B).!`........m{qk{..k.;.>r...............JJ.9.}.v.s...=..7......
........_F...*...../][email protected]..}..K3........?......7...O...<.`
.A.\.o[D....]..v=.1...Y.g..s...1...eI)!..s..s.)..w.".,. [email protected]..&
lt;.R.!.q*......`.eU.q...t.C..Ke....8...eUAe.`.B....3.....7..u....
<<< skipped >>>

GET /thumbnails/icon/images/assets/5/2/52d5414e7372639389ab7e9e4d479aee.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 349673
Last-Modified: Thu, 13 Jun 2013 17:54:49 GMT
Connection: keep-alive
ETag: "51ba0769-555e9"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x....U.IDATx.....l.U...8.D.q.}...g*S...`
%[email protected].?.{..U..r..7.......2A.$:).P..y.}.v.
.....\k.8q.}......9r..n.q.}..k.....V.p.:{...^g.......W......^g......u.
..^g......u.:{........u.:{...^g...u.:{...^g.....8{...^g......u...^g...
...u.:{........u.:{...^g...u.:{...^g.....8{...^g......u...^g......u.:{
........u.:{...^g...u.:{...^g.....8{...^g......u...^g......u.:{.......
.u.:{...^_2........f.L&!..P.ja6..<...Y...!/.P...Z.0..BV...r...z.Ng.
...Q.z.^..5...ah..!...X.a..c ..........F.L..~...0.K#......?...(.......
...".\.?.6....8f.....^....\....A.p.B...</.n9/C....<........_....
.Mg..(...........^.....k......p......8O\......8..,..8.Z..a:..s...spOp&
lt;.>.....?_.u~......v.^y...xNx.F...............{..y...?...I...}_..
X.Z....g2..{.......sq,.r...E..../.Z<.....x...k.s..........p.....^..
.(n....0..?....x....G.................x-..V. 2..Q..........~..'a{{ ...
.Mo....~.GB....V;L.q..;........'.AX.c.5.....O..~......}....>...W?..
7.`.._...~...].x/..W....O..\o....G.....C.........B\ZY<.|......../..
x.[...G.x....~.[.?~...k......|.?.5.'....a|..y..1<...V.k............
...?..x.X.X ..4._..:...A|...k...]..u.:.._"..7.V....;.........o.....c.u
.....wul1x..y......n.......q.s........J..z..k8......<^..v.. ..|$...
..|2..'"...I.@<..<..g...........{...T..7W..[...u...x.w..p.p..xO.
.....c;..U.........`<..{....."^.[..8..r.u..6..r}...'c.,.x8..[..>
..mt."....O...{7o.>...........~6...D..D...q..@-........^g.3.p..~W..
.T......:.x4..W;.....1.."........%.z..A-&..x...\P.G.>..{..X...u
<<< skipped >>>

GET /thumbnails/icon/images/assets/a/6/a6ae526a0a22dcfc743a66d44a3e09e3.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 430688
Last-Modified: Thu, 13 Jun 2013 17:02:16 GMT
Connection: keep-alive
ETag: "51b9fb18-69260"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /thumbnails/icon/images/assets/5/8/58d196b3e886a838d021adc8c8848f1e.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 24802
Last-Modified: Thu, 13 Jun 2013 17:45:56 GMT
Connection: keep-alive
ETag: "51ba0554-60e2"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS6........tEXtCreation Time.5/7/10._
9... .IDATx...y|T..>.g...N&a....V.....%.Zm%`...,....[.K..i....n...[
.[..U.J.qA.....A.B"d.Yg..?&7s....23...y.^....I...~.....$.DDDd/...@DDD.
c. "".!..""".b. "".!..""".b. "".!..""".b. "".!..""".b. "".!..""".b. ""
.!..""".b. "".!..""".b. "".!..""".b. "".!g....p.b..?G/..........~..Z..
...I....%...4.M...N..>..T..x.|.._...........V.5..{?..90..BL...p.=. 
..P....0d...R..s.OMj.A..HR........."$....22%....XzG..'...........DDp
..t.....`.}..._.....s...9..y....2].....&....^t....k':Zw.g'..v0.wA.}"".
..<..`^.J...3T?......D....t....8dd..q....oA0.%...p`......#2....P.|K
Dd.....h.......ZP.3.>...3....t..,..-.u..V.:...:<.....@ [email protected].
XW.I_=......31x....>.pe|Q...'..C$.$...xKDd(..........L...w&.... .48
.....L|./..........@_.........5$j...r..jA.......\...$..[...4.mz.w_R..0
....`. ".`.07u..Vi?2...].w........7qp...............`>...G.%oU...rd
.~O.H......6.....Et.`U......<...G...(.y..@~.5...-f.......~.i...#x..
..=..b......v.......u.g.....{WW`.q..n......}_>...."<..... .A@...
....{RM.sR.\_~......q.'..f>..S.E.<.....7;.W...<.p.PW..a.....M
.}y.B._K.?.D.}_~.........x.2.g.o._..._..oR.`....u..."[email protected]...
N...Kt.B._K...H...8z....~N....6.y.o......u.PJ.............?....Y9.=.g.
.... ?...2]...<.Ph.B.]..K.l[........!.:Z..pzI~............}".b.0...
}....H.x.......=.?......(.~:B!G.....\/.t.A.G=aA....MZ'...K........}"[`
.. .V.L..x........z..........]=....._8.N.a.t.f..>[email protected]...{..
<<< skipped >>>

GET /thumbnails/icon/images/assets/c/c/cc3148e57a2928cd1ada1bbea553c3c2.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:41 GMT
Content-Type: image/png
Content-Length: 24626
Last-Modified: Thu, 13 Jun 2013 17:46:11 GMT
Connection: keep-alive
ETag: "51ba0563-6032"
Expires: Mon, 20 Apr 2015 06:24:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:9247670438B3E211AC72D899932DBE6B" xmpMM:DocumentID="xmp.did:E7AB
8047C2A611E298A7FDC45846E498" xmpMM:InstanceID="xmp.iid:E7AB8046C2A611
E298A7FDC45846E498" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2A4978B7FB5E211AC72
D899932DBE6B" stRef:documentID="xmp.did:9247670438B3E211AC72D899932DBE
6B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>I.....\bIDATx.....U...O7.....i.h. [email protected].
.......L..$U.8F3&5Ve,M.L.L.8..N......\...7.(c.\@eW.F.n...i......}.\.^.
..........h..g{...V.9r..CEE...=..gU.....u.^...................?C..B...
8.P..F......o.xg.....K..([email protected].}.o`..0(..
....N.D..D(.0............bD.x.4..?..sx oB...Y....=.....:....@....^.F.q
.....X..O)...pd Fq...D.(`[email protected].`...0...........L.........{4.Q.Z ..
.......<.).{@.. . ..i........3A]....SS.....E9....k....L.....`%.....
..........@.@F...<|......).@[email protected][email protected].<....<~....
<<< skipped >>>

GET /thumbnails/icon/images/assets/f/3/f3ad8b396434c21b4c214fd667ee391d.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1

GET /thumbnails/icon/images/assets/a/6/a64a4b5c68c364d30083fbd0b0363585.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1



<........ .s:.(../T.....Xj.o#.Zw.6..B5.Z........@:[email protected].._.l..m..@
..... .....I....B~.j.%...)u.......?.bw..wT...;I....b..2.....= 8....G..
....I...g.....i......A..1.N./!..........P.'k..{?.`.o....... .X......A.
r$..1T.. ..S...`."C.k!..)..;!.......L..P.............o..93.....8h.....
..~).v..`.o...ic.P...#..8r..'.a..u..9.........H.s#.[.0.......~O.....Sc
..uu..T..l.../.1.@.....{...r...u.....;.............X..].7..N.....,....
[email protected]@..8....._............0..W./.f..'.fTA ./.J#...@x.
wb  .ri.P.... .. ..)........-.....DC..E..(..".#[email protected]....~...
...$..T.7" ...;...A..hX-)........[....*]...3P..../................bN..
6O........5....P.....p.....5.J.~..h..a....~....]Z...%;R..]i ...-.}a.?"
.q...."f..^2dq...A......ot3X....G`f.Vf..I.....i.?...O......).(....A#..
....AS.7.7.1....!.R:.F..S.~....y./..5.......W.'c..#.....:..B.....C....
'.w.0..Z...M> .p..y.T.&.&"..2ye.,#......N.....tV..P..7.c....D......
..#....Z.{..].." P...9..r...[.t..x.......2..o....h..R.:.......*.z..).@
..V.dY..........@:..'..1.oz........|L....#..U...,.E }.=Q.Lg..T ...TG.\
.../.F-n..ioc..v..V........7}...p.....2..?..~.........)H.c.....^....I.
. .....lCT....9.J........w.p......9.S..\..'....B...u........$.x.N...0.
...L.`.......r....w...8.....-........Cd...........H..-..pm...x.....SS.
B....\.C|F...S......=.4...8..^........p......s.?..v..\.l.bq..M.....s..
.M.......S.."`......h.;[email protected]....%.........<[...~.....r.!@
%..N........!..'.).&B.......2.....p...xd....."..'...............%....A
.X....)....... !..'......%. .T.0....?....Q.....).{....g.3....J....
<<< skipped >>>

GET /thumbnails/icon/images/assets/4/4/442a5f30204dd385d17de5848683274f.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1



...XS.j8...{.....j..W.....i. .2t%,.T $mi...VQ...!.E.3...u...'.L...S...
..... .`....T....S.....DL.........%!..c.5..Lk..I..V.=<....f.....l..
b.ah.}..a.{.3P..3.....n...4....#.!..cDy...........|Z.H8S.w....<.7G.
......a.....d'.L$..$.X.In.ym......-TdN...V@A.(.s.'...=..?...M.>L..P
U.P.*.3*...p........(g....?......|F......GP..>.))...Ej.........>
.\...==.u.o.N<q9..9..xcS..*N...A...q...ZHT./j.K...{.i.....o[.8x.%..
po..=.. ....8.W.&./%...q=...j...l.9....&.....O...7...!....VL;....q....
{.s.3<.....F..yV.......j`..)M.Lj,..?.....`...1.......m.e....a.....,
%!.x..s.....`...kpY.-)...#.a.sNp.....L.. .5."h...cb&.'..u..)..s...!...
....,Y2...].7..s...^.....v...{...#[email protected].]..\
..P..x.LOj.X.L{..W.. .._....5Hns..7..r....... _....!...ztB.'..SO.Q^...
w..?..Q.C.=......O9.$......Y<...C_w...G.W.R..).b.`L=..r3...j.......
....L.hQC.....b...'....p~.\. [email protected]%`.....
d..[...m.........._......... .z...35.xl..3(...W...._..| ~nS.hsB.t.l.f.
..>.p.... ..W......K..0..s.F.*......TQ...p..#.....F.SG.$.....V.P...
L.. ...7.C......V..10.....F...FNg......G...k.V..kCe..?.}r.iP....|..~,.
.3.B.S..zPt..=!S....8.c.4........m7.@....]K.1r..`.H.....?........-K...
/.....R....FZ.........RL=-..)9..3... ;`....H.GD.. &._:s.......F.z.s..s
.....N^@......^f.8...b.....^;...f;.$......Ur.e.Zb/[email protected][
....I..A,...id.(,...l._......&.v.44...I.;.I..{@?J....|..A............A
0...-ag...~.B.*@.d.<.`P.T..p].*....0.Z...fQ.....WP.]._..t..q..1fr..
.../...@........_....]c....*<......../......9............j.dZj.
<<< skipped >>>

GET /thumbnails/icon/images/assets/d/5/d586df222f5069b6c396373d67d0163b.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1



..H....S....N4..L...s.y.S..2.....Q....&.d.j`..fQg<....E.2.t .......
..NV..l..=.o.m;..'.K8>..`0..v...<'[.....X.......$Q}.9..a...B.49k
..vc.......t....}..}.n...j0... ......0x.5..9.O?..>/....8.j...y...\.
..5WD....6J..\..w?..~..|...c...d.}.;....|....`.......E0.9W.d..<...f
....R..t.1~.......oS......1.&..1.(..X.~..2....x..`.....n..(."..S..$.&l
t;.d\U.ga<.....‹[email protected] .J......]V....x...Q/@/,
.z0.'\E[W|z.P.....l.Wxi.7.L...d.(K8c..X....3...^86..`od`...&.1'.4:&\..
..s....T..K.....IF.........2.r..5.}.D..Z.....^G.......(.v..j.z..O...X.
.E...=.*V.s..#..U..c.S.Um[..U...^n1..{.].l.g....Q...%)..4.O.V.]Q(s..Pd
.abE_.....c.qw<H.d.......1<....7...-......f;c...V...,...$.H.(...
....;[email protected]..#L....b2"[email protected]. ..t.&.
i.............'..HsL..u.R.. ..MeIB;.n..mG'n.d..[.9.....&49.\.J....MOf.
ag-...LZ..a^X...K...&. f{......0..]Bjx..Q5.8...V..)7W..2...y8...Y..'B1
.6..,....i...j.T.d$~...O.............g9.....c.m.9`Y)-........2B..=.2..
gs.NR..l..Z..b.~.)..Y.8.2.O.".5...V...Z..]....2..I..G..|........wk....
a~..f.?d..........RLj.r..eP.........%_~.1L.....b....."..;.,...J....._.
....BJ..i..WY......j..q.?.....q.Y...S.Sni...s.0J.............p,...E...
Yz.H.....W....S..$.."L.......`........?Y7...........\....o.U.q.|.}7..O
S..S....TJ...i....9.8L..c.-.:.?.......$... ............%....>..{...
....%......;.....G..O...:..k.V....Q.;.........;%G....}.I...{r.].....D]
9.E.....N......2...>q.u....%(<^..`l....rvz.1].YBRn.*$.MO....u..t
.Z._....B.D.n....c..E.3H...:.p.].oB.N.,. ...Q".....w.>.<^..N
<<< skipped >>>

GET /thumbnails/icon/images/assets/5/9/59982d8527c0da41e35817e8fc15c0fc.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=v7adogfuin8m1i81fnmboibci1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:42 GMT
Content-Type: image/png
Content-Length: 606635
Last-Modified: Thu, 13 Jun 2013 17:49:29 GMT
Connection: keep-alive
ETag: "51ba0629-941ab"
Expires: Mon, 20 Apr 2015 06:24:42 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......sRGB.........gAMA......a.....pHYs
..........o.d....tEXtSoftware.Paint.NET v3.5.87;.]....IDATx^....%Yr...
.v..5^^......=.F..*]...:...Z..Z..].u.h.........}..TU7.|...$.I.m.'N.8..
}.r........}.~.w......T............k...[..?O).......3....Y..]...z.....
.v....}W........W>....W.sZ..e.....r.......u.z>.svz.....sry.s.8..
o..T...].~.......w..o.|.. ...c]....._....e.......1<.....y.....`.6..
......c.._r1........p......AJo.8.......).....go.E....../.<]z.g...?N
W_..t..?H...I:......?f..t...............$.z...?L...Qz.....8.r.........
.{......n...b....1...iz....[7^M..|-........Mo_z5}p.|z..........;......
s.............J.]?...r:.}.t.........c......>...z....|.~.>..w..'7
]..q.}....X'..q.Oc.A.!..b|..#................|..}ru...|y;}r..W.|e .?..
.~..........e.qe...9'.c|ry }...6.?....?...>.......u....].f~.....7..
O.18~L.|....).G...5|r.{z..r>.p..].M.]^.....\.2.l9.{z-.wn.....:?....
..>...:.N.O-...g.k...o..8...o.\.x.[<.....-..<.>.X.1~..^.:.
w.....ka......]..:....d...e......>..<g..G7y.7......3.Y|.......:]
.]>..p.^1........d..n....o......o..7.1.....d....47..&.....}-=r.....
...~...o6..........H........ p......b9.!..:...d.....t.....W.@  \.._...
.\.^P.w.... u.{A....@_...y.......W.~.. ..uy....{A..........{o ......Qs
.>.O.:<_...............j.,.<..g`.]al....K..A.....,....Vl.1..I
..')}.3...>..x....o.yz.._../.q....NO.........O..._.?]..~z.q..'..S..
.n}....^..x.....O}....^.../.z....c..0.^..n..!..S..7X...^J.>.1..k..[
O.wo..>x.j..[...[......;.X..%}..={.@9.>>.6...r~..?b|..YG.
<<< skipped >>>


GET /webplayer/flvplayer/html/images/bg_header.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.bigspeedpro.com/webplayer/flvplayer/html/flvplayer.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:30 GMT
Content-Type: image/jpeg
Content-Length: 1213
Last-Modified: Tue, 16 Oct 2012 13:33:42 GMT
Connection: close
ETag: "507d6236-4bd"
Accept-Ranges: bytes
......Exif..II*.................Ducky.......d..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmp
MM:InstanceID="xmp.iid:190EFAD8179611E2B0D795DA28C48482" xmpMM:Documen
tID="xmp.did:190EFAD9179611E2B0D795DA28C48482"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:190EFAD6179611E2B0D795DA28C48482" stRef:d
ocumentID="xmp.did:190EFAD7179611E2B0D795DA28C48482"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
....................:...............j.................................
...........................Q1BC....Rb.Aa...2..3.....................!.
"............?..RL.....g....Ap....o3P.p....v..........(2...<..s..HK
..,o...O....



GET /v4/sof-windowspm/?action=visit.heartbeat.wpmvt&update3=version,20.0.0.1953 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Mon, 20 Apr 2015 05:54:20 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
3d..{"stats":"error","time":"0.08 ms","message":"uid is not set"}..0..
HTTP/1.1 200 OK..Server: nginx/1.6.2..Date: Mon, 20 Apr 2015 05:54:20 
GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunke
d..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v4
..3d..{"stats":"error","time":"0.08 ms","message":"uid is not set"}..0
......


GET /v4/sof-windowspm/?action=visit.heartbeat.wpmvt HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Mon, 20 Apr 2015 05:54:20 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
3d..{"stats":"error","time":"0.06 ms","message":"uid is not set"}..0..
HTTP/1.1 200 OK..Server: nginx/1.6.2..Date: Mon, 20 Apr 2015 05:54:20 
GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunke
d..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v4
..3d..{"stats":"error","time":"0.06 ms","message":"uid is not set"}..0
..



GET / HTTP/1.1
Host: ipgeoapi.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Mon, 20 Apr 2015 05:54:30 GMT
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 40
Server: thin 1.4.1 codename Chromeo
Via: 1.1 vegur
{"country_code":222,"country_name":"UA"}HTTP/1.1 200 OK..Date: Mon, 20
 Apr 2015 05:54:30 GMT..Connection: keep-alive..Content-Type: applicat
ion/json;charset=utf-8..Content-Length: 40..Server: thin 1.4.1 codenam
e Chromeo..Via: 1.1 vegur..{"country_code":222,"country_name":"UA"}..



GET /pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=swiftrecord&tokyo_csrf2_key=6f53ebf8a6444d2f3efc23b9c8a16285&tokyo_csrf2_timestamp=1429509231&slot_number=2&index_in_screen=1&index_in_session=2&0.852214463004196 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:51 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:51 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /v4/sof-installer/267123711_198339_B48A115F?action1=xa.geoip&action2=visit&action3=smt.visit.istartsurf&update1=ref,smt&update2=identifier,installer&update3=version,6.6.86.1606&update4=nation,us&update5=language,en HTTP/1.1
Accept: */*
Accept-Encoding: */*
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Host: xa.xingcloud.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 20 Apr 2015 05:54:04 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.38 ms","message":"store 4 action and 5 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 20 Apr 20
15 05:54:04 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.38 ms","message":"store 4 ac
tion and 5 update "}..0......


GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.dlzip1.istartsurf.finish,2 HTTP/1.1


Accept: */*
Accept-Encoding: */*
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Host: xa.xingcloud.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 20 Apr 2015 05:54:06 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.72 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 20 Apr 20
15 05:54:06 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.72 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=107085-
User-Agent: Better Installer(Mozilla)
Host: d1z9ocnzqrnjt0.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 178473
Connection: keep-alive
Date: Sun, 19 Apr 2015 05:23:12 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 107085-285557/285558
Age: 1722
X-Cache: Hit from cloudfront
Via: 1.1 dec3494a83e4ff26e9c5f110614a5970.cloudfront.net (CloudFront)
X-Amz-Cf-Id: eSFpTi6Q3jKCnx1z-hBbffj_50OBkTI_DhCzu4YceHNCh2MtXrrcWA==
...^]..)..;....h.d1...5^1...B...Q...z.N....WC'./..h......U.S....[...*.
>P.^jM..%i.3T5..w..$.X......?u.U...!.0..s.../..F.....i...k........9
M?.....p..3....J.Q.../s............8.0w2J"h..1...W.#[email protected].,Kao.@..:Kl
...Pk./%[email protected](j8&R..;..KE.UZ..&..........B.Y...'3D.
....K....>..6/......DM.....5B...k.I5.&....3....2..oe\[email protected]...
?...0r..J..ko...Kr.3.?A....um..r6..k......3....tX.....hQV.'.`.....X.3u
[email protected]"}.e..W.......BP.i...(GG%...P.]3".q<.A.l{.
......u..J.J.J.6Z(..-.w......)....nI\Z.B.>.xi#p. .9._(..m......"..c
...AnY.~......;..W....(..".d...EF...2..V....D..I .._..z.Y..o.......^..
.i2.c....'J...0B?............<...TM....T..)....Y../..Xg......>|m
C....O.......-7.z 9A..U..<U......Z.Q.X...i...C...D.s_...^..r..aJ...
.mm......p.......W.......'.*....LA".P......Y5np.z..../ro..>..\.$d-.
i_.g..=...*.]0$.Z:r...D. ..O*i.......B.%..K..^@...6Z....%....c...q...z
.R!].w(}.e.....R}7.c.......-...0/..i.....;..... ...'...tf.=....g>.N
...A........\..vHz.........{5.."s.........R...\.p.xj}...~=..w.V..$%...
.,o..Xa>...8.Q..E.....b.qL.K..a.....o0{...CEd/......J_n.......0T...
.#. .x...k0.....M'yr.X.U..E...oF.z.rE.oX....E...q...M..l*....q...~.`b.
.\..#..kJ..Mlt".P9..B.Y..r.j....Q.Y.1..w...%.x..nH....Mg-....#RZ.g..c.
..`no~.~.=.7y.....cI...jM;.....8.4O.Y...w..5..RZ.}..`..V..z/.{.....t..
y#Vr.9_;.-.G....s..\l^..h.]...{.^...{..`...oae....A...\&|....4.z......
....t.0...MzJ'...!.iW`x.xG#.T.Q...p..<.7...S...... q.6n=m2....o..aW
[email protected]{h;k.o....#.H.".c..<I#.b......].
<<< skipped >>>


GET /root-r3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.net


HTTP/1.1 200 OK
Date: Mon, 20 Apr 2015 05:57:22 GMT
Content-Type: application/x-pkcs7-crl
Content-Length: 594
Connection: keep-alive
Set-Cookie: __cfduid=d6f43e5fe3ac6a096410869940452b67c1429509442; expires=Tue, 19-Apr-16 05:57:22 GMT; path=/; domain=.globalsign.net; HttpOnly
Expires: Wed, 15 Jul 2015 00:00:00 GMT
Last-Modified: Mon, 23 Mar 2015 00:00:00 GMT
Cache-Control: public, max-age=7408958
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1d9e9c80724715bf-FRA
0..N0..6...0...*.H........0L1 0...U....GlobalSign Root CA - R31.0...U.
...GlobalSign1.0...U....GlobalSign..150323000000Z..150715000000Z0..0*.
.......1..F...141125000000Z0.0...U.......0*........%[email protected]
Z0.0...U.......0*........%..D...141125000000Z0.0...U......../0-0...U..
.....0...U.#..0.....K...E$.MP.c.......0...*.H...............Z.v..&...B
.....x)....'.u.}.r8.. ..i.......-..........@.:.5.v..?.. ....~V.=....R.
 .....rS....t.T_.....Y.R......p OS..2.s........(C.e.x3.#.d6L.d=.UI.;T.
.G...mx....... .......-........-.....J....$.Ko.e#......3....*..3.s...0
.........N..W?'.U...f..h..e...m.9.HTTP/1.1 200 OK..Date: Mon, 20 Apr 2
015 05:57:22 GMT..Content-Type: application/x-pkcs7-crl..Content-Lengt
h: 594..Connection: keep-alive..Set-Cookie: __cfduid=d6f43e5fe3ac6a096
410869940452b67c1429509442; expires=Tue, 19-Apr-16 05:57:22 GMT; path=
/; domain=.globalsign.net; HttpOnly..Expires: Wed, 15 Jul 2015 00:00:0
0 GMT..Last-Modified: Mon, 23 Mar 2015 00:00:00 GMT..Cache-Control: pu
blic, max-age=7408958..CF-Cache-Status: HIT..Accept-Ranges: bytes..Ser
ver: cloudflare-nginx..CF-RAY: 1d9e9c80724715bf-FRA..0..N0..6...0...*.
H........0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1.0.
..U....GlobalSign..150323000000Z..150715000000Z0..0*........1..F...141
125000000Z0.0...U.......0*........%[email protected]*
........%..D...141125000000Z0.0...U......../0-0...U.......0...U.#..0..
...K...E$.MP.c.......0...*.H...............Z.v..&...B.....x)....'.u.}.
r8.. ..i.......-..........@.:.5.v..?.. ....~V.=....R. .....rS....t
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 20 Apr 2015 05:53:57 GMT
Content-Type: application/octet-stream
Content-Length: 671328
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Thu, 23 Apr 2015 05:53:57 GMT
Cache-Control: max-age=259200
Content-Range: bytes 0-671327/671328
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........*...D...D.
[email protected][email protected][email protected][email protected]...
[email protected]............
[email protected]......."....
@.......................................... ..............."..`.......
[email protected]................
...............text....P.......R.................. ..`.rdata...^...p..
.`...V..............@[email protected]...$O.......,[email protected].
....... ......................@[email protected]..................
@..B..................................................................
......................................................................
......................................................................
......................................................................
............................................U..j.h.NG.d.....P....T.H.3
.P.E.d......M..E....Q...e.P......M.......E.....j.j..M..K...j.j..M.Q.M.
.K....E......E..M.d......Y..]...U..Q.M..E.P.pn.....P.M..4.....].......
..........U..Q.M.j.j..E.P.M.Q.U.R.M..a.....]..............U..Q.M..M...
....E...]...........U..Q.M..M......P.E.P.M..d...P.M........]........U.
.....M..E..H.;M.r..M......;E.s..M.......U..B. E.;E.s..M..Q. U..U..M...
... E..E..E.;E.s..M..M.... U..E..H. M.;.w..M.......U..B. E. E..E..M..Q
..U. U..U..E..H.;M.s.j..U.R.M..?....E.;E.tS.M.Q.M.......E..E.P.M..
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=964747-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 321495
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 20 Apr 2015 05:53:51 GMT
Content-Range: bytes 964747-1286241/1286329
X-Cache: Miss from cloudfront
Via: 1.1 0eac6f4cd808ad19eeecf0b9c481ec2d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: K-lqd1dktF320EWpnpiNcoGEdsg2h9YyJXLKEDSvUhLacTmx3dolZw==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 321495..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT..Accept-Ranges: bytes.
.ETag: "b8e31d44765d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: AS
P.NET..Date: Mon, 20 Apr 2015 05:53:51 GMT..Content-Range: bytes 96474
7-1286241/1286329..X-Cache: Miss from cloudfront..Via: 1.1 0eac6f4cd80
8ad19eeecf0b9c481ec2d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: K-lqd1
dktF320EWpnpiNcoGEdsg2h9YyJXLKEDSvUhLacTmx3dolZw==..y. ....x.L.z..V...
...i}|...V...$EN...Vd...b&b..*..39..6..<r.p<.FvD.........S<g.
..{.q.W.%7..?.`b.TwPT.l.O....N.."...#_X.&.s.d0B..M.-.$l. B*.........[.
Y....Q>@.P...4;?<T..7....I..'.......i0\.S.......g..r..|S.Q....&.
.7.f....?.X....T4..._-...N.%.....L...eX.....=.....q4.&..h.6.y....F..BJ
D....._.A.._iQ...8.#B..zI'US.;:.~.M...6.C..J.].....w..S..D...."..s..).
 xh.6.....f.Z....mjy..i0.. ...p-)..h..Z.gu.&..........a.6.......h..W.J
h...I.:....9.....&.....M.....$..8.i.I..Gk.y.F>#..zLR.B........r.'..
t..m...}.....5.;.I.z.KG... 3H....|....g..H..\G..{...,X....w..=5.n{....
.`e.VkW.....?......dn...".Z..i.a.....o.>.....s.f....V..&U...G..<
....TK.P..  .K.....*...^....ZF....l/.#.&.7......dW..3<C.QIL&...`H..
?..E.V... I.k...[!j...s...ci.f.s....cd....<O..h...b.'...X..d.......
Aq.S..;[..q..)(C...F~.;.>..........U4.=%.j|4...\....?..E..d....L...
.....&5...W..qj.D\..$...h^F$.$.%g....`...$...L.....a.4..N{..L..D....5.
.!.../.\..D...4...1zif_J...L.|...z~f.@]..Me._.H)....u..8.Zl)....7.
<<< skipped >>>


GET /pinger?event_type=offer_accepted&installer_source=better_installer&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=226e81ab89188549baf0d586a6bc816b&uniqid=6d203980cf5a21ffee449394f4bf280e&affiliate_id=network_saymediagroupapnx_1&software_id=flvplayerzief&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b3e1c5e6da0f937dacb7b1288d1d724d&tokyo_csrf2_timestamp=1429509170&slot_number=1&index_in_screen=1&index_in_session=1&0.8132998426318714 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
Cookie: __utma=1.1939043997.1429509222.1429509222.1429509222.1; __utmb=1.1.10.1429509222; __utmc=1; __utmz=1.1429509222.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:11 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 20 Apr 2015 05:53:11 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..



GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: d1z9ocnzqrnjt0.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 285558
Connection: keep-alive
Date: Sun, 19 Apr 2015 05:23:12 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 0-285557/285558
Age: 1722
X-Cache: Hit from cloudfront
Via: 1.1 f3fd7007399ffee5545abd851958bd02.cloudfront.net (CloudFront)
X-Amz-Cf-Id: YSSPigkl2uIwy7AVCmSWOOCUIKfb6rhs67nj4xQlTWHngpTj9nu_sA==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................................................................s.
......@...............................................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
[email protected]..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>


GET /webplayer/appshat/config.json HTTP/1.1
Accept: */*
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Cache-Control: max-age=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:39 GMT
Content-Type: application/json
Content-Length: 778
Last-Modified: Mon, 27 Jan 2014 15:16:30 GMT
Connection: close
ETag: "52e6784e-30a"
Accept-Ranges: bytes
{.."group-name": "AppsHat",.."program-name": "AppsHat",.."about-text":
 "Apps Hat\n(c) 2013 Somoto Ltd. All rights reserved\n\nTerms and Cond
itions:\nhXXp://VVV.appshat.com/eula/ahd\n\nPrivacy Policy:\nhXXp://ww
w.appshat.com/privacy/ahd",.."title-icon": "hXXp://VVV.appshat.com/ima
ges/16x16.ico",.."tray-icon": "hXXp://VVV.appshat.com/images/16x16.ico
",.."shortcut-icon": "hXXp://VVV.appshat.com/images/64x64.ico",.."unin
stall": "Apps Hat",.."url": "hXXp://VVV.appshat.com/home",.."width": 1
024,.."height": 795,.."cache": 86400,.."alwaysontop": false,.."program
-version": "2.13",.."start-on-windows": true,.."title": "Apps Hat",.."
tooltip": "Apps Hat",.."minimized": true,.."update-url" : "hXXp://VVV.
bigspeedpro.com/mirror/nerocrossrider/appshatmini/appshatmini_update.e
xe"..}....



GET /sd?is=sm HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP001C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Tue, 21 Apr 2015 05:53:56 GMT
Date: Mon, 20 Apr 2015 05:53:56 GMT
Content-Range: bytes 0-523271/523272
Content-Length: 523272
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................Z....... ...0.......p....@.........
................. ......k........................................s....
......................................................................
.............p...............................text....X.......Z........
.......... ..`.rdata.......p.......^..............@[email protected].......
.....p..............@....ndata.......p...........................rsrc.
...............t..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h [email protected]...\r@._^3.
[.....L$...nD...Si.. ..VW.T.....tO.q.3.;5.nD.sB..i.. ...D.......t.G...
..t...O..t .....u...3....3...F.. ..;5.nD.r._^[...U..QQ.U.SV..i.. .
<<< skipped >>>


GET /infv5/index/3428/3rd HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Host: dqoup4b5zs0bi.cloudfront.net
Accept: */*
Accept-Encoding: gzip, deflate
Connection:keep-alive


HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Date: Mon, 20 Apr 2015 05:55:37 GMT
Location: hXXp://dlrkbt247pbk6.cloudfront.net/3428_92a5d683c188790231b1aa2af09de41e/2.pak
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 3acd3697aab4ddffa8d7819441a4a4b9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: EE5MwFtIvn8nU_GpOnkpFl5OIg-IzTpg3BmvrE54Kb9FQSrbUGf8Bw==
HTTP/1.1 302 Moved Temporarily..Content-Type: text/html..Content-Lengt
h: 0..Connection: keep-alive..Date: Mon, 20 Apr 2015 05:55:37 GMT..Loc
ation: hXXp://dlrkbt247pbk6.cloudfront.net/3428_92a5d683c188790231b1aa
2af09de41e/2.pak..Server: nginx..X-Cache: Miss from cloudfront..Via: 1
.1 3acd3697aab4ddffa8d7819441a4a4b9.cloudfront.net (CloudFront)..X-Amz
-Cf-Id: EE5MwFtIvn8nU_GpOnkpFl5OIg-IzTpg3BmvrE54Kb9FQSrbUGf8Bw==..



GET /ajax/libs/jqueryui/1.10.3/jquery-ui.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Tue, 07 May 2013 09:09:49 GMT
Date: Wed, 15 Apr 2015 17:44:48 GMT
Expires: Thu, 14 Apr 2016 17:44:48 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 60666
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 389392
Alternate-Protocol: 80:quic,p=1
............kw...0.}...$.0.)r&.&.!..x..Y..{.N....!["..`.p......K......
......{WwWWU......_..N4.N.......l2.N..............=9Yw.6;?.......,.[H.
.Znv .f'.1..FL...V..ru#:/....~.US...o6..z...7.-..Ho.F,.PF.....5....%Le
U.....j..v#:..7...._.........(.M}.......V.Y..Z.g0^n.m8.A......z5..u1.S
o....o.....P...m...:..........oCY.rh.]ST.u.....yI..-..ro....Y.....^{..
..z...Z?..7........C. .S.......{`L'E.:...hN.u.5%...i/N.*..j..../_.<
9....6....T$w....EZ&wo...J..H.\L*X.o.[.c..~'..E ..........E..y3. (....
....u^M*.......gg..Yt[l.t5..<....... 8.P8.E4.G."J......8;k."I..Y...
e..u{>..N..p8{>`..._!.|.....d~*.0.x.WY$..c....L.i..44....y.M..4.
.r.....-.....gg.....o.dR.V.(..._\..[.....JT8.n.l..[.m.Q....>D.!.lDu
........y..]9.W..V._._t.=r.g..;.8.NT..S...0H.1..OG..........._....=..2
.].....~..~....._.|.2..o.......7...7.e.>.?.^~..../.x.......O.......
.._...U....o...w.?{......T.~...._?.*...:........2S)....T........}.gH..
J....x..... ...w....k..........=K.{......~?M...?....>.i>{..z....
)........ ....z.k3.Df.uR..z........u....>)..t.Q,..2......Z..*oE....
.e..8I[.x..h..}p..I&&.v.....hnv.....!..SM..l...;.y...<.8.D$.8;;....
.r....} .y8h...#...$.......]'..c...?...c..^5........u...q.x..y...5l..M
..JF........>.4..x.d.....h.s.......Hb.. ...I`....|Y..{.%....qy.."Q.
M7..#.x.P......nb.Km..A...4.\....t..fU...Q...h.8R..h...#...7M.>`..2
..h..U...8.t..9-.o.o...N..*Q...j...1N.2uzHwU........'.3L..j....<b..
.NF..V..6..V...l....\...w2...w].W../.FW....t.e.".........K....b......(
zSI...R.. <..[[email protected])pj"...)y1a.....W..]...
<<< skipped >>>


GET /software_files/flvplayer/1_0/FLVPlayerSetup.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: download.filesfrog.com
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 20 Apr 2015 05:52:50 GMT
Content-Type: application/octet-stream
Content-Length: 279752
Last-Modified: Tue, 16 Jul 2013 14:25:52 GMT
Connection: close
ETag: "51e557f0-444c8"
Content-Range: bytes 0-279751/279752
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................0......]........................................t....
.......M...........,..8...............................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@[email protected]\......
.....v..............@....ndata...................................rsrc.
...M.......N...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h ...Pj.h`[email protected]...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /sd?is=sm HTTP/1.1
Range: bytes=65409-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP001C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Tue, 21 Apr 2015 05:53:56 GMT
Date: Mon, 20 Apr 2015 05:53:56 GMT
Content-Range: bytes 65409-523271/523272
Content-Length: 457863
Connection: keep-alive
......w.&O^vX...h.........^....d....[......aQN..b4...{o.`.~2..([email protected]
#f......7:....-.j.......U.v.....zu....BY,#.Ob..AX.{.e.....Ndl@..&I....
7-f......l<....(rB..H._[.s.......R.A#.l..=X...../...%&...z..m...%.A
..k#...h.-..&Y.,.M>]H."K..[..1%7..[z5....)U&........;,d.6.........b
.[.q5..N:=CLte....PJ.......NP...N..^....c....3......U.........t.......
.F.F)7..~."v...}.<7... *...{qb.E..1^b..eU6XVm.....7...a..N...s/..w.
& ...p.....Q.MjO...hj....`La...ql6..O....UC.K[r..*K..0g...........t.&g
t;.....}...A.#f.t.....].v..X..S.$-1......O./...m%..K..`"-....o.i..:H..
...Ad./-=..?.^V.n|.....<.N..>.y..{WP.w\.7e....{tw.7...9".Ixg.^h 
.{>@...T......".!X..m4.,*.JW.`]{..0.........W........Mcj.K...;..\..
..<......c...|....o..$...r..../..Xh.=Y._....y....N.....%[email protected]`u
..Z.L.....;n.....3..H2......_O.Q...a|..<.....aE...&2...[.C.Kv.-/.n$
[email protected]..'.5`...M#n....).........?.2.~v..1.VEs.(.S5.!.E..F..%A.
....q..ze.H2..~.^... n...&v.........1.Ie...[.5.Os1L.9o...E.K..]TFE....
^.jX........1..!.b.PaUL..)..~..`.P#.k..',]> ../..x.j.V..w..b<X.b
4....;.dN.sh....oF.G;[_.{7K.{....X....]..h=.$.D.m...C.......z{...)rH..
....Z.M,.d..W..$..=....n..=..z. ."..j.q.JD6o...u.aU..)#..6....|T R.f&.
.[..{y.%...m..9.'XQ..1.c.x<....|.t.......6...mI.......u...{]>q..
.RVE-.....{g...y.Tg.....:...P..;........%.A..kc:....CF.x.Z,......,).).
..&.L.M......_.D.Dy...h6.."..:..O....{..;..!.....}?.......k.....pu._..
r... G.....F..ka ..d....~.....:...9.D......F.0R.....m....|.r....x....\
.es..o....n..5.....J.9<O^M....\5 ...2..Og.Q.....Z .. ....G.8zV.
<<< skipped >>>


GET /webplayer/flvplayer/html/jwplayer.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.bigspeedpro.com/webplayer/flvplayer/html/flvplayer.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:54:29 GMT
Content-Type: application/javascript
Last-Modified: Mon, 25 Jun 2012 13:26:00 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
600a...............[.....Wp.s.ih.8L...G$...&.f..ie....c..}.j..........
...nu..j..\.Fn|3...sgW.N|S.FQ0....v.^......~jLz.q......v#....A;.;..'..
)L/..z.^....Q...D....U...L#....mG....r...?_.....zoT......)..E.~u......
......:.....Z...m.xRk.....n.Q.2........3 R..V..q.3.....]I.,.*.5...,m5R
._ aA..V._9..a......\.7...*.Sy8.o...(..)...wFu...t:....j.._....;..Z.M.
...&..(...)t......J......R=Z)._./.....F......bt.._Ok_#......^...k.X..{
u;..Z.....).J.....E....=..r...j.8.q...^.b5........._.....ibw...y....G 
._....Y<...j.....?u..|...2p<.?.B..U.ja4....v.I....[8..{.\....VB.
w....t.8/o.<.....)........T........v..>\.:..j..^....3..P^-.{....
..vT.%... Q..8.....~.NU.....,V.....Z..V.w5 ...[^..9..Y|m.o....CY...j.j
......w..`.~1.....z.._..o1E>.....yY....8.........sS.......{....N..^
m.......uL.......K..*LFx.|y._.........G\{4..u.S..xxC.....v>..Q}(.mE
9..y...iIG..a.{ .d.<....1..]w;..h.E..c...]X..7f......^........V!...
...1......5L)1.|i...1!.3^4.v5......zh....-.v.....n..a3..'ut...W.....I.
..M....-...........a.....B..p.........p........`..Z.Y...t.zs.7w.n.?1|.
RG.=`5...G[...# ..=[..}.........L..<...... ......e..R{.e......).c..
.I..U;.,.d .Ba.{.......G.[j...p9..k?...R.o......No ..Z.{7....F..J.W..A
:9T..m.R#1..z3..<........._....{.W....#.X1..... ...Y..j.........l..
#&k;@.[.z.P.Z..h7..Y.....Z.m.....gE..../.VR.J..X..R..JD.\..~..........
N?...M.v...a.He.....?._...^......ps ...?.O*.B..e.....xo.B..4.....x..Vp
........i....Aq..N...t../. F.r..(....tn...[...U0..Z..Z.x...M...IPm...J
>9..y'.N...XEt........n*..H.8..[......M. .Q...!..H.wL.....!.nN.
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Apr 2015 05:53:57 GMT
Content-Type: application/octet-stream
Content-Length: 671328
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Thu, 23 Apr 2015 05:53:57 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........*...D...D.
[email protected][email protected][email protected][email protected]...
[email protected]............
[email protected]......."....
@.......................................... ..............."..`.......
[email protected]................
...............text....P.......R.................. ..`.rdata...^...p..
.`...V..............@[email protected]...$O.......,[email protected].
....... ......................@[email protected]..................
@..B..................................................................
......................................................................
......................................................................
......................................................................
............................................U..j.h.NG.d.....P....T.H.3
.P.E.d......M..E....Q...e.P......M.......E.....j.j..M..K...j.j..M.Q.M.
.K....E......E..M.d......Y..]...U..Q.M..E.P.pn.....P.M..4.....].......
..........U..Q.M.j.j..E.P.M.Q.U.R.M..a.....]..............U..Q.M..M...
....E...]...........U..Q.M..M......P.E.P.M..d...P.M........]........U.
.....M..E..H.;M.r..M......;E.s..M.......U..B. E.;E.s..M..Q. U..U..M...
... E..E..E.;E.s..M..M.... U..E..H. M.;.w..M.......U..B. E. E..E..M..Q
..U. U..U..E..H.;M.s.j..U.R.M..?....E.;E.tS.M.Q.M.......E..E.P.M..
<<< skipped >>>


GET /?gfe_rd=cr&ei=g5Q0VYiUCsTBNPqAgaAF HTTP/1.1
Host: VVV.google.com.ua
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 302 Found
Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=g5Q0VYiUCsTBNPqAgaAF&gws_rd=ssl
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=bf63ef0ac0e23bf9:FF=0:TM=1429509251:LM=1429509251:S=rW7wLJ39kNPJFSP2; expires=Wed, 19-Apr-2017 05:54:11 GMT; path=/; domain=.google.com.ua
Set-Cookie: NID=67=BqZlv7TQp9SEZh_EhWV24GcSEAbmUneL6UzhxQmjm9-WiBnv86-hZFoaa3yI1TIoD_dJl03P_B1rXAKGlb4cpasA5BYRYWPFoEWfHKSlYs2y-jUyH4guf5GhUX_wv1q4; expires=Tue, 20-Oct-2015 05:54:11 GMT; path=/; domain=.google.com.ua; HttpOnly
P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Mon, 20 Apr 2015 05:54:11 GMT
Server: gws
Content-Length: 276
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=1
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=g5Q0VYiUCsT
BNPqAgaAF&gws_rd=ssl">here</A>...</BODY></HTML&g
t;..HTTP/1.1 302 Found..Location: hXXps://VVV.google.com.ua/?gfe_rd=cr
&ei=g5Q0VYiUCsTBNPqAgaAF&gws_rd=ssl..Cache-Control: private..Content-T
ype: text/html; charset=UTF-8..Set-Cookie: PREF=ID=bf63ef0ac0e23bf9:FF
=0:TM=1429509251:LM=1429509251:S=rW7wLJ39kNPJFSP2; expires=Wed, 19-Apr
-2017 05:54:11 GMT; path=/; domain=.google.com.ua..Set-Cookie: NID=67=
BqZlv7TQp9SEZh_EhWV24GcSEAbmUneL6UzhxQmjm9-WiBnv86-hZFoaa3yI1TIoD_dJl0
3P_B1rXAKGlb4cpasA5BYRYWPFoEWfHKSlYs2y-jUyH4guf5GhUX_wv1q4; expires=Tu
e, 20-Oct-2015 05:54:11 GMT; path=/; domain=.google.com.ua; HttpOnly..
P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/a
ccounts/bin/answer.py?hl=en&answer=151657 for more info."..Date: Mon, 
20 Apr 2015 05:54:11 GMT..Server: gws..Content-Length: 276..X-XSS-Prot
ection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protocol
: 80:quic,p=1..<HTML><HEAD><meta http-equiv="content-ty
pe" content="text/html;charset=utf-8">.<TITLE>302 Moved</T
ITLE></HEAD><BODY>.<H1>302 Moved</H1>.The d
ocument has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&
;ei=g5Q0VYiUCsTBNPqAgaAF&gws_rd=ssl">here</A>...</
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1286329
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 20 Apr 2015 05:53:50 GMT
X-Cache: Miss from cloudfront
Via: 1.1 0eac6f4cd808ad19eeecf0b9c481ec2d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: j4WJf1hIzfx3PiXyBJZicdrr6vN1dzuM7Vsyf9vFAdq07paira8FNQ==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
.................................................s....................
...................................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.
<<< skipped >>>


GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: d1z9ocnzqrnjt0.cloudfront.net
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 285558
Connection: keep-alive
Date: Sun, 19 Apr 2015 05:23:12 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Age: 1722
X-Cache: Hit from cloudfront
Via: 1.1 dec3494a83e4ff26e9c5f110614a5970.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Kix4lkzKDByghvIEFIFpiIRzoImYTJrs6z26Pf2DwBna_gs75oB3_Q==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................................................................s.
......@...............................................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
[email protected]..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>


POST /ocsp HTTP/1.1
Host: clients1.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 107
Content-Type: application/ocsp-request
Connection: keep-alive

0i0g0E0C0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...1o..2. ..0.0... .....0...
0... .....0..
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 20 Apr 2015 05:54:11 GMT
Expires: Fri, 24 Apr 2015 05:54:11 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=1
0..........0..... .....0......0...0......J......h.v....b..Z./..2015041
9191044Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
..1o..2. ....20150419191044Z....20150426191044Z0...*.H...............g
.s{.g..*;4....|GE.Y..I.3...q.h..{..:R.o.../.QR.Ru|...^g.C;...8......h.
...... X...;E9.....7......|mz.3.Q.z.R0~.5L.O ..!oQ.B *........Z(.(U...
F.......z......d...a...~........`....O.......x....../o..^G........qC.g
..$.....3A...9`.4..2..0...JP........T...|d.HTTP/1.1 200 OK..Content-Ty
pe: application/ocsp-response..Date: Mon, 20 Apr 2015 05:54:11 GMT..Ex
pires: Fri, 24 Apr 2015 05:54:11 GMT..Cache-Control: public, max-age=3
45600..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 
1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protocol: 80:qui
c,p=1..0..........0..... .....0......0...0......J......h.v....b..Z./..
20150419191044Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....
b..Z./...1o..2. ....20150419191044Z....20150426191044Z0...*.H.........
......g.s{.g..*;4....|GE.Y..I.3...q.h..{..:R.o.../.QR.Ru|...^g.C;...8.
.....h....... X...;E9.....7......|mz.3.Q.z.R0~.5L.O ..!oQ.B *........Z
(.(U...F.......z......d...a...~........`....O.......x....../o..^G.....
...qC.g..$.....3A...9`.4..2..0...JP........T...|d.....
<<< skipped >>>

POST /ocsp HTTP/1.1


Host: clients1.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 107
Content-Type: application/ocsp-request
Connection: keep-alive

0i0g0E0C0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..Tj!.T.w...0.0... .....0...
0... .....0..
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 20 Apr 2015 05:54:12 GMT
Expires: Fri, 24 Apr 2015 05:54:12 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=1
0..........0..... .....0......0...0......J......h.v....b..Z./..2015041
9191604Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.Tj!.T.w.....20150419191604Z....20150426191604Z0...*.H.............%.n
.c.o.Cc)f.-..x..,..y.<..{..s..j..8{.:0..(.n.3.|....>..s&%c...V..
.......F..q_......E.X..U"H.`...6..a.[Um.T,O..........D\D;.!.......Us."
...v........{..R......XM......E.....7...nn!...n43gcF.7..'.\q.....(0]H.
.......GK."............j.&y.I.$.Z......7.[0>...2.HTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Mon, 20 Apr 2015 05:54:1
2 GMT..Expires: Fri, 24 Apr 2015 05:54:12 GMT..Cache-Control: public, 
max-age=345600..Server: ocsp_responder..Content-Length: 463..X-XSS-Pro
tection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protoco
l: 80:quic,p=1..0..........0..... .....0......0...0......J......h.v...
.b..Z./..20150419191604Z0k0i0A0... ..........j.....p.I.#z...(~d..J....
..h.v....b..Z./..Tj!.T.w.....20150419191604Z....20150426191604Z0...*.H
.............%.n.c.o.Cc)f.-..x..,..y.<..{..s..j..8{.:0..(.n.3.|....
>..s&%c...V.........F..q_......E.X..U"H.`...6..a.[Um.T,O..........D
\D;.!.......Us."...v........{..R......XM......E.....7...nn!...n43gcF.7
..'.\q.....(0]H........GK."............j.&y.I.$.Z......7.[0>...2...
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 1286329
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 23 Mar 2015 22:35:33 GMT
Content-Range: bytes 0-1286328/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 f3fd7007399ffee5545abd851958bd02.cloudfront.net (CloudFront)
X-Amz-Cf-Id: da4biMUdYR-8i04bBQ_FpLsgEWQt_hP9_OtB6GbWLU6Ha82y_n416Q==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
.................................................s....................
...................................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.
<<< skipped >>>


GET /sd?is=sm HTTP/1.1
Range: bytes=130818-261636
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP001C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Tue, 21 Apr 2015 05:53:56 GMT
Date: Mon, 20 Apr 2015 05:53:56 GMT
Content-Range: bytes 130818-261636/523272
Content-Length: 130819
Connection: keep-alive
.Y#./[email protected]}R...;B...,..vgQ4...W..O&..
..=.......s../y.wa.h.0p$.Vf.J...JD..j5..........;...Y.....:k.tT=..x./.
...E..n...........$.s=.....)8p.E....B..c.$..Vj;.,.t.D|6d.B.lp.>Y.C.
........w.^|..Yx.P`N..j.RN.. ...~...Lok.....o..m%`,@,.....J.S...jM@...
..#...J..h..U^...`.RV.,^z..1.d/>?.u.\......{.r.l....M........e.&...
[.6<..M.......h.^...H.)..6.........../.O.]........W}. ...$..x9.9.i.
......)..~..b.T.........f...<8...C..$>YC............t..R.....`.*
[email protected]..`.....i...X.y...1.KQ...w,d.....4Oxn..
..... (....6.MY. .u...".Q.Fn.D..<..o..M.......&ZYJ.b5.24o...M...j..
$...l>.`rlx~..~F6Zh..>..`...i.y..-.e.....2.. ..CCkx...&.g.....j.
.Y......V.5...5.[....z.J.....R..x..u..i...|.....Y.s..-s.1.>...F....
.G...YWH.0.H.... .6=AQ.s.......%..3n.S.,..RY.D%...l.G^..Ny.QMb...>.
.=.1:h8.2.......%.Qv.=.g.i.........{.~.o....5.1g[...._ .C.o.=.....%...
[..[..i....Z/.z..i..UP.......8...sX..Y......iYI...C.(E7..S..9...H,L...
e..^ N.7...x.Qp.J.T....xz}.....&.%...<,. ..{s.=..Vp.........'./....
..Zv9.m..P.f..8....w...`..pJ....>a.'(....s'...l|t.....WO ..)3......
2.....F...@...#.v........29.#..w.-...nN..S"w..b........4.HY.......>
.v..?......>.#..\...sA.......W....^pS.z......9..%Q.l...7.}...[..*&l
t;  rq.L:....[.$7=.=B.mE-......)s..KM...........!..s..xa2...v3..uF...g
O.G'.B.e..-...z#..ck{`.v....`gx....Eg........`[email protected]...'.A....
.Z...LVAQd.q..( ...........6...6....P"..~.9......47..T.....IE..([.S.O.
|o.1{Ue..?C^-................T9P.pb..B#.....0_B....:#....v....8<
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=482374-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 803868
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 20 Apr 2015 05:53:51 GMT
Content-Range: bytes 482374-1286241/1286329
X-Cache: Miss from cloudfront
Via: 1.1 0eac6f4cd808ad19eeecf0b9c481ec2d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: fJA4_QgdNdwMdZrRtRE0PtSeDQOuGN-FlU-GuAQD4Y-TWaBvhX3oOA==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 803868..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT..Accept-Ranges: bytes.
.ETag: "b8e31d44765d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: AS
P.NET..Date: Mon, 20 Apr 2015 05:53:51 GMT..Content-Range: bytes 48237
4-1286241/1286329..X-Cache: Miss from cloudfront..Via: 1.1 0eac6f4cd80
8ad19eeecf0b9c481ec2d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: fJA4_Q
gdNdwMdZrRtRE0PtSeDQOuGN-FlU-GuAQD4Y-TWaBvhX3oOA==....'.....yR..T'...&
..].R .^...s...I....,..]c....d.2m.V..rw......e[..B.... [email protected]!
.u..,...!".DR..N.}..A....p..zB...f_..E......-Bq.m.........=........{.9
(#.Z....k......A..d..L....f...Y.^.m..MMW#EOc..._.w.^q...........S...C.
.o...2N..b"Q...N.......k..........S...RF.t.<7.."..b=l.-_.2..v..l...
[email protected]"?jN...A...W .F1.;...*bdY.....,;y...c....|#.........d..C.t....
.fGK..)..b..g9..b......._...J.!........W...a..7./.0o%...&Q.E.He....*.a
..Y...uqAaw..e.Y...x..-h`-......^.&%.m/.....xe......9..`....3>.L.Y.
....9..9..1........Y..m....1.se8...\c.......vT...P..w.a.9..2..%.dR....
.....Wc.../T#............$.N..n.J.2.....vi.p..Xpl.v..-....9.y.]2..E..^
....Z.?r...j7..#.a.P.......9_..,r.1......4.......~......6...Z{d..V.V..
..u3.L.O}8q.5..{|.[...M:qa.D.....j..WjB ..k.....J0..A.r.....B.4U...d..
.e=WB.L...xY.4m?y6..]......fe........i.6.)....:f..e.y,...G(4...<."=
bW.X.....'...7..|.F..&..a....0{.3H.d..V..O].$R7>wO......w}...NWx...
O...5`F..;0Q..u>....P.#..d.......]Fy.q.re.."|.i?^?...r)9......,
<<< skipped >>>


GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=214170-
User-Agent: Better Installer(Mozilla)
Host: d1z9ocnzqrnjt0.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 71388
Connection: keep-alive
Date: Sun, 19 Apr 2015 05:23:12 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 214170-285557/285558
Age: 1722
X-Cache: Hit from cloudfront
Via: 1.1 7f7973dbad51e74b2ad2ed854cd62fbf.cloudfront.net (CloudFront)
X-Amz-Cf-Id: pGxXeDEezC-cdJr8SB_GIEPxdES_InJUo_yGUaFruuYh4xfKm1ppSA==
a...:X.h0...d...,Q..b:..... <o..^..z.nI...n..b..3........$.#....k..
m...L:M..^..b..j.*G.:c'^T... .k..|..?D...c....\..P.}[email protected].
...x.X..7.[.f...!......g...)aT......k.....1..K.....ou74.U..#.k3-...N..
.....t....u8n.7.c.2..7J... ...h..s......[.V..44.a..<.- .....x..O2oZ
*...u.....oY...T..k..r. z'._GC..B.W.9&1......'.~/].2 v~..:f.=.x<0.}
.e3F/5..b..<!..H...1)......V~G...7.........A..1VS..s.!6.k.J6...h.o.
..8..A^[email protected]>.[.Z...I..P..................Y..... .I."....s....6
d..<F-..[....\]^... C4w>..'j$.qT........J .{..\....X>........
......|EU.*................c..Q.<......Mk..%....1c...8.g:...=.d'.R.
..Im,O.o$..Q.....O..fS43.(...`..........M.s...Rx..[.|:...&.^.....c....
..)...>.6.C4c".%..O..r.Cg.........|._...9..m.h.6.;.Y.L.~).M..]A\...
e.u`...U....s.X....m.....1y|.....k......~..uEi.$...J..pK.:Xt.....z9.bu
*...1:.C....`.]..N.oR.....0..(.5U!.*....$.......3t.0..Vd6..H....6.9N,.
...)T....e.h.."..N6..nUE.......Z..d.........&.....`..1..............b9
..K..g..9Md...K...6q.?...MU.GW.c.C..Ppfw..u.{.."..]....wf|k./(BX......
V...p>...'.;..(..Q.....9.:...R.v";...zv\;..Ow.2...7.~.IT.D..mu.k.OG
w....<U.....x.. ...i.....W.5|w.#....DR.w.}..r......D...^Y..v.... 05
...K.:.{..}Q...t.Y......P..#Hl....2........&c.....C.*...D....l...v.K.v
D.wC..vK4..W.P.).X.....Z..;V2......,j....q./.q.i..d.........\..F.._a..
.U....T...m...d.....>....{z.tf.T..%...5.. NF.......).....:.b,..O.Yq
.....u/oT<.`[email protected].|T..mVLY.......C(
E.....F...e|...hu.\.\. .....~ ....I.).9<[email protected]....|`_.G!R9L
<<< skipped >>>


GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 05:02:25 GMT
If-None-Match: "a1132b8ef65d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Tue, 24 Mar 2015 05:02:25 GMT
ETag: "a1132b8ef65d01:0"
Cache-Control: max-age=900
Date: Mon, 20 Apr 2015 05:57:25 GMT
Connection: keep-alive
....


GET /pki/crl/products/WinPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 07 Mar 2015 06:01:44 GMT
If-None-Match: "dde36a309c58d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Sat, 07 Mar 2015 06:01:44 GMT
ETag: "dde36a309c58d01:0"
Cache-Control: max-age=900
Date: Mon, 20 Apr 2015 05:57:25 GMT
Connection: keep-alive
....


GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 05 Mar 2015 06:01:35 GMT
If-None-Match: "cf2633d6957d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 05 Mar 2015 06:01:35 GMT
ETag: "cf2633d6957d01:0"
Cache-Control: max-age=900
Date: Mon, 20 Apr 2015 05:57:26 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Mo
dified: Thu, 05 Mar 2015 06:01:35 GMT..ETag: "cf2633d6957d01:0"..Cache
-Control: max-age=900..Date: Mon, 20 Apr 2015 05:57:26 GMT..Connection
: keep-alive..



GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.hp HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 20 Apr 2015 05:54:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.14 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 20 Apr 20
15 05:54:08 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.14 ms","message":"store 1 ac
tion and 0 update "}..0......


GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.finish HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 20 Apr 2015 05:54:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.41 ms","message":"store 1 action and 0 upd
ate "}..0..



GET /s/abel/v6/3YEwT2a1878zysq92S8_9w.eot HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: fonts.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: font/eot
Last-Modified: Thu, 28 Aug 2014 18:23:54 GMT
Date: Thu, 16 Apr 2015 23:44:24 GMT
Expires: Fri, 15 Apr 2016 23:44:24 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
Content-Length: 10793
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 281416
Alternate-Protocol: 80:quic,p=1
..........e.eL.\..w..eq/..NY..].w..RX......R..h.[..}.7.....;.3.$s..L..
[email protected][email protected]..........,.....rL....-........C..
....x.......%...............S..o...}.0.......8....e.N!Keg.i.2e.x$f....
.J"R..b.?m.I9X%.1.C.zI..Ah^aJ I.w..%S.A..NJ...!8...vIC..S..H...%......
GD..]...4m%%....n.R..i..n.T..$..W..E.Sm.-*[email protected].~%....1.9u.
...1V..{xh....I..H..4.i..N...B..1.......;.<......e.?/...1.Jy ..`;..
$...k.p....:.L.-.......r....s..\..1_X.h.I....$o....d.C.cga~F.-..F.....
?.0~...C.'.7d...r..3..}....&=......9...q..7.....x/^:.K..Ec.......f.hx(
X..:... ....... J......%KX..1..0.kNX:.W...).......J.z..2....4b.......2
'.Gm9e..wS.Tx.dS.....=....j#.}..V...c..s.H......#.....G.r......\:.E.61
..D.7... I...y.9g!...L.%...8J..3.^F.8....]BgG.,^i......?.88v...;....&g
t;l=\x...O{..N.D.A.K.....O.b]o.....,.5...lW-N;....11-X..'.:.%..j....".
G%V.....G..Xg.......n....0w-."[email protected].'....p$....G4..p....V.w.......[|.
....C.........h..bB.Qc.`..K..v.|...eK..7.Vj...z.....fv.&PB.K.T.2..|1..
.._x..5...O....l."...(h...............W..Q....D_.&U...S....5..].......
.6.k.=......^......i./:.F0./..r_.........9.......7!...a.."...s........
.....3'.lz...k..H.$...wF.7...tlUI.^aH.Q..K.eZ.....IF.]kj..0.....f|:...
.....R.....\Q.mG....]/<....}1.1.>...b(<.\B.\...}.e........o(.
.>.o.=F..z.J"...l.....Ua?S..a.".3-q@v...$.'F..lNn&~0..Sy*......Y...
..p.......R*....T.G%M?....i..Y.8'..,F..Z.k....b....S......P.%x...0W...
]@;O...l..W....W.C(.....<..^.Y.(t=.#s....5..7.I.....}....E3.{~.....
. .^...1.....A[.....1l.R....jYX...7.`b.`.F.......Wh....X...)...Qt"
<<< skipped >>>


GET /images/Tokyo/tokyo_sprite_full.png HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/downloader/network_saymediagroupapnx_1/flvplayerzief/e1b82b8d0881034aa57a76140e007cf2?muid=AD2252CE007468623BD139B0ADEC3423&v1=:v1:&cv=:cv:&v=2.1v=2.1&uid=e1b82b8d0881034aa57a76140e007cf2&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: d2z5psu5fxw71b.cloudfront.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 26401
Connection: keep-alive
Server: nginx
Date: Sun, 19 Apr 2015 04:52:46 GMT
Last-Modified: Tue, 14 Apr 2015 08:31:54 GMT
ETag: "552cd07a-6721"
Expires: Sun, 19 Apr 2015 05:02:46 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
Age: 494
X-Cache: Hit from cloudfront
Via: 1.1 7478bdcbf5784d7106d1a78b67205bbd.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 3n2lPHR3bktVoZmTTdHLCRIgv2vhthsNoRha61XLneKvXjBHYA8mUw==
.PNG........IHDR...............-)....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:080CC8DDBD6511E3B018CC78
0203A0F9" xmpMM:DocumentID="xmp.did:080CC8DEBD6511E3B018CC780203A0F9"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:080CC8DBBD6511E3B0
18CC780203A0F9" stRef:documentID="xmp.did:080CC8DCBD6511E3B018CC780203
A0F9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>..!C..c.IDATx......G}.....9....,....;...Mx.
1..!.l...`............{..%.q...o..qp ...1.flA0..E.d......vW..W/S..3..I
gF:....5=..=}..3....._.B>......!...%.....RJr....e...m......M...uW*.
.v..j.J.b.~.w.7QI/....{.@...)]....}.Ugf......eM.u..].N."c%.,.V...;.5..
}.v.......A...l>.;.>O....Lo..ku^......3.8....x./M.G]5y.(P....p..
.X..^.z.....R._ ..m..u/|.......:D.Z....\........;\....k.....|x>7\."
....RLi.$.%ZWo\......o.]]q...|.r.......Y.3.mal...d{{..W.....fQ.-......
.j5..e.....6............k(......b^k.....|miA....A$..(;o.??D.p.S5S'..KW
.......=....>..H..f.5....N.t...6 .......0w.0.`.......x.y....S{.
<<< skipped >>>


GET /affiliates/filesfrog/eula.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://bi.bisrv.com/network_saymediagroupapnx_1/flvplayerzief/226e81ab89188549baf0d586a6bc816b?v=2.1&uid=226e81ab89188549baf0d586a6bc816b&muid=AD2252CE007468623BD139B0ADEC3423
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: d2z5psu5fxw71b.cloudfront.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 19 Apr 2015 04:56:21 GMT
Last-Modified: Sun, 26 Oct 2014 17:23:05 GMT
Expires: Sun, 19 Apr 2015 05:06:21 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 213
X-Cache: Hit from cloudfront
Via: 1.1 e304d4e56271f7d91c20bba3960460e2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 0x_TPw-3jEmLE_AAKeKX98EqlmVWZ64QdT0J-iY_9M_76HQsNSC_9A==
14eb.............Zks.F.....Yn....I;.....-..$l(B.@)*.7..C.1.p.P........
@.....Jb..G?N.t...?..at{..U.N...t..U..`p..p0.E#..Et9Vo..UT.Y.TI...`.N:
.............C?/..(.<r.7.l...j....y....e..u..'/,.....4.e.........R.
.F.t*.X.~..c.....IGo.xX..y..[...E.3..zH.y.._........H.....:Zl...;:...Q
.~..Gw?.....E.M.....z.7S....I.M..f.I.TW.....U.......(.u..../.&.g.;....
O.^.._?v..O?...:....q.....X$..*.K.q..|...........s.........9>.....d
v_?.Y..).g1.._.z......lD.......E....N..~i.,..i....&.tVa..o>5[.!s..V
.h....a...p.uu....-`..........l......j..<}...$^...G...|.....&....Y.
.J...#.>j...~. .......v..vz.....og.......2H...W.....5..J...f...p...
...o...)F.....Z.P>j....1\t.........J.....@.}=:M(..AU............P_.
......G...X.B$..Q3..Qt.=.$M.............~..........f..q.NZ.......S..S.
yk.|=@;.&.vA....WMN^.S.z/..S.-...|..N.b.......dhR.u7i%2.......4.K.....
.Y..J.....U\...,....'j.j.*."..a\...4.\...&W........MV&7..r...7.Jp.v...
...........c.(..,..Y.B.f.<Ks..u....d.%k.o....@:..7._7....=..._|.^Dj
..L......../...,O............b.do.k....G_.$3.Vey..Sy....U...O...<..
-.u.>.U%..W........V......X...o.,.$8..........|j..T-._7.......kodi.
[email protected]\G....u....;...b.........\g...:...}=e.......8.F...B.
..W. ..Ig...8..B`|.......Q.d.3`.Y.Z.NH..dz...p...=.V0...S......-..j...
.rQ.K5...v.....!.t.....Im....'.(.z.).....*......c.j.gs)DK...Z%........
..w.......P._G..u'.....u/.I.N...u'...*g2R...G..G.>.._(....u01p...:.
{6..oe.3..W...\...%....?.y..OB....v..w.#.`.S...\.M.......,..g......[5.
...7.[7...i.......y.B...;A....C'..(.P.............:....{`S.(B.e..7
<<< skipped >>>


GET / HTTP/1.1
Host: VVV.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=g5Q0VYiUCsTBNPqAgaAF
Content-Length: 260
Date: Mon, 20 Apr 2015 05:54:11 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=1
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=g5Q0VYiUCsTB
NPqAgaAF">here</A>...</BODY></HTML>..HTTP/1.1 302
 Found..Cache-Control: private..Content-Type: text/html; charset=UTF-8
..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=g5Q0VYiUCsTBNPqAgaA
F..Content-Length: 260..Date: Mon, 20 Apr 2015 05:54:11 GMT..Server: G
FE/2.0..Alternate-Protocol: 80:quic,p=1..<HTML><HEAD><m
eta http-equiv="content-type" content="text/html;charset=utf-8">.&l
t;TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>
302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.goo
gle.com.ua/?gfe_rd=cr&ei=g5Q0VYiUCsTBNPqAgaAF">here</A>..
.</BODY></HTML>....



GET /installer.gif?action=started&app=65743&appver=0&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=D8EC08FCD9F84930B2B635022F4942AEPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_43&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1073750533&asw3=-2147483648&asw4=32768&crtnm=na&mdat=&procstarttime=1429509267&procruntime=3&rnd=1429509270 HTTP/1.1
Host: stats.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: TqPDldUADKe6dCIqNVg78C98YIKtAbYaFpLesXXRCZBORL7kwNMZuP8r8C5QNpAg88zga6tzvi8=
x-amz-request-id: DD592DE8FEB1EEB7
Date: Mon, 20 Apr 2015 05:54:31 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:56 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: TqPDld
UADKe6dCIqNVg78C98YIKtAbYaFpLesXXRCZBORL7kwNMZuP8r8C5QNpAg88zga6tzvi8=
..x-amz-request-id: DD592DE8FEB1EEB7..Date: Mon, 20 Apr 2015 05:54:31 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:56 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /installer.gif?action=finished&LFMR=_ffDll_0&app=65743&appver=&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=D8EC08FCD9F84930B2B635022F4942AEPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_43&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1073750533&asw3=-2147483648&asw4=32768&crtnm=na&procstarttime=1429509267&procruntime=11&rnd=1429509278 HTTP/1.1


Host: stats.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: VeeNaWTOba8 ldY4xPHgzyuf 06gc2WLxbtfR mv4Y5A9VwKkM2MjQXeBObuQH0x NGE/ sS/R8=
x-amz-request-id: EA40AADA3F9AF0A5
Date: Mon, 20 Apr 2015 05:54:40 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:56 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /apps.gif?action=install&app=65743&appver=&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=D8EC08FCD9F84930B2B635022F4942AEPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&installtime=1429509267&lifetime=0&silent=1&crtnm=na&procstarttime=1429509267&procruntime=12&rnd=1429509279 HTTP/1.1


Host: stats.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: q2Wrc4QyCmWvmB2JBjIqYHM22phRSwsRkMGHC EtUrT/ibWc/msXJ3ziLniqFXCjYy/UKM/zOUg=
x-amz-request-id: 8241FE3B64011336
Date: Mon, 20 Apr 2015 05:54:40 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:45 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=603989, public, no-transform, must-revalidate
Last-Modified: Mon, 20 Apr 2015 05:40:05 GMT
Expires: Mon, 27 Apr 2015 05:40:05 GMT
Date: Mon, 20 Apr 2015 05:57:31 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0......Qw.}`[email protected]
0054005Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q.
.%Qq.........w.O.....20150420054005Z....20150427054005Z0...*.H........
.....jBq`.<.. . ...FG--&.......b..}&..."[email protected]..$%.........T
......A...G&S...v.o..k./&.....BJ.C...z..Nu:...y....HT...1H.#n....1.E0.
...{".........M...X.}..GT..%..=..a....)2...v .!....)E....]'..O'.....d,
........ ......t...g..O.{h..1(..y..i...w$...Y=.q?...C.....0...0...0..y
.......^..........N...)0...*.H........0J1.0...U....US1.0...U....Thawte
, Inc.1$0"..U....Thawte Code Signing CA - G20...150303000000Z..1506012
35959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code Sig
ning CA - G2 OCSP Responder0.."0...*.H.............0............).Z...
....O.~.l...,\.3.".'.'W .ih./..}OA...K...HJd....K^..<.....-.rWJ.j.U
.._......W.../.6....J.y.u-.\...2..U.52B.>...=F...RbR.y.zm.......{b.
bj....Y..J..m...*=.^......V.}p......rmA......9.L ...{?.g.-Y...........
.8...k.$.:.5..6#4..F.#....t.B.8.O)'F.p).........d0b0...U....0.0...U.%.
.0... .......0...U........0... .....0......0"..U....0...0.1.0...U....T
GV-B-32450...*.H..............C.....8.Aw.{....`...y1N...W4M..M.J.3~..7
#}..X..:x..5....$...Z^%.?6..e...}I.)....... .A.w......_...B..j.T..Yu.o
.....g....H....q.Ju.SA`K.....~..O_.....S....I>..O.X..E.......]...y.
.L..F....K......../...._XSk6.:a};.?`...:^.....p....4Z.3L;.......t....&
gt;.....j....
<<< skipped >>>






The Application connects to the servers at the folowing location(s):







ProtectWindowsManager.exe_3688:




.text
`.rdata
@.data
.rsrc
@.reloc
j.Yf;
_tcPVj@
.PjRW
SHELL32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
MaxPolicyElementKey
pExecutionResource
SHLWAPI.dll
USERENV.dll
%dYeArdMoNthdDaY
file_url
GET %s%s%s HTTP/1.1
Host: %s
%sUser-Agent: Mozilla/4.0 %s
POST %s HTTP/1.1
%sContent-Type: %s
User-Agent: Mozilla/4.0
Content-Length: %u
%*s %d %*s
%*[ ]%[^
?456789:;<=
!"#$%&'()* ,-./0123
ShellExecuteExW
SHDeleteKeyW
GetWindowsDirectoryA
GetProcessHeap
GetSystemWindowsDirectoryW
KERNEL32.dll
USER32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyW
ReportEventW
RegOpenKeyW
ADVAPI32.dll
PSAPI.DLL
InternetCrackUrlW
WININET.dll
WS2_32.dll
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpReadData
WinHttpAddRequestHeaders
WINHTTP.dll
SensApi.dll
VERSION.dll
GetCPInfo
.?AVunsupported_os@Concurrency@@
.?AVinvalid_scheduler_policy_key@Concurrency@@
.?AVinvalid_operation@Concurrency@@
.?AVinvalid_oversubscribe_operation@Concurrency@@
.?AUITopologyExecutionResource@Concurrency@@
.?AVExecutionResource@details@Concurrency@@
.?AUIExecutionResource@Concurrency@@
.?AUIExecutionContext@Concurrency@@
zcÁ
.?AVCHttpClient@@
.?AVCTcpipSocket@@
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
6!676$717
,050'101
7"7&7*7.72767:7
1!1%1)1-11151
00S0d0
5 5$5(5,505
? ?<?@?`?
3 3@3`3|3
combase.dll
kernel32.dll
mscoree.dll
- CRT not initialized
- Attempt to initialize the CRT more than once.
- floating point support not loaded
USER32.DLL
portuguese-brazilian
advapi32.dll
WindowsMangerProtect
SOFTWARE\supWindowsMangerProtect
xa.geoip
visit.heartbeat
hXXp://xa.xingcloud.com/v4/sof-windowspm/%s?action0=%s&action1=visit&action2=%s&update0=ref,%s&update1=nation,%s&update2=language,%s
hXXp://xa.xingcloud.com/v4/sof-windowspm/%s?action=%s
hXXp://xa.xingcloud.com/v4/sof-windowspm/%s?action=visit.heartbeat.%s
hXXp://xa.xingcloud.com/v4/sof-windowspm/%s?action=visit.heartbeat.%s&update3=version,%s
Report Start.
C:\DoStartTEST.DAT
Report Heart beat.
ProtectWindowsManager.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
TypesSupported
%s is already installed
%s installed
%s failed to install. Error %d
%s is not installed
Could not remove %s. Error %d
WindowsProtectManger
Advapi32.dll
/c ping 127.0.0.1 -n 2 > nul && del
"%s" %s
psapi.dll
Explorer.exe
update.exe
%s_%s
\\.\Phys
hXXp://
Software\Microsoft\Windows\CurrentVersion\Internet Settings
http=
..\Src\json\src\json_value.cpp
..\Src\json\src\json_reader.cpp
xxxx
WinHttpClient
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
hXXp://xa.xingcloud.com
..\Src\json\src\json_writer.cpp
Assertion failed: %s, file %s, line %d
WindowsMangerProtect Service
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
WindowsMangerProtect service
SysTool PasSame LIMITED
Windows SysTool Service
20.0.0.1953
Windows SysTool.exe

ProtectService.exe_4012:




.text
`.rdata
@.data
.rsrc
@.reloc
GET %s%s%s HTTP/1.1
Host: %s
%sUser-Agent: Mozilla/4.0
POST %s HTTP/1.1
%sContent-Type: %s
User-Agent: Mozilla/4.0
Content-Length: %u
%*s %d %*s
%*[ ]%[^
?456789:;<=
!"#$%&'()* ,-./0123
file_url
E:\supsoft\SupSearchProtectV4\SearchProtect\Bin\Release\ProtectService.pdb
GetProcessHeap
GetSystemWindowsDirectoryW
KERNEL32.dll
USER32.dll
RegOpenKeyW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
SHELL32.dll
MSVCP110.dll
InternetCrackUrlW
WININET.dll
WS2_32.dll
SHLWAPI.dll
MSVCR110.dll
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_calloc_crt
__crtGetShowWindowMode
_amsg_exit
_wcmdln
__crtSetUnhandledExceptionFilter
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WINHTTP.dll
SensApi.dll
VERSION.dll
PSAPI.DLL
USERENV.dll
.?AVCHttpClient@@
.?AVCTcpipSocket@@
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
2-2v2
hXXp://
Software\Microsoft\Windows\CurrentVersion\Internet Settings
http=
WinHttpClient
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
hXXp://xa.xingcloud.com
xxxx
%u_%u
%s_%s
%s_X
\\.\PhysicalDrive%d
UpDateProcess.exe
hXXp://VVV.theviilage.com/searchprotect/up?ptid=%s&sid=%s&ln=%s_%s&ver=%s&uid=%s&dp=%s
g{2EFFE99D-743D-44D0-BBF2-F9DDDEA2F92D}
Global\{5F26509F-29FE-4598-8800-FA22CE9CC17F}__Mutex
Report HeartBeat
cmdshell.exe
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=visit.heartbeat.%s&update0=ref,%s&update1=nation,%s&update2=language,%s&update3=version,%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action0=xa.geoip&action1=visit&action2=install
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=uninstall
explorer.exe
Advapi32.dll
"%s" %s
psapi.dll
Explorer.exe
json_value.cpp
ljson_reader.cpp
ProtectSvc.exe
4.0.1.2105

HPNotify.exe_3284:




.text
`.rdata
@.data
.rsrc
@.reloc
<9%uo
wszUrl
strUrlTemp
hKEY
strSelUrl
strUrl
strConfUrlTemp
strDsUrl
strHpUrl
strCmdLine
tCPW
%UUUU
Vot.VotF%qt
e_GetBrowserCurrentHpUrl
e_GetBrowserCurrentDsUrl
URLDownloadToFileW
URLDownloadToFileW ret:0XX
Error : %d
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.1.3
monochrome
unsupported bit depth
`'\%D,3
Run-Time Check Failure #%d - %s
%s%s%p%s%ld%s%d%s
%s%s%s%s
RegOpenKeyExW
RegCloseKey
del /s/q %1\*.*
%suninstall.bat
E:\supsoft\SupSearchProtectV4\SearchProtect\bin\Release\HPNotify.pdb
KERNEL32.dll
GetKeyState
USER32.dll
GDI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteA
ShellExecuteExW
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHDeleteKeyW
SHLWAPI.dll
MSVCP110.dll
MSVCR110.dll
_calloc_crt
_CRT_RTC_INITW
__crtGetShowWindowMode
_amsg_exit
_wcmdln
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtSetUnhandledExceptionFilter
GdiplusShutdown
gdiplus.dll
IMM32.dll
DeleteUrlCacheEntryW
WININET.dll
COMCTL32.dll
GetProcessHeap
#*1892 $
%,3:;4-&
.?AVCActiveXEnum@DuiLib@@
.?AVCWebBrowserUI@DuiLib@@
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*' />
3?3
1-2}2
77t7
9":,:6:@:
12u2
: :$:(:,:0:
4 4$4(4,404
>$?(?,?0?
2 2$2(2,20242
0 1@1\1|1
hXXp://VVV.bing.com/
hXXp://VVV.yahoo.com/
hXXp://VVV.google.com/
%sconf
web/?type=dspp&
web/?type=dspp
hXXp://VVV.v9.com/
Itemd
BrowserAction.dll
%u_%u
%s_%s
%s_X
\\.\PhysicalDrive%d
\\.\Scsi%d:
UrlEdit
conf.xml
hXXp://v9.com/license_agreement.html
hXXp://v9.com/privacy_policy.html
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=set.show.%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=set.other.%s
%stmp%d.tmp
urlmon.dll
main.xml
explorer.exe
Global\{5F26509F-29FE-4598-8800-FA22CE9CC17F}__Mutex
IeWatchDog.dll
BrowerWatchFF.dll
BrowerWatchCH.dll
Global\GUID(6D05BFEC-4307-4649-8963-962A24345DF4)
msimg32.dll
User32.dll
WM_KEYDOWN
WM_KEYUP
WM_SYSKEYDOWN
WM_SYSKEYUP
0xX
keyboard
msftedit.dll
password
%s%s%s
Correct password required
%s\%s
WebBrowser
transshadow
transshadow1
dest='%d,%d,%d,%d'
dest='%d,%d,%d,%d' source='%d,%d,%d,%d'
source='%d,%d,%d,%d' dest='%d,%d,%d,%d'
M-d-d
WebBrowserUI
errorUrl
{D27CDB6E-AE6D-11CF-96B8-444553540000}
user32.dll
MSPDB110.DLL
ADVAPI32.DLL
/c ping 127.0.0.1 -n 2 > nul && del /s/q
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
%Program Files% (x86)\XTab\skin\
SupHPNot.exe
4,0,1,1716
SupHPNty.exe

WebPlayer.exe_456:




.text
`.rdata
@.data
.rsrc
@.reloc
8%u:j
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
operator
GetProcessWindowStation
KERNEL32.dll
EnumWindows
USER32.dll
GDI32.dll
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
COMCTL32.dll
urlmon.dll
GetProcessHeap
GetCPInfo
.?AVIKeyValueStorage@@
.?AVCWebPlayerEventsCallback@@
.?AVCComWebPlayer@@
.?AV?$CComCoClass@VCComWebPlayer@@$1?GUID_NULL@@3U_GUID@@B@ATL@@
.?AV?$IDispatchDynamicImpl@VCComWebPlayer@@@@
.?AV?$CComObject@VCComWebPlayer@@@ATL@@
.?AVCWebPlayerView@@
.?AV?$CWindowImpl@VCWebPlayerView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@
.?AV?$CTrayIcon@VCWebPlayerView@@@@
.?AV?$IDispEventImpl@$00VCWebPlayerView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$IDispEventSimpleImpl@$00VCWebPlayerView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$_IDispEventLocator@$00$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
zcÁ
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
2 3$3(3,3
getWebBrowser
hXXps://
hXXp://
Advapi32.dll
Software\WebPlayer\
javascript.debug
javascript.show_errors
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
icons\main.ico
WebPlayerEngine
WebPlayer\
scripts\config.xml
window.placement
icons\tray.ico
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
mscoree.dll
KERNEL32.DLL
WUSER32.DLL
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
&About WebPlayer
WebPlayer
Replace%Select the entire document
Arrange Icons/Arrange windows so they overlap
Cascade Windows5Arrange windows as non-overlapping tiles
Tile Windows5Arrange windows as non-overlapping tiles
Tile Windows(Split the active window into panes
1.1.0.0
WebPlayer.exe

WebPlayer.exe_3544:




.text
`.rdata
@.data
.rsrc
@.reloc
8%u:j
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
operator
GetProcessWindowStation
KERNEL32.dll
EnumWindows
USER32.dll
GDI32.dll
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
COMCTL32.dll
urlmon.dll
GetProcessHeap
GetCPInfo
.?AVIKeyValueStorage@@
.?AVCWebPlayerEventsCallback@@
.?AVCComWebPlayer@@
.?AV?$CComCoClass@VCComWebPlayer@@$1?GUID_NULL@@3U_GUID@@B@ATL@@
.?AV?$IDispatchDynamicImpl@VCComWebPlayer@@@@
.?AV?$CComObject@VCComWebPlayer@@@ATL@@
.?AVCWebPlayerView@@
.?AV?$CWindowImpl@VCWebPlayerView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@
.?AV?$CTrayIcon@VCWebPlayerView@@@@
.?AV?$IDispEventImpl@$00VCWebPlayerView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$IDispEventSimpleImpl@$00VCWebPlayerView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$_IDispEventLocator@$00$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
zcÁ
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
2 3$3(3,3
getWebBrowser
hXXps://
hXXp://
Advapi32.dll
Software\WebPlayer\
javascript.debug
javascript.show_errors
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
icons\main.ico
WebPlayerEngine
WebPlayer\
scripts\config.xml
window.placement
icons\tray.ico
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
mscoree.dll
KERNEL32.DLL
WUSER32.DLL
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
&About WebPlayer
WebPlayer
Replace%Select the entire document
Arrange Icons/Arrange windows so they overlap
Cascade Windows5Arrange windows as non-overlapping tiles
Tile Windows5Arrange windows as non-overlapping tiles
Tile Windows(Split the active window into panes
1.1.0.0
WebPlayer.exe






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    smt_istartsurf.exe:1504
    ProtectWindowsManager.exe:3688
    ProtectWindowsManager.exe:3640
    %original file name%.exe:2884
    ProtectService.exe:4012
    ProtectService.exe:3988
    XTab_Setup2121.exe:3788
    FLVPlayerSetup.exe:2432
    wpm_v20.0.0.1953_0302.exe:3600
    biclient.exe:560
    biclient.exe:1144
    biclient.exe:2984
    F121.tmp:2564
    QQBrowser.exe:2876
    QQBrowser.exe:3536
    01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe:3680
    powershell.exe:2172
    powershell.exe:2876
    powershell.exe:2728
    appshat_generic.exe:3884
    HPNotify.exe:3284
    cmdshell.exe:4076
    appshat.exe:924
    webplayer_installer.exe:3644
    webplayer_installer.exe:3388
    Bxaze.exe:3424
    cscript.exe:3144
    cscript.exe:1172
    

    2. 

  2. Delete the original Application file.
    3. 

  3. Delete or disinfect the following files created/modified by the Application:
    

    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\checked.png (222 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\checkbox_select.png (783 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\conf (79 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\code1.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\bg.png (5064 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\XTab_Setup2121.exe (76650 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\checkbox.png (545 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\474.db (168 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\eg1.zip (190202 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\scrollbar.bmp (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\bg1.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\unchecked.png (135 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\code5.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\loading_bg.png (159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\button.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\code3.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\MessageBox.xml (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\eg2.zip (244632 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\Thumbs.db (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\UninstallManager.exe (60186 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\bk_shadow.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\sweetsearch!1.0.0.1031.xpi (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\button1.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\474.json (512 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\Thumbs.db (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\quick_searchff#5.4.10.xpi (6360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\close.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\code6.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\QQBrowser.exe (5199 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\min.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\QQBrowserFrame.dll (3616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\DataBase (26688 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\code2.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\uninstallDlg2.xml (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\code\code4.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\tmp\wpm_v20.0.0.1953_0302.exe (16944 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp528718\images\loading_light.png (139 bytes)
    C:\ProgramData\WindowsMangerProtect\update\conf (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE781.tmp (6479 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\biclient.exe (8793 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\config.ini (107 bytes)
    C:\ProgramData\IHProtectUpDate\update\conf (5 bytes)
    %Program Files% (x86)\XTab\CmdShell.exe (49 bytes)
    %Program Files% (x86)\XTab\msvcp110.dll (536 bytes)
    %Program Files% (x86)\XTab\msvcr110.dll (876 bytes)
    %Program Files% (x86)\XTab\web\img\loading.gif (5 bytes)
    %Program Files% (x86)\XTab\skin\btn.png (2 bytes)
    %Program Files% (x86)\XTab\install.data (68 bytes)
    %Program Files% (x86)\XTab\web\_locales\zh-CN\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\_locales\en-US\messages.json (3 bytes)
    %Program Files% (x86)\XTab\HPNotify.exe (17941 bytes)
    %Program Files% (x86)\XTab\conf (1594 bytes)
    %Program Files% (x86)\XTab\web\js\library.js (4216 bytes)
    %Program Files% (x86)\XTab\BrowerWatchFF.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi5F01.tmp\System.dll (23 bytes)
    %Program Files% (x86)\XTab\web\_locales\es-419\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\indexIE8.html (1794 bytes)
    %Program Files% (x86)\XTab\web\_locales\pt\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\ver.txt (47 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-BE\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\input_bk.png (2 bytes)
    %Program Files% (x86)\XTab\web\_locales\pl\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\_locales\it-IT\messages.json (4 bytes)
    %Program Files% (x86)\XTab\skin\conf_back.png (1623 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-CA\messages.json (3 bytes)
    %Program Files% (x86)\XTab\uninstall.exe (1343 bytes)
    %Program Files% (x86)\XTab\skin\btn_apply.png (6 bytes)
    %Program Files% (x86)\XTab\skin\conf.xml (8 bytes)
    %Program Files% (x86)\XTab\web\indexIE.html (1 bytes)
    %Program Files% (x86)\XTab\web\_locales\ru-MO\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\js\xagainit-ie8.js (4 bytes)
    %Program Files% (x86)\XTab\skin\about_bk.png (1436 bytes)
    %Program Files% (x86)\XTab\web\_locales\es-ES\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\main.xml (4 bytes)
    %Program Files% (x86)\XTab\web\img\icon48.png (3 bytes)
    %Program Files% (x86)\XTab\BrowserAction.dll (33992 bytes)
    %Program Files% (x86)\XTab\skin\radio_2.png (3 bytes)
    %Program Files% (x86)\XTab\searchProvider.xml (8 bytes)
    %Program Files% (x86)\XTab\web\_locales\it-CH\messages.json (3 bytes)
    %Program Files% (x86)\XTab\ProtectService.exe (5468 bytes)
    %Program Files% (x86)\XTab\web\js\js.js (18 bytes)
    %Program Files% (x86)\XTab\ffsearch_toolbar!1.0.0.1028.xpi (15 bytes)
    %Program Files% (x86)\XTab\skin\logo.png (5 bytes)
    %Program Files% (x86)\XTab\web\js\xagainit2.0.js (4 bytes)
    %Program Files% (x86)\XTab\web\main.css (19 bytes)
    %Program Files% (x86)\XTab\web\_locales\vi-VI\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\_locales\ru\messages.json (4 bytes)
    %Program Files% (x86)\XTab\skin\close.png (3 bytes)
    %Program Files% (x86)\XTab\web\data.html (20 bytes)
    %Program Files% (x86)\XTab\web\img\logo32.ico (4 bytes)
    %Program Files% (x86)\XTab\web\img\icon128.png (9 bytes)
    %Program Files% (x86)\XTab\web\js\jquery.autocomplete.js (12 bytes)
    %Program Files% (x86)\XTab\skin\about.png (4 bytes)
    %Program Files% (x86)\XTab\BrowerWatchCH.dll (23 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-FR\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\img\icon16.png (628 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-CH\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\settings.png (5 bytes)
    %Program Files% (x86)\XTab\web\js\jquery-1.11.0.min.js (4726 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-LU\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\js\ga.js (1568 bytes)
    %Program Files% (x86)\XTab\web\js\common.js (2 bytes)
    %Program Files% (x86)\XTab\web\_locales\tr-TR\messages.json (4 bytes)
    %Program Files% (x86)\XTab\SupTab.dll (15946 bytes)
    %Program Files% (x86)\XTab\IeWatchDog.dll (20 bytes)
    %Program Files% (x86)\XTab\web\_locales\pt-BR\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\img\google_trends.png (7 bytes)
    %Program Files% (x86)\XTab\web\_locales\zh-TW\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\rigth_arrow.png (2 bytes)
    %Program Files% (x86)\XTab\skin\radio_1.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\modern-wizard.bmp (26 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\modern-header.bmp (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\webplayer_installer.exe (7069 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\nsDialogs.dll (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE0CD.tmp\webplayer-flv.rtf (2104 bytes)
    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (3568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\4dfa5bcd08236142b5420a1deefa56ef[1].htm (26548 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.0 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.1 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.2 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.3 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.4 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.5 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.6 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F121.tmp.7 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT (768 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\e1b82b8d0881034aa57a76140e007cf2[1].htm (25449 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.1 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.0 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.3 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.2 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.5 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.4 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.7 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.6 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.7 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.6 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.5 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.4 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.3 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.2 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.1 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.0 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe (71289 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.2 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.3 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.0 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.1 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.6 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.7 (12321 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.4 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.5 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\tokyo_sprite_full[2].png (1276 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\ajax-bidl[1].htm (206 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\eula-swiftrecord[1].htm (4337 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\eula-istartsurf[1].htm (1059 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DCJ619B4.txt (688 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0QLRXUB5.txt (548 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\54UVVXWF.txt (288 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\tokyoLightGrayStripesBG[1].jpg (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FLVPlayerSetup.exe (18768 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\ga[1].js (25835 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\tokyo_sprite_full[1].png (3701 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\eula[1].htm (1610 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\flvplayer[1].png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\eula-youtubeaccelerator[1].htm (2690 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HQX9MJX4.txt (688 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\EODL2VLO.txt (116 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\226e81ab89188549baf0d586a6bc816b[1].htm (34870 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\UserInfo.dll (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\NSISEncrypt.dll (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\nsJSON.dll (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Swift Record\lm (128 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\WmiInspector.dll (3137 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Swift Record\mj (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\IpConfig.dll (4254 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Swift Record\tlg (41 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnFAE2.tmp\nsExec.dll (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\include\tools\urlrequestor.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\include\speed_dial.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\es\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\pl\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code1.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\zh-CN\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\newtab.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\last_tab.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\fr-CA\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\simple.css (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\pack\ga.js (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code2.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\fr\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\button1.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\js.js (660 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\474.json (512 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\icon.png (628 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\checkbox_select.png (783 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\MessageBox.xml (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\index.html (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code5.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\pack\xagainit.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\fr-LU\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\bg1.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\bk_shadow.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\settings.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\pack\common.js (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\loading_bg.png (159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\misc.js (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code4.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\google_trends.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code3.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\button.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\quick_start.xul (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code6.jpg (5 bytes)
    C:\Users\Public\Desktop\Mozilla Firefox.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\tr\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\module\hotSearch.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\min.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\install.rdf (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\ru-MO\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\en\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\es-419\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\close.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\it-CH\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\lib\jquery-2.1.0.min.js (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\googlelogo.png (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\include\tools\about_blank_hook.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\2369.tmp (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\uninstallDlg2.xml (19 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\defaults\preferences\fvd.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\module\search.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\checked.png (222 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\scrollbar.bmp (37 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\checkbox.png (545 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\include\tools\misc.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\vi\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\properties.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\en-US\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\defaults\preferences\preferences.js (379 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\logo.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\module\mostgrid.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\2339.tmp (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\loading.gif (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (486 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\bg.png (673 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\pt-BR\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\addonmanager.js (531 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\loading_light.png (139 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\include\tools\popup_image_helper.js (693 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\unchecked.png (135 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\2349.tmp (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\zh-TW\locale.properties (1 bytes)
    C:\Users\Public\Desktop\Google Chrome.lnk (2 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\style.css (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\skin\default_logo.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\UninstallManager.exe (14022 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\Thumbs.db (42 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\ru\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\fr-BE\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\aes.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\restoreprefs.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\2399.tmp (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\modules\remoterequest.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\it\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\module\stat.js (4 bytes)
    %Program Files% (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml (553 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\lib\jquery.autocomplete.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\js\lib\doT.min.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome.manifest (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\Thumbs.db (27 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\content\quick_start.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1429509249_xpi\chrome\locale\fr-CH\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\WebDataJs (40 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\375.js (685 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\339.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\221.js (419 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\234.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\288.js (969 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\354.js (5118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\7500741a9065ecf69dfd112421772ba4.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\d6ec1dab117f4ac2f2f5d541daed79e2.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\2e0fa692e5e7d961bb9d81cfa1ac2966.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\1.js (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\crossrider_statusbar.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\242.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\255.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\icon24.png (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\5febde0bacdab7a8f3ec6ce44e0b706b.js (964 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\button3.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\d4ed991ff40a229a0622e0606a37327b.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\install.rdf (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\72.js (1601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\83f6d845993575c3d94fcc78e4f7ef92.js (26 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\2141b52706ef745b2a22e75e33895245.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\bedd2ff3c8cd163718841dffba2e2bef.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\9.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\update.css (144 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\skin.css (909 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\9941ee745cddfe1005b7e7089b614a4b.js (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\ffCoreFilesIndex.txt (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\9136010c804a2840f7d7c27e5d1afcd7.js (134 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\2c336850160e00c5eb623004e5ec3aca.js (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\button5.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\281.js (461 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\183.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\userCode\extension.js (358 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\184.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\6889d563da5c48a8ce768e0edc93745a.js (618 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\182.js (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\253.js (741 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\ed25e4865e773eba7e25f1996c5a4bce.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\options.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\panelarrow-up.png (921 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\180.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\button2.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\6c7811f10cfb98b9f1763b5345d85e98.js (357 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\22.js (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\670dbbe403c6360b6052e5f363ed450b.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\379.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\438b972f6294cdfbae9eca34e441ad3e.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\345.js (663 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\button4.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\browser.xul (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\be027ac44fbc92bdd651ab8bc10b05b3.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\21.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\195.js (414 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\220.js (1592 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\13.js (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\01582ac40322b6d7683825c62a0263ad.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\223.js (829 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\e055ba096a4270f84e5bdb65a438e474.js (28 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\1cfe04157632e78d46fbd4494cd08061.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\390.js (829 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\c74ac2e4f6f4f31cc4cb7288d9c2f772.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\177.js (816 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\29f86db80793dfda37ea151f81b1eb0a.js (651 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\5f3def1ffe21b50407f4186bf271625a.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\4a3c378be3c0a1c88251e33fb294c23b.js (20 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\a23949c9b6c9e24ee54e99e4f08ebb4f.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\d558fdbf24bb49e9fd8ea5834f2d8296.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\14.js (808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins.json (24 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\16.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\defaults\preferences\prefs.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\27b108c0cebbe4aab1ad8c391e83b331.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\c12defd337be815c0c356e8185da5647.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\200.js (813 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\207.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\98334486106663b4a30c7033eca32d66.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\acbac258ab8930f55df2737a7623316e.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\button1.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\102.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\246.js (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\dda43c892e467b84c5c5a65c0f78f43a.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\1cd092e31d00a3d88980638b1aacad86.js (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\91.js (6772 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\fcd1e3efcc56376494881a5840f44668.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\popup.html (353 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\75993412f37946fca43501df135b9101.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\icon16.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\12870b8beedc10c7c2e7042a752c1a96.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\d3a5f2653762702a2d5ebd74ef211e17.js (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\icon48.png (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\252.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\9431c4a640636e5a4800c356296cd644.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\64.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\4.js (3410 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\385.js (805 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\manifest.xml (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\78.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\47.js (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\options.xul (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\62284fa1d9293d5cff57e6447dac23c8.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\28.js (506 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\b445e40fee926becbc6a7fa6a5bf3e58.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\locale\en-US\translations.dtd (429 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\98.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\search_dialog.xul (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome.manifest (634 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\7.js (689 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\391.js (801 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\background.html (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\userCode\background.js (640 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\dialog.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\d274b38a69a3c51f8a7bff7fc4721094.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\skin\icon128.png (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\installer.js (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\api\33b7793cc2e4404931497edf64c26ed3.js (947 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\376.js (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\chrome\content\core\b2d1b826ecaf80956e7bcf1153760d27.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]\extensionData\plugins\17.js (2473 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Z9YJCFQI1MV9W6A67Z2Q.temp (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\M7HQKF4UAF82FVOBWXHD.temp (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KK2R8BFBENLRQWIY85BV.temp (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi6124.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\AppsHat Mobile Apps\Uninstall.exe (164 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\setup[1].exe (747439 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi6124.tmp\webplayer_installer.exe (8184 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi6123.tmp (10027 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi6124.tmp\appshat.exe (796935 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi6124.tmp\inetc.dll (808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\home[1].htm (2911 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\logo_illust[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\css[1].css (155 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\loading[1].gif (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\567f43cb72fe3ac6419369953394cadd[1].png (48808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\6a12dc1a298e870b610a58a56ba0f5ec[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\cc3148e57a2928cd1ada1bbea553c3c2[1].png (1160 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\jquery.smooth-scroll.min[1].js (194 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\83a4cee7a59522b93ed0ae1fa73ce8f3[1].png (2888 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\0692c2494a7331a77c05954f79c5480a[1].png (8415 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\config[1].json (778 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\7c9d412c730603d1d82b98a548a71bac[1].png (8048 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\logo[1].jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\442a5f30204dd385d17de5848683274f[1].png (14528 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\5dbc29649669598ff43174b9ee730008[1].png (2888 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\btn_bg[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\3d8bbea6bcae57d705c676f7050a7d51[1].png (4648 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\jquery-ui.min[1].js (121499 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\lightbox[1].js (5015 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\e54e8c720dffffa619c3b0eacec9381a[1].png (3040 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\ddb3b88cf98eb0220c9e6c252e376749[1].png (14770 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\3YEwT2a1878zysq92S8_9w[1].eot (1831 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A38GVI67.txt (225 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\b85261679e262228a562f693b3e6ef6f[1].png (25186 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\lightbox[1].css (426 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\5.0stars[1].jpg (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\jquery.min[1].js (55196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\c16ddcefe8d9f0d1f850dfcd8f36687d[1].jpg (4844 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\ac5196fbf245580eee113296dff14d0b[1].png (11125 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\3.0stars[1].jpg (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\13ca8e322e15bc394d66a37bec12e3b4[1].png (28899 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\da84c206c2019448521379d2ff837774[1].png (4648 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\1f8ffa22b53dfc2f6b7f1850bb6b73e8[1].png (16853 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\58d196b3e886a838d021adc8c8848f1e[1].png (1160 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\a6ae526a0a22dcfc743a66d44a3e09e3[1].png (30704 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\00c73f6d4e4eb25289dddb86e2d1e319[1].jpg (1928 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\52d5414e7372639389ab7e9e4d479aee[1].png (28804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\59982d8527c0da41e35817e8fc15c0fc[1].png (4648 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\36d7cd00f07003a67021237993257d08[1].png (8991 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\3.5stars[1].jpg (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\product[1].css (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\7d4f668f3d1818d01b6b9684b669d0db[1].png (5696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\e94782c9200f8de809a50327879df1cc[1].png (20166 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\4f263f4be4c4396c9078d1874c05b928[1].png (5568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\close[1].png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\7fb9f4ca0fa96299334c18ee76c7b68b[1].jpg (4196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\78HVEMLQ.txt (91 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\scripts[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\a64a4b5c68c364d30083fbd0b0363585[1].png (22958 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\ace33f0a1eddf74bbe8d1bfac70deded[1].png (10360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\4.0stars[1].jpg (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\style[1].css (181 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\bg_main[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\589b1e936e1f038dc45bd8ffff59b359[1].png (18109 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\f3ad8b396434c21b4c214fd667ee391d[1].png (1928 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\4.5stars[1].jpg (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\f1ed3cd0cae7a3524376e6f9369c7ab8[1].png (6969 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\b147a5a09b49b133d347bd975a4c5616[1].png (1160 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\f4e4b853ddab3b763f0af17d513631bd[1].png (23469 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\d586df222f5069b6c396373d67d0163b[1].png (26324 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\7e5817bad781bbc2d2e43b350ccb53db[1].png (4648 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\analytics[1].js (16603 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\0d2eb87d6982e1321cd3e3735ca5ca4c[1].jpg (7352 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\07fce0a4ff78cc7e6376e227f046ce06[1].png (41304 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\23428f8768d928d2bd45dd3b0c4d0057[1].png (20904 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\bbbde9554589bda63791709a6785e0a3[1].png (11295 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\bg_header[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\btn[1].png (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\gui_btn[1].png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\jquery.min[1].js (54904 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\flvplayer[1].htm (1156 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\flv_02[1].jpg (7736 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\jwplayer[1].js (88375 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\logo[1].png (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\config[2].json (905 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn6B9E.tmp\xiwrlae.dll (2119 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn6B9E.tmp\rypiyr.dll (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn6B9E.tmp\Mfuyqgtg.tmp (394440 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn6B9E.tmp\zwqnxb.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn6B9E.tmp\Bxaze.exe (1490062 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\storage.js (979 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\WebPlayer.exe (7533 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\web_player\initialize.js (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\common.js (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\initialize.js (66 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\main.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\main.ico (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\Uninstall.exe (843 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\jsonstorage.js (651 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso9CAD.tmp\nsExec.dll (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\config.xml (823 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\json.js (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\shortcut.ico (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\web_player\web_player.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\installer.js (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\xhr.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\tray.ico (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\stub.html (680 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\event_listener.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\utils.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\io.js (751 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi6F75.tmp\nsExec.dll (14 bytes)
    %Program Files% (x86)\App Lid\utils.exe (76402 bytes)
    C:\Windows\Tasks\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5_user.job (74 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.dll (46916 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\igzjjofm.dll (13 bytes)
    C:\Windows\Tasks\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5.job (74 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\rypiyr.dll (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy6F37.tmp (662695 bytes)
    %Program Files% (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505.xpi (2321 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\raqkdgbq.dll (3410 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\uxdfkxs.dll (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\mipntrzne.dll (30112 bytes)
    %Program Files% (x86)\App Lid\Uninstall.exe (601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\zwqnxb.dll (23 bytes)
    %Program Files% (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5.exe (7385 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\System.dll (808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\451461 (4095 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\ipgeoapi_com[1].json (40 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\loubc.dll (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\kbfew.dll (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd6F57.tmp\353336 (91765 bytes)
    %Program Files% (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe (9147 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\32x32[1].ico (892 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe (204 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\icons\main.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\config[1].json (905 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\icons\shortcut.ico (242 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\icons\tray.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Play online FLV files.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\flvplayer[1].ico (1150 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\scripts\default_config.json (940 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\scripts\config.xml (824 bytes)
    C:\Users\"%CurrentUserName%"\Desktop\FLV Player.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\scripts\default_config.json (791 bytes)
    C:\Users\"%CurrentUserName%"\Desktop\AppsHat.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\shortcut.ico (6242 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\main.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\64x64[1].ico (4955 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\scripts\config.xml (819 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\16x16[1].ico (1150 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (204 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\AppsHat.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\tray.ico (1 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "network_saymediagroupapnx_1" = ""

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "AppsHat" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "FLV Player" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe"

    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 

  6. Reboot the computer.
    7. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now