Installer.Win32.InnoSetup.2_152a68b06d

by malwarelabrobot on April 13th, 2018 in Malware Descriptions.

Trojan.Win32.Generic!BT (VIPRE), Trojan.InstallCore.3278 (DrWeb), Application.InstallCore (A) (Emsisoft), Installer.Win32.InnoSetup.2.FD, Trojan.Win32.Sasfis.FD (Lavasoft MAS)
Behaviour: Trojan, Installer


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 152a68b06d68a5bed60b1ed6e2d4bb27
SHA1: e6281d8fef224f8e9f1cc797833d5a777da91384
SHA256: 2f9d22bcd327d9aac82c6b70a105293219dfefb430a5e90f02d7cdfb806be882
SSDeep: 49152:d2nBcc6 OmiL5MKK84q88A7 X8v0YuWVRHGpfv:0nBcG25MKK/qsk8vbuKRiv
Size: 1725648 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company:
Created at: 1992-06-20 01:22:17
Analyzed on: Windows7 SP1 32-bit


Summary:

Installer. An installation package.

Payload

No specific payload has been found.

Process activity

The Installer creates the following process(es):

%original file name%.exe:2580

The Installer injects its code into the following process(es):

%original file name%.exe:2060

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:2060 makes changes in the file system.
The Installer creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Close.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Quick_Specs.png (221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\004D62C9.log (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\JA.locale (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\004D61B0.log (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Color_Button_Hover.png (798 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\EN.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Close_Hover.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\main.css (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\browse.css (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\CS.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Grey_Button.png (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\csshover3.htc (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\checkbox.css (190 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\bootstrap_41693.html (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\PT.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\sponsored.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\ProgressBar.png (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Icon_Generic.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\FR.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\PL.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Resume_Button.png (718 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\ie6_main.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\TR.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\RU.locale (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\button.css (417 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Progress.png (104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\BG.jpg (39 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\vlc_101_w7_2[1].jpg (23026 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\form.bmp.Mask (244 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\FI.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\images\button-bg.png (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\progress-bar.css (506 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\ES.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\IT.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Pause_Button.png (577 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\NL.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\DE.locale (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Loader.gif (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Grey_Button_Hover.png (756 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Color_Button.png (810 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\images\progress-bg.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\images\progress-bg2.png (978 bytes)

The Installer deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\004D61B0.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\004D62C9.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\bootstrap_41693.html (0 bytes)

Registry activity

The process %original file name%.exe:2060 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\152a68b06d68a5bed60b1ed6e2d4bb27_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\152a68b06d68a5bed60b1ed6e2d4bb27_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\152a68b06d68a5bed60b1ed6e2d4bb27_RASMANCS]
"EnableFileTracing" = "0"
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\152a68b06d68a5bed60b1ed6e2d4bb27_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\152a68b06d68a5bed60b1ed6e2d4bb27_RASAPI32]
"FileTracingMask" = "4294901760"
"EnableFileTracing" = "0"
"MaxFileSize" = "1048576"
"FileDirectory" = "%windir%\tracing"
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3D 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "708992537"

[HKLM\SOFTWARE\Microsoft\Tracing\152a68b06d68a5bed60b1ed6e2d4bb27_RASMANCS]
"EnableConsoleTracing" = "0"

[HKCU\Software\Classes\Local Settings\MuiCache\63\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\SOFTWARE\Microsoft\Tracing\152a68b06d68a5bed60b1ed6e2d4bb27_RASMANCS]
"ConsoleTracingMask" = "4294901760"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Installer deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: Nekodinap
Product Version: 3.7.4
Legal Copyright: File Lite Installer
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description: Nekodinap Setup
Comments: This installation was built with Inno Setup.
Language: Sami, Southern (Sweden)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
CODE 4096 40240 40448 4.57591 a93159cbaa3c9c5e97066eadb291806b
DATA 45056 592 1024 1.90742 1ee71d84f1c77af85f1f5c278f880572
BSS 49152 3724 0 0 d41d8cd98f00b204e9800998ecf8427e
.idata 53248 2384 2560 3.07115 bb5485bf968b970e5ea81292af2acdba
.tls 57344 8 0 0 d41d8cd98f00b204e9800998ecf8427e
.rdata 61440 24 512 0.14174 9ba824905bf9c7922b6fc87a38b74366
.reloc 65536 2244 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 69632 68152 68608 3.40853 b202c844522b974250ef04926313b1bb

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://rp.bitstowervault.com/ 54.72.212.121
hxxp://info.bitstowervault.com/?sheda=1 54.154.81.16
hxxp://os.bitstowervault.com/AfterDawn/ 52.213.172.218
hxxp://images.videolan.org/vlc/screenshots/1.0.0/vlc_101_w7_2.jpg 88.191.250.2


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /vlc/screenshots/1.0.0/vlc_101_w7_2.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: images.videolan.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.13.12
Date: Wed, 11 Apr 2018 22:55:12 GMT
Content-Type: image/jpeg
Content-Length: 256277
Connection: keep-alive
Last-Modified: Mon, 04 Apr 2016 08:00:02 GMT
ETag: "57021f02-3e915"
Expires: Wed, 18 Apr 2018 22:55:12 GMT
Cache-Control: max-age=604800
Cache-Control: public
Cache-Control: must-revalidate
Accept-Ranges: bytes
X-Clacks-Overhead: GNU Terry Pratchett
......JFIF.....`.`.....C..............................................
......................C...............................................
........................ ...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..!rY...
S.........Nz.S...pA.C.-H.. ....].p3R6....\.Q....=..Zdl..~...sR.L.}.7..
$.3T.Dd`.....s.(S..E>8..9...!b..H'..h.-...h.3...j...o.$c...."..t.&l
t;9......mj<.H;O9.3U..q...U.o..ilc=.5.9..z..........W.G.'hb?.?..H..
b...@.?.M....%..}zV..`...f.............J...T.^A.......X..........V..wr
...j....FD...@.9.O{..l\..v..1..VY|......@......N..#...Y.\.j...z.....f.
.....(.n..w,...P}k.....3.......M.....*.1..qP.-\.$...x.F.o. 2..y..W...D
H B....Fs.}~.......i..&Ud......^...>.....Q....>..g.g...8=...skN.
..i.@`.lX...s..j..W.7-#.8n...Z.|=.h.......\.?.tZw..QF....I#..~O..d.I..
.........q....D..Y..#...a|..N. ...e.......z.1...OB.'.V...9.fq.9.......
<.K[..RM.;...=K.q...D.....FG\v...W ...".&. v...........7.@..wl..O.e
k_.....)..3.......... .Z...8..........|.........Fr:...W.x.G.%....%v.1.
.Z...G...9K.%[wB.G.._8.S.c..}..[;..O~?........%s...w......npk.@v...T..
.L....UP...%..i.. ....A..8.G.U..)?.FO..Z....M).a#.Y<..2......U.
<<< skipped >>>


POST /AfterDawn/ HTTP/1.1
Accept: */*
Host: os.bitstowervault.com
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Content-Length: 2912
Cache-Control: no-cache

.I..~...$$....... ...c-$....[..f.`w.l.2-.......9...9....B... [.S2}S...C...0......B..&......xwX...O.O...p.......R|...7K..........R.K...{..i
.;/..[Q...l.o."....>....I"......?....Ey.`...o:u|G......8m63.Q0.?.bH.%>...u'v.......F.9..m....x......s.g.WM.(...v..7.A83..u.6....x;7.@|..5....4...M..#{..c[.M.....F..V.../7.6E.4."
..'.^.......A...J.S.......9..z'....O.N...Z..N.L..../_..........F.kIZ.N.8.W......*.....V....I..^.r..w..`)....3...z.....&...Q.u......|u{...wn."34.c..j.. .*.Ly%...e.
..../l...2.e=...*.b..H...j/{..6.By.[..8. rV.U...........)sta..i/.S .....w.#...gr.z08..^.... z"..*..O'D.*JS..>..3.#.lp...x.6..C.aI..v.F..X..
t.V6...1.(.. .j..2..5.F..6i..[.sgw.
....\z.....3....[8x.8...X.$ta]LX4UG].x.?.=..z...C-. iO.[..l....T1=...?8.@z..]=U..i...nQR...H.
.0....K...y.5.....!7........I...n.w...E..!....'..a...h.V....7..4....{.........4.i..'..M._..K]H.I.......[..G<.r..j..i]V).7/..P3..^.^.(,N....R.........R.=8A..E.....E...MvI.."..X...L...e.~.AA%...s28...m;dg[.$<.....8..r-.|m..].t..P..c.uSL.&..!..&kX..N....^......U..Do6......F.*..*....T1.....|.>!..P......p4..pj@V.a....Y...W.4.S..m.kv....R..(W.[.;..q]...4/.*.^..Qn..4.9?.....4......N.!...`~.~2=..y.......k-cK.Y..kZ.8...(..N........a..&...?l....l.E{0..,$..y..[p..}......%.. ...o&C..8#.z..}._...U.V.F....h.{..8.........K.?.#J..BN.YN.......|.....%..-.d}k..3F`..z.".H...
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/plain
Date: Wed, 11 Apr 2018 22:55:12 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: nginx
X-ICSCT-CC: UA
X-ICSCT-GICSET: 36hotfix540
X-ICSCT-IP: 194.242.96.226
X-ICSCT-ISP: Pitline Ltd
X-ICSCT-ORGANIZATION: Pitline Ltd
X-ICSCT-SERVER-NAME: ads-slave-1123-b-production-eu-west-1-i-0c7d28ad09f223e1d
X-ICSCT-TIMESTAMP: 20180411175512397
X-ICSCT-VERSION: 1.12.3
X-ICSCT-XC: 1f3cfb072bc5ded412eb0f20eaa0b3fa349c056a
X-ICSCT-XS: 4eb2a71f144207bedf4780e5a4e4f0d4c17ad472
X-Powered-By: PHP/5.5.38
X-Robots-Tag: none
transfer-encoding: chunked
Connection: keep-alive
3604...(#... .... T......`...xz.....).w..<....:....M....).).1q....&
gt;$.>...m*.`.L.?Wyk.Z.54..{.$.....W..f..k...."..o.......2.~o8.i..^
.wD.....u}b......LP...P..P..-.p.L..S.E.I.|......*i@.m.u...l...C7<0.
X<eR3D.~.E.d.,.......f....w"....2.Lh[aWr.. u.U_.>...b..#.....q..
..W&....7Ie3.].Au.Ln.a.......j..ph.IbJ....&2.../..b... ..F...p...B...e
.....q2%...$...vE.}..B[M...."mQm.n]...0u.d8....m....Ha..U.El..%.E..9..
.pi....K....7....3....AM......~..0O..Q.j..f........6Q.......zy.P.r.C.9
q.d..L..[9....K..Z.O....D..]C.W.|...}....... ........1....jh...T-wT%.2
.<.]p..7D.hU....o%(..D....`N.P..f....vR!...g0hDt.....91B..........l
?..Z.Qt.....X.....Q%."..u..x........K..w.........[...I."........[..pF.
z..V.*..........V...P[..>...0......;.?:..Vi.....$.....=....r.......
m.q....]..4..eW.kX;.H.q......7.Av^Ty.........&.-...........E.K.7x.V...
*...*...)K......!...@....m.:.]k.A.......sp...ZV.#....=<eX>.a..1[
...YT.?........}N....*v_|....,.Z.".....|T/.\...@3%6]."..T!v....d.3.\..
....#Y."....-].".T{'.....\...DT!.2.....*.4.<. .......$...@.....B.}.
b....... p..b....v_.".....(T!.\...M.W.^.#.\....T..Y...<.F.S.'.....@
. .\....T!.....\..}@.\g.._........)]d"...j.f...R.!.\."...... ...b..@..
.UEP...@G......6.R."......W./.G ._... .~...Z.%\..r_>i .d.K.d.`.>
..."...V............j.....%..<.,V].b.@..p..:...26].".TT!.......Z.W.
aGi%....C.t...u/..04...O.k.....Q.:LF.C..ho#...s.&2`.8..LB.<'z...P".
..O...Ks...~..r.F.........k.A.vA..W.pE..'..E..u.d...Wi..&.......b&....
x......d.<...&UPC.ug8W....h...e...`C2.....9O6...-4............"
<<< skipped >>>


POST /?sheda=1 HTTP/1.1
Accept: */*
Host: info.bitstowervault.com
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Content-Length: 176
Cache-Control: no-cache

.^.S...N)Tw?.G{&... .D...FL.a.....U... ..%.F.A.....\;.....Y.\W..|.....5x.c..mx.$...............$>J-.....
W......P..K....b3.U35.d@..j..=..*.t..s3...s..k...V)
.:d....)...ffI
).
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: text/plain; charset=utf-8
Date: Wed, 11 Apr 2018 22:55:11 GMT
Content-Length: 1260
Connection: keep-alive
 zx5VUv3RXE6RSksa3sjzp4hnhpEc2kwWTVXDhNWwEFWU5cbpOKTcgSFF9e5wyCNeyYu6o
uYazFoIikzFCLB/W/8wgdQZnJpBqufUVo5pIH0BHq7bxPtKherAhjXzhi0KhfsdVJR5GcQ
07QfhlMWBA2TLa7MAn adJAjXkBNfXVlwhL5iZ/iTXhw8vaIhD1P28S5hR0aaikczQaCyg
J/M48hjFEMEdVBxGPTrjS pX0cUtzTsBURdjYMm2 SHubmsbM ru8kYcc0gfObMrVU3U5H
A8drOsnAwahZ1JyP4s YdvAZDyFbxEqY TAdOylsRQ5Q/LBP1okHyBOExuPDFzK8ERU5c9
IK mcoZGYNAY3BtKkHjEszD5A05BTouywImOw57DlFxKSu/ttsm2c zvLHg9PvIhE86DvI
r/fJKbl/EffXwupUbDbiZSfxq7AH/CVsZs8t/N5YqgUKfBxaDzkl64uXO8cDq7hNPIJJj4
/tS456k8bWctMf66zRiMqV3VKDYbUs Oc1LUqAVcs8C6rbinUcQXnEvfjSVMcW29ULScc7
lBt3DYg9hIRf1wnVrIp29 O ltwyJHLJl0TFp6GsWe69XWZiLzG3bPXEMst0cr1SZDFQTF
Ew17IV9fpqIanHZnBE5V6N QPjOlpvlHQGBEX70LQZmT8w zUxRs3D 8qQIDgzxhQllyzO
clYgIrPDM3Wxe HllL NBVpfW3vDKg/1lB8/851EuUleQR47XasOvpwY5Ng/Ha63 xjoz7
2YlvhGJrapwjbKYdyBNwCqKXhgGwp7Ry8F8sby3enhsP3/PFh4iRmr4xk8BFldKwPLmHpx
uTupWc7Pup7fiP0pOAsUW7l5P97WeQnC3Oa1qHQACPYWra5E4MyvviWKdNN6n3x8EFDuGO
J2lt wvyJtHHCIZKmLX9RL/eaR8pdoQP4yyW5GSvkmT5 DsKDVnj5iM/0OTqY umOo2LFR
V98iJna0SMecdZBCRvdAJNm509B5uaVlw2QwkpkTMwG0EQf9j0O5AVZQWBJwGGSsCrjTiN
BqTtYiqk5OxKRfZLzApI9/wW2GPj6TdO1ZCs4SRHM/wfsqJkHMr89Y1FR vR1wgNFnjD6F
XRfeiSIkQGAauxS8NUNrHBtKy1Bi j95j7wvFvY2g8UrHTLE LwxzuvlBh8SEFaP7uCRER
XsXXo0k5uBeTgn44WTWQY0V6L3gEyD27xc9QqeoDGH91tWe71KFdFc82sqEa9T6qR9wCA=
HTTP/1.1 200 OK..Access-Control-Allow-Origin: *..Content-Type: text/pl
ain; charset=utf-8..Date: Wed, 11 Apr 2018 22:55:11 GMT..Content-Lengt
h: 1260..Connection: keep-alive.. zx5VUv3RXE6RSksa3sjzp4hnhpEc2kwWTVXD
hNWwEFWU5cbpOKTcgSFF9e5wyCNeyYu6ouYazFoIikzFCLB/W/8wgdQZnJpBqufUVo
<<< skipped >>>


POST / HTTP/1.1
Accept: */*
Host: rp.bitstowervault.com
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Content-Length: 1440
Cache-Control: no-cache

...3E.Q)_l.y...K..........[...|0L...&.j.LO......H......M7..0.E.....<w...#...>O..o.H.......;.?GG[>.M^...........S.6....,_...6."@.sC...L.Hz-!eZ.~.r..e.....o...:.L2.G.h>R..]B\B....N.......Yz]...#....x.MUz..>e..2...Fe..`...y.....D..IM).F.BzP..!.t*......T....DW...3...9l...NT.~q.....W....0'o).Xh..W.../.(NF......0...u...JJ...U0.$E.....v.G.@3^.o.4o..C....\...i.....k.........Q.M..Q...-<O.>..|E..g.........u?F=..&[<7.*...... ..Vkj...i.....q..jy......B$.. HX...q..{J.....K._`.:s. .Q...Y.....,.g.9..s...y...Y...->x..9Z.....F.........r9.w.....C.!..e[..1c
. ....\.>.0.lO.
...Vz.6.H5.Z%0.R....a-.I&.....q........$...0...,.(.UgN.
G3`...a<l........-...g.....EQ5..U.v4....E#. ..F.R.V....9G.....@R2g6-..kS...s....[...tz.K.y......U.y0..IS'...O.!`vW...o..:.....2P....d.....|...IO.&v...:w.!K5.R..P...Nc.j4.(.-.61=\..| !&[ejQ.Rf/5.N..U.Y...Aj>..!..o.l.~.9q...h6.s.X... CwG.a...L%.8F..<?.i.....Q.....K..p.r..a.:iJF.....D..S......$9......B...d.....H.z..^.&.<.....K...kZ)n.......jZ.m?b...Z:8Q5.....8..a .%..DD...uo.X.....Kk.P.TC3.....b.ATK.D.e...trL.......#\.NUjq0.e.B.../.U...
..M#.6..Q........d.(w.......J..5cp.O...(g.J...`!)f.]..V.L`c..l..pd..N.P...p.w........w.#.H*..l.D:P2e..E......Y........'......V..{.IV~0........,....r..A.....^....{..-..-..,...*|ag......8.y.~.s...#......z...B.Y...k.XL..
...U.O.n@.......kY.......
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Wed, 11 Apr 2018 22:55:06 GMT
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Wed, 11
 Apr 2018 22:55:06 GMT..Content-Length: 0..Connection: keep-alive..ont>....


POST / HTTP/1.1


Accept: */*
Host: rp.bitstowervault.com
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Content-Length: 1744
Cache-Control: no-cache

...4.....>.K..~.Z!.O..ai..nf.....fA|Nh'.;?..d......).f.a
r.........5D.('.....N...b.8..e..7.n._I...fN.P.M..$(....R~..1......;..(`E.\...>..2.
"..........86.h..PF.#.3.h.rF.2..m.).....M....!..n.B.m..D5.......5g
..
..*.. ..kr...../d 9.x......r..Y.r..oE.p.|1.B.EM.\........dE....o...\...;~.q...
....irF-r7..w.5.........'v...5y........w.|."e.r......c.C.SLO.F..j.4..".HeeT..[W.m.O..KGe5....'!......._....
.>=.R...M.5.S.5..H;.$ 
....j=....;......?1GOUt..\$m..*..Z./(...........g..WF....q$.#..4....%..e.X..K|b<..Y....0$!........l;..
..z.sU.8H....I4..M>...MF.............N..b..F.mI.?.`?t.........v.9...5..../.9..N<K.f....aMHz^....H9{.|t'HyT.....k.!..96....XXO{.....n.?;.&..N......b..o{g.........\...Wa..O....R...e.V..2.f..6..& .5..W....xS.e.E?.9.|.>.F.*)J.ET..d...w%..........C..a...k.....W.(.Z.#.L...6..i)@72.z$]Gn..6.....
Ru^....%.>.J"rG.s_.:..'#o...b.%...
.........b|.1N.B.L.}....x.....[h:.(..*...5...S_n..b}P.a2X....t$.k.T...v(..
?..A.mT%4.<....c.....=...n....'..m. _.3.BE?T1xFq.r..|NW..=.].Y;.I..........?Gb...5..*...I.....0.. ..y.-t..]p........d.^..\..N.;.m.J0.]Q4B..l........._P..X....\...)...)......8..G
........%b..W.Q.[...@0R..mH.~....h~.!...
ZX"..*N..$...!^^.C/..O|..s..]....& s$
*>.z9j...S..J..y..O\3d...U4f.h...@...~f`.%.K..U/ .G~...{...x.og=).m.t).bd.8j.}...,.E...*....N.E.Hu..u1...W ]..%..../U..W.=;..;El&
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Wed, 11 Apr 2018 22:55:12 GMT
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Wed, 11
 Apr 2018 22:55:12 GMT..Content-Length: 0..Connection: keep-alive..ont>....

The Installer connects to the servers at the folowing location(s):

%original file name%.exe_2060:

.idata
.rdata
P.reloc
P.rsrc
kernel32.dll
.DEFAULT\Control Panel\International
File I/O error %d
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
LzmaDecode failed (%d)
shell32.dll
/PASSWORD=password
Specifies the password to use.
For more detailed information, please visit hXXp://VVV.jrsoftware.org/ishelp/index.php?topic=setupcmdline
/SL5="$%x,%d,%d,
Inno Setup Setup Data (5.5.0)
Inno Setup Messages (5.5.3)
mu2.iu
user32.dll
oleaut32.dll
advapi32.dll
RegOpenKeyExA
RegCloseKey
GetWindowsDirectoryA
MsgWaitForMultipleObjects
ExitWindowsEx
comctl32.dll
8 (.Bijh@
name="JR.Inno.Setup"
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
External exception %x
3.7.4

%original file name%.exe_2060_rwx_01310000_0010D000:

hMr%X
%X;'=
^/%ftWMikzK
c{U[Sz%c
ZoURL
Kx%dy
d.UWc
CRtE
D:\#  h
.v.Wk
aa .Bg#of
6exE:
m5.ip
.OBy5t
;Hp%d
(.fXT]
.kPI;
:%S!!
 E.UU
!.OC!
.Oen?;
AS%sc
E;.VY
phI%d
aK%X4
24%S7
h.NWB
e.gt/
(.NqG
e.Gmo
{1.xR
*@c<%d
-B.Hnq
^.Irp
.xO=IF
#%S' B
a.jjy
Ubzc'%F
K^%ud
)Z.KY{
]'.pQ
7q9%U*
E.tu&
Z{.yb
.UUK#O
j[.%x
%s79:
7'.nh
,{49%D`L/
.DG:j9
7%f Hi
%xp5o
(eü
Mkl.bP
.kTNK
m#.eO
%UH8kP
.tEb#q
V{.OX
f.rx&Q
.va/P
S%X^[
.af(O
Y.UV&
(.WJ!`
7I.sR
p%UV]
BOa%S
.XF9'
.vl(N6`w
GI%uC
T&d]%D
7c.PAQfN
[kO.Ae
O@}.cF
Tn.cL5
|#i*%X
L[%X0|
%S[/6
.gjw'

%original file name%.exe_2060_rwx_01420000_0010C000:

.knb?
-h0VBP}?
k>.yv
5W%sz
g%D/9q
N.zVW
.cBqF
.Xaxh
pG.Id
dM%SE
nX%uU
`.Yq#
.eg[#
.PIIF
..jpJ
@.Ww!&]
:%X%Q
.Vl?)
aD%%U
AFtP
.Ti<T uh
EN.HYFI
.QBC0#aW
.SrI|,
%u*j8
TatL%.D}
GS.rVg
q.CBEG
890.nr
H.LGu
WAH.Ipx
.XDgN
.CNgV
r}W.Gr
|:\`3.cu~w
;%u%$X'>k.
Gw.gQ
S*
E1S]%S
.CsMo
=6.Lc
%s$:Hq
-t%xg
.oUC5
yrv%f
oJ.HJ:
tC•s
CT.KAm
bX.wr
iZcmD|>
G$.zc
d.mFI
D%Xdj(
X.XD`
g%uc}
EnHÇ
7.Efw
]d.Xz
-e4.oP%
.ci}]z
.Hf,/
%x7(u
F>.Nq
LW!d%f
%X03sh
..bSk6
dJ.gg
H:T.Hx
H.yX[
KcrtB
.JtqC
.CL~=
~.ROf
.bBbmR[
O>.If3~~G
OH.om~p
.sAU)
.oL_A
5.bJWh
%Uopi
.veF{\
.RM*k
4YY.zS-
 -g} 6
.THT.l
4.Is<
z.Qy"U
%d"E)
AT.li3
m.sp8l(
y.PbW
,.lY{)c
%dsZG^l
.MWHtn
.hA)8
7u.ZeF
Ph%c?
%sd~2
'.aUT]}

%original file name%.exe_2060_rwx_01750000_000FF000:




4Y.ACy
D,`s%S
.dtL)O
s~.ze(
s8.Chc
GM.Kp
*e0%CP
/#T%dl(>
9.@c.Jw
.Db.[
mSgwm
.Yusuy
B.rgQ
%X@KxQ
(}C÷
X".UTDY
.AxKRD
9.Lpw
.yRBc\
.sU. 
-O.Xf
r.UZ8?8
.NR8>
R-wL}B
.lo'P
}.Vgr
a'.mS
.Wf[(
#wfd
9;.kt
Vdn.UU7
-wmc}j
<Qs.LGr
J.feo
U<.ifeAJ(z
3.gry.
%.SJa
.gxib
| %X 
Cf.hdkf
=.Rpe0
t1}C%s
.XSq%h
?;.Of.o
{!.tz
q.DwM
=.lM\
.NYGb
{,.zv
Lx
%xCSi
.Cwm80
.fcx#
(H.bn
}k.fJ
,%dGD
%x5.d
%shkz
N4%Fk
o.VFh
_.Wb4
c.Kk0
7'.vd\
%1udzo
$h%SW
.KV6n
.dFv[
XW%cts
qk%cR
%szh#
I=f%x
9-2H}
$.kP0
].CL5 U
.bQ4V
-D}BJo
2.VV{
-.HY^
7k.HSB
.sLUT
w.sm1
3.Bv_
TCPa
.nN}r5
.GOvh/
-2}M#X
.DV~=
I:%sQvw
-T}W}KT
d.fzB
&u.tI.{
3.vo~
t'%X<
.XMV):
%u~<Q0[
Za.Iu
gF%X4
qxV6.Zm`
W-3}q.
yp{%x4x
t'%fu
Eu.GF

%original file name%.exe_2060_rwx_01961000_001D6000:




kernel32.dll
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
.Owner
EInvalidGraphicOperation
USER32.DLL
comctl32.dll
UrlMon
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
TKeyEvent
TKeyPressEvent
HelpKeyword
crSQLWait
%s (%s)
IMM32.DLL
AutoHotkeys
AutoHotkeys@
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState$
OnKeyDown
OnKeyPress
OnKeyUp
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
te D'ivoire|CI=Cote D'ivoire (Ivory Coast)|CK=Cook Islands|CL=Chile|CM=Cameroon|CN=China|CO=Colombia|CR=Costa Rica|CS=Czechoslovakia (no longer exists)|CU=Cuba|CV=Cape Verde|CX=Christmas Island|CY=Cyprus|CZ=Czech Republic|DD=German Democratic Republic (no longer exists)|DE=Germany|DJ=Djibouti|DK=Denmark|DM=Dominica|DO=Dominican Republic|DZ=Algeria|EC=Ecuador|EE=Estonia|EG=Egypt|EH=Western Sahara|ER=Eritrea|ES=Spain|ET=Ethiopia|FI=Finland|FJ=Fiji|FK=Falkland Islands (Malvinas)|FM=Micronesia|FM=Micronesia, Federated States of|FO=Faroe Islands|FR=France|FX=France, Metropolitan|GA=Gabon|GB=United Kingdom|GB=United Kingdom (Great Britain)|GD=Grenada|GE=Georgia|GF=French Guiana|GH=Ghana|GI=Gibraltar|GL=Greenland|GM=Gambia|GN=Guinea|GP=Guadeloupe|GQ=Equatorial Guinea|GR=Greece|GS=South Georgia and the South Sandwich Islands|GT=Guatemala|GU=Guam|GW=Guinea-Bissau|GY=Guyana|HK=Hong Kong|HM=Heard & McDonald Islands|HN=Honduras|HR=Croatia|HT=Haiti|HU=Hungary|ID=Indonesia|IE=Ireland|IM=Isle of Man|IL=Israel|IN=India|IO=British Indian Ocean Territory|IQ=Iraq|IR=Iran, Islamic Republic of|IR=Iran|IR=Islamic Republic of Iran|IS=Iceland|IT=Italy|JM=Jamaica|JO=Jordan|JP=Japan|KE=Kenya|KG=Kyrgyzstan|KH=Cambodia|KI=Kiribati|KM=Comoros|KN=Saint Kitts and Nevis|KN=St. Kitts and Nevis|KP=South Korea|KP=Korea, Democratic People's Republic of|KR=Korea, Republic of|KW=Kuwait|KY=Cayman Islands|KZ=Kazakhstan|LA=Lao People's Democratic Republic|LB=Lebanon|LC=Saint Lucia|LI=Liechtenstein|LK=Sri Lanka|LR=Liberia|LS=Lesotho|LT=Lithuania|LU=Luxembourg|LV=Latvia|LY=Libyan Arab Jamahiriya|MA=Morocco|ME=Montenegro|MC=Monaco|MD=Moldova, Republic of|MG=Madagascar|MH=Marshall Islands|MK=Macedonia|ML=Mali|MM=Myanmar|MN=Mongolia|MO=Macau|MO=Macao|MP=Northern Mariana Islands|MQ=Martinique|MR=Mauritania|MS=Monserrat|MS=Montserrat|MT=Malta|MU=Mauritius|MV=Maldives|MW=Malawi|MX=Mexico|MY=Malaysia|MZ=Mozambique|NA=Nambia|NA=Namibia|NC=New Caledonia|NE=Niger|NF=Norfolk Island|NG=Nigeria|NI=Nicaragua|NL=Netherlands|NO=Norway|NP=Nepal|NR=Nauru|NT=Neutral Zone (no longer exists)|NU=Niue|NZ=New Zealand|OM=Oman|PA=Panama|PE=Peru|PF=French Polynesia|PG=Papua New Guinea|PH=Philippines|PK=Pakistan|PL=Poland|PM=St. Pierre & Miquelon|PM=Saint Pierre and Miquelon|PN=Pitcairn|PR=Puerto Rico|PS=Palestinian Territory|PT=Portugal|PW=Palau|PY=Paraguay|QA=Qatar|RE=Reunion|RO=Romania|RS=Serbia|RU=Russia|RU=Russian Federation|RW=Rwanda|SA=Saudi Arabia|SB=Solomon Islands|SC=Seychelles|SD=Sudan|SE=Sweden|SG=Singapore|SH=St. Helena|SI=Slovenia|SJ=Svalbard & Jan Mayen Islands|SK=Slovakia|SL=Sierra Leone|SM=San Marino|SN=Senegal|SO=Somalia|SR=Suriname|ST=Sao Tome & Principe|ST=Sao Tome and Principe|SU=Union of Soviet Socialist Republics (no longer exi|SV=El Salvador|SY=Syrian Arab Republic|SZ=Swaziland|TC=Turks & Caicos Islands|TC=Turks and Caicos Islands|TD=Chad|TF=French Southern Territories|TG=Togo|TH=Thailand|TJ=Tajikistan|TK=Tokelau|TM=Turkmenistan|TN=Tunisia|TO=Tonga|TP=East Timor|TR=Turkey|TT=Trinidad & Tobago|TT=Trinidad and Tobago|TV=Tuvalu|TW=Taiwan, Republic of China|TW=Taiwan, Province of China|TZ=Tanzania, United Republic of|UA=Ukraine|UG=Uganda|UM=United States Minor Outlying Islands|US=United States|US=United States of America|UY=Uruguay|UZ=Uzbekistan|VA=Vatican City State (Holy See)|VA=Holy See (Vatican City State)|VC=Saint Vincent and The Grenadines|VC=St. Vincent & the Grenadines|VE=Venezuela|VG=Virgin Islands, British|VG=British Virgin Islands|VI=Virgin Islands, U.S.|VI=United States Virgin Islands|VN=VietNam|VN=Viet Nam|VU=Vanuatu|WF=Wallis and Futuna|WF=Wallis & Futuna Islands|WS=Samoa|YD=Democratic Yemen (no longer exists)|YE=Yemen|YT=Mayotte|YU=Yugoslavia|ZA=South Africa|ZM=Zambia|ZR=Zaire|ZW=Zimbabwe|
Yy-4,dd-4,e.xH
C-2,wbhgbc.Na
Ljhc.EP
Kmvybyhksb.AA
Adotk-4,vldi`.LU
ZkkdDocjn^g-4,o.ye
^ioM-3,iiziGmwItI.cG
\h-2,Jfal\`dgxj-4.DZ
,-\ T,/.Om
hcl.sf
webqskv`T-Y
oj-2,`ac<<*kcb.jo
3333333
ak-2,`ob<< T,jcb.je
7Teah P,Ckh`-3,fkgo-2,7*NNYO.uh
A`bng`@ikc-4,uUxlxs-4,Ht.HA
Vh-0,Cd`jiVhlxwd-0,tLcibD.ZP
_RCEWVMQF]Aj`scplgx_Thbglv-4,_@t-3,qfoxUfs-4,jloPBsq,,Sbudp_hi-0,smcqf/i-0,f]< C
Khdj.nI
1.2.3
 P,=3/.sY
Gx-21,\igh]ixyj-42,M.DJ
A`qjz``-0,ZkdkNgij.pc
Kcqjpc`-0,Aaj-1,gEdafa`.pM
Z`igck(q`,.-0,`-0-.1,mj,.AK[KZKJZWJ_ZAJAQEDWQKJA@[Z_KZZ_\G]V,.-3,dc-0,m U-0,a(X.j
),.cwfkv-0,lah/foshmz V,xlzn/hku-1,dic5 U.q`
o-4,xFUCD.EA
Kf`, -1 W,hefc,.cxb`,,juoocbz,,.I,x
Am` Q,v,,-2,cv,,`ifi,.pc`-0,c RQ .,Tgokotij V,jm`bni,.oq,,`iv,,jcde`cfn.=
Gy-4,ap, -4,okxhj R,jy,.Qny@mohXcgxk* R -,yk-4,e,.on-32,clh4 R.h-g
Ecezcb-4 S,Tmeic6.fA
Bc/K-33,`-1.jG
Jbhblnrefc V,H-0,bv-1,li.AT
Uju-0,c-2 W,Ht-2,h-4.Rq
Ijv-1,h-0,jm Q,Jq-1,n-2,/,.u`l,.lnmw Q,ll`oj`zh`m-2 Q,xjzi`vz Q,kbz`.^l
Q-0,iznjib Q,`u,.tgu-0,qyi-1,ulb.a-F
Ob-4,/dcdzfe, kh-3,`/r-2,jld.vL
V-1,ns-4-.,hx V,lmdeehea,.mdhi Q,hi`onezhdh-2f.a
ebP-3,dLfnda`-4,`yj-4.PL
Rfh-3,c,.d-4 V,`b,,uax-3,ek,--0,oze,,tockc,.-3,yv-3,b-3,r,.kct,.nch`horgbb*,.-2,eeedba,.bbc,.zerfbyr P.Ha
Ocnz-2,smai W,Inv W,g``ialznka,.Ueaib T-4,oueb P,)*.o-3
B`oadlufna Q-2,dnbgdk Q,no/`csj`kx/e`vam``kdk Q,lizod,-/bnoldcmfoh QW.ll
Eb`i, bh,,dx-1-,,yh-4,yn-3,z-4- ,l-1,i, -2,o-4,xd`k, d`,,[-4,atr,-Ccoh,. Q  -3040,hmxbci,,bconbagxr,-zc, ia-0,eaamo,-h-3,d`,.o-341,iey,.-4,n-4,xiy Q .,xytgbl,-obdyfiy,-FIJI,.-3,n-10,ixy,.xd,-cm`h,.-434,k R.IV
Wlzpllxga)Hkil`chl,.dwfc R,P-0,b8 U .-J
Adbc W-3,g-1,b,--2,cb`-2 V,sb,.db,-mnfcicc,-hth`,.roh,.uf`k V,tb-0,tdh,.gaykt W,EKGC,--1,cvxkus Q .,ur-33,cdygh`,--1,guh,.ef-3,k V,hk,.jfne V,hk,.NBLJ V,tx-3,vh-4,z V,*,-jotlljnci V,ny P,n.R
Ta-3,zgvyghc,-zna,-khpd-1,c T,iaqjaag`,- V,ta-3,zgvy,.hk7,..h,F
, o-3 WWR,na-3,lyjduc,.hccmnnako,,.h. 
Jipkbifa,.nfv,.`flbcc),.kfl` V,cjyhkjob W,qftbdj V,nv,.uspmm)Wn
Jgdw U,AMOA)zkt-1,m-2,qz(owl(-3,dz-0,gkn(gk)X-1,jqq,.Hflk UT,(-0,khjb`)-1,a U-3,g-1,n)-4,gqa(zm`-0-.,vlzx`-0,( V,u-0,gldkdw U,gg,.Whfi`)-00,uyg-1,q P.c-J
Cnl`,.Cja-3,/akokiamd U,yo-1 U-20,kak`c-1-.1,jvaby`j R,/qaa/iozj U,zf`pif Q.`y
Hasa`aek,,ye-1-,,Meaokhcij*.og
Hdca,.lzpa P,lho-31,mhdj`,.l-1,>,.O.Y
* W.pu
 PRU,p-0,wljn,.dchgk T,hhqa-0-.,vhlku*E.d
, zi,,.Af
Lokooj R,txgvf*zm S,k,.djfk,. S-21,kw-3,kl9*2.e
Kg-1,cc(z,--0,fsh(fz,-fjnl-1,f-4,h T,/-0,h-0,j-2,dfh)yg/shz`) P,(-0,ad-0,/jlf/ehik)cgx)yg/kll/-2,eaan-3 V.Ts
\g-04,i V-1,i-2,sk-4,x V,gkbi-1,ih*,.ayuz,,nc,.eb V,Jc-0,hbcmb,.acbk R.I,l
Qkr-4,l-1,hed,.ucf,.edt`mdbjdy S,hsdn,.Qjv-2,d, naen,--f.^
,-,.oq T,jodbktgjz V,vloh R,w-0,vrk-1,rg`,.,. V._
Hdxb`-4--,Aj-1--,odbymbb-3-,,^^A-4 W ,,oy-4-,,ydn,,-3,eqi,-ex,,d`gijmg6,-.HF
Ok-0,dgp,.Gms,.ymukn,,, -c,<
Zcx-4,ji,-i`-41,xh`dk`ii7).XD
, httpCode:
\cd,.-0,dt-1,kn Q,jgnr,.fdu,.`jwk(y``on Q-220,qaz-4 QS,(bf`gydj(y``on Q-1,mztk-04,/.\3
L_LCUNTF, KHC.op
0.0.0.0
3?:96=>?59:;.ZQ
6?0N2=.Lq
;768>1-80
\fgejnhg,.Dhr,.f-3- ,z`b, -2,gbyz,..8y
Otwscb` V,Zbiv,.akjjbv V,gt T,o` W,quk W,f-4-.,fjizoat,.wvimbwu RW,ptwnja,.fjizoat,.hjc,./erzbivz= T,d-3
@ar-0,hcm.lt
-3,9POddib-1.GS
y< Q,? Q,9<<=.jZ
000000000000
n-3,Kkexhibi.jR
 ;7.Q,>N-Y,[ T,Tc.Uv
 P,/T-2,`5 Q.lw
, ,.Dss-3,Ohck6 W-1.b
Glsl9,-.RN
Wgn,.qj-0,aq-0- ,hbfgkg,., Fw-00,\f-1,1,..fn
MOU)hojl,.qoeb V,dl,.c-321,ge-2,kb V,@`Kcdat-4,) V,:59CD/ W-K,n
`m-3-,,kp-23,ok-2,c-1,(fndmjx,.imhkl3,,.D-C
dg-0.Zc
WFGSSHSBXDhdvfrhb-2,]Pmgehsz Q,IPUBrv-0,dip_duw`niq-I
Y]H.if
)hix.CB
Y^`acxziagKphh-01,hy,.kle,.jh, mzhjzmi, afar,.gchk V-C.8
,.uk`-0,f7.E,>
 W,Kves,.Xmk-0,k6 W.Ib
ch_strtup_urls
\dn,-dcl,-a-4- ,ygc, oak,  U,6>;f(`bcm-4 RQ,(bnz(ieyzen-3,(myh(bdy(mgag-0,ni V ,,Rb-2-,,flq,,heiblh(xch(`djoeej(c-3,yxy-4--,ei-4,egh, yg,,mddi, df,,d-4,liy,--1,c, ngb-4,dfyn S.VC
Phemjh`,.aee-1,cnpkp,-hgodp,.mk T._M
]DKizHi-4,exc-1,Hc`hk-3.GI
ole32.dll
olepro32.dll
IWebBrowser
IWebBrowserApp
IWebBrowser2
TEWBWindowSetResizable
TEWBWindowSetLeft
TEWBWindowSetTop
TEWBWindowSetWidth
TEWBWindowSetHeight
bstrUrlContext
bstrUrl
OnWindowSetResizable` 
OnWindowSetLeft
OnWindowSetTop
OnWindowSetWidth
OnWindowSetHeightH,
grfKeyState
TComTargetExecEvent
CmdGroup
nCmdID
nCmdexecopt
hhctrl.ocx
URLMON.DLL
SHDOCLC.DLL
rcmDefault
rcmDebug
DontExecuteScripts
DontExecuteJava
DontExecuteActiveX
DisableUrlIfEncodingUTF8
EnableUrlIfEncodingUTF8
CheckFontSupportsCodePage
DisableSubmitUrlInUTF8
EnableSubmitUrlInUTF8
lpMsg
PMsg
pguidCmdGroup
TTranslateUrlEvent
pchURLIn
ppchURLOut
CmdID
pszUrl
pszUrlContext
szPassWord
ErrorUrl
OptionKeyPath
OverrideOptionKeyPath@R
OnTranslateUrlhY
OnCommandExec
'%s' is not supported.
TMsgEvent
TKeyEventEx
Port
Password
poPortrait
OnKeyDown|
0.750000
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(
This object does not support this method (
Unsupported type for Parameter with Index %d
Method call unsuccessful. Object: %s, Method: %s, Exception: %s , Source: %s.
_E]kyf-31,Dmdmh-0-.,kjcbmo/ya-4,g,.aeyodbk,.xj-2,oen-0,kzx Q-C.v
hXXp://
hXXps://
@_ Q,J-1,io-0,0,,.lE
Lmdn`-0-.4,z-4,k, baj, Fykew/`jnj,.hba`dw/ln S,jc-0,wv,.xw-2,ged-1,4, .9n
Mky)I],.Luk`-2 S,Bgzwk`lq4,.-S.^
CJ[hx.Xu
Cdcg,.Ldzzdfekw*]fwohj U,xlofblj U,ghv U,d-1,cgo-0-.,jl)hdce-0,woz,.,--O,^
Ey`oki,.Yb-43,di-4,k, tim-4,nc`, nk`duij, /.9B
Ob-3,bgbhhbcn,,Ixghghz,,ol-2,m, k-0,cf,-hhXh-0,zn-4,)ce,--13,g7).DV
NAER_[URNDT].Lw
 U,lo-3 U,wojpd,.ov;,.n E
On`dx-4 S-2,h-4,l-2,y/V]A5 S.nx
Ck-20,kibjx U,Olij-0,a-3 U,@ng`,.nfqk-2,oa,.nlqk-2,*dz/f`o-13 U,aao U-1,jzj-10,*db-2,odjv*vka-3- .y,Z
Jvbez-2,h-4,j,.Dqjmt-2,fao)bael/gr)-1,yh-2,lfdm/zn3/-F.j
\g-3,n-1,v,.qopol,. N .
B_K,.-4,maenkg,.kivklxgj/-0,jgci R,oacvfj-3 R,C\E R-32,cak-14 R,g-1-,,k`/el-20,mnbfbe,.-4,dc-2,j RR,Ynevgak R,h`-3 R,g-0-,,va/ilj QR ,.]J
LJ_.ge
,,jkh-4,` S,y,,k-1,d-4,zw.Og
fxk S,Cym^rk.Um
Iugo-3,bk`m W,w`ciqzkkn,.ciqzxrazchl-2,*akbo.],z
eiOnKeyDown
eiOnKeyPress
eiOnKeyUp
Handler with EventID = %s already exists.
Error on IConnectionPoint.Advise
Source don't have connection point for [%s]
THtmlUiCertificate
eu-3,q7,. U,ecmn/doyulmfbbso/nng,.lqzlljos JM
-4,isyi-3.lG
,.mm-32 W-1S
RZ-3,i-1,/ImznQ.Hy
MAPI32.DLL
LeftPopup
ac,-djah.XY
oi`pjjw T,fgw T,m`,.sgceNb
is not supported
B-4,aluh T,ysdcjd-4 T,k`dhi/,-A-4,sbv,-HI.OL
not supported
Mnlea-0 R,h-1,jc-4,k/qhfjf-3,bjf, znq`,.fl, V_ R,D]/ubzg R-41,felk-2 R-4,w-4,g, -g.y
,-h-42,b-4--2,ld-3,ji Q -,xdye/`h-31,ljh/7,-.xX
 T .,pvc,.lkuz`db4 UW,U.a
, ,.-3,rl,.bozzn`m4,  SK.d
W]F7 R.Um
Cmty/Oolakbi/Mrygcu7/.RJ
YR-0,xh]izn.cQ
Fyn-0,b-1,nj, ellgyfj, xm/Cxoc^EC-40 PR,fe-4,vneog/j`pjjh-0,/ntk-144-,.mF
Wkmbd-2,hib,.GOqcmRlHnuh-2 Q,kl-2,u),  P,q.`
2.1.0.0
[_FMTZG].mF
WDM.DM
uaixcbzaShz.CP
z-1,o-2,Nl-3,f`a.uz
C-0,c`^F,.-33,a`eeh,.ee/^^BYG@NHKSF@JI U.Iv
Iojmjj S,u`,.u`cgg`-0,k S,Q]GUHCKDDPCLEJ RS,`zzkdazjbnzjna,.nh-1,cbulf,- C.j
ahm-2,i`n Q,lag.vS
-0,cnyzgcEi.Tc
MAMJG[XKE[F.ro
https
Sf[.t,T*.lJ,e
_nkjeeb,.@db,.xd U,zdn U,hcgia-0,bki,,^wb6, .`7
Blh,,obr,,rei-0 Q,yni Q,]tcf-4,c-4,r,-`cs` V-4,hcei Q,dr, r,-g`shghx,-tyocobf.AL
Ilnai S,s`,.po`y S,sgk S,W-2,aduj-2,p W,iaqj.r,>
_pii-2,gu-2,/di-1,b R,qo-0,ank-2 R,r-1,feak-2,gb,.ndrk-2 R.a,/
Kekjndm,.Aexc W-2,k-2 W,y-3,awzzkc*khsox,..e-\
Hgqd,.kqlo-1,fm4-HC
MSGALL
LFJHYPB_KH.Qu
irsoMsgDialog
irsoJoinPath
irsoGetCmdLineParam
irsoGetCmdLineCount
irsoGetCmdLineIndexOf
irsoGetCmdLineParamValue
irsoGetCmdLineAll
irsoRegCreateKey
irsoRegCreateKeyTree
irsoRegDeleteKey
irsoIsRegKeyExists
irsoRegListKeyValues
irsoRegListKeyKeys
irsoRegSearchKeyKeys
irsoRegCopyKey
irsoGetRegKeyInfo
irsoHttpGetData
irsoHttpGetDataInThread
irsoLibraryExecuteProc
irsoLibraryExecuteProcW
irsoLibraryExecuteProcWithResult
!irsoLibraryExecuteProcWithResultW
irsoExecute
irsoExecuteDllInProcess
irsoSaveExecuteUsingCMD
irsoIsMutexExists
irsoCreatePipeServer
irsoStopPipeServer
irsoSendDataToPipeServer
irsoSetDebugLogUrl
irsoGetDebugLogUrl
irsoGetWebBrowserHandle
irsoGetCurExeCheckSum
irsoCalcCurExeCheckSum
irsoGetExeInjection
irsoParseExeInjection
Om-2,enM-31,Htzi-4,bo`.IH
iubnyybRolkanldf.RW
.html
H-4,njBdi-2,o-4,r.vY
Yucek V,nn-1,tchmroo,,ko-4,din, ,.oxxcTolEuK-01,Odxxgfgib(.5,l
-4,fhxXahcxgw.rg
gghYcjrf.ae
jehGbeags.qB
LNYCD_^.eP
HMVH9>.PE
J-0,aa R,ieag/bbv/jbwah7 R.Wm
Mokanj R,yd,.fdxo`an,.ven,.JyfbWD, Lpb-12,g-4- ,a`gnmv*x,.KH<,.dlgb`lhe RP  ,\gjb-2,v-4,r,.u-4,bzg,-mokanj,,.Mf
[mnhbf/-3,a S,kc-2,bmfk S-0,bk S,G-3,coZC,.A-2,eypjx,.lm`k`-0--2 S,FO9 S,ikbomkmh/ W .,ff-3,ff-2,*GF/-1,kpfe` S,fy,.w`e,.o`-2-.,l-2,*`l-0,*ouncbbmfk,--d,>
-3,1 T-1,`-4,b-4,w37 P,abov=.vN
Dlfcgi/-0,m,--1,nth/-0,jh/mmb-01,v-4,n-4 R,kfcg7/.zM
Gjojbki,.mwac, vz-1,bki P.i,[
@L(ZlkJ-4,f-30,h-0,)lbj[mcmDgil)a-3,)ggy)>( U.S-N
Ayfo-1--,gd-2,yodmh,.e-3,h`oj Q .,yfbyc`j,.gw,-ckgc,.la-4,c-c.Y
Tacjnjj,.ja-32,fch,.sk,-aslh-1 W,mc-2,secmb>,-.h,G
U`k-1,d/-2-.,`fazim-1-.,hf-2,z`fmk Q,z-0,`oa`i,-(zfh-0-.3,sgmkr-0-.,yhdb,.bda-2,d.i-6
Olmqfgp U,glqqola`,.kl U,ZGPHGLCQK R,qqoeg U,gq R,f-0,pp``vn-1-.,pwk`klb RR,aj`vkk-0,klb P ,,R,.
We-1,j W-4,i-2,qi-3,/SEAJC,,CZS,, P,/dmb(s,,hjsi-3,bnbi/nj,,-0,oi-3,j P-4-,,nicxgb-3-,,fi-4,xnioi/uybanbk QW,ocasebznbk Q,).wB
Zcb-1,k,,t,.oehzfnu,.getzoedk,.yr``bii R  ,sfgx W-31,ddk-2,x W,yggk,.mgh-2,k.b9
ung`.Nr
gbo`dhfm.cV
Qkpsb-1,wFpOgjj`9 W,VO@ W,j-2 S,cj-2,beokg,  S-1,ftwoqs S,op W,bjnnm,.tnwflrw,.vtf-1 S,dl`pbmzs.^
hc/zd-30,4 Q.jL
irsoExecutePackage
irsoReportPackageError
irsoReportPackageSkip
irsoReportPackageQuit
irsoReportPackageSuccess
irsoReportPackageInfo
irsoSetPackageShouldReport
irsoSetPackageAutoReport
irsoGetPackageFilenameFromHttp
irsoGetPackageExecExitCode
irsoGetPackageExecPid
irsoGetPackageExecResult
irsoGetPackageDwnldUrls
irsoSetPackageRelProgressShare
irsoGetFireFoxEXE
irsoGetIEEXE
irsoGetChromeEXE
irsoGetOperaEXE
irsoGetFireFoxVer
irsoGetChromeVer
irsoGetOperaVer
irsoUninstallAddExeCmd
irsoUninstallAddOpenBrowserCmd
irsoUninstallAddRegistryKey
irsoUninstallExecute
irsoReportStart
irsoReportInfo
irsoSetExclusiveExec
isroSetReportUrl
isroSetReportUrlBkup
-11,jycmjaOaahDgvyc-11.Pg
zfc.bz
]no^dun.Vx
@kehjc, auay-1,j`n,.seyonw, hlqej S ,-2.f,C
\fuj-1,w U,P\O U,qah`k,.nlvcbqff,-U>
Aomev-3-.1,f-3,a-1,w,.[\O,.zahk`,.ng-2,cbzmf,-.i^
\GCAPMA][.oj
TcUlue.PL
@Z]ER@L.ml
W`mmqzeon,.wvamaff P,4.]
z`o1caig2,.hf5b Q,0cfh)914`,,34`6;ia2f=ae-3,L1
JmeiCmzi=,,.IB
e-1,f.Cw
Bjg`ao,.xk, Eehg,.xln,.[e-4,mday,.-1,vdmiwx P.I-i
Jnfgzbde,.-4,bg,.\kvmcop,.icloys,, PU,*.9
-0,ilCcbd.LG
)h-4,k.bR
Zcpkegv(kcmdhf T-1,b R,w-1,lpp T -,rezlow(lpa(`kw-0,dlc V-9--
Knbchk, -0,b/nwhl-30,h/j/Zn-4,lejy/-22,dlh-1,x Q.vx
Ukszv.ra
[eckbn R-2,a, kgg-4,khbbxl,.blzzjneky R,N[B,,-G.9
FbghLbtaYhe.AU
1.2.1
deflate 1.2.1 Copyright 1995-2003 Jean-loup Gailly
inflate 1.2.1 Copyright 1995-2003 Mark Adler
?456789:;<=
!"#$%&'()* ,-./0123
1iu2.iu
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
$\9%F
480<*'@%
.mV-D"
G%s/o@
.oDysb
jt.Cw
ZM%3x
y66AG.ku
S-.GW
U%Cp&
Y.KQ?
|.af>!
W!.QF
~]%D=
.jZ=$l
T.AbMs
mV%3uG
(f.vX
U%FHH
".tv ~
V.mQe
%clNK
i1;%C
Cl.Lm
.Ya<l
.nR [
cj(]O7jnkey
.mk]V
%c=*F
.EtbC
'>.AzgP
YMi%cT1
Z%f[XL
w.wr*
a.NmX@XQ'9
fRP.NY
fxQ
GetProcessHeap
GetCPInfo
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
SetViewportOrgEx
keybd_event
UnhookWindowsHookEx
SetWindowsHookExA
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetAsyncKeyState
EnumWindows
EnumThreadWindows
EnumChildWindows
ActivateKeyboardLayout
GetKeyboardType
"$ %),'8
38000=344
4? 3!0 3!6
(O(J%C
1 0 .'7(2':
- /*-( ,'.-!$$$&'('/*) ,*/.)*72-7)
&)"%&$&'&",,/- '
844(@32%2u8
.PMDF<7I
>.MBG %
,:@0::::
2222444424
.idata
.edata
P.reloc
P.rsrc
R%UAE
*!.YN
3H..QH
p-s.VvDH
Key#m
.tEes
_32W-A;%X
$.XTTI8
e4i{l.EB
*/.)*72-7)
#-**(-#,
5=f%2u|
>.MBG 
?P.re
Attempt to access registry key: "
supported by OS for "HKEY_CURRENT_USER\Software\"; access directly under "HKEY_CURRENT_USER\Software\Wow6432Node".
Exception caught while executing:
Execution AdminMode ADM_DEGRADE is not supported; using ADM_AS_DESKTOP instead. File:
errorUrl
7.43.3.7045
Please login as administrator and try again.
OLE error %.8x%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
Alt  Clipboard does not support Icons/Menu '%s' is already being used by another form
No help found for %s#No context-sensitive help installed$No topic-based help system installed
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Invalid pixel format!Cannot change the size of an icon Invalid operation on TOleGraphic
Unsupported clipboard format
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file %s
Cannot open file %s
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid GUID value
I/O error %d
Integer overflow Invalid floating point operation


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:2580

  2. Delete the original Installer file.
  3. Delete or disinfect the following files created/modified by the Installer:

    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Close.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Quick_Specs.png (221 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\004D62C9.log (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\JA.locale (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\004D61B0.log (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Color_Button_Hover.png (798 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\EN.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Close_Hover.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\main.css (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\browse.css (337 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\CS.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Grey_Button.png (776 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\csshover3.htc (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\checkbox.css (190 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\bootstrap_41693.html (156 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\PT.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\sponsored.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\ProgressBar.png (812 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Icon_Generic.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\FR.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\PL.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Resume_Button.png (718 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\ie6_main.css (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\TR.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\RU.locale (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\button.css (417 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Progress.png (104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\BG.jpg (39 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\vlc_101_w7_2[1].jpg (23026 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\form.bmp.Mask (244 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\FI.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\images\button-bg.png (131 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\progress-bar.css (506 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\ES.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\IT.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Pause_Button.png (577 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\NL.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\locale\DE.locale (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Loader.gif (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Grey_Button_Hover.png (756 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\images\Color_Button.png (810 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\images\progress-bg.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\inH507128044156\css\sdk-ui\images\progress-bg2.png (978 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2024 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now