Installer.Win32.InnoSetup.2_bac147d120

by malwarelabrobot on August 27th, 2014 in Malware Descriptions.

Installer.Win32.InnoSetup.2.FD, Trojan.Win32.Sasfis.FD, WebToolbar.Win32.InstallCore.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan, Installer, WebToolbar


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: bac147d1203520d8ecbe6e961acc9f68
SHA1: 615411c73c0599e0988bf9607de4fb107246d2cd
SHA256: 366a824ac24bde5044e270c0caf2371113c44345e07e626077f88bef1116a756
SSDeep: 12288:s2Fa cEuwxPaKGTYj4Wh47yBCxzBdwv8XnEWzw8BHc8tTQqKrOe407pp19njNsIV:s2F3HxPaKhV4e6VNnET8pPtTQZrOENpf
Size: 700472 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company:
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXP SP3 32-bit


Summary:

Installer. An installation package.

Payload

No specific payload has been found.

Process activity

The Installer creates the following process(es):

mscorsvw.exe:172
bac147d1203520d8ecbe6e961acc9f68.tmp:2000
bac147d1203520d8ecbe6e961acc9f68.tmp:680
%original file name%.exe:452
%original file name%.exe:948

The Installer injects its code into the following process(es):

%original file name%.exe:1156

Mutexes

The following mutexes were created/opened:

__DDrawExclMode__
__DDrawCheckExclMode__
DDrawDriverObjectListMutex
{1B655094-FE2A-433c-A877-FF9793445069}
CTF.TMD.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Layouts.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Asm.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Compart.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.LBES.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
RasPbFile
DDrawWindowListMutex
WininetProxyRegistryMutex
WininetConnectionMutex
WininetStartupMutex
c:!documents and settings!adm!local settings!history!history.ie5!
c:!documents and settings!adm!cookies!
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
_!MSFTHISTORY!_
ShimCacheMutex
ZonesLockedCacheCounterMutex
ZonesCacheCounterMutex
ZonesCounterMutex

File activity

The process %original file name%.exe:452 makes changes in the file system.
The Installer creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-HJ8KA.tmp\bac147d1203520d8ecbe6e961acc9f68.tmp (62 bytes)

The process %original file name%.exe:1156 makes changes in the file system.
The Installer creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\BG.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\browse.css (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Close_Hover.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Grey_Button_Hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K92LKRMF\IE_logo[1].png (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\Ropopi_Title[1].png (845 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\play_over.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00151883.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\Memiticeper_BG[1].png (9345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K92LKRMF\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\locale\FR.locale (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\03D4C062_stp.EXE (407689 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\07953D56_stp.CIS (980 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014CCE3.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014C978.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Minus.png (932 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00151391.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\Nobaxotat_logo[1].png (5116 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\ProgressBar.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K92LKRMF\bg2[1].png (56695 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\images\progress-bg2.png (978 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\blackarrow.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\FF_logo[1].png (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Orange_Button.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\arrow.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\IE_logo[1].png (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\ie6_main.css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\textbox.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K92LKRMF\bg1[1].png (52794 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\form.bmp.Mask (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Loader.gif (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\csshover3.htc (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\07953D56_stp\RAM.dll (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\CH_logo[1].png (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\LOGO[1].png (836 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\3FCB9863_stp\icc.dll (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1363396.flat (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Minus_Hover.png (932 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00150393.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001513A1.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00151353.log (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\images\progress-bg.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\main.css (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\Memiticeper_BG_BR[1].png (4608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4VBQPB43\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\play.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Progress.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\3FCB9863_stp\sqlite3.dll (3716 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Grey_Button.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\button.css (417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\Ropopi_Title[2].png (845 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00151C6B.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\Sesakesaye_bisli[1].png (1840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\3FCB9863_stp.CIS (8900 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\3FCB9863_stp.CIS.part (636 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\bg2[1].jpg (7004 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4VBQPB43\FF_logo[1].png (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\bg1[1].jpg (26708 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\pause_over.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\checkbox.css (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\pause.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Close.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1363494.flat (3921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Orange_Button_Hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\images\button-bg.png (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K92LKRMF\CH_logo[1].png (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\03D4C062_stp.EXE.part (5700 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\07953D56_stp.CIS.part (579 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4VBQPB43\Sesakesaye_bisli[1].png (1840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\progress-bar.css (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\bootstrap_60556.html (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Icon_Generic.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4VBQPB43\CAT44NLP.swf (758 bytes)

The Installer deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\Ropopi_Title[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\FF_logo[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00151C6B.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\IE_logo[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00151883.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1363494.flat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\bootstrap_60556.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014CCE3.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\CH_logo[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0014C978.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1363396.flat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00151391.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00150393.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\Sesakesaye_bisli[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00151353.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001513A1.log (0 bytes)

The process %original file name%.exe:948 makes changes in the file system.
The Installer creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-5V1QM.tmp\bac147d1203520d8ecbe6e961acc9f68.tmp (62 bytes)

Registry activity

The process mscorsvw.exe:172 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "1260000"

The process bac147d1203520d8ecbe6e961acc9f68.tmp:2000 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BC 16 51 8F 29 E8 18 89 D1 9C 92 A8 20 41 3C DC"

The process bac147d1203520d8ecbe6e961acc9f68.tmp:680 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 C9 67 96 07 30 AF 51 7A A5 19 7A 61 D7 0D 73"

The process %original file name%.exe:452 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BD 76 16 2D B5 95 47 FD 10 51 89 30 40 37 89 B6"

The process %original file name%.exe:1156 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 13 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "708992537"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 B4 7D 87 B4 91 B2 0A 93 89 8D 79 06 5A 39 B0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Installer modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Installer modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Installer modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Installer deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Macromedia\FlashPlayer]
"FlashPlayerVersion"

The process %original file name%.exe:948 makes changes in the system registry.
The Installer creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 08 DB 6A 6B 41 55 C7 8F DC B1 CA 3C AC 96 9C"

Dropped PE files

MD5 File path
6b4042c0fdde4ccb72109ea668d28b8a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is-5V1QM.tmp\bac147d1203520d8ecbe6e961acc9f68.tmp
6b4042c0fdde4ccb72109ea668d28b8a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is-HJ8KA.tmp\bac147d1203520d8ecbe6e961acc9f68.tmp
50cc823a39fdc99af0b776f243f0494f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is1719534685\03D4C062_stp.EXE
a379901c2b15f242b0e36a86365a7fc2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is1719534685\07953D56_stp\RAM.dll
2207a8ea3f2f68c5a9369fe955855b14 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is1719534685\3FCB9863_stp\icc.dll
2db34c7d07707168429b0b2633ff75c0 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is1719534685\3FCB9863_stp\sqlite3.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: My Program
Product Version: 1.5
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description: My Program Setup
Comments: This installation was built with Inno Setup.
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
CODE 4096 37732 37888 4.65524 6cb47a6ca79b8ba11821dd6d73bed266
DATA 45056 588 1024 1.89736 5d98c64569668b0235ae89005918165a
BSS 49152 3720 0 0 d41d8cd98f00b204e9800998ecf8427e
.idata 53248 2384 2560 3.07115 bb5485bf968b970e5ea81292af2acdba
.tls 57344 8 0 0 d41d8cd98f00b204e9800998ecf8427e
.rdata 61440 24 512 0.14174 9ba824905bf9c7922b6fc87a38b74366
.reloc 65536 2228 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 69632 11264 11264 3.11631 926f820856dd1c1ccb459b60dd976669

Dropped from:

Downloaded by:

Similar by SSDeep:

c8b8200c5a9b67948f809c3b281ba5b1
76c08669f23f1491b465d497f95dde79
e31951cfc319401c6a41921aa9794689
ce1eff4ef242ab6df920285681f37b8a
61c361166d0e514d97124a065a7f566e
cfcf2539ae7d3a7d7a96cdb717c0102b
e6503cfc478fcc3e1acc58389c7684a9
57d8d619c802480c2955f735b2acc679
b638aa6e9e82ee20d49bad66b45acda4
cff880a61c179e8a6c728200c65eaba4
7ed9bbdb15b1a4b08fedd095711ad1a4
6c2aea42b219d2d85f0c07833b33267d

Similar by Lavasoft Polymorphic Checker:

Total found: 15
c8b8200c5a9b67948f809c3b281ba5b1
6c2aea42b219d2d85f0c07833b33267d
7ed9bbdb15b1a4b08fedd095711ad1a4
cff880a61c179e8a6c728200c65eaba4
e6503cfc478fcc3e1acc58389c7684a9
cfcf2539ae7d3a7d7a96cdb717c0102b
61c361166d0e514d97124a065a7f566e
ce1eff4ef242ab6df920285681f37b8a
e31951cfc319401c6a41921aa9794689
76c08669f23f1491b465d497f95dde79
38ab61b8f46e285b1d19a6ada895f8de
57d8d619c802480c2955f735b2acc679
b638aa6e9e82ee20d49bad66b45acda4
049f75992bffcd46065d887bbd2132f7
7765b0c35c96816c3978f641868cdd31

URLs

URL IP
hxxp://info.telechargercdn.com/?v=1.02&c=b602dcab&at=1719534685&cntr=0 54.201.54.71
hxxp://a1467.g.akamai.net/js/BrightcoveExperiences.js
hxxp://os-slv-1323817372.us-west-2.elb.amazonaws.com/Telecharger_v2/?v=5.0&c=1870265725
hxxp://54.225.246.127/?pcrc=1879128792&v=2.0
hxxp://cb.brightcove.net/services/viewer/federated_f9?&width=460&height=250&flashID=myExperience&bgcolor=#FFFFFF&playerID=1234656107001&playerKey=AQ~~,AAAAxts1lxk~,-C26zD71KcafNkqL9k2lgURsIfyt6Tvx&isVid=true&isUI=false&dynamicStreaming=true&wmode=transparent&autoStart=&debuggerID=&startTime=1409030062121
hxxp://www.neutssoftware.com/files/SetupXWebdesignor.exe 82.165.67.203
hxxp://a1467.g.akamai.net/viewer/us20140807.1543/BrightcoveBootloader.swf?playerID=1234656107001&playerKey=AQ~~,AAAAxts1lxk~,-C26zD71KcafNkqL9k2lgURsIfyt6Tvx&autoStart=&bgcolor=#FFFFFF&debuggerID=&dynamicStreaming=true&flashID=myExperience&height=250&isUI=false&isVid=true&startTime=1409030062121&width=460&wmode=transparent
hxxp://a1293.d.akamai.net/get/flashplayer/update/current/install/version.xml11.6.602.168~installVector=6&lang=en&cpuWordLength=32&playerType=ax&os=win&osVer=7
hxxp://img.telechargercdn.com/img/Lilisipipe/Lilisipipe.png 74.81.69.244
hxxp://img.telechargercdn.com/img/Sesakesaye/Sesakesaye_bisli.png 74.81.69.244
hxxp://img.telechargercdn.com/img/IE_logo.png 74.81.69.244
hxxp://img.telechargercdn.com/img/CH_logo.png 74.81.69.244
hxxp://img.telechargercdn.com/img/FF_logo.png 74.81.69.244
hxxp://img.telechargercdn.com/ofr/isicicc.cis 74.81.69.244
hxxp://img.telechargercdn.com/ofr/RAM.cis 74.81.69.244
hxxp://img.telechargercdn.com/img/Nobaxotat/Nobaxotat_logo.png 74.81.69.244
hxxp://img.telechargercdn.com/img/Mapayuy/LOGO.png 74.81.69.244
hxxp://img.telechargercdn.com/img/Ropopi/Ropopi_Title.png 74.81.69.244
hxxp://img.telechargercdn.com/img/Memiticeper/Memiticeper_BG.png 74.81.69.244
hxxp://img.telechargercdn.com/img/Memiticeper/Memiticeper_BG_BR.png 74.81.69.244
hxxp://img.telechargercdn.com/img/Malaromoro/bg1.jpg 74.81.69.244
hxxp://img.telechargercdn.com/img/Malaromoro/bg2.jpg 74.81.69.244
hxxp://img.telechargercdn.com/img/Rilides/bg1.png 74.81.69.244
hxxp://img.telechargercdn.com/img/Rilides/bg2.png 74.81.69.244
hxxp://admin.brightcove.com/viewer/us20140807.1543/BrightcoveBootloader.swf?playerID=1234656107001&playerKey=AQ~~,AAAAxts1lxk~,-C26zD71KcafNkqL9k2lgURsIfyt6Tvx&autoStart=&bgcolor=#FFFFFF&debuggerID=&dynamicStreaming=true&flashID=myExperience&height=250&isUI=false&isVid=true&startTime=1409030062121&width=460&wmode=transparent 184.84.243.199
hxxp://fpdownload2.macromedia.com/get/flashplayer/update/current/install/version.xml11.6.602.168~installVector=6&lang=en&cpuWordLength=32&playerType=ax&os=win&osVer=7 184.84.243.10
hxxp://c.brightcove.com/services/viewer/federated_f9?&width=460&height=250&flashID=myExperience&bgcolor=#FFFFFF&playerID=1234656107001&playerKey=AQ~~,AAAAxts1lxk~,-C26zD71KcafNkqL9k2lgURsIfyt6Tvx&isVid=true&isUI=false&dynamicStreaming=true&wmode=transparent&autoStart=&debuggerID=&startTime=1409030062121 66.150.102.78
hxxp://cdnus.telechargercdn.com/ofr/isicicc.cis 50.115.122.45
hxxp://cdneu.telechargercdn.com/ofr/isicicc.cis 85.159.237.103
hxxp://admin.brightcove.com/js/BrightcoveExperiences.js 184.84.243.199
hxxp://cdneu.telechargercdn.com/ofr/RAM.cis 85.159.237.103
hxxp://rp.telechargercdn.com/?pcrc=1879128792&v=2.0
hxxp://cdnus.telechargercdn.com/ofr/RAM.cis 50.115.122.45
hxxp://os.telechargercdn.com/Telecharger_v2/?v=5.0&c=1870265725 54.203.246.77


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Outdated Windows Flash Version IE
SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack
SURICATA STREAM SHUTDOWN RST invalid ack

Traffic

GET /img/IE_logo.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:54 GMT
Content-Type: image/png
Content-Length: 5406
Connection: keep-alive
x-amz-id-2: YIDjdZQFqXng/IY73P7Vt8ltatzC8 JIkcO0hlogyeUmFbcmLl7TiVlzhbR/rYzw
x-amz-request-id: 7D0A09E1C4A6436B
x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:46 GMT
Last-Modified: Thu, 21 Nov 2013 15:40:00 GMT
x-amz-version-id: ULP9X2D2g9vGJo_NefwroanEdNt0Bt7c
ETag: "0866b0f3be00fd96d58f7fba54d6700d"
Accept-Ranges: bytes
.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/FF_logo.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:54 GMT
Content-Type: image/png
Content-Length: 5025
Connection: keep-alive
x-amz-id-2: x5UlFR9KfJZ5kimROMx5C2BxITZkXH5XBAY8EOXMxtj0daRfIq0o3yZNQJvflwHG
x-amz-request-id: 6698F11F7191AAEC
x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:45 GMT
Last-Modified: Thu, 21 Nov 2013 15:40:00 GMT
x-amz-version-id: g_t3b7eiRe5f7z2B5bSNHqt0MOq9rM5O
ETag: "6bcecb3debf7e4a0569b6a9d6e62adab"
Accept-Ranges: bytes
.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/CH_logo.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/png
Content-Length: 4577
Connection: keep-alive
x-amz-id-2: qPX69rmWd7RLC61YZSsOU/UDEsgmnnim9buXJyqtLuLiWoP3wg3Th3tZPXZq3kQL
x-amz-request-id: EEA41C5DE3F4855A
x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:44 GMT
Last-Modified: Thu, 21 Nov 2013 15:40:01 GMT
x-amz-version-id: osjur0cYkvY0gJkbPOZZ_tbD.fAnrMVX
ETag: "ad8ed967a43ae4d7d6c28ff2ed3c8550"
Accept-Ranges: bytes
.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/Sesakesaye/Sesakesaye_bisli.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/png
Content-Length: 19316
Connection: keep-alive
x-amz-id-2: Sr1st5 k9I7mBlRTXPfdm/vFzHE xvnvGggiG7thaid/7QpILLBlMYzli2B9nkgv
x-amz-request-id: BFBE1D8851F0B2A6
x-amz-meta-cb-modifiedtime: Fri, 07 Feb 2014 16:36:40 GMT
Last-Modified: Fri, 07 Feb 2014 16:40:30 GMT
x-amz-version-id: yfosfRpOf.8mDjaIHnFVAoJJNdB_rGPY
ETag: "e3a7e42373e168852fc2a4d9a17d2583"
Accept-Ranges: bytes
.PNG........IHDR.......).............pHYs.......... .....OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/Mapayuy/LOGO.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/png
Content-Length: 16671
Connection: keep-alive
x-amz-id-2: n55ivlEcGzAXRKzg dTuZl9dZLWhrZai1I5NAbPFfLZdIW4FbV5H/b91EtmF4CeJ
x-amz-request-id: 992F737D1D59E28A
x-amz-meta-cb-modifiedtime: Mon, 10 Feb 2014 08:51:03 GMT
Last-Modified: Mon, 10 Feb 2014 09:24:37 GMT
x-amz-version-id: 5u3JQZ1GPK62zlrEEfaN7rrrBMh6wKoK
ETag: "14f5d50e6a8628e97604c97e4735fe7d"
Accept-Ranges: bytes
.PNG........IHDR...,... ........y....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/Ropopi/Ropopi_Title.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/png
Content-Length: 6116
Connection: keep-alive
x-amz-id-2: pHo7E7YCNZAHFPkSNa5VSp22nTpVBzFVQo1slt4ReEn7Or2Ab5m9RpHZ68KWHt/y
x-amz-request-id: F7E316503F717891
x-amz-meta-s3fox-filesize: 6116
x-amz-meta-s3fox-modifiedtime: 1387450415497
Last-Modified: Thu, 19 Dec 2013 10:53:55 GMT
x-amz-version-id: 3I.0T8r7FzB4TXAFhfckgLMsgXRICC.S
ETag: "ceb0a8abdb1e31bd3593877e0d862ea8"
Accept-Ranges: bytes
.PNG........IHDR.......&.......o.....sRGB.........gAMA......a.....PLTE
...r..u..m. p./s.3w.8w.6w.8x.6z.:}.Aw..x..{..~.!..<..>..C..H..C.
.K..E..K..F..K..Q..S..Z..R..X..M..S..[..]..b..b..m..#..#..%..)..,..*..
-.....0..0..2..8..4..8..9..<..:[email protected]
..M..T..Z..T..Z..Q..U..U..Y..F..K..N..Q..T..S..T..S..U..V..Y..\..Y..\.
.c..c..k..d..q..Y..]..Z..]..]..^..Z..]..[..]..f..k..a..e..a..e..`..f..
c..e..j..f..o..j..m..t..z..s..x..x..s..{..a..e..a..d..b..e..c..e..j..e
..h..g..j..m..j..m..n..l..r..q..u..q..u..p..r..u..y..p..r..t..t..y..~.
.v..}..x..{...........................................................
......................................................................
......................................................................
......................................................................
..........e....tRNS...................................................
......................................................................
......................................................................
.................................................................S..%.
...pHYs..........o.d....tEXtSoftware.Paint.NET v3.5.100.r....;IDAThC.Y
._....... I. .....d..~..4...&($Q.bl....R....E..J...D..V.u.\..[o7......
.b_..w.W...7WW...v.......4....O..~..=.9I.?.op%|...q.?_...WB...7.#^:~..
7>.6...4b.HO.. ..],&.k...8(N..x....2..Pl..1ac..^.f........C"?.....u
.w.......].1.jZ..`[email protected].. ..W........Xw .kB..E....U....;.
........C......w..\|~..}...)....i..?X>.~Y....o.#c...0.c0..G...@
<<< skipped >>>

GET /img/Memiticeper/Memiticeper_BG_BR.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/png
Content-Length: 27832
Connection: keep-alive
x-amz-id-2: UVKuSy7 D8WWQvvk y6hum6/kSmL1uVaufWqtXFrJRXvOM2JsEo3zFMx9hsGv0t/r EBk/s1ebs=
x-amz-request-id: 2E252BF5F6B4066C
x-amz-meta-s3fox-filesize: 27832
x-amz-meta-s3fox-modifiedtime: 1400575288008
Last-Modified: Tue, 20 May 2014 08:42:30 GMT
x-amz-version-id: hMLSB0vgTOklyG4KCIA_O16asryLpIqE
ETag: "5b150fe1f86e276f160e26276100a09a"
Accept-Ranges: bytes
.PNG........IHDR...0.........0.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:47D7CD6B132168118DBBA8AD0A7AA509" xmpMM:DocumentID="xmp.did:09F8
7922DFF811E3A66CD6F6724AE1DD" xmpMM:InstanceID="xmp.iid:09F87921DFF811
E3A66CD6F6724AE1DD" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:048011740720681183
D1DF84D53E4E64" stRef:documentID="xmp.did:47D7CD6B132168118DBBA8AD0A7A
A509"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>j$>M..h.IDATx....|.......p8..{..(R......
..Il'.....}......f..d...N6..q\b.....%Q.(..{.3.....w..)..*.4..........p
...{..NQ.........T...........'...?...X.X$..qQ......j.....!d..$..#..j..
.c..(.*MRn.-.{Cmqa...K...w.z]q..s.......@....~...wO....msM....v.......
L.|j...[...W.........9........h.X..kU..YU...~J....l.G. ...k.K.2?n?J...
........[VS.ne...........w`........E..%}R..S...)...e....LmU~v.........
.={..0......,.u.......-...z.tMU....J.'_.)5.....N..s.c?.....i...et..j..
@4.....!T..V-.{..#.......#.....g...'=..../w{~....-.N..X,..]q...CH.
<<< skipped >>>

GET /img/Malaromoro/bg2.jpg HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/jpeg
Content-Length: 59210
Connection: keep-alive
x-amz-id-2: HK1tPl8BVWfjcfJCxh64UrgvrXGnVVd8qJuYPz0efvZMS7bFy/nGQAuySA/ofhJw
x-amz-request-id: 9F833B205E5DECB9
x-amz-meta-cb-modifiedtime: Sun, 16 Mar 2014 10:17:54 GMT
Last-Modified: Sun, 16 Mar 2014 10:45:33 GMT
x-amz-version-id: JMXnkH_Q4w85o.RRxkVvr1HHBSYxTWbA
ETag: "3ca90bdb0184dba078b0e604eb239df0"
Accept-Ranges: bytes
......Exif..II*.................Ducky.......<.....ohXXp://ns.adobe.
com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-
c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRe
f="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://n
s.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:345E81DDDAA9E3
11B383BEF54B638275" xmpMM:DocumentID="xmp.did:118EE61EAA0211E3A8EABD13
5B592C02" xmpMM:InstanceID="xmp.iid:118EE61DAA0211E3A8EABD135B592C02" 
xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedF
rom stRef:instanceID="xmp.iid:086B2D40FAA9E311A847ACF83C7EB2CA" stRef:
documentID="xmp.did:345E81DDDAA9E311B383BEF54B638275"/> </rdf:De
scription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"
?>....Adobe.d......................................................
......................................................................
.......................0..............................................
...........................................!.1.A".Qa2..q...B#3..Rb...C
$45..r..cs%....S.DT....U..E&......................!1.A.Qa.q.."2......B
..Rb.#[email protected].*..b.,...]H.Z7
.|1.....v.4....M.....T.<.Q......z.....u9...\u.......M....r'.gW.hM.B
[email protected]..:.....:.s.......:...L..._..%nh6._........b)
<<< skipped >>>

GET /img/Rilides/bg1.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/png
Content-Length: 270544
Connection: keep-alive
x-amz-id-2: rOGQ9EjEfoxvkJI Kq0O507imJVe7S h5ydzVZSEDjY2PbC9eybkl4oBwLI2GoVcFqJTRDR3oWw=
x-amz-request-id: 9CCD9B4418E832D2
x-amz-meta-s3fox-filesize: 270544
x-amz-meta-s3fox-modifiedtime: 1397396637300
Last-Modified: Sun, 13 Apr 2014 13:58:59 GMT
x-amz-version-id: R_nS0AGSDj8KviWXfqPQEZ5WZkK48wlH
ETag: "b287ea9709eef2cd60b92074479d5fe0"
Accept-Ranges: bytes
.PNG........IHDR..............7......tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:5B5972EFDBB4E3118BE9FFB1A25D5C53" xmpMM:DocumentID="xmp.did:C0B1
4E2BC30311E3A5B6BD720ED5AFD5" xmpMM:InstanceID="xmp.iid:C0B14E2AC30311
E3A5B6BD720ED5AFD5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:26615D92F1B4E3118BE9
FFB1A25D5C53" stRef:documentID="xmp.did:5B5972EFDBB4E3118BE9FFB1A25D5C
53"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>\s0.....IDATx.l}.`\...w..U..,.w...n.m:...%...
B*....@ ..?/!..z..1.w...q...$.kW.....f.. ...D.....9sf........C.i......
....e........1_e...L. .....3.N......X0.q.U,:.m..i......,;@..(....W....
..C/.w.;...]./..=..>....E.........xF..=....2B..?.D.y.z......6..t. .
......,..hR,.aZ......<&. _..3<...Y|=?...d..|.y.w.>.l.........
@((c.{x....ad...... ..!...q..y.=S....i!..Q..=.;.n.]..<7z>_fW.#m.
0....../[email protected].........,....ux......?..#.........d.Ch.....q.
4W.3.}j.d.._.:Eo...kX6.......Zzz].:......D.^S~.....<P....S..J..
<<< skipped >>>


POST /?pcrc=1879128792&v=2.0 HTTP/1.1
Accept: */*
Host: rp.telechargercdn.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Length: 1184
Cache-Control: no-cache

.I..~...$$.......m.....t...:..E..O...*...1Yb...Q.~...*....r...j.2.5Dp(H..%.AmE1\.C.D.[.V.....H..Jfe"..../........ P$.O>..
.. .h..n..1.UC.iF..e..
\1.8S.aG.....P..... kZ..Q.O.p.
sA.....:.*|..v{.4..F..`.....a/.1d...st.....a..`.c.....s..N.R.%UW...>.._d.....&....7..k_.L.q.xa....b_.vr.....d......OLM..O..).uKM....H..q....'...'*...^P..oLD......~h..XL....K..FL\.`w..;.....[.@., .O..#S.....k#u........Y;|.3..8.K..3..]..N..... E..d..R.n......c.Zf..w.H .S..,da..l....Ci...D]{O.{.CFG.`....f....D>l.._.A.HQ...4C.1..P2.....6...;d]vb.5......4....
4.N.=_wX...~.......U..&............[s.R...5qc.Z.j._6e1..M ".r.8*....^.....V:0H./.t..7.@......:.4......j........#'...N.>...1W$.Q.Qq'.Lz
..6A..Mq...e....z.!f...p..X...F..t.OX.<..X.<.y>EZn.F.S....`.).(...g.zR_]H......{.......z.-.. [email protected].`..`..9a,O. ....e.8...O%...z..."..qD._. E..PJ.H.....7.bG.k:a....r{C..#..k!......[.
..lLJ....xA1.................H..m.<..H.}...R...^h"..-.<.../..w.......5g>>I..yu..RQ.#..z..M.a9../l4gW.
.;..;BK.n:.RP.'.!..;.G...}........X......q.....R.>.h?...8U.$r.M.F0.....BD...?..C..?.Eq.t.$.....&..A....Yx.'........Km......x6.p...F....Gh.n... 
.T\k._..M.3.k..X..... .-...!.....O.....|..RW..........M.NX.$H.........i..u..
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Aug 2014 10:14:24 GMT
Server: TornadoServer/3.1.1
Content-Length: 4
Connection: keep-alive
DONE..



HEAD /ofr/RAM.cis HTTP/1.1
Accept: */*
Host: cdneu.telechargercdn.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/1.4.7
Date: Tue, 26 Aug 2014 10:06:50 GMT
Content-Type: application/octet-stream
Content-Length: 68754
Connection: keep-alive
x-amz-id-2: Ru5EMuccuGJqx26fmYji4Ag/8RN2CKK8 i 9Ueq9QLsd wQ4Ac0EJJjgABeqHNfX
x-amz-request-id: 6C57ADD5CFC26F6A
x-amz-meta-cb-modifiedtime: Tue, 25 Feb 2014 09:01:03 GMT
Last-Modified: Tue, 25 Feb 2014 09:33:04 GMT
x-amz-version-id: 0J7Ku3fOApQ0maOx9q3GISpaX.5t75it
ETag: "85a9022d4d17cf300c437ae38df1e2b6"
Accept-Ranges: bytes



GET /get/flashplayer/update/current/install/version.xml11.6.602.168~installVector=6&lang=en&cpuWordLength=32&playerType=ax&os=win&osVer=7 HTTP/1.1
User-Agent: Shockwave Flash
Host: fpdownload2.macromedia.com
Cache-Control: no-cache


HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 350
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 26 Aug 2014 10:14:25 GMT
Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/update/current/install/version.xml11.6.602.168~installVe
ctor=6&lang=en&cpuWordLength=32&playerType=ax&os=win&a
mp;osVer=7 was not found on this server.</p>.</body></h
tml>...



POST /?v=1.02&c=b602dcab&at=1719534685&cntr=0 HTTP/1.1
Accept: */*
Host: info.telechargercdn.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Length: 172
Cache-Control: no-cache

6l7GU7LYt04pVHc/00d7JuectCNE2n4XugwChI2e/AR/TjBOnxphoI9/prMqHv/30uMqo7qW80vrGbYZi2Kop9FYqPWDWUiR6b3eFxObkwkHZl00YRJSZXLftLTW3TB7hU4bO9egsOPRdayOPox9OCCpE2ACHYN0honXpMwPVyo=
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Tue, 26 Aug 2014 10:14:23 GMT
Content-Length: 472
Connection: keep-alive
cIMvE5ZFmIN0AcJOKBL2UWRW48V4TcXjapjPv86E7xsOEXI1hzX5RZxITp6Wp4SkffUxCb
/zGA/ogbZLg0HLnrXRefFEPaWu7Z6gFrvWvmEfJJObajAzgIq 6GL2XjIh/OthGUwx8UqN
ynwjqrB5nZKrSoI3h/9L6e7AZRZJeiuo/OTsD/vnFxFjY462LrdiAcgRG4lQQVbRkfacAu
 lx/w4H4H/gMYTO4rXcm7GrTHgLC6dGBjcsxRz2nnUPxg3It1tsS/RO3 POAzbPD/GQtGU
NI3qdhqWwft9hm9tqUHaoC1/3pbgoj2Xg0qxCbArcnHwe8nYYTqZYb6uPP6IF7Bq6t1HBE
KOek4ZlCnEeteGMVwmA5oAalegQ3PzpUcBMy05y/S/VfOlhoZwTjcMf8j4z4joyVZAsjkq
VvptRbLW2VE2W9oFhHGftd7k4 ZxLgTG5I09KcJHmMqvrqSxKg==HTTP/1.1 200 OK..A
ccess-Control-Allow-Origin: *..Date: Tue, 26 Aug 2014 10:14:23 GMT..Co
ntent-Length: 472..Connection: keep-alive..cIMvE5ZFmIN0AcJOKBL2UWRW48V
4TcXjapjPv86E7xsOEXI1hzX5RZxITp6Wp4SkffUxCb/zGA/ogbZLg0HLnrXRefFEPaWu7
Z6gFrvWvmEfJJObajAzgIq 6GL2XjIh/OthGUwx8UqNynwjqrB5nZKrSoI3h/9L6e7AZRZ
Jeiuo/OTsD/vnFxFjY462LrdiAcgRG4lQQVbRkfacAu lx/w4H4H/gMYTO4rXcm7GrTHgL
C6dGBjcsxRz2nnUPxg3It1tsS/RO3 POAzbPD/GQtGUNI3qdhqWwft9hm9tqUHaoC1/3pb
goj2Xg0qxCbArcnHwe8nYYTqZYb6uPP6IF7Bq6t1HBEKOek4ZlCnEeteGMVwmA5oAalegQ
3PzpUcBMy05y/S/VfOlhoZwTjcMf8j4z4joyVZAsjkqVvptRbLW2VE2W9oFhHGftd7k4 Z
xLgTG5I09KcJHmMqvrqSxKg==..



GET /ofr/RAM.cis HTTP/1.1
Range: bytes=0-68753
Accept: */*
Host: cdnus.telechargercdn.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Server: nginx/1.4.7
Date: Tue, 26 Aug 2014 12:04:53 GMT
Content-Type: application/octet-stream
Content-Length: 68754
Connection: keep-alive
x-amz-id-2: i/7S0 3qqusoaFxqGYvkvKQNsWQ9hR9XtH93SytmPqM5ribIw81b27KlmOlpGC 1
x-amz-request-id: 419CAF64A927F11D
x-amz-meta-cb-modifiedtime: Tue, 25 Feb 2014 09:01:03 GMT
Last-Modified: Tue, 25 Feb 2014 09:33:04 GMT
x-amz-version-id: 0J7Ku3fOApQ0maOx9q3GISpaX.5t75it
ETag: "85a9022d4d17cf300c437ae38df1e2b6"
Content-Range: bytes 0-68753/68754
CIS................;...............P.......E.v P.. .v.f*...]....HO..HO
...#a .O..>.ucs..#1.y.e0..M8h..'.../.H...[&....-l......0dnz.H.u...f
.8e..@|..R...~....6..Ey.&..K... U.[.F.s{.b..w..@...[b.........Wo.,....
....].[hc>.`.>$((V..=[.y.)..R....@....*.P.B....].a....J.....g...
G.`Y..`.......\...a.....A...=.'[email protected]=H.N.K.Pp.. .)...].Z.iJ......
h1qV......../.|...x......O.N...{.........*....6....IC... -...1R.#OW..O
] .h.L05%3...VP.M.eX.......U.n.u...V...3c- .........].y'...d)9.7..N.D 
/.B.6)]..I....C..ci..E"..KV..._.x....i2....E..\`.......*$...t.\ .:.h..
...}G..a..5...?.sP.U&W>.S..t\[.,..E=.$.i[bO2..5.9....b.N.sm.....yk.
{..*g|..^..:3.......7.o..:Ks...oP..*....e..e.{C.t.. .'..|O..J..`..../.
1.....s..rq..).....1&}.{[email protected].....=.\.......S6...............
...EC.......$3.......y...7.U."..75.m..e...KU.....Q...Q.L..LY.oH..i..h.
.s.*....N..[J. [email protected]:..P.N...........cC...K...[.!.j.../y.AAQ
.....W.t.....}>Q.`.Y..O...xX.N.s.q.T)..m..4..]....B.!,S..W.f.r*h.e%
h.W<.....3...V..k.q...i..z....=J3.......^.fq*.[.._>...s...}1s.h.
.E-...N.3s.~.. .,.^..'!.E.w..'}.JTPH..A..L.,P....W.....mW..D........zH
.=.."...SoC..-...... Y-.>4#.....F.......% .Q-..p.c.X.:......p.:bi;.
C5.s..2R92..H.|.V.....q..U.{(......!......l.^..Vz.L....x...{..........
...n:...3i.M8.d8..A.......O..U...j.y..I.7z71^g.u....a.0Y...G.S..g.....
Lzb_..$a.&.pV.........=w.E.`..E.Y....L..2.1.Yl>;..%W...G6..........
}..Bl.z'.kQ.Do.......Zf.i].cI]......G."z....%.........a..X .......'v|:
[email protected]..:t..g\.Q... .c*...[...x...<>8c.<
<<< skipped >>>


GET /files/SetupXWebdesignor.exe HTTP/1.1
Range: bytes=0-34913002
Accept: */*
Host: VVV.neutssoftware.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Tue, 26 Aug 2014 10:14:25 GMT
Server: Apache
Last-Modified: Sat, 05 Jul 2014 20:13:48 GMT
ETag: "90600ae7-214baeb-4fd77e13f7530"
Accept-Ranges: bytes
Content-Length: 34913003
Content-Range: bytes 0-34913002/34913003
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: application/x-msdos-program
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......<.ydx..7x
..7x..7_Hz7{..7_Hl7i..7x..7...7q..7s..7q..7y..7q..7y..7Richx..7.......
[email protected]...........
.@..........................`.........................................
..................O...................................................
........................................................text....g.....
..h.................. ..`.rdata...............l..............@[email protected]
[email protected].........................
......rsrc....O.......P..................@..@.........................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
......G..H.P.u..u..u...|[email protected][email protected]...
..@..}[email protected]... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
[email protected]}[email protected].}.j.W.E......E.....
[email protected][email protected][email protected] [email protected].
u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ
<<< skipped >>>


GET /js/BrightcoveExperiences.js HTTP/1.1
Accept: */*
Host: admin.brightcove.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)


HTTP/1.1 200 OK
Server: Apache
ETag: "0fa548ca1fc0d1df629dc070f5dc0b75:1399579531"
Last-Modified: Thu, 08 May 2014 20:05:27 GMT
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Date: Tue, 26 Aug 2014 10:14:24 GMT
Transfer-Encoding:  chunked
Connection: keep-alive
Connection: Transfer-Encoding
00008176...if(brightcove==undefined){var brightcove={};brightcove.getE
xperience=function(){alert("Please import APIModules_all.js in order t
o use the API.");};}.if(brightcove.experiences==undefined){brightcove.
servicesURL='hXXp://c.brightcove.com/services';brightcove.cdnURL='http
://admin.brightcove.com';brightcove.secureCDNURL='hXXps://sadmin.brigh
tcove.com';brightcove.secureServicesURL='hXXps://secure.brightcove.com
/services';brightcove.pubHost='c.$pubcode$.$zoneprefix$$zone$';brightc
ove.pubSecureHost='secure.$pubcode$.$zoneprefix$$zone$';brightcove.pub
Subdomain='ariessaucetown.local';brightcove.experiences={};brightcove.
experienceObjects={};brightcove.timeouts={};brightcove.flashTimeoutInt
erval=10000;brightcove.htmlTimeoutInterval=10000;brightcove.experience
Num=0;brightcove.majorVersion=9;brightcove.majorRevision=0;brightcove.
minorRevision=28;brightcove.servlet={AS3:"federated_f9",HTML:"htmlFede
rated"};brightcove.playerType={FLASH:"flash",HTML:"html",FLASH_IFRAME:
"flashIFrame",INSTALLER:"installer",NO_SUPPORT:"nosupport"};brightcove
.errorCodes={UNKNOWN:0,DOMAIN_RESTRICTED:1,GEO_RESTRICTED:2,INVALID_ID
:3,NO_CONTENT:4,UNAVAILABLE_CONTENT:5,UPGRADE_REQUIRED_FOR_VIDEO:6,UPG
RADE_REQUIRED_FOR_PLAYER:7,SERVICE_UNAVAILABLE:8};brightcove.defaultPa
ram={};brightcove.defaultParam.width='100%';brightcove.defaultParam.he
ight='100%';brightcove.defaultFlashParam={};brightcove.defaultFlashPar
am.allowScriptAccess='always';brightcove.defaultFlashParam.allowFullSc
reen='true';brightcove.defaultFlashParam.seamlessTabbing=false;bri
<<< skipped >>>

GET /viewer/us20140807.1543/BrightcoveBootloader.swf?playerID=1234656107001&playerKey=AQ~~,AAAAxts1lxk~,-C26zD71KcafNkqL9k2lgURsIfyt6Tvx&autoStart=&bgcolor=#FFFFFF&debuggerID=&dynamicStreaming=true&flashID=myExperience&height=250&isUI=false&isVid=true&startTime=1409030062121&width=460&wmode=transparent HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: admin.brightcove.com


HTTP/1.1 200 OK
Server: Apache
ETag: "6aa96ed2d44e1a641a6f1c491c9c7943:1407442754"
Last-Modified: Thu, 07 Aug 2014 20:19:12 GMT
Accept-Ranges: bytes
Content-Length: 2650
Content-Type: application/x-shockwave-flash
Cache-Control: max-age=5184000
Date: Tue, 26 Aug 2014 10:14:24 GMT
Connection: keep-alive
CWS.....x...MW.....FO3|I.....1...I.?......X...8.h4..M<.Q....m..i...
..tG.e6==..v.e.>v.B.]uE.....}zR....}....;3;(.g.:c...(.?...........M
.ds.N.0...&.*.[.H.......I..L...};..K.......k.....\....d...z..-Sb.\.<
;wrh.aUUZFk.m.&U%E.Z....F..`HU&4.....\..."3s....b)O..-:...S..:.d:...tj
..\..UjK9...B....G.M..;Y..4.X.T..TO.P....*.D. ..S...g>5.m..:.2....k
..h.....MO..S..X .....Sv.......5i|..uiy).....^.t....B...BwQ.;<<|
,....Xa.s...b..e...B......X[.(c.o.O...>.l.JGQ.%...1.oY...'>I.X..
Yv.X..M.:..E..O..F.......m...os..XRu.f...b..]J6....}....7q.Wy .N...Ye.
..l..z..t..7 ?r......X.S...]..d6f..g.....].F.2]..vj..=/..A..Zc/M.:.fP.
6q.Va......vb....4o..9...l...5S........~tM...I.%h/..-...p..o..[....mH.
..)oj.X.Y5\..(....T.E.x..]<.&.......n..2...N..........F....tq<5.
N.H.=.pu..Xm&....'f.{Pn.LpL......c[V\}...g.........M./.....V.U.L.[....
..mj.<g,=z-} }39z..x*....J.`....vm.^g.....?.".S4.j.F.(p.U....@W....
[email protected]...........*...Z.Z^h......s2.....j.p.~~5&....f.F.W.s ..b4SXZ
^.].m..fY..b.|acve....l.#^gq6..._.0...\..f..O.....:@.f.....:.....:....
C3...E.U.4d......l8T.........B.x9n..h..g1.lk.<]....<.av.N.U....R
...*.....F8.. .c..C.`O0...Z(7.............f[U.b...kB.H..k.D..`zRj..NBr
`vLJD.#...yNE<.*=.=K5.`.3.l..C......L.Ab.....B_d*...F.t."Y...Z.nxIv
 .....a.....-.c..~......>xY.L.>..|nS..M.....M..w~z..q.w`.....m..
l.d......r..aH....0.t.O..T.NA..p....~0.\..G.n..X......9..'9..y....([..
QIw.....~...k....H..J...jr...by..K.i 4!y&...Z..(.l...m.....Q.......)s.
&...... xj*OWa2S.O..B.. ..e%..65.d..1}..`.....r$..^.....{...@.....
<<< skipped >>>


GET /files/SetupXWebdesignor.exe HTTP/1.1
Range: bytes=17612800-34913002
Accept: */*
Host: VVV.neutssoftware.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Tue, 26 Aug 2014 10:14:26 GMT
Server: Apache
Last-Modified: Sat, 05 Jul 2014 20:13:48 GMT
ETag: "90600ae7-214baeb-4fd77e13f7530"
Accept-Ranges: bytes
Content-Length: 17300203
Content-Range: bytes 17612800-34913002/34913003
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: application/x-msdos-program
9d..IS...G.rU1j1'...X-..~..h...=..f|.&..h..*.....R.......3.\....&.^L..
...W../..8.i8...|..m....jo..5.@...... N.\.$.A....Sr..z..G......3.Ru...
k1....CN....Rm^..T1u......8UMu.r...].9EPk/vo.........E......d)........
-.;v..~.8...2..#.M,#p..%e..#....-..x.v...5.m......!/..F ..&: .....z\.-
.e...bK.W...!.e.y.(f9.Z.......B....Y\...9..T..@.... ..d. X......D.b..P
...g...#......Z....E.w..l.,.E.u....R:..3.....<k.n....1.A...D..R.07.
.$q.P.........O.....^.}..(3.~..|e:E5cZn.R.!....j...#...{..n..4...R.|X.
...K.TkS....BZ..........M.):N.4{.~.B..xc..A...]...]5.9J.,s.....n.P....
9//(.....d.FH.q..j3tI..Au.....!......\.)...."H.Y.@.:5...L..;..#...vP..
[email protected][email protected][F..w...m..~..Jm..t
0...^ .._....,..&&..y.t.....k.n..gg.......|6.8.,...........@%.....i.N-
.. [email protected]...........=*...c]j,....
gy.;..Yk..^..6....>.c../.......L.^.h4.L........1I.uD.E.f.../.S.....
B...K..kx%ak..W.[......M.7.Q.Y'.@r...,/.N..).iM.s.N$.&.....$.}.d.3"...
.......`B%[email protected]\V...a.:...(..........W/.W._F~O~...a....D..Q(
..J..L..L.sXmN.Gk...=....q.Y.'U4..B:.~.w<....e...GF.\fz...v..6.."..
........J...5.a..EV.)%...........c.l..O...;....X.V<]4.....&A...c8y?
....4...mO.........r.....B..:.k..HWGQz...^..5.h.z...S.O..<#._.f..s.
;7kL2...:HO......].....-'.........I.....|:....Y.....U....q.b.j.?.5...g
..O....6..! ..99.......j3.OtI.;.....>_....V_... .[.....#gO...4...^.
]...<.....tB........&8.~..Ak2........"?....S|Pc...%*....:...P.8...X
..o....4ig ^..u4K.......e..s...\....)......M.6..|.c.7d;.u....x.Z. 
<<< skipped >>>

GET /files/SetupXWebdesignor.exe HTTP/1.1


Range: bytes=16793600-17612799
Accept: */*
Host: VVV.neutssoftware.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Tue, 26 Aug 2014 10:15:08 GMT
Server: Apache
Last-Modified: Sat, 05 Jul 2014 20:13:48 GMT
ETag: "90600ae7-214baeb-4fd77e13f7530"
Accept-Ranges: bytes
Content-Length: 819200
Content-Range: bytes 16793600-17612799/34913003
Keep-Alive: timeout=2, max=199
Connection: Keep-Alive
Content-Type: application/x-msdos-program
.`Uufm.....iwU^.K.W.6p^..q...I....675}..J...c..s...._..L...J.....7NFq.
.x_...Lq7.<#.f.o..x....<..Y..Zg..{..Z./.x$,j...~]V.]v{Zii.......
\....:....9..=....v..-k..9.C....J..../....y....1S.)w..?..`./t98_..i...
.#^K 4..k._....9Q.T.J..........Z.kS....`'.."...;...[V^\....d.,.e'zT.',
2.;..g...5..]...:...z.x.........y....M5.w>..<j.~J......|..=.....
,.%.w6....... /;Y...T#...G......~.2H...d[k..qK..0Kq..y6.....W{.#S.~...
..K...nu.....f.......Y/...Ky.HZ.\Q .....H..'.z%....sy.....;k..f......?
wg.h..v..e.xO.......o.$..{6...8.z...b._.H.l.N..q]N..*4og.....K_hB{.($M
.l]V.u.2<.{TG@...>r..../.]..N.s.c..Gj...w..?-..) .Df....E.C..9.&
gt;.....Z......&B........;.....~...b ..i..n.......j..S.o.....V..[n....
....4.....uF.?....2.........f.~.........|vJY.hM.Y...]..=~....F......v.
.>.....sZ..Z...!O...!V...#_'........(..Xr\....R...iO....n.._0rF.U&g
t;.........Q.R.|.j...e.2y......t.e.?.N.W..Jy.Q.5..W.Il...6.K.:3.......
.J..W.......]<.O4h.........B...>.J(_....{.....|}..;....s.......K
...&!.........E5J....b....Vjir...7......vn.(..{..J..zN../..H.~;u.....z
.,......^.m..z.l.....Y...M~....{.x..C.......`...........)...R.[F..m...
X..oR......V..\...s...RPg".h..q.!..Vp.".........z........ll.0.;E~V.C..
.k...._.*...B/.|.C[.QkTw.......Cu..jkz.gO.-].........M.....q]...[.....
..|.....*.....!Y..v=..../.....R}&.c.Ak{...cg....^...n*...L...1...3Y.9.
{....~1..'|.....:....s}[email protected].%.j.E\..Z.z.6.2....p>...W...... <
#..O...l'.....'K_e..S...9.?9....\i.a.9.f..z2BQ.F/.....Z../.c..O...w_..
 ..m..^......- .j.\...~.R.n..[...=....-....J...p.W..F..Y....R..5..
<<< skipped >>>


GET /ofr/isicicc.cis HTTP/1.1
Range: bytes=307200-372326
Accept: */*
Host: cdneu.telechargercdn.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Server: nginx/1.4.7
Date: Tue, 26 Aug 2014 10:06:52 GMT
Content-Type: application/octet-stream
Content-Length: 65127
Connection: keep-alive
x-amz-id-2: SmhVojHQT7wSBmxg2FwabTZ/61dpLzujul/3h49d1/UCfsO321QrOqYXZ13CoJTHeu77RuntF5M=
x-amz-request-id: 9D097FEDE4281C54
x-amz-meta-cb-modifiedtime: Thu, 21 Aug 2014 18:09:22 GMT
Last-Modified: Thu, 21 Aug 2014 18:09:53 GMT
x-amz-version-id: IDS4CZSC046wanRoVX.MC2H9DD2yHi_S
ETag: "a0fe664dcc1b1269ca09eeee5bf2e41c"
Content-Range: bytes 307200-372326/372327
....o.c.....v..;..e.$o.I.\.$U.....NQ.....4......}7.X...c.v.l.#E....s..
Je.. 3K...b..EW!.I...{......:oTd..7......E.P;..^..".'..........J.q..].
o..U?.Ur....8.'.'R.T'<c..B!,....Jw\%;7....  ..x..>K..8.T.....8..
..r2..N.1Ncu([email protected]......`/...o..u..d...c..O..L..&..........JL@e....:
[email protected] w.......Wz..ymp..7...cS...'`n...G..D...Kh....$.....F.......m..
HF.}v....;.>.hI....a....f.]t....]...$..N......rc.Uq.7.Y.....J..u'h.
'..........Z.....\<01 RK..>.a...2{...(.a...N.o....g......9Y...;.
h......1....y,...#.i}3...{g.hdq.1...*.W_dh...SN....J./.k....{.s....pZ2
........x..C} ..DpuH....M.:....E..71....S..M.......33.d...mrV....THVo.
..../.7.............Q.../.{..&.Sl...q..JI...^l .._7...A.cJ.F...>..2
e....%..j......Z;u..[...-.c..E...).....]...Ci.8....kW.0..........R..mz
...39I.m_. .N.[.O..q.dm..?b....7.....$N|O..B.o...p.!...}..x.9..l[%....
3...,..%X.d.......f6oF.M'.?.......<...(..y.;.}...6.O..h...b K......
....`yA. w......^...g......;}...0.tx)...."[email protected]...%o~...3........B..Y
).3.K.....4.n..J..F..?.F.Va.G.......fS..>E<9.9R....]...e.)E["...
M.-AE.p.]..M.r.{MK/.e..-....I......&^...G.F..L..&.CQ.fv..)?...........
.D ...(X.<.i..L...`......dG...H.....B.......S0....}K.>..]......d
.....T....1N.U.L.o...J5.! .Os.. ,..2..0......I,|...'.....TK..B..V..f.B
.&...M.....^.B.=Jb......k..\&c.....B...-.NF.H...}...#...k..Pu...n.....
@.....:...2......z ...Y.=.D..z..zY..}. L.y..|..%.,...p....{K......'...
.......w.0L.....S$6.nyq..r 9.......AA7..(..l.43(.....$.P.l..kgV.i...L.
\=9.......a...u ..kYo.8x..NfS.E.V...(K;C;.{.L........L......?X..t{
<<< skipped >>>


GET /services/viewer/federated_f9?&width=460&height=250&flashID=myExperience&bgcolor=#FFFFFF&playerID=1234656107001&playerKey=AQ~~,AAAAxts1lxk~,-C26zD71KcafNkqL9k2lgURsIfyt6Tvx&isVid=true&isUI=false&dynamicStreaming=true&wmode=transparent&autoStart=&debuggerID=&startTime=1409030062121 HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c.brightcove.com
Connection: Keep-Alive


HTTP/1.1 302 Found
X-BC-Client-IP: "%local server IP%"
X-BC-Connecting-IP: "%local server IP%"
Last-Modified: Fri, 08 Aug 2014 13:37:23 GMT
Cache-Control: must-revalidate,max-age=0
Location: hXXp://admin.brightcove.com/viewer/us20140807.1543/BrightcoveBootloader.swf?playerID=1234656107001&playerKey=AQ~~,AAAAxts1lxk~,-C26zD71KcafNkqL9k2lgURsIfyt6Tvx&autoStart=&bgcolor=#FFFFFF&debuggerID=&dynamicStreaming=true&flashID=myExperience&height=250&isUI=false&isVid=true&startTime=1409030062121&width=460&wmode=transparent
Content-Length: 0
Date: Tue, 26 Aug 2014 10:14:24 GMT
Server: brightcove



GET /img/Lilisipipe/Lilisipipe.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:54 GMT
Content-Type: image/png
Content-Length: 4205
Connection: keep-alive
x-amz-id-2: gJba6edyY1svtm4fITGZ/NFH8cwvZD9kODF8PD7iWZGWaxkpaAVwRYcOR0QQNieP
x-amz-request-id: EA2F2F12F2597355
x-amz-meta-s3fox-filesize: 4205
x-amz-meta-s3fox-modifiedtime: 1394472583656
Last-Modified: Mon, 10 Mar 2014 18:21:58 GMT
x-amz-version-id: aUbNYoFSmvGMGSTNwmSzDDFZRwAmOUET
ETag: "c55aebc8002d65f19bf01be44577c1ce"
Accept-Ranges: bytes
.PNG........IHDR...t...........:.....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>


GET /ofr/isicicc.cis HTTP/1.1
Range: bytes=0-372326
Accept: */*
Host: cdnus.telechargercdn.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Server: nginx/1.4.7
Date: Tue, 26 Aug 2014 12:04:53 GMT
Content-Type: application/octet-stream
Content-Length: 372327
Connection: keep-alive
x-amz-id-2: 4IaPupJlEfdGjQKv/2gk8mSrl/t hAtO2KkkhwxzuPUmRWlb0uragX5yL1QNpkjfHBdkWeyyc0g=
x-amz-request-id: 983D8FE5FDEEB519
x-amz-meta-cb-modifiedtime: Thu, 21 Aug 2014 18:09:22 GMT
Last-Modified: Thu, 21 Aug 2014 18:09:53 GMT
x-amz-version-id: IDS4CZSC046wanRoVX.MC2H9DD2yHi_S
ETag: "a0fe664dcc1b1269ca09eeee5bf2e41c"
Content-Range: bytes 0-372326/372327
CIS................S.......g.......P.........whp..1...m..&^....=.`t,..
`i...z..S..].].............#a ...\2......c..J.*..Km[>,..."..[..e..~
".~.?p.J...EVB%.:. <.k(...h...$..>.('.... X.............6....x..
.(...uFK)@b&zj-W.r.......zQ...V.Vc...V4]5.'.P4.k4..o...7c|..:B.%...O.^
.._.4..X..l....K....b9._...4..7{*...5..[......'[...B..w>......g....
...^W....C..i...^..?<..O........`Js..^..Py......'...;*i.vQ`..F.....
...7r.j...........O.I.....~....F.B.t-..x(.YK.Z.'...{..T.dF4..O._....w.
...)y.K....8.. ..4t.,.jt.R..L..Q.F.4.L.>...!....5..?[`....;.51l.'..
5:.".......=QX...D,..H_.s.l....%..I!...2.!q0^...@t{..H.7...B:....Q....
.<h..m..R[.M.ve.....F.&t...A.........H,..... A..........\,.M.......
[email protected]`Sq,%*Q..v.?.......i.%...0O...WJ..b.4.s.
...5..M.>P.....<..KO......h....^.>uI.F..Bh.6..4..............
...v.Y..q.L'.Vr.H...F..G|..]t.....8...S?.U.yq..$&..>..........s.3.^
6.P...A...AM.......;hX.$.....n...i..g..1-.7..r.........tW.H...[e>5.
0.......L..a.o.....]...L..p.(S.&!.......K..}...V..v.y.J....q..g.|....A
.{}0.1BM......8n.."....b8. ..l...._........P....y..N..O(.......k.>.
(k..-.j.........5..E._.e.!.......bs..........3...J..l...a..s..^.=.l...
.N...l.3K.G.|@..U.....n.8.....L.......~..f..l$.j.......A}....qN.\....s
;....hd.K)..z.z....=.aq.J..z).M*/n....l..>u.We....y.I.S...m'....N.~
.e...w......Om.8....R.U...V4..3...R..&...^...[...U....bp.<.%...#*.o
.x.s.V.$.[wk.W....C$k......V1.&,.z.5.......v#..........J..I..q........
... .m6.......**.`..T....7.x`..k..v5...i`..G.M|......p.q........t.
<<< skipped >>>


POST /Telecharger_v2/?v=5.0&c=1870265725 HTTP/1.1
Accept: */*
Host: os.telechargercdn.com
User-Agent: ICAS
Content-Length: 1222
Cache-Control: no-cache

0A0Czu0T1P1I1P1R1M1T1C1N1P1C1V2XtBtN0U0I0DzutDtDtD0CtBzyyD0D0C0B0CtDyB0AtByDtN0W0VzuyDtFtCtN0W0S0PzutAtN0O0S0L1T1G1Nzu1P1GtN0E2V1P0C1M1J0S2Y1HzutCtBtDtDzytAzzyBtDyEtN1L1B0A1Q1H1L1GzutCtN0T0KzutCtAyByCzytBtCtN0U0I0DzutDtDtD0CtBzyyD0D0C0B0CtDyB0AtByDtN0U0I0D0N1P2WzutDtDtD0CtBzyyD0D0C0B0CtDyB0AtByDtN0M0G0U0I0DzuyByD1P1QzyyDyCyBtG1T1TyDzztGyE1Rzz1PtG1Tzz1P1TtGtA1R1T1QyB1RyEyB1T1StDtAtN0M0S0I0DzutCzzyEyEtBtAyByCtCyDtGtCzyyCtDyEtDzzzyyCtCtGtCzztDtCyCyByEyDtAtCtN0S0I0D0U0I0DzuyC0D0E0C0DyDtB0FyByE0DzyyByBzztCyC0ByCtAyD0FtBtA0Azz0AyCyB0AtByDtN0M0A0C1V0LzutDtDtD0CtBzyyD0D0C0B0CtDtOtA0AtCzytBtFtCyCzztFtCtFtCtByDtOtA0AyCtOtA0AtCtN0S0D0TzutBtDtCyEtDzztByCtDzztCyEtDyCyBtAtCtN0V0M0Czu0V0M0WtN1L1B0V0M0D1P1OzutCtN0P0E1V0M0O0D0Ezu0D0L0LtN1I1L2ZzutCtAtAtBtDyEyCtN1L1Q1B1RzutAtCtN0D0E0P1V0M0O0DzutBtN1L1B0A1Q1H1L1GzutCtN1L1B0U1T1R0O1GzutDtN1L1B0U1B1P1C0A1Q1H1L1GzutCtN0R0N1T1H1Pzu1RtOtA0AtOyD0C1S1T1RtCyEyB1QtCtBtDtAyDtBtD1Qzz1P1R1S1PyC1PzyyCtC1T1R1Rzy1OyCzztF1P2V1PtN0O0S0L1T1G1Nzu1P1GtN0O0S0V1P1CzuyDtFtCtN0O0S0S0P0V1P1CzutAtN0O0S2VyCyEzutDtN0P0P0Nzu1B1T1G1Q1S1F2V1V1B2X1RtF1P2V1PtN0M1P1H0P1M0AzutAtCtBtN0M1P1H0P1M0TzuyDtCtCtN0M1P1H0V1L1C0AzutBtDtCtCtN0M1P1H0V1L1C0TzutBtDyEyBtN0P0R0O0D0U0C0T1V0T0I0T0L0Ezu2V2W1P1S1Q1P1B1L1N1G1F1C
HTTP/1.1 200 OK
Content-Type: text/html
Date: Tue, 26 Aug 2014 10:14:24 GMT
Server: nginx
X-ICSCT-CC: CA
X-ICSCT-CITY: Montr.al
X-ICSCT-GICSET: Base
X-ICSCT-IP: "%local server IP%"
X-ICSCT-SERVER-NAME: ads.slave-03-us-west-2
X-ICSCT-TIMESTAMP: 20140826061424223
X-ICSCT-VERSION: 1.2.4
X-Robots-Tag: none
transfer-encoding: chunked
Connection: keep-alive
1ad6...A........v....C........-5.J......0.....(..C.............r....G.
t{..........h.yO...Q....' ..#.%..2et~.F..%W..`!/.o.O_Go....D./Y...Q...
}j.y.........oef.m..P....w..-F..'[email protected].....
.4A..7.!1..U..}K?......-....F.L...Hd,H.T:...^.uo.~~A:.w..........r).$.
@e.}.H ....y*1.Wc.TWm.F.........T.P. ...(Y.....Z.g...T6.p0.P/.@l|.k-u.
.'.dju.`..[o6.&......s.v1.....*U/>=vs..V.P..0F..e.'}z..e...0qn..|u.
.l.6.Z.-...@..#;^......w.......$.......5."l.....C....u .....1?M..._Hj.
..gm..........:....Z"cm.....g.D..W.%.E8...$.-..|.....QD:...#&....f...o
M.7=..51.e0u..u`..td.-T%..ud..u.x.>O..?y......5p..7Q"h.%...c.......
e.2. A.....&d..4.c..N1.?e..m.Ubhk-..i.b.qdv.Y.nYY...h.f .5aU...5.=.6.e
.2m.c0.um.d..4..7tc.67~egQe.:.i..5Q=.6m.e"..e"....u.o=IUd]r84Q..h.a.f"
.@r,..l.e.N5?...5...a.z..Ys.......N...(..[b&..k...n...IP...0(.u.......
r=5F..=%...h..w.*8.....AD...&6Gmc....'Q..Q5.q...vQe..Pe...d.&.o.E.3...
...?!Uf"1.......g.Jp....Y...>.~.<[email protected].....^=...u[
..QN..M.mf.I..N]..6=...cm.....o....3T}E.<SUX.7?%R...C>_..>C./
[email protected]]...!..n..8o.o..M.7^.<..........q..h.*..R...`?.:I91..u.....T.
.."...NP#....14.......lJ......m..\V..al.c.Jrvs.!'...)5...84.)#..uL]...
...<......i.>..Z2.....X....?.D<.`p.1Be.........u....2..!...z.
lt^.................'[email protected]%.UYL.U.7}.T.(K*.......}3
V..<...j....x.xXj...:....,y.a..dD;A.&.W..\x....[>.q&..?x3a....Jj
..o.Aj{../q.... 6..nTz2.........~.!...]..6.4)g.M.."F.u'..'.....c..3..m
[)R...S..0.z0..R.-.6y..U..V......6..R......U..V.q..*U...H?>Uvj.
<<< skipped >>>


GET /img/Sesakesaye/Sesakesaye_bisli.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:54 GMT
Content-Type: image/png
Content-Length: 19316
Connection: keep-alive
x-amz-id-2: Sr1st5 k9I7mBlRTXPfdm/vFzHE xvnvGggiG7thaid/7QpILLBlMYzli2B9nkgv
x-amz-request-id: BFBE1D8851F0B2A6
x-amz-meta-cb-modifiedtime: Fri, 07 Feb 2014 16:36:40 GMT
Last-Modified: Fri, 07 Feb 2014 16:40:30 GMT
x-amz-version-id: yfosfRpOf.8mDjaIHnFVAoJJNdB_rGPY
ETag: "e3a7e42373e168852fc2a4d9a17d2583"
Accept-Ranges: bytes
.PNG........IHDR.......).............pHYs.......... .....OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/CH_logo.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:54 GMT
Content-Type: image/png
Content-Length: 4577
Connection: keep-alive
x-amz-id-2: qPX69rmWd7RLC61YZSsOU/UDEsgmnnim9buXJyqtLuLiWoP3wg3Th3tZPXZq3kQL
x-amz-request-id: EEA41C5DE3F4855A
x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:44 GMT
Last-Modified: Thu, 21 Nov 2013 15:40:01 GMT
x-amz-version-id: osjur0cYkvY0gJkbPOZZ_tbD.fAnrMVX
ETag: "ad8ed967a43ae4d7d6c28ff2ed3c8550"
Accept-Ranges: bytes
.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/IE_logo.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/png
Content-Length: 5406
Connection: keep-alive
x-amz-id-2: YIDjdZQFqXng/IY73P7Vt8ltatzC8 JIkcO0hlogyeUmFbcmLl7TiVlzhbR/rYzw
x-amz-request-id: 7D0A09E1C4A6436B
x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:46 GMT
Last-Modified: Thu, 21 Nov 2013 15:40:00 GMT
x-amz-version-id: ULP9X2D2g9vGJo_NefwroanEdNt0Bt7c
ETag: "0866b0f3be00fd96d58f7fba54d6700d"
Accept-Ranges: bytes
.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/FF_logo.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/png
Content-Length: 5025
Connection: keep-alive
x-amz-id-2: x5UlFR9KfJZ5kimROMx5C2BxITZkXH5XBAY8EOXMxtj0daRfIq0o3yZNQJvflwHG
x-amz-request-id: 6698F11F7191AAEC
x-amz-meta-cb-modifiedtime: Thu, 21 Nov 2013 15:31:45 GMT
Last-Modified: Thu, 21 Nov 2013 15:40:00 GMT
x-amz-version-id: g_t3b7eiRe5f7z2B5bSNHqt0MOq9rM5O
ETag: "6bcecb3debf7e4a0569b6a9d6e62adab"
Accept-Ranges: bytes
.PNG........IHDR.............Rf.2....pHYs..........o.d...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/Nobaxotat/Nobaxotat_logo.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/png
Content-Length: 24655
Connection: keep-alive
x-amz-id-2: ZfXJyau1 BGbG/ I5ONC9SwJ5QmWK2JsOUjI8BvE4i0kWPa4mX/WRxDtzbYK4h1R
x-amz-request-id: A7E81D576C511627
x-amz-meta-cb-modifiedtime: Thu, 21 Feb 2013 10:27:53 GMT
Last-Modified: Thu, 17 Oct 2013 16:08:52 GMT
x-amz-version-id: T_IZcabbBu4KeIEtkC.lVMJWLB0_i7__
ETag: "b8b352941ba97b192351239d909659f5"
Accept-Ranges: bytes
.PNG........IHDR.......q......e5.....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /img/Ropopi/Ropopi_Title.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/png
Content-Length: 6116
Connection: keep-alive
x-amz-id-2: pHo7E7YCNZAHFPkSNa5VSp22nTpVBzFVQo1slt4ReEn7Or2Ab5m9RpHZ68KWHt/y
x-amz-request-id: F7E316503F717891
x-amz-meta-s3fox-filesize: 6116
x-amz-meta-s3fox-modifiedtime: 1387450415497
Last-Modified: Thu, 19 Dec 2013 10:53:55 GMT
x-amz-version-id: 3I.0T8r7FzB4TXAFhfckgLMsgXRICC.S
ETag: "ceb0a8abdb1e31bd3593877e0d862ea8"
Accept-Ranges: bytes
.PNG........IHDR.......&.......o.....sRGB.........gAMA......a.....PLTE
...r..u..m. p./s.3w.8w.6w.8x.6z.:}.Aw..x..{..~.!..<..>..C..H..C.
.K..E..K..F..K..Q..S..Z..R..X..M..S..[..]..b..b..m..#..#..%..)..,..*..
-.....0..0..2..8..4..8..9..<..:[email protected]
..M..T..Z..T..Z..Q..U..U..Y..F..K..N..Q..T..S..T..S..U..V..Y..\..Y..\.
.c..c..k..d..q..Y..]..Z..]..]..^..Z..]..[..]..f..k..a..e..a..e..`..f..
c..e..j..f..o..j..m..t..z..s..x..x..s..{..a..e..a..d..b..e..c..e..j..e
..h..g..j..m..j..m..n..l..r..q..u..q..u..p..r..u..y..p..r..t..t..y..~.
.v..}..x..{...........................................................
......................................................................
......................................................................
......................................................................
..........e....tRNS...................................................
......................................................................
......................................................................
.................................................................S..%.
...pHYs..........o.d....tEXtSoftware.Paint.NET v3.5.100.r....;IDAThC.Y
._....... I. .....d..~..4...&($Q.bl....R....E..J...D..V.u.\..[o7......
.b_..w.W...7WW...v.......4....O..~..=.9I.?.op%|...q.?_...WB...7.#^:~..
7>.6...4b.HO.. ..],&.k...8(N..x....2..Pl..1ac..^.f........C"?.....u
.w.......].1.jZ..`[email protected].. ..W........Xw .kB..E....U....;.
........C......w..\|~..}...)....i..?X>.~Y....o.#c...0.c0..G...@
<<< skipped >>>

GET /img/Memiticeper/Memiticeper_BG.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/png
Content-Length: 42970
Connection: keep-alive
x-amz-id-2: lL07bxk0Nw 6ZjhCN3O3y4eGIVvug2PpGZNTxGV0nwqyynlf3jifnK8j/SDSxiYz
x-amz-request-id: 2FCF9377F0619668
x-amz-meta-cb-modifiedtime: Mon, 27 Jan 2014 16:11:24 GMT
Last-Modified: Mon, 27 Jan 2014 16:11:45 GMT
x-amz-version-id: .y2VxUmNKrfeEZRhs8H2wQTsvVaKgQZQ
ETag: "4ad19f532c0996da281e610aa2992a96"
Accept-Ranges: bytes
.PNG........IHDR...0...........}.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:47D7CD6B132168118DBBA8AD0A7AA509" xmpMM:DocumentID="xmp.did:302D
482E876D11E3BA75C5A7B57E5B7C" xmpMM:InstanceID="xmp.iid:302D482D876D11
E3BA75C5A7B57E5B7C" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6BD240655887E311AC79
9D5F5C8BA5FF" stRef:documentID="xmp.did:47D7CD6B132168118DBBA8AD0A7AA5
09"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>[email protected]...(bw.fm.n..K.._...
nS...t.3gMgww7.X....Hw.... ........<..W...=..{....Q.x..T.g.>X..A
..{........kK... ..P...#....R..&>.......z...H"E...>[email protected]
1...E....(....s...... );G"J..A.. ..X............ [.LM...7.....0k.....C
n..o.. ......P......... ^...d.o'.. ...H..A......P..m....o.#.R(....|P[.
4r...-?..z..i. ."`...!.r......C..s.*?..k....C..F"H...>B........"...
.G.|...eJ... ....A..A..#.. ....A..A...0. .. ."`.A..Ax..i.../..........
..<7*.&....../c...d.....Fuh....Q.._...s.`..k..w../...A...g..`..
<<< skipped >>>

GET /img/Malaromoro/bg1.jpg HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/jpeg
Content-Length: 190754
Connection: keep-alive
x-amz-id-2: 2VXrL/xWeVGwXtzAZIh215uaTPPqUArn4vK20J2w6fvqgbXHfEueMfmxh614Qv19
x-amz-request-id: 40ABEFF7D8B7FFED
x-amz-meta-cb-modifiedtime: Sun, 16 Mar 2014 10:17:54 GMT
Last-Modified: Sun, 16 Mar 2014 10:45:33 GMT
x-amz-version-id: EqXw9hQ1szW0X1KVab90EKpMdqK_JEeL
ETag: "04007b142892c379ac83bd75ac617cf6"
Accept-Ranges: bytes
......Exif..II*.................Ducky.......d.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:A49514ECFC9DE3118
7F4F8E0F4860236" xmpMM:DocumentID="xmp.did:0699FCAEAA0111E389E68AC7CC9
63200" xmpMM:InstanceID="xmp.iid:0699FCADAA0111E389E68AC7CC963200" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:069AD74DE0A9E311B383BEF54B638275" stRef:doc
umentID="xmp.did:A49514ECFC9DE31187F4F8E0F4860236"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
....................0.................................................
..................................................!.1".A..Q2#.aq$..B3%
...4.....R..Ue&........................!.1..A"Qa.q.2#....B....R...br3.
..$.CScs.4.T%....Dt.U&............?..../*z..E].c..H..S..^g*...B....a.&
lt;.Q.....A ...$..M.>..M..........i6l{..p..rMdu..A1$...........r5W.
.S.......mmk......}u.......=#<...Dh...;.V.....N.r#;Q~...us..EO.
<<< skipped >>>

GET /img/Rilides/bg2.png HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:55 GMT
Content-Type: image/png
Content-Length: 301334
Connection: keep-alive
x-amz-id-2: NQeieBOMlD7m1qHN9LjFvPW b8ZCjuvFgRIlMjPRWF1eA4s5Fg35Z0C5YbwB2WG2JWR0g77IwrM=
x-amz-request-id: 37FB18EE3EAE503B
x-amz-meta-s3fox-filesize: 301334
x-amz-meta-s3fox-modifiedtime: 1397396644499
Last-Modified: Sun, 13 Apr 2014 13:59:01 GMT
x-amz-version-id: 0lWJxjRhnOWwJ3NVEhXd_.3GTWqfZo2y
ETag: "4cf2b02fb71d38855cff94074ec8aead"
Accept-Ranges: bytes
.PNG........IHDR.............V.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:5B5972EFDBB4E3118BE9FFB1A25D5C53" xmpMM:DocumentID="xmp.did:CDFF
1A39C30311E3988AB3D9E201A62D" xmpMM:InstanceID="xmp.iid:CDFF1A38C30311
E3988AB3D9E201A62D" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:26615D92F1B4E3118BE9
FFB1A25D5C53" stRef:documentID="xmp.did:5B5972EFDBB4E3118BE9FFB1A25D5C
53"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>.......FIDATx.T.i.e.u&..|......\d...(...).eY.
....6<.n.@b;H. A.N.........;.A.H.7.X.v,tl..[.5..HI.8..dMo.......|..
..e.E.....=........._._...b.S..tTJ^..X.TV-..b.....Z,...?......?...9|..
.D.o.=?....?.4.R.R.?,.2..g._Z.4O..j..?w.......wc|.IY.xV-...o.y.~..M.=.
..?...fD5..w7_2....T.#.g...~.3..yV}.qK.i.c..m~.1.3..z:.8.k.]W....)..._
..2........}....z..g{R7....of.\....U..y..17.....s..g...U.....:>.WJQ
.:.....qO.f<gklc...a..r.B.\O.<..............O....].>...t..x\.
..}).B?.}4.^..T6m#.|...8f~...qm7....Y..]..]g1...XB.6{..u".Y)URK^d.
<<< skipped >>>


GET /img/Lilisipipe/Lilisipipe.png HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.telechargercdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.5
Date: Tue, 26 Aug 2014 10:15:54 GMT
Content-Type: image/png
Content-Length: 4205
Connection: keep-alive
x-amz-id-2: gJba6edyY1svtm4fITGZ/NFH8cwvZD9kODF8PD7iWZGWaxkpaAVwRYcOR0QQNieP
x-amz-request-id: EA2F2F12F2597355
x-amz-meta-s3fox-filesize: 4205
x-amz-meta-s3fox-modifiedtime: 1394472583656
Last-Modified: Mon, 10 Mar 2014 18:21:58 GMT
x-amz-version-id: aUbNYoFSmvGMGSTNwmSzDDFZRwAmOUET
ETag: "c55aebc8002d65f19bf01be44577c1ce"
Accept-Ranges: bytes
.PNG........IHDR...t...........:.....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>


HEAD /ofr/isicicc.cis HTTP/1.1
Accept: */*
Host: cdneu.telechargercdn.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/1.4.7
Date: Tue, 26 Aug 2014 10:06:50 GMT
Content-Type: application/octet-stream
Content-Length: 372327
Connection: keep-alive
x-amz-id-2: SmhVojHQT7wSBmxg2FwabTZ/61dpLzujul/3h49d1/UCfsO321QrOqYXZ13CoJTHeu77RuntF5M=
x-amz-request-id: 9D097FEDE4281C54
x-amz-meta-cb-modifiedtime: Thu, 21 Aug 2014 18:09:22 GMT
Last-Modified: Thu, 21 Aug 2014 18:09:53 GMT
x-amz-version-id: IDS4CZSC046wanRoVX.MC2H9DD2yHi_S
ETag: "a0fe664dcc1b1269ca09eeee5bf2e41c"
Accept-Ranges: bytes



HEAD /files/SetupXWebdesignor.exe HTTP/1.1
Accept: */*
Host: VVV.neutssoftware.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Tue, 26 Aug 2014 10:14:24 GMT
Server: Apache
Last-Modified: Sat, 05 Jul 2014 20:13:48 GMT
ETag: "90600ae7-214baeb-4fd77e13f7530"
Accept-Ranges: bytes
Content-Length: 34913003
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: application/x-msdos-program







The Installer connects to the servers at the folowing location(s):







%original file name%.exe_1156:




.idata
.rdata
P.reloc
P.rsrc
kernel32.dll
.DEFAULT\Control Panel\International
File I/O error %d
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
LzmaDecode failed (%d)
shell32.dll
/SL5="$%x,%d,%d,
Inno Setup Setup Data (5.5.0)
Inno Setup Messages (5.5.0)
user32.dll
oleaut32.dll
advapi32.dll
RegOpenKeyExA
RegCloseKey
GetWindowsDirectoryA
MsgWaitForMultipleObjects
ExitWindowsEx
comctl32.dll
name="JR.Inno.Setup"
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
External exception %x

%original file name%.exe_1156_rwx_00900000_000AC000:




.rsrc
rnel32.dllwGetLongPathNam,
Q0.Fl
.xh%]
(_.SCK_LINES/$
JYUIt.Vl?
* (()@-3$-
0J%Fs
Keyw
%s[%d]
.FDiag
B.IIx
?7E(AL("%s",4),"
XI.Cr
4'.Yt
keysK<
k3.yhF
.cu%S
O%uorT
Ht.HA
ibD.ZP
\*.*2XE
.dwcnh
vfjzg V.fG!>_
De-a.ew
webqsk
.fcclJL
JL-Q.JW
1.2.3
,M.DJ?
bVsqlz3_
 [.Il
KG.Ia
.FJn`m
0.XC/X[
H|iqi.DD.
UC.HS
.cP>&*
chmk.mswrzf
,kt V -,%D
c.cjjm0).S"
.rdf'.fks
.qiuykchVw
HB@FY,.sdaw
dcm.NH
.wuf.
=.uwJj
:.pk\d`P
i!%u$3
vgv,.Pn
ir$ah.Lx
^.rzPcQI/&^#&
Lmca(WglzgjH.Mo5
8"~l.VwDgv:V/
.dv6B.:
.bcs3i
!zY^A.XGw
h`8q.Hy
RI.AT
;XQw`%f
gjvZi.AT
n.hhp
mw.ll
C|.uC
UrlJ
.Uvl7Ll#Q
?3URLs@
n6.GIg$
L_LCUNTF, KHC.op=
6?0N2=.Lq
W]E).rG
a%dH^
.LC&U
!-W.vB
aaFj`iZ.iFN
%f@#"
)hix.CBOP
RWoCJ[hx.Xu
NAER_[URNDT].Lw/OFL[^\\[@
.BOhZ
m^rk.Um_gtw
'JXpx6.tg
nDlb.vok
.Bp/pe,
IWeb
.mI25
y.jHP
i.SpT
!.blv
m.Advi
.1..WAHO9[Zcn*b
;)W.gD
HX.Pd`bj
IWV.cQ
fa`w.eoicTjo7
D\[email protected]
!a%Cv
MSGOf
\6$945'/
UM.xX
.Hagddw M,7
r.vY?"[
hWkkaTmjC.Oo
VZY*rf.aeWXM
.qB/hkk[lfqd
PIPE_DATA'
cnyzgcEi.Tc/7
a,/.ia
v=.vpF
nwgbo\hfm.cV]
h%d;s
.VccSivfkw V
o>TP\Oqah`k,.nlvcTmK
'AwdAmcd.oi
wYb.wv
VNJPu.IgYJgrwljQ`q2
z`o1caig2,.hf5b"
wg8k-P.VO
%xH1 FZ"
khbbxl,.blzz
C$.rv
]s.ZRy
4.nBG
J.aAh
.wCI@
.YWf(s6D<
q.xUd
\%fwBt2
-Ic%c
fK.Xfd
VhH%sl
-[.cj
_%s|LV
(.Oa&L
 ck%X
Aû`'P
$"!(&&$' )#
.AF}U
H.JXA^
*/.)*72-7)
#-**(-#,
Jp.PMDF<7N
,|P.re
KERNEL32.DLL
advapi32.dll
comctl32.dll
comdlg32.dll
gdi32.dll
ole32.dll
oleaut32.dll
shell32.dll
URLMON.DLL
user32.dll
version.dll
wininet.dll
ShellExecuteExW
HtmlUIInstallerSADLL.dll
Ow?y%.D
[email protected]
wT%C<
.FZLHO5%6

bac147d1203520d8ecbe6e961acc9f68.tmp_680:




.idata
.rdata
P.reloc
P.rsrc
kernel32.dll
.DEFAULT\Control Panel\International
File I/O error %d
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
LzmaDecode failed (%d)
shell32.dll
/SL5="$%x,%d,%d,
Inno Setup Setup Data (5.5.0)
Inno Setup Messages (5.5.0)
user32.dll
oleaut32.dll
advapi32.dll
RegOpenKeyExA
RegCloseKey
GetWindowsDirectoryA
MsgWaitForMultipleObjects
ExitWindowsEx
comctl32.dll
name="JR.Inno.Setup"
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
External exception %x

%original file name%.exe_1156_rwx_009B1000_00154000:




kernel32.dll
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
EVariantBadIndexError
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
.Owner
EInvalidGraphicOperation
USER32.DLL
comctl32.dll
UrlMon
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
TKeyEvent
TKeyPressEvent
HelpKeywordD
crSQLWait
%s (%s)
IMM32.DLL
AutoHotkeys4_
AutoHotkeys|_
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview(f
WindowState`a
OnKeyDown|:
OnKeyPress<:
OnKeyUp
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
2301654879
A`bng`@ikc-4,uUxlxs-4,Ht.HA
Vh-0,Cd`jiVhlxwd-0,tLcibD.ZP
TThreadExecuter
TScanAllWindowsCallBackData
Portuguese
i\*.*2XE
i.dwcnhE
webqskv`T-Y
nmhpjhc03.fcclJL
i.ulzn1E
1.2.3
THttpTimeOutThread
THttpCallBackShell
Gx-21,\igh]ixyj-42,M.DJ
A`qjz``-0,ZkdkNgij.pc
Kcqjpc`-0,Aaj-1,gEdafa`.pM
SQL error or missing database
An internal logic error in SQLite
Operation terminated by sqlite3_interrupt()
Uses OS features not supported on host
2nd parameter to sqlite3_bind out of range
sqlite3_step() has another row ready
sqlite3_step() has finished executing
Unknown SQLite Error Code
sqlite3.dll
ESQLiteException
TSQLiteDatabase
TSQLiteTable
Error executing SQL
Could not prepare SQL statement
Error executing SQL statement
select [sql] from sqlite_master where [type] = 'table' and lower(name) = '
Could not prepare SQL statement
SQLite is Busy
Ecezcb-4 S,Tmeic6.fA
 W,iqi.DD
-00,chmk.ms
Locate sqlite3.dll
8SQLit
install.rdf
chrome version is not a number:
DoAddChromeStartupPage - status:
DoSetChromeHomePage AL=
VHB@FY,.sda-0,` U,K\JH,-c`ql,.RMH\@ U,fk-1,8*J`cl-0,iq,-]`d-4,mm U,]-1,jsdj`w,-GA R,^.P
exception while getting Chrome SP(after DB copy):
-0,iq-3,dcm.NH
Exception in InstallChromeExtensionRegistry:
YUJ@X@,.ji-1,yn-3,a-2 Q,_@Z Q,ek-2,umkz^ywb<,  R,) V ,,RFD^@,.hh8 N,\
@QA^ T,WOLHF,.eazyavg-2,Qfbmeqs.i,4
Bchnsjz/Uco-2,en,._tixfbc-1,/OB,.Mgeezv V,]faho-0,stk.y,f
SetChromeSP: failed to Add SP:
to chrome
SetChromeSP: failed to set SP:
as default search provider at chrome
RemoveChromeSearchProvider - cannot remove
RemoveChromeSearchProvider - exception:
DoSetChromeExistingSP - no file:
sqlGetQueryResultEx failed! Query:
Gndovgv,.Pnc-1,`c R,^qdtggnp,.JO.]-h
DoSetChromeExistingSP: error:
Q-4,sbkfmhQ`qh-4,nq-4,hir S,dah.Lx
Q-3,cmf,.Bacb V,[gotkj-;.]
Kjij-0,ja.pz
Ckkhskc07.Rb
IE version is not supported:
is not supported:
Y^A.XG
Hn-0,em`cY\CKmbcommd.Hy
TPipeServer
TPipeObject
TPipeServerListener
TPipeClientU
Starting default pipe server, PipeName:
isrPipe
Falied to start default pipe server, PipeName:
Bc/K-33,`-1.jG
Jbhblnrefc V,H-0,bv-1,li.AT
Uju-0,c-2 W,Ht-2,h-4.Rq
Ijv-1,h-0,jm Q,Jq-1,n-2,/,.u`l,.lnmw Q,ll`oj`zh`m-2 Q,xjzi`vz Q,kbz`.^l
Q-0,iznjib Q,`u,.tgu-0,qyi-1,ulb.a-F
Ob-4,/dcdzfe, kh-3,`/r-2,jld.vL
V-1,ns-4-.,hx V,lmdeehea,.mdhi Q,hi`onezhdh-2f.a
ebP-3,dLfnda`-4,`yj-4.PL
Retrieved Filename from Url:
Restart attempts surpassed the maximum (
) is different than supported (
Urls stored in Chunks Map differ from the ones provided, ignoring the Chunks Map:
Chunks Map contains URLs, but the size is illegal:
New Source created, url:
, httpCode:
, url:
, Url:
, old Url:
, new Url:
Switching suspended Server back to use; Url:
, HttpCode:
TDownloadConnection.Destroy() was called from not authorized thread (
HttpCode:
Unsupported 3xx redirect response, code:
]DKizHi-4,exc-1,Hc`hk-3.GI
L_LCUNTF, KHC.op
0.0.0.0
6?0N2=.Lq
;768>1-80
005345000000
000000000000
000000000010
000000000030
cabinet.dll
Rijndael Key is too short!
 ;7.Q,>N-Y,[ T,Tc.Uv
Reporting failed on first attempt, second attempt is cancelled (finallizing)! HttpRes:
First report attempt failed, going for second! HttpRes:
The report failed! HttpRes:
Report sent, Url:
TUninstallExecuter
)hix.CB
Y^`acxziagKphh-01,hy,.kle,.jh, mzhjzmi, afar,.gchk V-C.8
RootKey:
RegDelKey:
(FF) TUninstallExecuter.RestoreBrwAddrSearch: OpCode=
Opera SP is in use, can't restore
TUninstallExecuter.RestoreBrwSearchProvider: OpCode=
FireFox SP is in use, can't restore
ExecuteCmd: key=
KillProcess: key=
: key=
Remaining uninstall instructions after exeution:
ExecuteCmd:
ExecuteCmd: ExitCode:
CJ[hx.Xu
Downloading Bundles data from adServer on url:
,,XW2.lu
,.cwLlgmc5.O-]
NAER_[URNDT].Lw
Report main param:
Exclusive Execution mode is switched to:
Report param
Report param:
Package execution returned bad ExitCode:
Package execution failed, bad ErrorCode:
LJ_.ge
fxk S,Cym^rk.Um
ole32.dll
olepro32.dll
IWebBrowser
IWebBrowserApp
IWebBrowser2
TEWBWindowSetResizable
TEWBWindowSetLeft
TEWBWindowSetTop
TEWBWindowSetWidth
TEWBWindowSetHeight
bstrUrlContext
bstrUrl
OnWindowSetResizablelp
OnWindowSetLeft
OnWindowSetTop
OnWindowSetWidth
OnWindowSetHeightTq
grfKeyState
TComTargetExecEvent
CmdGroup
nCmdID
nCmdexecopt
hhctrl.ocx
URLMON.DLL
SHDOCLC.DLL
rcmDefault
rcmDebug
DontExecuteScripts
DontExecuteJava
DontExecuteActiveX
DisableUrlIfEncodingUTF8
EnableUrlIfEncodingUTF8
CheckFontSupportsCodePage
DisableSubmitUrlInUTF8
EnableSubmitUrlInUTF8
lpMsg
PMsg
pguidCmdGroup
TTranslateUrlEvent
pchURLIn
ppchURLOut
CmdID
pszUrl
pszUrlContext
szPassWord
ErrorUrl
OptionKeyPath
OverrideOptionKeyPath
OnEnableModelessh
OnTranslateUrl
OnCommandExec
'%s' is not supported.
TMsgEvent
TKeyEventEx
Port
Password
poPortrait
OnKeyDownP
0.750000
3333333
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(
This object does not support this method (
Unsupported type for Parameter with Index %d
Method call unsuccessful. Object: %s, Method: %s, Exception: %s , Source: %s.
hXXp://
hXXps://
eiOnKeyDown
eiOnKeyPress
eiOnKeyUp
OnKeyDown
OnKeyPress
Handler with EventID = %s already exists.
Error on IConnectionPoint.Advise
Source don't have connection point for [%s]
JS function sync-execution failed with message:
] execution failed with message:
MAPI32.DLL
LeftPopup
not supported
YR-0,xh]izn.cQ
2.1.0.0
This exe was created with an old version of HtmlAppMaker.
https
Log server Url is invalid:
Sending Log to the following Url:
Log Http request has failed, res:
MSGALL
irsoMsgDialog
irsoJoinPath
irsoGetCmdLineParam
irsoGetCmdLineCount
irsoGetCmdLineIndexOf
irsoGetCmdLineParamValue
irsoGetCmdLineAll
irsoRegCreateKey
irsoRegCreateKeyTree
irsoRegDeleteKey
irsoIsRegKeyExists
irsoRegListKeyValues
irsoRegListKeyKeys
irsoRegSearchKeyKeys
irsoRegCopyKey
irsoHttpGetData
irsoHttpGetDataInThread
irsoLibraryExecuteProc
irsoLibraryExecuteProcW
irsoLibraryExecuteProcWithResult
!irsoLibraryExecuteProcWithResultW
irsoExecute
irsoIsMutexExists
irsoCreatePipeServer
irsoStopPipeServer
irsoSendDataToPipeServer
irsoGetWebBrowserHandle
irsoGetCurExeCheckSum
irsoGetExeInjection
irsoSetSQLiteDll
irsoGetSQLiteDll
irsoLocateSQLiteDll
TExecArgsX
.html
H-4,njBdi-2,o-4,r.vY
-4,fhxXahcxgw.rg
gghYcjrf.ae
jehGbeags.qB
PIPE_DATA
PIPE
-0,cnyzgcEi.Tc
LNYCD_^.eP
HMVH9>.PE
-3,1 T-1,`-4,b-4,w37 P,abov=.vN
IE WebBrowser docRendMode:
IE WebBrowser docRendMode is not 7 (
THtmlUIExeAppU
Pipe [
HtmlUIExeApp
Pipe command unknown:
gbo`dhfm.cV
irsoExecutePackage
irsoReportPackageError
irsoReportPackageSkip
irsoReportPackageQuit
irsoReportPackageSuccess
irsoReportPackageInfo
irsoGetPackageFilenameFromHttp
irsoGetPackageExecExitCode
irsoGetPackageExecResult
irsoGetPackageDwnldUrls
irsoSetPackageRelProgressShare
irsoIsFireFoxInstalled
irsoIsChromeInstalled
irsoIsOperaInstalled
irsoGetFireFoxHomePage
irsoGetChromeHomePage
irsoGetOperaHomePage
irsoSetFireFoxHomePage
irsoSetChromeHomePage
irsoSetOperaHomePage
irsoSetChromeOnStartup
irsoAddChromeUrlToStartupPages
irsoGetFireFoxDefaultSP
irsoGetChromeDefaultSP
irsoGetOperaDefaultSP
irsoAddFireFoxDefaultSPFromXML
irsoAddFireFoxDefaultSP
irsoSetFireFoxAddressBar
irsoAddOperaDefaultSP
irsoAddChromeDefaultSP
irsoGetFireFoxEXE
irsoGetIEEXE
irsoGetChromeEXE
irsoGetOperaEXE
irsoGetFireFoxVer
irsoGetChromeVer
irsoGetOperaVer
irsoLocateSQLite
irsoGetFireFoxCookie
irsoGetChromeCookie
irsoIsFireFoxExtensionInstalled
irsoInstallFireFoxAddon
irsoInstallChromeAddon
irsoUninstallAddExeCmd
irsoUninstallAddOpenBrowserCmd
irsoUninstallAddRegistryKey
irsoUninstallExecute
irsoReportStart
irsoReportInfo
irsoSetExclusiveExec
isroSetReportUrl
-11,jycmjaOaahDgvyc-11.Pg
An attempt to download bundle data was denied: adServer domain name must remain the same! Url:
_moCjx^cJbh.VJ
Report Url changed dynamically from:
\fuj-1,w U,P\O U,qah`k,.nlvcbqff,-U>
\GCAPMA][.oj
TcUlue.PL
W`mmqzeon,.wvamaff P,4.]
z`o1caig2,.hf5b Q,0cfh)914`,,34`6;ia2f=ae-3,L1
[eckbn R-2,a, kgg-4,khbbxl,.blzzjneky R,N[B,,-G.9
FbghLbtaYhe.AU
1.2.1
inflate 1.2.1 Copyright 1995-2003 Mark Adler
?456789:;<=
!"#$%&'()* ,-./0123
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
J.aAh
e.YWf(s6D<
q.xUd
\%fwBt2
-Ic%c
Xc%CXZv7
VhH%sl
-[.cj
f|=^E% CZAv%u
0)cq_%s|LV
WaitNamedPipeA
PeekNamedPipe
GetWindowsDirectoryW
GetCPInfo
DisconnectNamedPipe
CreatePipe
CreateNamedPipeA
ConnectNamedPipe
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegFlushKey
RegEnumKeyW
RegEnumKeyExA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
SetViewportOrgEx
ShellExecuteExW
UnhookWindowsHookEx
SetWindowsHookExA
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetAsyncKeyState
EnumWindows
EnumThreadWindows
EnumChildWindows
ActivateKeyboardLayout
GetKeyboardType
"$ %),'8
38000=344
&W%%C)1
.AF{H)
H.JXA
1 0 .'7(2':
- /*-( ,'.-!$$$&'('/*) ,*/.)*72-7)
&)"%&$&'&",,/- '
944(@32%2u8
.PMDF<7N
&&'%%'%'%
.idata
.edata
P.reloc
P.rsrc
Jp.PMDF<7N
,|P.re
Attempt to access registry key: "
supported by OS for "HKEY_CURRENT_USER\Software\"; access directly under "HKEY_CURRENT_USER\Software\Wow6432Node".
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
!Found Firefox sqlite dll at:
!Reading firefox cookies without sqlite.dll support
!Reading Chrome cookies without sqlite.dll support
DoAddChromeStartupPage
GetChromeDefaultSearchProviderFromDb - failed to get spid, returning default!
AddChromeSP: no profiles
DoSetChromeExistingSP:no sql lite
DoRemoveOperaSearchProvider - cannot remove
" was sucessfully removed but references to its HexKey: "
Stopping default pipe server
There is no source with range support for connection, picking one without.
None of our requests are passing in Proxy Mode - suspecting inability to download from current server, trying another HEAD request to make sure.
File size seems to be changed from the same source after HEAD request, suspecting rare case of lack of HEAD support - disabling it.
Only HEAD requests are passing in Proxy Mode - unable to work with this server (probably no Range support)
TDownloadAccelerator.Run() was ignored, since another download is currently in progress.
Urls:
Pause request ignored, servers without HTTP Range support will cause download restart.
The source dropped range support.
The source does not have range support - ignored range request.
UnregDLL executed: "
ExecuteCmd: Exe:
Waiting for all the ongoing reports to complete...
; main package already reported
InstallerName altered after at least one report already sent.
package already reported
Starting execute, exe:
MSI package detected. switching to synchronic package execution
errorUrl
Failed to launch htmlUI from the following url:
Log server Url is not provided.
Log Http request has timed out.
Remote mask loading is currently not supported. mask:
Setting SQLite dll path to:
Registry entry removed: HtmlUI Browser object's IE7 fallback support is now enabled.
There is a registry hack to prevent HtmlUI Browser object's IE7 fallback - failed to remove it (HKEY_CURRENT_USER).
There is a registry hack to prevent HtmlUI Browser object's IE7 fallback - failed to remove it (HKEY_LOCAL_MACHINE).
Loading in stealth mode, url:
Read form default pipe timed out, can't determine if there's another instance running
Pipe server TIMED OUT , can't determine if there's another instance running. continuing..
CANNOT start default pipe server, possible reason is that another instance of this installer is stuck
Please login as administrator and try again.
Installer Account Name altered after at least one report already sent.
isroSetReportUrl() was ignored due to lack of Privelege Mode.
Installer Report Url changed after at least one report already sent.
OLE error %.8x%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
No help found for %s#No context-sensitive help installed$No topic-based help system installed6Cipher has already been padded, cannot process message,Cipher is not in valid state for this action4Message length for %s must be a multiple of %d bytes1Keymaterial is too large for use (Security Issue)0Initvector is too large for use (Security Issue))Hash function have to many bits processed
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Alt  Clipboard does not support Icons/Menu '%s' is already being used by another form
!Control '%s' has no parent window
Metafile is not valid!Cannot change the size of an icon Invalid operation on TOleGraphic
Unsupported clipboard format
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file %s
Cannot open file %s
Invalid stream format$''%s'' is not a valid component name
Ancestor for '%s' not found
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid variant operation!Invalid variant operation ($%.8x)
Variant is not an array5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
!'%s' is not a valid integer value('%s' is not a valid floating point value"'%s' is not a valid currency value!'%g' is not a valid date and time
'%s' is not a valid GUID value
I/O error %d

bac147d1203520d8ecbe6e961acc9f68.tmp_2000:




.idata
.rdata
P.reloc
P.rsrc
kernel32.dll
.DEFAULT\Control Panel\International
File I/O error %d
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
LzmaDecode failed (%d)
shell32.dll
/SL5="$%x,%d,%d,
Inno Setup Setup Data (5.5.0)
Inno Setup Messages (5.5.0)
user32.dll
oleaut32.dll
advapi32.dll
RegOpenKeyExA
RegCloseKey
GetWindowsDirectoryA
MsgWaitForMultipleObjects
ExitWindowsEx
comctl32.dll
name="JR.Inno.Setup"
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant operation"Variant method calls not supported
External exception %x






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    mscorsvw.exe:172
    bac147d1203520d8ecbe6e961acc9f68.tmp:2000
    bac147d1203520d8ecbe6e961acc9f68.tmp:680
    %original file name%.exe:452
    %original file name%.exe:948
    

    2. 

  2. Delete the original Installer file.
    3. 

  3. Delete or disinfect the following files created/modified by the Installer:
    

    %Documents and Settings%\%current user%\Local Settings\Temp\is-HJ8KA.tmp\bac147d1203520d8ecbe6e961acc9f68.tmp (62 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\BG.png (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\browse.css (337 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Close_Hover.png (207 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Grey_Button_Hover.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K92LKRMF\IE_logo[1].png (384 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\Ropopi_Title[1].png (845 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\play_over.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\00151883.log (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\Memiticeper_BG[1].png (9345 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K92LKRMF\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\locale\FR.locale (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\03D4C062_stp.EXE (407689 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\07953D56_stp.CIS (980 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\0014CCE3.log (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\0014C978.log (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Minus.png (932 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\00151391.log (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\Nobaxotat_logo[1].png (5116 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\ProgressBar.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K92LKRMF\bg2[1].png (56695 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\images\progress-bg2.png (978 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\blackarrow.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\FF_logo[1].png (384 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Orange_Button.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\arrow.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\IE_logo[1].png (384 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\ie6_main.css (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\textbox.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K92LKRMF\bg1[1].png (52794 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\form.bmp.Mask (244 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Loader.gif (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\csshover3.htc (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\07953D56_stp\RAM.dll (151 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\CH_logo[1].png (384 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\LOGO[1].png (836 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\3FCB9863_stp\icc.dll (204 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\isf_1363396.flat (151 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Minus_Hover.png (932 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\00150393.log (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\001513A1.log (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\00151353.log (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\images\progress-bg.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\main.css (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\Memiticeper_BG_BR[1].png (4608 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4VBQPB43\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\play.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Progress.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\3FCB9863_stp\sqlite3.dll (3716 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Grey_Button.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\button.css (417 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\Ropopi_Title[2].png (845 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\00151C6B.log (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\Sesakesaye_bisli[1].png (1840 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\3FCB9863_stp.CIS (8900 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\3FCB9863_stp.CIS.part (636 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\bg2[1].jpg (7004 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4VBQPB43\FF_logo[1].png (384 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BXFQUUAQ\bg1[1].jpg (26708 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\pause_over.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\checkbox.css (190 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XB3CAHCI\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\pause.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Close.png (207 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\isf_1363494.flat (3921 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Orange_Button_Hover.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\images\button-bg.png (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K92LKRMF\CH_logo[1].png (384 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\03D4C062_stp.EXE.part (5700 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is1719534685\07953D56_stp.CIS.part (579 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4VBQPB43\Sesakesaye_bisli[1].png (1840 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\css\sdk-ui\progress-bar.css (506 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\bootstrap_60556.html (156 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ish1362296\images\Icon_Generic.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4VBQPB43\CAT44NLP.swf (758 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-5V1QM.tmp\bac147d1203520d8ecbe6e961acc9f68.tmp (62 bytes)
    

    4. 

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    5. 

  5. Reboot the computer.
    6. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now