Trojan.Win32.Bumat_bdb3deffd6

by malwarelabrobot on April 26th, 2015 in Malware Descriptions.

Trojan.Win32.Bumat.FD, Trojan.Win32.Sasfis.FD, GenericAutorunWorm.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, WormAutorun

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: bdb3deffd640d14db8b390b6f3f0fe54
SHA1: 65388991c59517c9d53967dfe293f65ebfed69de
SHA256: 1372c48facd70480e1bf823049258d1fe0ab6c7462b6b6ef528703a6fcb5b499
SSDeep: 98304:VEjU4 yQBFRlcusptuS0xje82RwZhyYLLo7i7:6jLJQ3UtchERwZhyYLLqi7
Size: 4001621 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: TeamViewer GmbH
Created at: 1992-06-20 01:22:17
Analyzed on: Windows7Ada SP1 64-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour	Description
WormAutorun	A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.

Process activity

The Trojan creates the following process(es):

bdb3deffd640d14db8b390b6f3f0fe54.tmp:1372
regsvr32.exe:1112
%original file name%.exe:2636
isocmd.exe:2612

The Trojan injects its code into the following process(es):

UltraISO.exe:1996

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process bdb3deffd640d14db8b390b6f3f0fe54.tmp:1372 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files% (x86)\UltraISO\lang\is-0KD9O.tmp (601 bytes)
%Program Files% (x86)\Common Files\EZB Systems\is-ICG0J.tmp (3073 bytes)
%Program Files% (x86)\UltraISO\lang\is-5K4CV.tmp (601 bytes)
%Program Files% (x86)\UltraISO\drivers\is-13898.tmp (25 bytes)
%Program Files% (x86)\UltraISO\lang\is-81IBG.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-DR4TF.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-4N0TN.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-6GCDG.tmp (601 bytes)
%Program Files% (x86)\UltraISO\is-6QD2P.tmp (2 bytes)
%Program Files% (x86)\UltraISO\lang\is-C1FL5.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-KL3D5.tmp\_isetup\_setup64.tmp (6 bytes)
%Program Files% (x86)\UltraISO\lang\is-GKUTC.tmp (601 bytes)
%Program Files% (x86)\UltraISO\is-TBKGT.tmp (673 bytes)
%Program Files% (x86)\UltraISO\is-2TVFT.tmp (27817 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Web Site.url (61 bytes)
%Program Files% (x86)\UltraISO\lang\is-M00I7.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-VBIB3.tmp (601 bytes)
%Program Files% (x86)\UltraISO\unins000.dat (3080 bytes)
%Program Files% (x86)\UltraISO\lang\is-F6GDR.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-09FG2.tmp (601 bytes)
%Program Files% (x86)\UltraISO\drivers\is-J8M0L.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-BEVKJ.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-DQ0J5.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-BOJ5A.tmp (601 bytes)
C:\Users\Public\Desktop\UltraISO.lnk (1 bytes)
%Program Files% (x86)\UltraISO\is-QIHV1.tmp (8281 bytes)
%Program Files% (x86)\UltraISO\lang\is-ROT28.tmp (601 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Online Order.url (70 bytes)
%Program Files% (x86)\UltraISO\is-4J1UJ.tmp (2321 bytes)
%Program Files% (x86)\UltraISO\lang\is-CK1AN.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-QE99L.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-3JL1U.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-KN7L0.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-UGIVV.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-2PQNV.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-2SRP7.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-UA6VG.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-CP9Q1.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-KL3D5.tmp\_isetup\_shfoldr.dll (47 bytes)
%Program Files% (x86)\UltraISO\lang\is-EMCBB.tmp (601 bytes)
%Program Files% (x86)\UltraISO\unins000.exe (786 bytes)
%Program Files% (x86)\UltraISO\lang\is-BSV2O.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-F8HON.tmp (601 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO.lnk (1 bytes)
%Program Files% (x86)\UltraISO\drivers\is-QMSQ5.tmp (33 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Revision History.lnk (1 bytes)
%Program Files% (x86)\UltraISO\drivers\is-QI89G.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-FJAS2.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-NVEF3.tmp (601 bytes)
%Program Files% (x86)\UltraISO\drivers\is-R7P1N.tmp (20 bytes)
%Program Files% (x86)\UltraISO\lang\is-DKETC.tmp (601 bytes)
%Program Files% (x86)\UltraISO\is-CPVBT.tmp (3 bytes)
%Program Files% (x86)\UltraISO\lang\is-N9EF3.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-3M093.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-66UCV.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-S3VTT.tmp (601 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\Uninstall UltraISO.lnk (1 bytes)
%Program Files% (x86)\UltraISO\drivers\IsoCmd.exe (24 bytes)
%Program Files% (x86)\UltraISO\lang\is-UR8NM.tmp (601 bytes)
%Program Files% (x86)\UltraISO\is-GDUQD.tmp (41 bytes)
%Program Files% (x86)\UltraISO\lang\is-JMBI0.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-BTJFU.tmp (601 bytes)
%Program Files% (x86)\UltraISO\drivers\is-FVL71.tmp (15 bytes)
%Program Files% (x86)\UltraISO\lang\is-P380R.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-EVEEO.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-ATR5U.tmp (601 bytes)
%Program Files% (x86)\UltraISO\UltraISO.exe (49 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Help.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Readme.lnk (1 bytes)

The process regsvr32.exe:1112 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files% (x86)\UltraISO\isoshl64.dll (143 bytes)

The process %original file name%.exe:2636 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-76J9O.tmp\bdb3deffd640d14db8b390b6f3f0fe54.tmp (1547 bytes)

Registry activity

The process UltraISO.exe:1996 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{17FE9752-0B5A-4665-84CD-569794602F5C} {7F9185B0-CB92-43C5-80A9-92277A4F7B54} 0xFFFF" = "01 00 00 00 00 00 00 00 F4 A1 43 B4 11 7F D0 01"

The process bdb3deffd640d14db8b390b6f3f0fe54.tmp:1372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFilesHash" = "21 B2 E3 B3 96 8B 94 65 B3 A5 8C AB 6C 0F A2 CC"
"RegFiles0000" = "%Program Files% (x86)\UltraISO\UltraISO.exe, %Program Files% (x86)\UltraISO\isoshl64.dll, %Program Files% (x86)\UltraISO\drivers\IsoCmd.exe, %Program Files% (x86)\UltraISO\drivers\bootpart.exe, %Program Files% (x86)\Common Files\EZB Systems\lame_enc.dll, %Program Files% (x86)\UltraISO\ultraiso.chm, %Program Files% (x86)\UltraISO\lang\lang_de.dll, %Program Files% (x86)\UltraISO\lang\lang_fr.dll, %Program Files% (x86)\UltraISO\lang\lang_it.dll, %Program Files% (x86)\UltraISO\lang\lang_es.dll, %Program Files% (x86)\UltraISO\lang\lang_pt.dll, %Program Files% (x86)\UltraISO\lang\lang_nl.dll, %Program Files% (x86)\UltraISO\lang\lang_se.dll, %Program Files% (x86)\UltraISO\lang\lang_pl.dll, %Program Files% (x86)\UltraISO\lang\lang_cz.dll, %Program Files% (x86)\UltraISO\lang\lang_hu.dll, %Program Files% (x86)\UltraISO\lang\lang_ru.dll, %Program Files% (x86)\UltraISO\lang\lang_ua.dll, %Program Files% (x86)\UltraISO\lang\lang_bg.dll, %Program Files% (x86)\UltraISO\lang\lang_tr.dll, %Program Files% (x86)\UltraISO\lang\lp"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UltraISO_is1]
"QuietUninstallString" = "%Program Files% (x86)\UltraISO\unins000.exe /SILENT"

[HKCU\Software\EasyBoot Systems\UltraISO\5.0]
"SoundEffect" = "1"
"shared" = "%Program Files% (x86)\Common Files\EZB Systems"

[HKCR\.ui]
"(Default)" = "UltraISO"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UltraISO_is1]
"Inno Setup: Selected Tasks" = "desktopicon,isodrive"
"Inno Setup: App Path" = "%Program Files% (x86)\UltraISO"
"Inno Setup: Icon Group" = "UltraISO"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"SessionHash" = "E0 CF E1 89 C8 1D 53 1D 71 8B 92 E6 2D EC C4 5A"
"Owner" = "5C 05 00 00 1D 40 3D 87 11 7F D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UltraISO_is1]
"InstallDate" = "20150425"

[HKCU\Software\EasyBoot Systems\UltraISO\5.0]
"UseSkins" = "1"

[HKLM\SOFTWARE\Wow6432Node\EasyBoot Systems\UltraISO\5.0]
"shared" = "%Program Files% (x86)\Common Files\EZB Systems"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UltraISO_is1]
"Inno Setup: Language" = "en"
"Inno Setup: Deselected Tasks" = "associate"
"Inno Setup: User" = "%CurrentUserName%"

[HKLM\System\CurrentControlSet\services\ISODrive\Parameters]
"AutoMount" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UltraISO_is1]
"Inno Setup: Setup Version" = "5.5.1 (a)"
"EstimatedSize" = "6655"
"DisplayIcon" = "%Program Files% (x86)\UltraISO\UltraISO.exe"
"NoModify" = "1"

[HKLM\SOFTWARE\Wow6432Node\EasyBoot Systems\UltraISO\5.0]
"(Default)" = "%Program Files% (x86)\UltraISO"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UltraISO_is1]
"DisplayName" = "UltraISO Premium V9.53"
"UninstallString" = "%Program Files% (x86)\UltraISO\unins000.exe"

[HKCU\Software\EasyBoot Systems\UltraISO\5.0]
"Language" = "1033"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UltraISO_is1]
"InstallLocation" = "%Program Files% (x86)\UltraISO\"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"Sequence" = "1"

[HKCU\Software\EasyBoot Systems\UltraISO\5.0]
"XPBurn" = "0"

[HKLM\SOFTWARE\Wow6432Node\EasyBoot Systems\UltraISO\5.0]
"Install" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UltraISO_is1]
"NoRepair" = "1"

[HKCR\.isz]
"(Default)" = "UltraISO"

[HKCU\Software\EasyBoot Systems\UltraISO\5.0]
"(Default)" = "%Program Files% (x86)\UltraISO"
"ISOFolder" = "C:\Users\"%CurrentUserName%"\Documents\My ISO Files"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\RestartManager\Session0000]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFilesHash"
"Sequence"
"RegFiles0000"
"SessionHash"
"Owner"

The process regsvr32.exe:1112 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\TypeLib\{1CD46142-F3D3-4E46-87BA-7CC019142F9D}\1.0]
"(Default)" = "ISOShell 1.0 Type Library"

[HKCR\ISOShell.UIContextMenu.1]
"(Default)" = "UIContextMenu Class"

[HKCR\Drive\shellex\ContextMenuHandlers\UltraISO]
"(Default)" = "{AD392E40-428C-459F-961E-9B147782D099}"

[HKCR\CLSID\{AD392E40-428C-459F-961E-9B147782D099}\ProgID]
"(Default)" = "ISOShell.UIContextMenu.1"

[HKCR\ISOShell.UIContextMenu]
"(Default)" = "UIContextMenu Class"

[HKCR\Interface\{9653DE66-C5E0-4AEE-ADE5-0197BA68CE2B}]
"(Default)" = "IUIContextMenu"

[HKCR\TypeLib\{1CD46142-F3D3-4E46-87BA-7CC019142F9D}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{9653DE66-C5E0-4AEE-ADE5-0197BA68CE2B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{9653DE66-C5E0-4AEE-ADE5-0197BA68CE2B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{9653DE66-C5E0-4AEE-ADE5-0197BA68CE2B}\TypeLib]
"(Default)" = "{1CD46142-F3D3-4E46-87BA-7CC019142F9D}"

[HKCR\Interface\{9653DE66-C5E0-4AEE-ADE5-0197BA68CE2B}\TypeLib]
"(Default)" = "{1CD46142-F3D3-4E46-87BA-7CC019142F9D}"

[HKCR\Folder\ShellEx\ContextMenuHandlers\UltraISO]
"(Default)" = "{AD392E40-428C-459F-961E-9B147782D099}"

[HKCR\CLSID\{AD392E40-428C-459F-961E-9B147782D099}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"

[HKCR\Interface\{9653DE66-C5E0-4AEE-ADE5-0197BA68CE2B}\TypeLib]
"Version" = "1.0"

[HKCR\UltraISO\shellex\ContextMenuHandlers\ISOShell]
"(Default)" = "{AD392E40-428C-459F-961E-9B147782D099}"

[HKCR\ISOShell.UIContextMenu\CLSID]
"(Default)" = "{AD392E40-428C-459F-961E-9B147782D099}"

[HKCR\CLSID\{AD392E40-428C-459F-961E-9B147782D099}\InprocServer32]
"(Default)" = "%Program Files% (x86)\UltraISO\isoshl64.dll"

[HKCR\ISOShell.UIContextMenu.1\CLSID]
"(Default)" = "{AD392E40-428C-459F-961E-9B147782D099}"

[HKCR\TypeLib\{1CD46142-F3D3-4E46-87BA-7CC019142F9D}\1.0\0\win64]
"(Default)" = "%Program Files% (x86)\UltraISO\isoshl64.dll"

[HKCR\Directory\shellex\ContextMenuHandlers\UltraISO]
"(Default)" = "{AD392E40-428C-459F-961E-9B147782D099}"

[HKCR\Wow6432Node\Interface\{9653DE66-C5E0-4AEE-ADE5-0197BA68CE2B}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{AD392E40-428C-459F-961E-9B147782D099}]
"(Default)" = "UIContextMenu Class"

[HKCR\CLSID\{AD392E40-428C-459F-961E-9B147782D099}\TypeLib]
"(Default)" = "{1CD46142-F3D3-4E46-87BA-7CC019142F9D}"

[HKCR\TypeLib\{1CD46142-F3D3-4E46-87BA-7CC019142F9D}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\UltraISO\"

[HKCR\ISOShell.UIContextMenu\CurVer]
"(Default)" = "ISOShell.UIContextMenu.1"

[HKCR\Wow6432Node\Interface\{9653DE66-C5E0-4AEE-ADE5-0197BA68CE2B}]
"(Default)" = "IUIContextMenu"

[HKCR\CLSID\{AD392E40-428C-459F-961E-9B147782D099}\VersionIndependentProgID]
"(Default)" = "ISOShell.UIContextMenu"

[HKCR\binimage\shellex\ContextMenuHandlers\ISOShell]
"(Default)" = "{AD392E40-428C-459F-961E-9B147782D099}"

The process isocmd.exe:2612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\services\ISODrive\Parameters]
"ExcludeDrives" = "CDF"

Dropped PE files

MD5	File path
ce133f15b2c900b018de0ccfb046dfdd	c:\Program Files (x86)\Common Files\EZB Systems\lame_enc.dll
8b61df0ecee51b60589daec26e3cb9e9	c:\Program Files (x86)\UltraISO\UltraISO.exe
2f03ceb28307983f3b36216d35ffa5aa	c:\Program Files (x86)\UltraISO\drivers\ISODrive.sys
9c6f3f69163133fb8e56ac4a6e163452	c:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
66f5341a29e602c25637e83ea31ddf32	c:\Program Files (x86)\UltraISO\drivers\IsoCmd.exe
08a118c646922ed9526bfd7d77a42418	c:\Program Files (x86)\UltraISO\drivers\bootpart.exe
c66b64213cc4306d4a4bdf886c5d52be	c:\Program Files (x86)\UltraISO\drivers\bootpart.sys
70769bd8443550d6e1b6c7d391f041de	c:\Program Files (x86)\UltraISO\drivers\bootpt64.sys
731db7c7a376347b3ca2e0f474c0cd38	c:\Program Files (x86)\UltraISO\isoshl64.dll
9ec565aa6b4c81b75b5ba261644d30e8	c:\Program Files (x86)\UltraISO\lang\lang_ar.dll
2cbd5b41b4233b83291c1df6a83c0824	c:\Program Files (x86)\UltraISO\lang\lang_bg.dll
0039f1ea1df6f5d58123cf1109e68e0d	c:\Program Files (x86)\UltraISO\lang\lang_br.dll
799e711f1c57036f9b06eb816e435d6f	c:\Program Files (x86)\UltraISO\lang\lang_by.dll
808ed05f1aae2550caf6f5cd24d40191	c:\Program Files (x86)\UltraISO\lang\lang_cn.dll
813e21f4586d9f208b2013be1d07cb92	c:\Program Files (x86)\UltraISO\lang\lang_ct.dll
a96690143d5a30fe71f88aaaf883d8e3	c:\Program Files (x86)\UltraISO\lang\lang_cz.dll
4f80c27924d756b21b6b3ac1b3b808b6	c:\Program Files (x86)\UltraISO\lang\lang_de.dll
5a9c90c8839fe58b9933e254a9be6344	c:\Program Files (x86)\UltraISO\lang\lang_dk.dll
99d5710962f6020df9106c8cc7a94232	c:\Program Files (x86)\UltraISO\lang\lang_es.dll
4ec2664a9b4e12a83f91570fbff471b7	c:\Program Files (x86)\UltraISO\lang\lang_et.dll
9959ef154302bd657fac16183a8aa766	c:\Program Files (x86)\UltraISO\lang\lang_fi.dll
f9d08a4b57ca8d4fdb688fb0e31ac00a	c:\Program Files (x86)\UltraISO\lang\lang_fr.dll
4a75dcf7ffa606b03e897c7edd39b9a6	c:\Program Files (x86)\UltraISO\lang\lang_gr.dll
108745a5b38641dd9b8cac025d659304	c:\Program Files (x86)\UltraISO\lang\lang_he.dll
3343adef100cfc5bd69a3b2f5cdc12be	c:\Program Files (x86)\UltraISO\lang\lang_hr.dll
2582ac60f3c4b6519a539d63b07a7b16	c:\Program Files (x86)\UltraISO\lang\lang_hu.dll
7f52d5b8e735b1e6061ce79b37bde53f	c:\Program Files (x86)\UltraISO\lang\lang_id.dll
10c0cca6c6b2fc63a11a5bb196e40430	c:\Program Files (x86)\UltraISO\lang\lang_ir.dll
3e531e1c6133d5b16bc93c12d9c77748	c:\Program Files (x86)\UltraISO\lang\lang_it.dll
613772a0ba5f9320b81c5473fa9ecf9e	c:\Program Files (x86)\UltraISO\lang\lang_jp.dll
0ce7e6d9edfb72c62bc04970e71b9ebf	c:\Program Files (x86)\UltraISO\lang\lang_kr.dll
adf78d31e762e77de36b71fbcdf8736c	c:\Program Files (x86)\UltraISO\lang\lang_lt.dll
8c41902abc27596a7be42b949e8507ae	c:\Program Files (x86)\UltraISO\lang\lang_lv.dll
b52512279af2bd5d71a2d9443c0d8d36	c:\Program Files (x86)\UltraISO\lang\lang_mk.dll
cf035bb74cd28b00f5017048a86468c2	c:\Program Files (x86)\UltraISO\lang\lang_my.dll
33b5fcc8cc8eac310f1ccab855984982	c:\Program Files (x86)\UltraISO\lang\lang_nl.dll
6b0e05c1113d6b8ac17d7c77cd685f62	c:\Program Files (x86)\UltraISO\lang\lang_no.dll
317a6bcda0755e8fdd52bc8886891cce	c:\Program Files (x86)\UltraISO\lang\lang_pl.dll
16b8f4878eef6cb281547dafc283d223	c:\Program Files (x86)\UltraISO\lang\lang_pt.dll
2f8d8095e3c7fd4db8ba1eba2a547566	c:\Program Files (x86)\UltraISO\lang\lang_ro.dll
2d8cfda138e85c17d600fe765b972d08	c:\Program Files (x86)\UltraISO\lang\lang_ru.dll
a3339ef7ffdc77382eec2642deb467ca	c:\Program Files (x86)\UltraISO\lang\lang_se.dll
4b090e3d6d97b12e9195c75de093d9c8	c:\Program Files (x86)\UltraISO\lang\lang_si.dll
2e55e38132430f81409e198832f3772b	c:\Program Files (x86)\UltraISO\lang\lang_sk.dll
c7699d7589a8aae0752923f63f5556f6	c:\Program Files (x86)\UltraISO\lang\lang_sr.dll
e0f0232c3520108b10bcb81f895366ba	c:\Program Files (x86)\UltraISO\lang\lang_tr.dll
3d2a7de249aa7af34f47a8068ea060e3	c:\Program Files (x86)\UltraISO\lang\lang_tw.dll
6db98ef3b429db8a8175394fcecb1995	c:\Program Files (x86)\UltraISO\lang\lang_ua.dll
e5a16f5ac82e9fa5fa63b72e03b1fe8e	c:\Program Files (x86)\UltraISO\lang\lang_vn.dll
3f40c15cb7ae83aefb93064ac90bba5e	c:\Program Files (x86)\UltraISO\lang\lang_yu.dll
0f750a3d739e10e26e9765f681291033	c:\Program Files (x86)\UltraISO\unins000.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.

VersionInfo

Company Name: EZB Systems, Inc.
Product Name: UltraISO
Product Version: 9.5.3.2901
Legal Copyright: (c) EZB Systems, Inc.
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 9.5.3.2901
File Description: UltraISO Setup
Comments: This installation was built with Inno Setup.
Language: English (United States)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
CODE	4096	37732	37888	4.54766	2c410dfc3efd04d9b69c35c70921424e
DATA	45056	588	1024	1.8986	d5ea23d4ecf110fd2591314cbaa84278
BSS	49152	3720	0	0	d41d8cd98f00b204e9800998ecf8427e
.idata	53248	2384	2560	3.07115	bb5485bf968b970e5ea81292af2acdba
.tls	57344	8	0	0	d41d8cd98f00b204e9800998ecf8427e
.rdata	61440	24	512	0.14174	9ba824905bf9c7922b6fc87a38b74366
.reloc	65536	2228	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	69632	80800	80896	5.27687	188508946feed1f36fa0546bca30ddfc

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://www.ezbsystems.com/ultraiso/order.htm	216.92.58.37
hxxp://www.ezbsystems.com/images/ezbsys.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/order-title.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/uiso-title.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/top_1.jpg	216.92.58.37
hxxp://www.ezbsystems.com/images/bg.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/shareitlogo.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/x-click-but01.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_de.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_fr.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_it.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_es.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_pt.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_nl.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_se.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_no.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_dk.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_fi.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_pl.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_cz.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_hu.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_ru.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/flag_jp.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/lozenge-topleft.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/lozenge-topmiddle.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/lozenge-topright.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/lozenge-middleleft.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/spacer.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/checkbox-grey.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/lozenge-bottomleft.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/lozenge-bottommiddle.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/left_6.jpg	216.92.58.37
hxxp://www.ezbsystems.com/images/bottom_1.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/lozenge-bottomright.gif	216.92.58.37
hxxp://www.ezbsystems.com/images/lozenge-middleright.gif	216.92.58.37
hxxp://www.ezbsystems.com/favicon.ico	216.92.58.37
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fd7d87bd078c76da
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b4a2c689ee260c1f
hxxp://e10088.dspb.akamaiedge.net/pki/mscorp/msintcrca.crt
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d6573b7bbfbad023
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8d85406ba9ed3035
hxxp://hostedocsp.globalsign.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAANwFAj/+8EUwCY4AAQAA3AU=
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEALa8SdwQh28+NjkQGqVhx8=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEGO+CyDUoFQBjrKVo87pCRc=
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo=
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c=	23.43.139.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo=	23.43.139.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEALa8SdwQh28+NjkQGqVhx8=	23.43.139.27
hxxp://www.microsoft.com/pki/mscorp/msintcrca.crt	2.23.159.132
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b4a2c689ee260c1f	87.245.221.107
hxxp://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAANwFAj/+8EUwCY4AAQAA3AU=	108.162.232.204
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fd7d87bd078c76da	87.245.221.107
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8d85406ba9ed3035	87.245.221.107
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=	23.43.139.27
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl	87.245.221.98
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl	87.245.221.98
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl	87.245.221.98
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=	23.43.139.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc=	23.43.139.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=	23.43.139.27
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d6573b7bbfbad023	87.245.221.107
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl	87.245.221.98
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEGO+CyDUoFQBjrKVo87pCRc=	23.43.139.27
ieonline.microsoft.com	204.79.197.200

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum

Traffic

GET /pki/crl/products/WinPCA.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Sat, 07 Mar 2015 06:01:44 GMT

Accept-Ranges: bytes

ETag: "dde36a309c58d01:0"

Server: Microsoft-IIS/8.0

VTag: 43879645100000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 561

Cache-Control: max-age=900

Date: Sat, 25 Apr 2015 04:41:37 GMT

Connection: keep-alive

0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Window
s Verification PCA..150306223202Z..150605105201Z._0]0...U.#..0.......p
............<.J0... .....7.......0...U......40... .....7......15060
4224201Z0...*.H.............4......n[.t........'....Dx.P3R.!3.|D.6vL..
"k..9'....L..k......e.4......._..N..TJ......N.fP...H.....8...TJA...fGA
.e...^"{../...H?..E.Y.U....h..0/.......d...6..K..V?QM...{..h.....{.3..
.v.....\~.7n..5..'..k.Ia.YL..LP.b....._7.V..%......z*$q..Y..f.b..L8<
;~..v.w....

GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Thu, 05 Mar 2015 06:01:35 GMT

Accept-Ranges: bytes

ETag: "cf2633d6957d01:0"

Server: Microsoft-IIS/8.0

VTag: 43853244400000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 550

Cache-Control: max-age=900

Date: Sat, 25 Apr 2015 04:41:37 GMT

Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-St
amp PCA..150304221607Z..150603103607Z._0]0...U.#..0...#[email protected].. .
.5..0... .....7.......0...U......20... .....7......150602222607Z0...*.
H.............Y..}y`....T.Z..`B<..I.N..O... E:....7......a..)......
...._|W5laoqi(..>t~.."...&`.._.7J...:..{bO_Kyi...R...!...B.s..I.c&j
...(I\.S{._;@B...[i.e.[."...R` \...........M^k.=q[.V...9y..G.1o#k3<
.W.......H.$>}...U...2qyd2|b.fB.....r....H.P...;....Q...b......5%.P
.#..

GET /ultraiso/order.htm HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:41 GMT

Server: Apache/2.2.29

Last-Modified: Wed, 04 Feb 2015 00:45:23 GMT

ETag: "832e-50e3880a7eec0"

Accept-Ranges: bytes

Content-Length: 33582

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">.
<html>.<head>.<meta http-equiv="Content-Language" conte
nt="en-us">.<meta name="GENERATOR" content="Microsoft FrontPage 
6.0">.<meta name="ProgId" content="FrontPage.Editor.Document">
;.<meta http-equiv="Content-Type" content="text/html; charset=windo
ws-1252">.<title>Order UltraISO - EZB Systems, Inc</title&
gt;.<base target="_self">.</head>..<body bgcolor="#FFFF
FF" topmargin="0" leftmargin="0" background="../images/bg.gif">..&l
t;div align="center">.  <center>..<table border="0" cellpa
dding="0" cellspacing="0" style="border-collapse: collapse" bordercolo
r="#111111" width="768" id="AutoNumber1" height="1175">.  <tr>
;.    <td width="150" rowspan="2" bordercolor="#FFFFFF" height="61"
>.    <a href="../enindex.html">.    <img border="0" src="
../images/ezbsys.gif" align="center" width="150" height="60"></a
></td>.    <td width="210" bgcolor="#FFFFFF" background=".
./images/top_1.jpg" height="36">.       </td>.    &
lt;td width="408" bgcolor="#FFFFFF" height="36">.    <font size=
"4">Welcome to the EZB world!</font></td>.  </tr>
.  <tr>.    <td width="610" height="25" bordercolor="#000000"
 bgcolor="#4A73C6" colspan="2">.    <font color="#FFFFFF">&nb
sp;   </font>.    <a class="highlight" href="main.h
tm"><font color="#FFFFFF">Product Info</font></a<<< skipped >>>

GET /images/x-click-but01.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:31:12 GMT

ETag: "363-4428a2942b400"

Accept-Ranges: bytes

Content-Length: 867

Keep-Alive: timeout=5, max=99

Connection: Keep-Alive

Content-Type: image/gif
GIF89a>......2W..Ap...Nn.................!X...De.............p.....
Vv.|........h..$Hs.......4f"6M............!.......,....>...... .pdi
.h..,YXC..tm.x..6P|..pH,.......=.P....=...g..,...f..,.I".B..&..@......
.k.\.......3..<......w....3......3z_C.LC...u.1.......uD.......L...y
{L5.............Y.c........@[email protected]..?B..........4$.
.m...c.|p. .'`48\P.p....$\.......4,.. ..T.>.(0cac7...P.A......$.a..
.....\&.C......`....?1........~(. .Q....t. [email protected]..`A.0P
S]..E1.96.........-.........h.8M.-J.......^8..C.<..8.3....s..(j....
sRF.....K5l........5.Vp.g......0......e.`[email protected]....
z2.h.r.....~.A.W\)....8 @.[.L..;..C.....@.=MH E.A$...dU...T.....Q.....
..0v...4..C.1..c.6....}}RD.Dv...G~...D,.d.I2)..=....W^9..YZ...Z.)..a.(
d.PN...F....O.x..X.ig.5p...bv.g:g.Q..D....A<Yh.SR9'......Ce`...f...
.v.i....Q...j.........Z*........j...........;....


GET /images/flag_pt.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:46 GMT

ETag: "3b6-4428a27b5f980"

Accept-Ranges: bytes

Content-Length: 950

Keep-Alive: timeout=5, max=98

Connection: Keep-Alive

Content-Type: image/gif

GIF89a...............%......l..........................h..............
..................%..T.....X.....&...........................iL....u#.
~....=...}..r:.s..KC.bL.TB.G ^s.Rt.Jw..I..I..7..M._\..:..p..m..6..4.iK
.u@.."..-...!....$.............==......................C).............
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...........,...............H......*L8.......\.......L\.....G.d|.Q...4D
...d..*...PA.D..;^([email protected]@......L..t..*S....c....30i..H..
8..Uh.C...x.|I.B..7...K...#{..m........;....

GET /images/flag_fi.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:40 GMT

ETag: "80-4428a275a6c00"

Accept-Ranges: bytes

Content-Length: 128

Keep-Alive: timeout=5, max=97

Connection: Keep-Alive

Content-Type: image/gif

GIF89a................ff.33..........!.......,..........Eh... .P....Lm
.......\E.'... ..j..Z....@. 0..b.d1...J,@s.....g4..n..p..;....

GET /images/flag_jp.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:44 GMT

ETag: "13f-4428a27977500"

Accept-Ranges: bytes

Content-Length: 319

Keep-Alive: timeout=5, max=96

Connection: Keep-Alive

Content-Type: image/gif

GIF89a...........................................................{{.nn
.nn.TT.OO.GG.GG.......................................................
.................................................................!....
...,..........\..pH,....r.l....3..H...Tp1y7...I)y..M..e.0..\.`7......3
..{y.~L.$...bmM..y...Q.....c....YG.GA.;....

GET /images/spacer.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:43 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:31:06 GMT

ETag: "2b-4428a28e72680"

Accept-Ranges: bytes

Content-Length: 43

Keep-Alive: timeout=5, max=95

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.............!.......,...........D..;....

GET /images/bottom_1.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:43 GMT

Server: Apache/2.2.29

Last-Modified: Tue, 16 Dec 2014 00:59:32 GMT

ETag: "701-50a4adf31e500"

Accept-Ranges: bytes

Content-Length: 1793

Keep-Alive: timeout=5, max=94

Connection: Keep-Alive

Content-Type: image/gif
GIF89aj...............................................................
.......................................!.......,....j......."..X.h...#
.i,..#.'^A.....p.([email protected]@.....Zmi..p.`N.....~.....
....yq..kjh.eba_`\Z.X.UR.R......JFC....:'<.93.-,..(-.02%.......:...
........E...............U.Z...........o........{.........^....h.D.`(Q.
.. ...1T....(.....2....... ?.hq.F..$S..4..$0U. .."B.2..r...3.%o..y{t._
.s...[.........g..Q.b.Z..S...`...P..........!EY.K.P..$..sm...Q........
b.E..fM$. ...h#KV`Vg..a.....h.....3..*R....^..u;...U-]......n..@@...$H
.$...........0.1j....c....?.....b6.Y."-...L<5Y.~7..O.X......^......
.2k...k..h.....@........\%.}.U..WM...y..u.Z....w0AD.K;P.]....Wb%......
..w8.s.Y...!5.p"...P..~....~... ...s..TV)O.o.......!...W.6..F.A.}".4..
..Y.......U....y....FB_...._.^.....T..i%[email protected]'ejs.Q..Q...(.e.V.*..}|
.G.ZnjF..^X...z2\r..Z.. n..u..:h_...h.,.....*.L..I#M..X....Vk-........
..*..Bi....k...f...dtKT?..y...^.-..T.L2......f."_...0/".../..U....[...
M...b..F...{.. #......)[email protected]............. ....m.....2.(
. N.#{...TC.u..6.*.K[Q.o..&Vf.Fj.q2/0t....bG@..&...h7.....5.IK/... ...
u..>.u\...?..9.}.n..gK...[......t.f.}.....n:[email protected]
...#7....<.H........>P...Y...GVA.... .......~. g.[.q9Lv.........
."..Z._..\....f~2.....=.6.V/..?...b.!O......K.......-|..I.qC.....z..#.
[email protected].....$....*b..(
...F..s..".C....`l.p......1f...q`7.(P.RE....WD(B.TL....0.;R..s...U&.jE
.ZZ,.5.c4\.mma. .....2.......F/).'..;R q..?...{L%..eJ.].(.T..&....<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1762

content-transfer-encoding: binary

Cache-Control: max-age=569088, public, no-transform, must-revalidate

Last-Modified: Fri, 24 Apr 2015 18:45:16 GMT

Expires: Fri, 1 May 2015 18:45:16 GMT

Date: Sat, 25 Apr 2015 04:42:28 GMT

Connection: keep-alive

0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..2015042
4184516Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...3
13..R...%V.......K3.....20150424184516Z....20150501184516Z0...*.H.....
........|.k`.#..:..."...8....:Hu%.....Pf...sS.!.Og.....4.......R.Y..e.
.....mG.-.&.Q....}..*.S......!.^.. .&S.)..o...ij.2.....^4.D.Y..N...a..
.a.-".p_E]..M....c..9.!8.%..u<...)........z}......R.j3B..l.........
........@...!......=m....<.Ep.....,...|......1.BwP.9"........0...0.
..0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U...
.VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 Ve
riSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 P
ublic Primary Certification Authority - G50...141202000000Z..151216235
959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec
 Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Cert
ificate 30.."0...*.H.............0...............2&..PL...,..2....:..t
H...`JG.%..*...s.c%[email protected]"1.5?..s..
...3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J.....@2$".
.$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'....f.
6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H...E...
.0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.
symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0
!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUNp0...U
.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve..#...5

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEALa8SdwQh28+NjkQGqVhx8= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1725

content-transfer-encoding: binary

Cache-Control: max-age=515239, public, no-transform, must-revalidate

Last-Modified: Fri, 24 Apr 2015 03:44:53 GMT

Expires: Fri, 1 May 2015 03:44:53 GMT

Date: Sat, 25 Apr 2015 04:42:28 GMT

Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....2015042
4034453Z0s0q0I0... ...................F....0.yV......{&.K......&......
....'[email protected]...*.H........
.....$S....KNR".3....>E..y..c.C.=......{Z..=bOT....f...5...eE......
...<....I..:..'....T.JI.;..&:p...'TQ.9J.zg/B...Y ...}X9.K.>..R..
./Z.o].3"..l....}..;.%.."D.tm..B...7UKV.......D...r..o|..e......&.....
......6...../xV.*p..T.._......!x..G...C...d....l...yIaQCi.......0...0.
..0............F...I]A([email protected]...*.H........0..1.0...U....US1.0...U...
.VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of us
e at hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Cod
e Signing 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0..
.U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSi
gn Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0..
.......q<...A...#......A...u..Lz.............o..D.vQ%..s.......f...
.e../jI.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p..
..M/.. ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L.
..5.o..o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0.
..U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.ve
risign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS in
corp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U
........0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H..
............-..^.........f.P`...s.....8.....V.......... .... B.(@-<<< skipped >>>

GET /images/uiso-title.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:31:12 GMT

ETag: "101c-4428a2942b400"

Accept-Ranges: bytes

Content-Length: 4124

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/gif
GIF89a..<....MMM..f..fkj.ff...k~~Y...JI.........ots...v}z....onq...
...lk.......{{....yt.FE................cb.kk.po..}q[Z...q.........ts..
..[ZZ...ts.......kj.........t...cby...ss.hg.lk........................
.....}.......sr.RRe......ZZscb....SR.|{...|ss.......|{....~||}qk{{.[[l
sr..........ll................bb.......lk......l..u.....{.........cc..
..........u...ss}{{......w.....x..|fff...sr.......!.......,......<.
..............!..............7........................................
.E...........................J..........X................7e......G..Ay
......!....b9H...c7t9.G.... C..A..?../j......0c.,[email protected]@..
I..U.....S..........X.\.P....}... ....8X.....S.V....K..]...*a.......0a
2B..... N\.....#K....Z...........?.T......S...d...x.d.B..m3.6..".....m
[email protected]...].^.W.....3.;...q|S..;....f.D.A.|..f...0....7sff1...........K.
....w'.a.yK....K,a.yf......W...j...Rt(.}.....$.h..&.XWL.....L.p..9....
-..A...w..[.p....Y..;y....*.%"t(F)..S.w.K-.c.j.1...[La...........mS...
.C.i..........g.O.G....*....jh.(F7.......xDPc...Z".Qd.E.S..E. .9..%.!.
........z....:...-.R.{....%l...A.I)..b...YDH..............*h.'.z...v..
....k........q....7,..nj...~J!.......R..... ....kh...u.......9.[..&4..
...j.,[email protected]......
..|t!.. W.r.Xg.5.(.......f...L[.Q....'l..x.~.4..j.t.xC...R.lu.[....-.K
3t`.....w.x...6...S........t....kW.w.z.......-.1.......;...l&.. 0.....
..S....*._<.3.1...J.A.~.W..........z......../.....\..%...........O&
lt;...p<..x.....A...P..z...Y.{..^...@........)v....t/;..H.>.<<< skipped >>>

GET /images/flag_it.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:42 GMT

ETag: "38b-4428a2778f080"

Accept-Ranges: bytes

Content-Length: 907

Keep-Alive: timeout=5, max=99

Connection: Keep-Alive

Content-Type: image/gif

GIF89a................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...........,..........p....H......&$ .......(@[email protected](......0..q....G
..x.dJ..YVD.PeL.3]...Q...6{....d...hf4.3... .*...a..A.J}J....`....;ont>....

GET /images/flag_no.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:46 GMT

ETag: "14b-4428a27b5f980"

Accept-Ranges: bytes

Content-Length: 331

Keep-Alive: timeout=5, max=98

Connection: Keep-Alive

Content-Type: image/gif
GIF89a................................................................
...........{..u..s._Qyx.us.et.^u.^t.er.;9.87..........................
.................................................................!....
...,[email protected](1.<..r.,.......ZET..Y).:...B&_.....)....|.).(..^
....((........& ...........).....\^`bMFU.S.Z.X..D.[A.;....


GET /images/flag_hu.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:42 GMT

ETag: "379-4428a2778f080"

Accept-Ranges: bytes

Content-Length: 889

Keep-Alive: timeout=5, max=97

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.................4[.|...1..'....................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...........,..........^....H......*\......#[email protected]....&S
[email protected].&E.....P....;....

GET /images/lozenge-topright.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:31:00 GMT

ETag: "70-4428a288b9900"

Accept-Ranges: bytes

Content-Length: 112

Keep-Alive: timeout=5, max=96

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.......................................................!.......,
............II.H8.....Q\ ..%6.).....)]"..;....

GET /images/lozenge-bottommiddle.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:43 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:56 GMT

ETag: "30-4428a284e9000"

Accept-Ranges: bytes

Content-Length: 48

Keep-Alive: timeout=5, max=95

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.............!.......,...................;HTTP/1.1 200 OK..Date:
 Sat, 25 Apr 2015 04:38:43 GMT..Server: Apache/2.2.29..Last-Modified: 
Mon, 31 Dec 2007 00:30:56 GMT..ETag: "30-4428a284e9000"..Accept-Ranges
: bytes..Content-Length: 48..Keep-Alive: timeout=5, max=95..Connection
: Keep-Alive..Content-Type: image/gif..GIF89a.............!.......,...
................;..

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1453

content-transfer-encoding: binary

Cache-Control: max-age=516200, public, no-transform, must-revalidate

Last-Modified: Fri, 24 Apr 2015 04:05:12 GMT

Expires: Fri, 1 May 2015 04:05:12 GMT

Date: Sat, 25 Apr 2015 04:42:27 GMT

Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....2015042
4040512Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a.
.eR&.....Y.)..".\....20150424040512Z....20150501040512Z0...*.H........
........UJN.z...%sp.&.Wp..WX.W..D.R..Y..`.*A..4%....|,.8z.8.R.,....@..
OJ.....zMp.$!..a..L......~^.y.. YB h..L.",.......7....3|......3L..M.F.
........C. a.!{.&.T.....5..E.!vc.%j.....*)..01...fd..........67.....|.
0w* ..9."...........b[..C.........m..K......v..........0...0...0..3...
..../...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign,
 Inc.1705..U....Class 3 Public Primary Certification Authority0...1412
02000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporatio
n1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1
 OCSP Responder Certificate 30.."0...*.H.............0..........'.....
.Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; )....
.0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|
o....S..v.).)[email protected]#qh...u1T.].G0.]E...=._.....
. ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0
c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......
0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .
....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H
......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D.....
......e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=574611, public, no-transform, must-revalidate

Last-Modified: Fri, 24 Apr 2015 20:15:13 GMT

Expires: Fri, 1 May 2015 20:15:13 GMT

Date: Sat, 25 Apr 2015 04:42:27 GMT

Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015042
4201513Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
..M.s.Q~...@?j.......20150424201513Z....20150501201513Z0...*.H........
........'..n..........0.Z-([email protected]*K..z..._>...M......
h...:Z.....t?.1..`..@".9j.....G.p /1.l bH...Q3{."..j....Z.M.....l..}..
.M?.; H......3..<..].......J..W....j.......J..{.........X.v..y...Zl
`f.D&[.oT....f..=.m^.,...6}k...(......6.....1Uu..%.X.x./....#0...0...0
..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
......m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...n
z(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*].
..*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...
:.C.Q.i~rl..<..krS..8.B..o][email protected]...
U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.veri
sign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS inco
rp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U..
......0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H<<< skipped >>>

GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 24 Mar 2015 05:02:25 GMT

If-None-Match: "a1132b8ef65d01:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 304 Not Modified

Content-Type: application/pkix-crl

Last-Modified: Tue, 24 Mar 2015 05:02:25 GMT

ETag: "a1132b8ef65d01:0"

Cache-Control: max-age=900

Date: Sat, 25 Apr 2015 04:42:07 GMT

Connection: keep-alive

HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Mo
dified: Tue, 24 Mar 2015 05:02:25 GMT..ETag: "a1132b8ef65d01:0"..Cache
-Control: max-age=900..Date: Sat, 25 Apr 2015 04:42:07 GMT..Connection
: keep-alive..

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=446050, public, no-transform, must-revalidate

Last-Modified: Thu, 23 Apr 2015 08:35:12 GMT

Expires: Thu, 30 Apr 2015 08:35:12 GMT

Date: Sat, 25 Apr 2015 04:42:49 GMT

Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015042
3083512Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
....^[email protected]...*.H........
......_J.r.R......~..^'r...w..H-C3.].Y....1.X.j .........Dd..........z
.*.B/...V....WB.q..9....mY.<.$...]........r.D'.....mm.....lHp......
[email protected]>.......R..'.!.........i..^......h...AB.....IJI
.......).8~...dC*7*.?....l.....C.'Lb...,...N....;../W.......#0...0...0
..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
......m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...n
z(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*].
..*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...
:.C.Q.i~rl..<..krS..8.B..o][email protected]...
U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.veri
sign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS inco
rp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U..
......0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H<<< skipped >>>

GET /pki/mscorp/msintcrca.crt HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: VVV.microsoft.com


HTTP/1.1 200 OK

Content-Length: 1460

Content-Type: application/x-x509-ca-cert

Last-Modified: Thu, 05 Apr 2012 22:54:51 GMT

Accept-Ranges: bytes

ETag: "8f34f51b7f13cd1:0"

Server: Microsoft-IIS/8.0

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

VTag: 438339726900000000

X-Powered-By: ASP.NET

X-Powered-By: ARR/2.5

X-Powered-By: ASP.NET

Cache-Control: max-age=525

Date: Sat, 25 Apr 2015 04:39:49 GMT

Connection: keep-alive

X-CCC: SE

X-CID: 2
0...0..................J..m5.p.0...*.H........0,1*0(..U...!Microsoft I
nternal Corporate Root0...120405215454Z..370405220105Z0,1*0(..U...!Mic
rosoft Internal Corporate Root0.."0...*.H.............0..........We...
....#.............y....<d]U2>L..J..p ..j.......[.Fk..>...C...
..wQ...n.4.C["....q.>.s..v.....Du.}W-............~....k........Vl..
v).....O..:........X.2P%..A.S.<w.a.6j|.K.N..>...;....$.%.....H..
.. ....M...u.Y.<])O..YFF-).....$Yp)/...I..G.p...-.......m....Ca...H
OJ.aP..%...S..p.h....{^. ..,R..<2xV.".tm.Q.9...:.{.'w.0&{.).k..W.~y
M'm....2..(....."&...Y>.......a...."3..._..;.g....e`$4..OJh....._q.
..h9P....Y!g.uc{.....-c.s...>xw.....H..|....!.N.Nhs....}R.h......e.
|T......FO.B2..\~v>....i.8..J...9.ua.6_..............0..0...U......
..0...U.......0....0...U.........d......T.....xKza0... .....7.......0y
..U. .r0p0n..U. .0f0d.. .......0X.V.h.t.t.p.:././.w.w.w...m.i.c.r.o.s.
o.f.t...c.o.m./.p.k.i./.m.s.c.o.r.p./.c.p.s...h.t.m0...*.H............
.4..z*..~.>...o9...EW...%s..v...wY3./xQ./.)VT...,.Lg......(...{u_.s
..a.....F,.:.#..#b.q.......0...?i..\.P4.9E..\..F.~..:....N.^D...&n....
.#q.cw.(...w........&Q..d...H..".U1M~.......G]....K..P.(.N.;M...N.6.ab
.so...=A*[email protected].)
rt...,......E.....UT`.0D.....\...11aA......J...z.....b9(..(B)p!. ..{q.
'......aX....B.j.9.A..\y7...:\..b.:[email protected]>.%...%..........6.$
..A......M.1.m........ ...q.2_E..Emh'T}/.. 2..(.....~ .. 8.t./....7...
.e..mY...~f.....1.h..... ......<<< skipped >>>

GET /favicon.ico HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:55 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:32:56 GMT

ETag: "3b9-4428a2f759e00"

Accept-Ranges: bytes

Content-Length: 953

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/x-icon

GIF89a................................................................
....................................................................3.
.f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............
3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.
3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3..3..3..f
..f.3f.ff..f..f..f3.f33f3ff3.f3.f3.ff.ff3fffff.ff.ff.f..f.3f.ff..f..f.
.f..f.3f.ff..f..f..f..f.3f.ff..f..f.......3..f..........3..33.3f.3..3.
.3..f..f3.ff.f..f..f......3..f..............3..f..............3..f....
..........3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..
............3..f..............3..f..............3..f..........3..33.3f
.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3.
.f.........,.............P d..A...Q{..P...#.)....B.3V..1#....z|...CX.R
v.h....*UN..E..j.SNd.@UM..;.d.....'.*...(......Y...j07.4d.'..Lau=.3...
c..4..g...o.5j..P.s....7/..s..............;HTTP/1.1 200 OK..Date: Sat,
 25 Apr 2015 04:38:55 GMT..Server: Apache/2.2.29..Last-Modified: Mon, 
31 Dec 2007 00:32:56 GMT..ETag: "3b9-4428a2f759e00"..Accept-Ranges: by
tes..Content-Length: 953..Keep-Alive: timeout=5, max=100..Connection: 
Keep-Alive..Content-Type: image/x-icon..GIF89a........................
......................................................................
......................................3..f..........3..33.3f.3..3..3..
f..f3.ff.f..f..f......3..f..............3..f..............3..f........
.3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3.

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1552

content-transfer-encoding: binary

Cache-Control: max-age=451114, public, no-transform, must-revalidate

Last-Modified: Thu, 23 Apr 2015 10:00:09 GMT

Expires: Thu, 30 Apr 2015 10:00:09 GMT

Date: Sat, 25 Apr 2015 04:42:49 GMT

Connection: keep-alive
0..........0..... [email protected]
3100009Z0s0q0I0... .........z`.V.<N.v...TM)(.r...L_.6....a"I9....J.
8........c..uU..$.;.....20150423100009Z....20150430100009Z0...*.H.....
.........{...M...p.....?.T.}....;.. .....P...}....b.Q.)6.{....`;......
..23.P|9.S....C.......B.....?....k..N>........B..t6.$.o...([email protected].=..
....P...I.lm.J.M.}[`.@..

GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAANwFAj/+8EUwCY4AAQAA3AU= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.msocsp.com


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:39:50 GMT

Content-Type: application/ocsp-response

Content-Length: 1757

Connection: keep-alive

Set-Cookie: __cfduid=d4e2061f6ddd40f7e97b437e1fbe9afd41429936790; expires=Sun, 24-Apr-16 04:39:50 GMT; path=/; domain=.msocsp.com; HttpOnly

Last-Modified: Sat, 25 Apr 2015 02:23:03 GMT

Expires: Wed, 29 Apr 2015 02:23:03 GMT

ETag: "20d153aa2ed4abd72e958d47cdbdc3ed07233bf8"

Cache-Control: max-age=10800,public,no-transform,must-revalidate

X-Cache: HIT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1dc75dcc925d0485-FRA
0..........0..... .....0......0...0..........<.|[email protected]|..2015
0425022303Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.
{.....Z.....?..E0............20150425022303Z....20150429022303Z."0 0..
. .....0......20140425022303Z0...*.H.............j..v..R..........Z...
...Q.y".p.............h.......x3.&..9.....:R.vH.)@.5hT.[]{w%9.>..=0
=.}..P......a.Zf...P...$.%.=.b..:R.$...gUn...~.my<..>.fI....C.4.
.{..].=......J.......w|s>1.*z....<.....d.....zPI).)qRIz.y.{/t..L
.....['....O..M...hJ...{. Y.......?$.yv.....0...0...0..........Z.....W
.3..........0...*.H........0..1.0...U....US1.0...U....Washington1.0...
U....Redmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0
...U....Microsoft IT SSL SHA20...150304231653Z..150518231653Z0!1.0...U
....Should be ignore by CA0.."0...*.H.............0...........&!(..$.K
...."=f....x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i
.Q...........bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~.
.D.x*.......x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e
 ...6.M.O.....<5:......r.....]..A.5........0..0...U..........<.|
[email protected]|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%.
.0... .......0... .....7....0.0... .......0... .....0......0...*.H....
.............9........V.O..o.6........O......8=\..Uy}.%..y.^.*_#@.L.\.
...s..im.k.\Y5.h.h.%.&%.E]..G...aAn./q...omj........e.._....|.S...y0..
$....|A@.._Xl98k.Q...s5. ;....|p....n/\"d0.c#..7....1Nv...h8.X.G....F.
x.(K.....lx1. .......O.....%.Gk|......"[email protected]/.o-....\<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEGO+CyDUoFQBjrKVo87pCRc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1725

content-transfer-encoding: binary

Cache-Control: max-age=539846, public, no-transform, must-revalidate

Last-Modified: Fri, 24 Apr 2015 10:39:56 GMT

Expires: Fri, 1 May 2015 10:39:56 GMT

Date: Sat, 25 Apr 2015 04:42:30 GMT

Connection: keep-alive

0..........0..... .....0......0...0......N$p...v....1.;..vn....2015042
4103956Z0s0q0I0... ...................F....0.yV......{&.K......&......
.c.. ..T.............20150424103956Z....20150501103956Z0...*.H........
......n..)........bWh...hI..W.j.&...{..{W.8...H........a.....z...r.I..
.#.E.e....PIgJ,..m..%".O ...............%....X..Hr..fIm..qQ......GR.$.
....gl_.UI..f.T..C.T.e...Ir.^......./..B.q.yB..9.a.U.>..Z..([......
.!m\.M.3.......f..JVm.B.m.y.......{..t.I.op..._ LCs.......0...0...0...
.........F...I]A([email protected]...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Sign
ing 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U....
VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Cla
ss 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0........
.q<...A...#......A...u..Lz.............o..D.vQ%..s.......f....e../j
I.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M/..
 ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5.o.
.o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U...
.0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign
.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. 
by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U......
..0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H........
......-..^.........f.P`...s.....8.....V.......... .... B.(@-)6.Rf.

<<< skipped >>>

GET /images/ezbsys.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:36 GMT

ETag: "baf-4428a271d6300"

Accept-Ranges: bytes

Content-Length: 2991

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/gif
GIF89a..<....9.....s.....3f.s..9k....B{.B........B..R........{..9s.
B........B{.Z..Js....`...........Js.J{.w..J.....B..R...........Y..R..k
..k...........R.....J..Bs....R..J.....Js.s..}.....R{.k..{..f.....s..q.
.R{.J{....J...........Z........J.....R........Bs.c..M..Bs....J.....3..
R.....Bk.c...........Z..J.....J..c..............k.....J{.B{....B......
........Bs.Bk.Z..B{.J..R{.s..R.....Z..Z........B..!.......,......<.
....5.......................................5/.!]]C....C.....J2J..>
.....4"4Km.m.m4.....mb..K.J....n..>!.00v3 K.3...b. .K.....v.v[.....
C.&.....e...QA...A<......)...b..0..-..N...(.I ..K..HL([email protected]
M6..|..A.N...*.....H\.H.C..=.*Ebu7r...3..0.."..9u.]..hM.....T1.OF.9...
0....D...p...%v`.Y......hH.!A..d............f....F.Jw.K(I....<EtD0M
..l.&.......,q1#l.".h.?.LD...D4.s...1<.1.1{.Z....-dTG...k.8....C.o.
.....v3.hv'..e.....WK.aG......p...w7..H.4.&..4....9..^..`x...P..;K4 ..
..TY;..........X.a...(.O..~.^#..ea..t@".#i...#..$.!...."/`.....C..,.CC
.0....0.....N....D...e.F.E..6.. ""'..P..:^.......c......d.RB.T...C.x.I
z5......y."/ ..q3...K.b5.:X-...d.......!...t.$I..k".&.......p\....D..R
X.....N....)..H..(`g%"^..{.4i.n....f8..../.c..ml...5.q..c....."B......
...;..... "......#..U.`.......G...`.....L.....B..|..2KI..iD....#B..#4.
tqT5.b...!...x;H.jt.A.=..p..)....P(l$r...{....r.51.:34`..U.0#.?.;..|L.
A.(T..R9....8.z..5£#<,...D.:....Z...9.d*E\....Da....$x"n..7....._
y9...#l....$][email protected]..^0o.2...c6!..3h....)..."..PA
.j.q....{...."....oH..*[email protected].(X..>..'H.f.pM.n....l<<< skipped >>>

GET /images/bg.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:24 GMT

ETag: "38-4428a26664800"

Accept-Ranges: bytes

Content-Length: 56

Keep-Alive: timeout=5, max=99

Connection: Keep-Alive

Content-Type: image/gif

GIF89a@..................,....@..............,......^..;....

GET /images/flag_de.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:38 GMT

ETag: "36b-4428a273be780"

Accept-Ranges: bytes

Content-Length: 875

Keep-Alive: timeout=5, max=98

Connection: Keep-Alive

Content-Type: image/gif

GIF89a..............0....4............................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...........,..........P....H......*\...@..#J.HQ....3j.hq.G..?...r.G..R
.\[email protected]`..8s..is.O.=....Pa@.;....

GET /images/flag_nl.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:44 GMT

ETag: "390-4428a27977500"

Accept-Ranges: bytes

Content-Length: 912

Keep-Alive: timeout=5, max=97

Connection: Keep-Alive

Content-Type: image/gif

GIF89a..............f...3......f...3..................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...........,..........u....H..A...*\......#:.(.bB...f..Q.G.....0.$..&S
.......0c.`)[email protected]."8p`iS.N.B.*....X.2...kV.^..8H.l..
.;....

GET /images/flag_pl.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:46 GMT

ETag: "36f-4428a27b5f980"

Accept-Ranges: bytes

Content-Length: 879

Keep-Alive: timeout=5, max=96

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.......B..B))ZZZ.{{.............................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...........,..........T....H..A...*\..a...#:.(.bB..%b.8Q.G.....I......
.X.........I....8Y...s'O.>...I....E...;....

GET /images/lozenge-topleft.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:58 GMT

ETag: "71-4428a286d1480"

Accept-Ranges: bytes

Content-Length: 113

Keep-Alive: timeout=5, max=95

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.......................................................!.......,
...........0% ..7....@q|...$....~.../..h..;....

GET /images/checkbox-grey.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:43 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:26 GMT

ETag: "b9-4428a2684cc80"

Accept-Ranges: bytes

Content-Length: 185

Keep-Alive: timeout=5, max=94

Connection: Keep-Alive

Content-Type: image/gif
GIF89a.......iiisss.........|||........................fff...!.......,
..........f..I...".H.H...e.N..."8.q1tm...1.....e.H}......I.....04-....
(...a.."=..!...................6.4,.........;....


GET /images/lozenge-bottomright.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:43 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:56 GMT

ETag: "6f-4428a284e9000"

Accept-Ranges: bytes

Content-Length: 111

Keep-Alive: timeout=5, max=93

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.......................................................!.......,
[email protected]|H....D.;HTTP/1.1 200 OK..Date: Sat, 2
5 Apr 2015 04:38:43 GMT..Server: Apache/2.2.29..Last-Modified: Mon, 31
 Dec 2007 00:30:56 GMT..ETag: "6f-4428a284e9000"..Accept-Ranges: bytes
..Content-Length: 111..Keep-Alive: timeout=5, max=93..Connection: Keep
-Alive..Content-Type: image/gif..GIF89a...............................
........................!.......,[email protected]|H...
.D.;..

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=453566, public, no-transform, must-revalidate

Last-Modified: Thu, 23 Apr 2015 10:40:21 GMT

Expires: Thu, 30 Apr 2015 10:40:21 GMT

Date: Sat, 25 Apr 2015 04:42:36 GMT

Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015042
3104021Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.A..2.....:...:......20150423104021Z....20150430104021Z0...*.H........
..........o.}"^O8.[....i...8..o4.....|..aJ.J...U..E[.../...\ .%.o..;.,
r~.0....xgZ...8..K..V.CQ..U...F1..D1..VwQ....<h~.*#........ [email protected]..
.-.6Y,Be...l*[email protected]......*.0.`U.U4...?_......>r..H.......q
...f..0.BD.w.m..-.f.@.%...LH.7..{........AV5......E.%.c.....#0...0...0
..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
......m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...n
z(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*].
..*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...
:.C.Q.i~rl..<..krS..8.B..o][email protected]...
U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.veri
sign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS inco
rp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U..
......0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b4a2c689ee260c1f HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT

If-None-Match: "804047d4e66d01:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified

Content-Type: application/octet-stream

Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT

ETag: "804047d4e66d01:0"

Cache-Control: max-age=86400

Date: Sat, 25 Apr 2015 04:39:46 GMT

Connection: keep-alive

HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..C
ache-Control: max-age=86400..Date: Sat, 25 Apr 2015 04:39:46 GMT..Conn
ection: keep-alive......

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?8d85406ba9ed3035 HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 24 Feb 2015 00:37:01 GMT

If-None-Match: "80b4d90ca4fd01:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified

Content-Type: application/octet-stream

Last-Modified: Tue, 24 Feb 2015 00:37:01 GMT

ETag: "80b4d90ca4fd01:0"

Cache-Control: max-age=604800

Date: Sat, 25 Apr 2015 04:39:50 GMT

Connection: keep-alive

HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Feb 2015 00:37:01 GMT..ETag: "80b4d90ca4fd01:0"..C
ache-Control: max-age=604800..Date: Sat, 25 Apr 2015 04:39:50 GMT..Con
nection: keep-alive..

GET /pki/mscorp/msintcrca.crt HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: VVV.microsoft.com


HTTP/1.1 200 OK

Content-Length: 1460

Content-Type: application/x-x509-ca-cert

Last-Modified: Thu, 05 Apr 2012 22:54:51 GMT

Accept-Ranges: bytes

ETag: "8f34f51b7f13cd1:0"

Server: Microsoft-IIS/8.0

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

VTag: 438339726900000000

X-Powered-By: ASP.NET

X-Powered-By: ARR/2.5

X-Powered-By: ASP.NET

Cache-Control: max-age=525

Date: Sat, 25 Apr 2015 04:39:49 GMT

Connection: keep-alive

X-CCC: SE

X-CID: 2
0...0..................J..m5.p.0...*.H........0,1*0(..U...!Microsoft I
nternal Corporate Root0...120405215454Z..370405220105Z0,1*0(..U...!Mic
rosoft Internal Corporate Root0.."0...*.H.............0..........We...
....#.............y....<d]U2>L..J..p ..j.......[.Fk..>...C...
..wQ...n.4.C["....q.>.s..v.....Du.}W-............~....k........Vl..
v).....O..:........X.2P%..A.S.<w.a.6j|.K.N..>...;....$.%.....H..
.. ....M...u.Y.<])O..YFF-).....$Yp)/...I..G.p...-.......m....Ca...H
OJ.aP..%...S..p.h....{^. ..,R..<2xV.".tm.Q.9...:.{.'w.0&{.).k..W.~y
M'm....2..(....."&...Y>.......a...."3..._..;.g....e`$4..OJh....._q.
..h9P....Y!g.uc{.....-c.s...>xw.....H..|....!.N.Nhs....}R.h......e.
|T......FO.B2..\~v>....i.8..J...9.ua.6_..............0..0...U......
..0...U.......0....0...U.........d......T.....xKza0... .....7.......0y
..U. .r0p0n..U. .0f0d.. .......0X.V.h.t.t.p.:././.w.w.w...m.i.c.r.o.s.
o.f.t...c.o.m./.p.k.i./.m.s.c.o.r.p./.c.p.s...h.t.m0...*.H............
.4..z*..~.>...o9...EW...%s..v...wY3./xQ./.)VT...,.Lg......(...{u_.s
..a.....F,.:.#..#b.q.......0...?i..\.P4.9E..\..F.~..:....N.^D...&n....
.#q.cw.(...w........&Q..d...H..".U1M~.......G]....K..P.(.N.;M...N.6.ab
.so...=A*[email protected].)
rt...,......E.....UT`.0D.....\...11aA......J...z.....b9(..(B)p!. ..{q.
'......aX....B.j.9.A..\y7...:\..b.:[email protected]>.%...%..........6.$
..A......M.1.m........ ...q.2_E..Emh'T}/.. 2..(.....~ .. 8.t./....7...
.e..mY...~f.....1.h..... ......<<< skipped >>>

GET /images/order-title.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:31:00 GMT

ETag: "11c2-4428a288b9900"

Accept-Ranges: bytes

Content-Length: 4546

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/gif
GIF89aX.H.............................................f...........3...
........3......f..........3........f.....3.........f....3...3........3
.f.ff.f..f..ffooo.f3ff.___3f.ff.UUU.33.f..ffOOO.3..3f.3.???f3.33f33333
.///.3..3f..."""...............3.......f..............................
......................................................................
...............................................!.......,....X.H.......
......................................................................
...........................................................H......*\..
....#J.H.....3j...... C.[`.....D..y....0c.t..H.$Fn.Q.3gO.8}....'O.E.(.
[email protected]......'O......Y.g.6A.6.Y.a..6i....G.P@...]....([email protected]]
.......%`.$y.......hV.......$.....'.,\.....VDb..M....D......!..;l..I.q
...2......<x...$... .....D..<...!....6...{.,.E([email protected]..*..
.$.B.=.`......4..H`.2...%..`...d.C..d...=.....Xh"...&.....b`..'.a..g."
e1.....`..;..C. .P$..L....@*...:.....1.V{P.7.....eI .iA.....}.9...B|pA
.2,[email protected].........$N..Y=...Y(....e.p..&0.D.....4.9........,&...E.0.
.2.h.q8B...PD.....`%.%D.$a#[email protected]..:.....Q.U`.`...*...2k..(..,....|`.
...P...TB. .|...e.;..B.%...^*Mn..{....F....:c#[email protected]
..>...sc..,.$.....>.. .&s...\..2..[..P.K.....E.........f...."..&
-.......-...". ....9.$...P.......B&..sL.(]in-...".\2..)cBY9."...$.mY..
r..7....e...Y/`b44.*.........E-5..P]uW_...s..7..AT.A..U0A...-^.6....0.
!......K#..A...Rw2k..7.........E..<...P.}H.eMh....FB.S!._>....~.
.....L..y....9pT{[email protected]`.........\c.d.@..<A;.....<<< skipped >>>

GET /images/flag_fr.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:40 GMT

ETag: "385-4428a275a6c00"

Accept-Ranges: bytes

Content-Length: 901

Keep-Alive: timeout=5, max=99

Connection: Keep-Alive

Content-Type: image/gif

GIF89a..............==...%%...........................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...........,..........j....H......*$.......H.(P.....F.(.....3j....G..3
n...bH. )...R%..-/........o.L.t$..(w..9.e..G...)T*..FY...5 .;..
..

GET /images/flag_se.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:48 GMT

ETag: "3bb-4428a27d47e00"

Accept-Ranges: bytes

Content-Length: 955

Keep-Alive: timeout=5, max=98

Connection: Keep-Alive

Content-Type: image/gif

GIF89a................................................................
....................................................................3.
.f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............
3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.
3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3..3..3..f
..f.3f.ff..f..f..f3.f33f3ff3.f3.f3.ff.ff3fffff.ff.ff.f..f.3f.ff..f..f.
.f..f.3f.ff..f..f..f..f.3f.ff..f..f.......3..f..........3..33.3f.3..3.
.3..f..f3.ff.f..f..f......3..f..............3..f..............3..f....
..........3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..
............3..f..............3..f..............3..f..........3..33.3f
.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3.
.f.........!.......,............Q..H..A.,V.X.B.C..W([email protected]<I.P_..
P*...Q... :N.H.eB.PXBQ......MV...eH..c..9R%..1).....S.K.Ju.u.U}.7FT..d
...QP...%.._/.l.s.M.,[email protected]_..1Y*=H.p@.;....

GET /images/flag_cz.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:38 GMT

ETag: "3a8-4428a273be780"

Accept-Ranges: bytes

Content-Length: 936

Keep-Alive: timeout=5, max=97

Connection: Keep-Alive

Content-Type: image/gif

GIF89a...............................|~.dd..LL.GF.GGOO.DD..*k.........
.........................................&../.....:x.K...>.~...9..4
.. ...................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............,............}..H....'............!.....%N..`....'.(Q...
."{8 `.!J....0.R$....,`..'..2^.......H5.X:.....2p.J.*..(>@.......g.
.Q...._...ab...h..\.B...x......;....

GET /images/lozenge-topmiddle.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:58 GMT

ETag: "30-4428a286d1480"

Accept-Ranges: bytes

Content-Length: 48

Keep-Alive: timeout=5, max=96

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.............!.......,...................;....

GET /images/lozenge-bottomleft.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:43 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:56 GMT

ETag: "6f-4428a284e9000"

Accept-Ranges: bytes

Content-Length: 111

Keep-Alive: timeout=5, max=95

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.......................................................!.......,
[email protected]... .H]G.;....

GET /images/lozenge-middleright.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:43 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:58 GMT

ETag: "32-4428a286d1480"

Accept-Ranges: bytes

Content-Length: 50

Keep-Alive: timeout=5, max=94

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.............!.......,.................`...;....

GET /favicon.ico HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:43 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:32:56 GMT

ETag: "3b9-4428a2f759e00"

Accept-Ranges: bytes

Content-Length: 953

Keep-Alive: timeout=5, max=93

Connection: Keep-Alive

Content-Type: image/x-icon

GIF89a................................................................
....................................................................3.
.f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............
3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.
3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3..3..3..f
..f.3f.ff..f..f..f3.f33f3ff3.f3.f3.ff.ff3fffff.ff.ff.f..f.3f.ff..f..f.
.f..f.3f.ff..f..f..f..f.3f.ff..f..f.......3..f..........3..33.3f.3..3.
.3..f..f3.ff.f..f..f......3..f..............3..f..............3..f....
..........3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..
............3..f..............3..f..............3..f..........3..33.3f
.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3.
.f.........,.............P d..A...Q{..P...#.)....B.3V..1#....z|...CX.R
v.h....*UN..E..j.SNd.@UM..;.d.....'.*...(......Y...j07.4d.'..Lau=.3...
c..4..g...o.5j..P.s....7/..s..............;HTTP/1.1 200 OK..Date: Sat,
 25 Apr 2015 04:38:43 GMT..Server: Apache/2.2.29..Last-Modified: Mon, 
31 Dec 2007 00:32:56 GMT..ETag: "3b9-4428a2f759e00"..Accept-Ranges: by
tes..Content-Length: 953..Keep-Alive: timeout=5, max=93..Connection: K
eep-Alive..Content-Type: image/x-icon..GIF89a.........................
......................................................................
.....................................3..f..........3..33.3f.3..3..3..f
..f3.ff.f..f..f......3..f..............3..f..............3..f.........
3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..

<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fd7d87bd078c76da HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT

If-None-Match: "804047d4e66d01:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified

Content-Type: application/octet-stream

Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT

ETag: "804047d4e66d01:0"

Cache-Control: max-age=86400

Date: Sat, 25 Apr 2015 04:39:46 GMT

Connection: keep-alive

HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..C
ache-Control: max-age=86400..Date: Sat, 25 Apr 2015 04:39:46 GMT..Conn
ection: keep-alive......

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?d6573b7bbfbad023 HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 24 Feb 2015 00:37:01 GMT

If-None-Match: "80b4d90ca4fd01:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified

Content-Type: application/octet-stream

Last-Modified: Tue, 24 Feb 2015 00:37:01 GMT

ETag: "80b4d90ca4fd01:0"

Cache-Control: max-age=604800

Date: Sat, 25 Apr 2015 04:39:50 GMT

Connection: keep-alive

HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Feb 2015 00:37:01 GMT..ETag: "80b4d90ca4fd01:0"..C
ache-Control: max-age=604800..Date: Sat, 25 Apr 2015 04:39:50 GMT..Con
nection: keep-alive..

GET /images/top_1.jpg HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:31:06 GMT

ETag: "3c6-4428a28e72680"

Accept-Ranges: bytes

Content-Length: 966

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/jpeg
......JFIF.....d.d......Ducky.......7......Adobe.d....................
............................................##########................
#################################################......"..............
.l..................................................................1A
Q2.!a..B..R....C..................................?..u..}V.w..Z.n...a.
._k...._k...._g..\..V..|..V..`[email protected]".S...P.H...J..j..1'I1&
$....bLI.....Z.g....}....<..J...^Y.g.I..U.^9...H..][.fy4.......M,w.
. ....I..K.s.!...5.fa...c0.Gw....R...a$g.!Z.D.0.J@..%T..".A1&$.&$....y
|w...R.G...Z.~..|.a.V..../%.....U..>K .$.....K0...u.2.Fa,7]o.(..,w.
/..f....y..3....,L..Gs.....J.;...3...I....$S3....).KR". N....v...&$..$
..S......Q..T...../.....w....#'U{..dd.2t...f..N..^  E..U...Fw.#7K;|Va.
K.....0.3|/..w.c7Lm.0..}.3.c>......L.".}.3.#>...0.ja...%).R.%{.:
.'jQ;R-PN.......C..8]Z<4..@K..^}..7Z/...KO.........d..Zo........3..
.M...au...gI#o.w.ewk...H.k...H..w.&....$o...q..pD_.%k..h..%"*$.%"L....
.....


GET /images/shareitlogo.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:31:06 GMT

ETag: "5bd-4428a28e72680"

Accept-Ranges: bytes

Content-Length: 1469

Keep-Alive: timeout=5, max=99

Connection: Keep-Alive

Content-Type: image/gif
GIF89af...............^..4...,0.MQ.gj.HK...gl.QZ....".j0Bz..*z..."P..!
6K.....0p..:.1s.-i.)_Ob.Zl.Zl.l}. -2>@COPQYZ[......jb........-.....
.............................uuufff...................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............!.....(.,[email protected]......*\..!...#[email protected].(....
 C..H.....J..Q..F.....(2b.. Qr.H.@..%_..xRb..%<. [email protected].
.....`.^......0...;....9=..J.(D.%%....h..M....1...m?........}.nl.b....
2.......I2..T...V..]......c..=.&...r...........]......'7p.v...[.^K..X.
..f....I..V..|.....?M6.k.q..|#n.Hb......O{] I.zA..P.mt.Lv.DPK .5.S....
.tE%.a..'.^.jWRt......E..w(.U..c9...0.([email protected]....<[email protected]
...[)6....I...!AI....&Z\=Q..Q..w.x&.g.E...S.^v..N$..T.L^[email protected]...
.p`Q....EBUy......a..(.....^T.Y.a.p...fq...G%.....]..y..9i^.xf6....$.E
....i....B......E..G...a.$..W.........V...9.N.E.a{..w.. . B....,N.A...
..Z..9u;kf...,.........Z.w.VU..f)(k.r.pVV. i..G....Si...w.....pl.M.f..
..0B@..;....
<<< skipped >>>

GET /images/flag_es.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:40 GMT

ETag: "3a1-4428a275a6c00"

Accept-Ranges: bytes

Content-Length: 929

Keep-Alive: timeout=5, max=98

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.....................I..!...........J........t.....1...........6
....................%.....2.}X...~.*....~..d..^..v .z..\..Ka.a..`3.D..
N..d..>..;..S..:..9.`d..S....M8..........;.'.......................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............,............s..H....7.*\......#..A.b..-*j.(........H.dG
.... ."...0O..0B....b.4.....4p...a'[email protected]^.`AC....z.h.....\`...
...].F\.P-..n.B<H.n@.;....

GET /images/flag_dk.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:40 GMT

ETag: "ef-4428a275a6c00"

Accept-Ranges: bytes

Content-Length: 239

Keep-Alive: timeout=5, max=97

Connection: Keep-Alive

Content-Type: image/gif
GIF89a..................................................ee.ee.ee.ee.ee
.......................................!.......,..........l.$...,[J...
..'Stm..{.|... L...k....l:......>/.la.....Cw........i?...@!.....>
;..4>...<..-I...,....C3GF..WOC.4!.;....


GET /images/flag_ru.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:42 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:46 GMT

ETag: "371-4428a27b5f980"

Accept-Ranges: bytes

Content-Length: 881

Keep-Alive: timeout=5, max=96

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.............33.3...............................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...........,..........V....H......*\......#>.HQ................I...
.&S.D...H..b..I....8s....&..?}...S(Q...*...;....

GET /images/lozenge-middleleft.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:43 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:58 GMT

ETag: "32-4428a286d1480"

Accept-Ranges: bytes

Content-Length: 50

Keep-Alive: timeout=5, max=95

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.............!.......,...........D.h...^d..;....

GET /images/left_6.jpg HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.ezbsystems.com/ultraiso/order.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.ezbsystems.com

DNT: 1

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 25 Apr 2015 04:38:43 GMT

Server: Apache/2.2.29

Last-Modified: Mon, 31 Dec 2007 00:30:54 GMT

ETag: "88a-4428a28300b80"

Accept-Ranges: bytes

Content-Length: 2186

Keep-Alive: timeout=5, max=94

Connection: Keep-Alive

Content-Type: image/jpeg
......JFIF.....H.H.....C..............................................
.........""""""""""...C................             !      !!!   !!!!!
!!!"""""""""""""""....................................................
B......................!.1A..Qa..."q.....#35Rbt....24Cs...$BDSc.......
...............................................1.............?..".....
.............c....c...8...'....Y"u..=.w.S.!.C./.l..a.]{..'X..z:w.._.^.
..Rz'..~..?..r......?..?&..............4.f..y.t>.....p.p6L,;N.Z...Z
..w...X..#]}[email protected].... .F8.....# q..g*...f.zx..1.........<F2i..
&..... b.KH..1.5....a...1.Fr..A...A...s....M....4.{.`...*.......ghi..4
X0.s.H...K.....Fs.. ..W..<......h...v2X.{.............m..v..0.CH...
Q..,.._-wqQI.QL......"..h._...,}A.t......VU.....ex.b1.i-#.H.7....Fv.UF
v.....9x..|..z*.h.?R.d...............3.(....Z9..a....F..<......2.w.
FV._...._6.....Y..E..<.......*.$E,. .....#.H..n.1"?G..F7.....1.]..V
#....[C...#....z...9..,}5.u......$..E%FwQ..Q.$j.0.s.H....1.~...1......
.......8.[1..............eEeQKB..../...m....0..ri.^=.......R...H.b.?{.
>....X.;..........VU..X3.4.q#..F...F.......1.F..m.a......m#.....cw.
..K...}..v........eQIQ.....4.o.#...H....H.bF.-Du.3.......,..,{........
@"AYQYTghQ..Q...a....F8....8...].#....G.....7y.=........ .VH f........
.1..%.ax.[q.{..=m#..Q.....z...X.. ........Y.eQYQ...]...x..q;..........
......_c...{7..........VU.......F......^5.n#..^rn#...O...... .........
.......;*1.h.1.4.-...8.....Y.c..................gm.....o.....O..0.N...
r#.<...........V..J.Z.# ........1.s.j.,..*..y.......@ .Q."...Q.<<< skipped >>>

GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Tue, 14 Apr 2015 05:02:07 GMT

Accept-Ranges: bytes

ETag: "2711f7277076d01:0"

Server: Microsoft-IIS/8.5

VTag: 279782516600000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 554

Cache-Control: max-age=900

Date: Sat, 25 Apr 2015 04:42:36 GMT

Connection: keep-alive

0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Si
gning PCA..150413163223Z..150713045223Z.a0_0...U.#..0..........X..7.3.
..L...0... .....7.........0...U......Z0... .....7......150712164223Z0.
..*.H.............WK....e.\.-.n......./......."]..E!.. //=...[....w...
 ..........#...[.l.J..f|..... .s......w...J._.......3.[..#.z....ko.I..
Q{....e.nV......F..d}..rF\H.jlH]dQ.E....x......W............j....&L. 2
.$.?...X?.#.(.....pK.v.......y..r....t......=.AW......K.G.gJD.b.HTTP/1
.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Tue, 14 
Apr 2015 05:02:07 GMT..Accept-Ranges: bytes..ETag: "2711f7277076d01:0"
..Server: Microsoft-IIS/8.5..VTag: 279782516600000000..P3P: CP="ALL IN
D DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT CO
M INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length:
 554..Cache-Control: max-age=900..Date: Sat, 25 Apr 2015 04:42:36 GMT.
.Connection: keep-alive..0..&0......0...*.H........0y1.0...U....US1.0.
..U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0
!..U....Microsoft Code Signing PCA..150413163223Z..150713045223Z.a0_0.
..U.#..0..........X..7.3...L...0... .....7.........0...U......Z0... ..
...7......150712164223Z0...*.H.............WK....e.\.-.n......./......
."]..E!.. //=...[....w... ..........#...[.l.J..f|..... .s......w...J._
.......3.[..#.z....ko.I..Q{....e.nV......F..d}..rF\H.jlH]dQ.E....x....
..W............j....&L. 2.$.?...X?.#.(.....pK.v.......y..r....t...

<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

UltraISO.exe_1996:

.text

.data

.rdata

.idata

.edata

.rsrc

.reloc

.ezbexe

.adata

t.hJZ

H~.hKZ

t.huZ

TfrmPassword *

TfrmPassword

UfrmPassword

Qh.Cv

r$h.hv

TtaoExecuteAction

TtaoExecuteActionEvent

OnExecuteActionT:W

%s: %s

TtaoInURL

TtaoInURLNetscape4

TtaoOutURL

TtaoOutURLShortcut

TtaoOutURLShortcutTitle

OLE32.DLL

TtaoInURLL

TtaoOutURLNetscape4

TtaoOutURLNetscape4`

URL=%s

OnKeyDown

OnKeyPress\

OnKeyUp

OnKeyPressl

ssHorizontal

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

UrlMon

USER32.DLL

MAPI32.DLL

comctl32.dll

ISupportErrorInfoHi[

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

.Owner

ole32.dll

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

kernel32.dll

oleaut32.dll

EVariantBadIndexError

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

olepro32.dll

PasswordChar

AutoHotkeys

EInvalidGridOperation

EInvalidGraphicOperation

KeyPreview

WindowState

ssHotTrack

TWindowState

poProportional

TWMKey

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

Proportional0j[

%s%s%s%s%s%s%s%s%s%s

HelpKeyword

TDragOperation

TKeyEvent

TKeyPressEvent

crSQLWait

%s (%s)

IMM32.DLL

OnKeyUp<

msShiftSelect

vsReport

%u8F3

H%t.WJ

f]%x8

"'.Ax

.wgi*

.KJFg

.NoXp{.O

s9.nZl9

x|$.ue

.qYBD

.VW.J

.XPBM

R%U}h

m\%X/f*

zh.rR4zh

.xz1X

u*{%f

.yDIs

.OCzb

%s%s%s

&Associate UltraISO with the .iso file extension

Get unlimited E-Mail technical support

Import IML...

&Support Forum

Associate UltraISO with .iso files

Backup Files on Save (.uibak)

Support 'Daylight Saving Time'

Set Password

Set .ISZ as default image format

Generate redundant volume (.ISR)

Remember password

Password Protection

Create checksum file (.SFV)

Standard ISO(.ISO)

BIN (.BIN/.CUE)

Compressed ISO(.ISZ)

Read Error at %d

Master Boot Record file (*.mbr)

*.mbr

Invalid or unsupported partition table.

Are you sure to restore MBR from file '%s' to device %s ?

Partition table will be changed on device '%s', continue to restore ?

Invalid MBR file '%s'.

Are you sure to write %s MBR to device %s ?

Sorry, only a FAT/FAT32 or NTFS volume is supported.

Are you sure to restore boot sector from file '%s' to device %s ?

Invalid Boot Sector file '%s'.

File system will be changed from %s to %s, continue to restore ?

Disk geometry of drive %c: will be changed, continue to restore ?

BPB(BIOS parameter block) of drive %c: will be changed, continue to restore ?

Are you sure to write %s boot sector to device %s ?

%s Boot Sector does not support %s volume.

Not enough space to hold boot sector (%d sectors reserved, %d sectors needed).

Error copying file '%s' to '%s'.

Are you sure to Xpress Write disk image to device %s ?

Are you sure to change partition table of device %s ?

Long Filename Support

Image Size Out of Range (%s)!

Boot Sector: %s

%d Files in %d Folders

Passed

Password

Enter Password:

Password is not identical!

EXE File(*.exe)

*.exe

Standard ISO File (*.iso)

*.iso

Compressed ISO File (*.isz)

*.isz

BIN File (*.bin/*.cue)

*.bin

Nero File (*.nrg)

*.nrg

Alcohol File (*.mdf/*.mds)

*.mdf

CloneCD File (*.img/*.ccd/*.sub)

*.img

Boot Image File (*.bif)

*.bif

Floppy Image File (*.ima;*.img)

*.ima;*.img

Floppy drive %s error!

Floppy drive %s read error!

File '%s' Create Error!

File '%s' Open Error!

File '%s' not found!

File '%s' Exist,Overwrite?

File '%s' Cannot Write, Used by Another Program?

Image File '%s' Read Error!

Image File '%s' Write Error!

Add All Files in Drive %c: ?

Extract All Files from '%s'?

Be Sure to Delete Folder '%s' and Files in It?

Be Sure to Delete File '%s' ?

Be Sure to Delete %d Files Selected?

Be Sure to Move Folder '%s' ?

Be Sure to Move File '%s' ?

Be Sure to Move Selected %d Files?

File Name '%s' Exists!

Folder '%s' rename error!

Can not Create Directory '%s' !

Be Sure to Restore Last Operation?

Not enough free space on drive %c:, continue anyway?

Adding %d Files from %d Folders ...

Optimizing %6.2f%% of %d Files ...

Optimizing %d Files ...

Wrong parameter: '%s'

Image File '%s' Overflow!

Backing up %s ...

ASPI Error -- Couldn't load wnaspi32.dll!

ASPI reported 0 host adapters.

Error calling getASPI32SupportInfo!

File SuperSER.dll not found!

File '%s' read Error!

ISO image '%s' Cannot be added to itself!

File '%s' is not a WAV/MP3 file.

File '%s' is not in Microsoft PCM format.

File '%s' is Üh/Ûits/%skhz,

File viewer '%s' not found.

ISO folder '%s' not found.

Output directory '%s' not found.

CD/DVD image duplicate finished, with '%d' bad sectors encountered.

Directory size: %d KB (%d Files in %d Folders)

Boot files(*.bif;*.ezb;*.ima;*.bin;*.img)

*.bif;*.ezb;*.ima;*.bin;*.img

This Multi-Session/Track CD image will be saved in Nero(.NRG) format.

Found %s.

FAT32 volume does not support image file exceeds 4GB, continue anyway?

Default burning software '%s' not found.

ISO Project File (*.ui)

Unsupported block size, HFS volume will be skipped.

Unsupported start of partition, HFS volume will be skipped.

MD5 Checksum supports data CD/DVD image only!

MD5 Checksum File (*.md5)

*.md5

File '%s' is not in MP3 format.

Image file '%s' is loaded to a virtual CD/DVD drive, unmount it?

Boot Sector (*.bsf)

*.bsf

Please confirm your file renaming operation first.

You need admin privileges to run this operation.

Unsupported UDF volume!

Size of file '%s' exceeds 4GB limit!

Size of file '%s' exceeds 4GB.

Chechsum Verification Passed.

Log File(*.txt)

*.txt

Unsupported Virtual Drive Program!

CRC failed in '%s'!

No errors found during test operation!

Test operation failed!

Disk Image (*.ima;*.img;*.bif;*.flp)

*.ima;*.img;*.bif;*.flp

Compressed Images (*.isz;*.dmg;*.daa;*.uif)

*.isz;*.dmg;*.daa;*.uif

This image is password protected!

File '%s' name changed.

>>New name: '%s'.

WARNING! ALL DATA ON DRIVE %s WILL BE LOST!

Error %d accessing the device.

Error %d writing the device.

Error %d reading the device.

Configuration file '%s' created successfully!

Generating '%s'...

Extracting '%s'...

Copying '%s' to '%s'...

Replacement in file '%s': '%s'->'%s'

Folder renamed: '%s'->'%s'

File skipped: '%s'

Cannot open NeroAPI.DLL

This recorder does not support rewritable discs!

Erasing disc. This will take %d seconds.

Device could not be opened: %s

All Images (*.*)

Number of blocks in ISO image is %d

Requesting burn at %s speed

Media type: %s

Waiting for drive to finalize disc (this may take up to %d minutes)

Success: Finalizing media took %d seconds

Error formatting the %s media

Burn process started, speed is %.1fX (%d KB/s)

Burn process completed, average speed is %.1fX (%d KB/s)

Error verifying free blocks on media (%d needed, %d available)

Total time: %dm%ds

Verify process started, speed is %.1fX (%d KB/s)

Verify process completed, average speed is %.1fX (%d KB/s)

Error importing IML file!

IML files (*.iml)

*.iml

Invalid SYSTEM.CNF file!

IMS file '%s' not found!

Error importing project file!

Mount to drive %c:

Add to '%s.iso'

Compress to '%s.isz'

Extract to folder '%s'

hXXp://VVV.ezbsystems.com

hXXp://VVV.ezbsystems.com/ultraiso

hXXp://VVV.ezbsystems.com/ultraiso/order.htm

hXXp://VVV.ezbsystems.com/easyboot

hXXp://forum.ezbsystems.com

%s\lang\lang_jp.dll

%s\lang\lang_de.dll

%s\lang\lang_fr.dll

%s\lang\lang_it.dll

%s\lang\lang_es.dll

%s\lang\lang_pt.dll

%s\lang\lang_br.dll

%s\lang\lang_nl.dll

%s\lang\lang_se.dll

%s\lang\lang_pl.dll

%s\lang\lang_cz.dll

%s\lang\lang_sk.dll

%s\lang\lang_hu.dll

%s\lang\lang_ru.dll

%s\lang\lang_ua.dll

%s\lang\lang_bg.dll

%s\lang\lang_tr.dll

%s\lang\lang_kr.dll

%s\lang\lang_gr.dll

%s\lang\lang_yu.dll

%s\lang\lang_sr.dll

%s\lang\lang_by.dll

%s\lang\lang_he.dll

%s\lang\lang_dk.dll

%s\lang\lang_no.dll

%s\lang\lang_lv.dll

%s\lang\lang_ar.dll

%s\lang\lang_si.dll

%s\lang\lang_cn.dll

%s\lang\lang_tw.dll

%s\lang\lang_et.dll

%s\lang\lang_ct.dll

%s\lang\lang_fi.dll

%s\lang\lang_mk.dll

%s\lang\lang_hr.dll

%s\lang\lang_ro.dll

%s\lang\lang_lt.dll

%s\lang\lang_ir.dll

%s\lang\lang_vn.dll

%s\lang\lang_my.dll

%s\lang\lang_id.dll

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=jp

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=cn

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=tw

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=cz

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=sk

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=de

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=es

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=fr

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=hu

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=it

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=nl

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=pl

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=pt

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=ru

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=se

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=ua

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=bg

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=tr

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=kr

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=gr

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=yu

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=by

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=he

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=dk

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=no

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=lv

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=ar

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=si

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=et

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=ct

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=fi

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=mk

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=hr

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=ro

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=lt

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=vn

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=my

hXXp://VVV.ezbsystems.com/ultraiso/order.php?uilang=id

Bad string ID: %d

~BID96D.tmp

~BID96E.tmp

*.bin;*.cue

*.mds;*.mdf

*.ashdisc

*.bwt;*.bwi

*.lcd

*.ccd;*.img

*.dvd;*.000

*.daa

*.cdi

*.cif

*.xmf;*.xmd

*.pdi

*.dmg;*.timg;*.hfs

*.ncd

*.pxi

*.rif;*.rdf

*.uif

*.vc4

*.fcd

*.vcd

*.ima;*.bif;*.flp

*.dao;*.tao

*.p01;*.md1;*.xa

*.VaporCD

*.gcd

*.ixa

*.vdi

mycd.iso

.iso;.nrg;.cue

.iso;.c2d;*.cif;.cue

.iso;.cif

.iso;.c2d

.iso;.gi

.iso;.ncd

.iso;.b5t;.ccd;.mds;.cue

.iso;.bwt;.cue

lang_ar.dll

lang_by.dll

Brazilian Portuguese

lang_br.dll

lang_bg.dll

lang_ct.dll

lang_cn.dll

lang_tw.dll

lang_hr.dll

lang_cz.dll

lang_dk.dll

lang_de.dll

lang_es.dll

lang_et.dll

lang_fi.dll

lang_fr.dll

lang_gr.dll

lang_he.dll

lang_hu.dll

lang_id.dll

lang_it.dll

lang_jp.dll

lang_kr.dll

lang_lv.dll

lang_lt.dll

lang_mk.dll

lang_my.dll

lang_nl.dll

lang_no.dll

lang_ir.dll

lang_pl.dll

Portuguese

lang_pt.dll

lang_ro.dll

lang_ru.dll

lang_sr.dll

lang_yu.dll

lang_sk.dll

lang_si.dll

lang_se.dll

lang_tr.dll

lang_ua.dll

lang_vn.dll

-infile "%s" -writeusb

Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\%s

Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\%s

%s\%s

%s - %s

d.daa

d.daa

d.isz

d.isz

Mdd_ddd

UltraISO %s

"%s\UltraISO.exe",0

"%s\UltraISO.exe" "%1"

%s %s

ISZPassword

ISZKey

foo.txt

Mediad

%s\checklog.txt

NeroBurn.exe

%s\backup

1900-01-01 00:00

d:d.d

%d-d-d d:d

%s %d %s, %d GB

%s %d %s, %d MB

%s %d %s, %d KB

%s.uibak

%s(%c:)

%s 0 %s, 0 KB

%s(*.*)

%s/%s

%s\easyboot.exe

%s\lang\%s

alcoholx.dll

%s\Alcohol Soft\Alcohol 120\alcoholx.dll

%s\UltraISO.chm

&%d %s

(*.wav;*.mp3;*.wma;*.ape)

*.wav;*.mp3;*.wma;*.ape

(*.wav;*.mp3;*.ape)

*.wav;*.mp3;*.ape

(*.wav;*.mp3)

*.wav;*.mp3

(*.*)

EasyCDCreator.DiscImage.6

EasyCDCreator.DiscImage.5

ROXIO.CD.Image

copytocd.exe

%s "%s"

VIDEO_TS.IFO

MP3 Files (*.mp3)

*.mp3

WAV Files (*.wav)

*.wav

SYSTEM.CNF

%d files found (in %d folders) for '%s'

No file was found for '%s'

%s\ultraiso.ini

"Install"="%d"

"Language"="%d"

"SoundEffect"="%d"

"UseSkins"="%d"

"LocalBrowser"="%d"

"ShowCurrentMedia"="%d"

"ISOFolder"="%s"

"SetISOPath"="%d"

"DefViewer"=%s

"SaveFormat"="%d"

"MainLeft"="%d"

"MainTop"="%d"

"MainWidth"="%d"

"MainHeight"="%d"

"LastWinX"="%d"

"LastWinY"="%d"

"LastWinW"="%d"

"LastWinH"="%d"

"HSplitter"="%d"

"VSplitter1"="%d"

"VSplitter2"="%d"

"LastNameW"="%d"

"LastSizeW"="%d"

"LastTypeW"="%d"

"LastNameWL"="%d"

"LastSizeWL"="%d"

"LastTypeWL"="%d"

"UseJoliet"="%d"

"UseUDF"="%d"

"UseHFS"="%d"

"Level2"="%d"

"MaxLength"="%d"

"LowerCase"="%d"

"DOSCharset"="%d"

"Extended"="%d"

"RockRidge"="%d"

"VersionNumber"="%d"

"Optimize"="%d"

"MediaType"="%d"

"Mediad"="%d"

"ISOFilter"="%d"

"VerifyISO"="%d"

"SkipBadSector"="%d"

"SessionSelector"="%d"

"CheckLog"="%d"

"ChecksumFilter"="%d"

"RecompileISO"="%d"

"SaveBackup"="%d"

"GenISOChecksum"="%d"

"GenFileChecksums"="%d"

"AddJoliet"="%d"

"KeepHide"="%d"

"SuperRestore"="%d"

"RecycleBin"="%d"

"SyncConvertDir"="%d"

"DST"="%d"

"ISZDefault"="%d"

"ISZMode"="%d"

"ISZSplit"="%d"

"SplitSize"="%s"

"ISZVolNameStyle"="%d"

"ISZPassword"="%d"

"ISZEncrypt"="%d"

"ISZSFV"="%d"

"ChangeDefSettings"="%d"

"UltraBurn"="%d"

"MaxCacheSize"="%d"

"BurnVerify"="%d"

"VerifyAgainstFile"="%d"

"VerifyOnWrite"="%d"

"FinalizeDisc"="%d"

"LamePreset"="%d"

"LameBitrate"="%d"

"WMABitrate"="%d"

"UseCDText"="%d"

(%c:)%s

mmSSh

mmImportIML

mmExportOptions@

lbRegWebClick

lvISOFileKeyDown

tvISODirKeyDown

tvDiskDirKeyDown

txtDiskCurDirKeyDown

mmImportIMLClick

mmExportOptionsClick

%%/%c

Unable to generate path tables - too many directories (%d).

Internal error - Entry %d not in path tables.

Joliet path table lengths do not match %d expected: %d

Unexpected joliet directory length %d expected: %d '%s'

Error: %s and %s have the same Joliet name

Internal error - Non zero-length file '%s' assigned zero extent.

Hash Entry: %d

%s.i

cronie-1.4.4-7.el6.x86_64.rpm

cronie-anacron-1.4.4-7.el6.x86_64.rpm

ISO image file '%s' size error.

Internal error - could not find directory entry for '%s'

Video pad for file %s is %d

The *.IFO file is bad.

The pad was %d for file %s

Unable to generate path tables - too many directories (%d)

Internal error - entry %d not in path tables

0000000000000000

ddd

00:00:00

d:d:d

frmProgressShow

frmProgressHide

Mddddd

FormKeyDown

9.5.3.2901

%d User License

mailto:[email protected]

boot.catalog

%s (%dKB)

%s (%sMB)

Error opening boot image '%s' for read.

Error reading MBR from boot image '%s'.

Boot image '%s' has multiple partitions.

Error - boot image '%s' is not the an allowable size.

Error opening boot image file '%s' for update.

Odd alignment at non-end-of-file in boot image '%s'.

Boot image file '%s' size changed !

boot.loader

TRANS.TBL

%s\mapping.txt

THE ROCK RIDGE INTERCHANGE PROTOCOL PROVIDES SUPPORT FOR POSIX FILE SYSTEM SEMANTICS

FILE "%s" BINARY

PMin=%d

PSec=%d

PFrame=%d

PLBA=%d

Writen %d Sectors ( %dKB Bytes)

%d Sectors Writen ( %dKB Bytes)

TRACK d AUDIO

INDEX 01 d:d:d

TocEntries=%d

[Entry %d]

Point=0xx

[TRACK %d]

INDEX 1=%d

.tar.gz

.ps.gz

MEM_NUM %d, MEM_SIZE %d

%s\lame_enc.dll

%d.%d

LAME_ENC.DLL not found!

Unsupported APE format!

Unsupported WMA format!

Internal error - file '%s' already in hash table.

%s~%c%c%s

%s~%c%c%c%s

%s%c%c%c%s

Internal error - RR overflow for file %s

Unable to sort directory %s

%c %-*s%s

Translation table size mismatch %d %d

./.rr_moved

.rr_moved

INFO.VCD

ENTRIES.VCD

INFO.SVD

ENTRIES.SVD

VIDEO_TS.BUP

VIDEO_TS.VOB

UMD_DATA.BIN

ISOLINUX.BIN

ISOLINUX.CFG

%si

%s (1%i).gi

%s (1_%i).gi

%s.Bi

%s.md%i

%s_%i.ncd

%s.iso.i

%s.nrg.i

%s.xmd

%s.mds

%s.xmf

%s.mdf

%s\uiso.md%d

%s\uiso.md1

%s\uiso.md2

%s\uiso.md3

%s open error.

%s format error.

%s deleted -- '%s' not found.

%s deleted -- '%s' size changed.

%s deleted -- '%s' content changed.

Abnormal file: %s

Abnormal directory: %s

.ASHDISC

Error No: %d

%s (%d)

%d (%s)

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

\\.\PhysicalDrive%d

XX

This disc contains a "UDF" file system and requires an operating system

that supports the ISO-13346 "UDF" file system specification.

README.TXT

ncbLen <= sizeof( mySrb.CDBByte )

D:\My Programs\UltraISO 9.53\cdrom.cpp

%c:\VCD\INFO.VCD

%c:\VCD\ENTRIES.VCD

%c:\SVCD\INFO.SVD

%c:\VCD\ENTRIES.SVD

\\.\%c:

Using capacity reported by TOC: %d(%d)

AUDIO PLAY OPERATION IN PROGRESS

AUDIO PLAY OPERATION PAUSED

AUDIO PLAY OPERATION SUCCESSFULLY COMPLETED

AUDIO PLAY OPERATION STOPPED DUE TO ERROR

LOGICAL UNIT NOT READY, CAUSE NOT REPORTABLE

LOGICAL UNIT NOT READY, INITIALIZING CMD. REQUIRED

LOGICAL UNIT NOT READY, OPERATION IN PROGRESS

MISCOMPARE DURING VERIFY OPERATION

INVALID COMMAND OPERATION CODE

LOGICAL UNIT NOT SUPPORTED

PARAMETER NOT SUPPORTED

THRESHOLD PARAMETERS NOT SUPPORTED

IMPORT OR EXPORT ELEMENT ACCESSED

COPY CANNOT EXECUTE SINCE INITIATOR CANNOT DISCONNECT

INSUFFICIENT TIME FOR OPERATION

CANNOT WRITE MEDIUM . UNSUPPORTED MEDIUM VERSION

UNSUPPORTED ENCLOSURE FUNCTION

SAVING PARAMETERS NOT SUPPORTED

TARGET OPERATING CONDITIONS HAVE CHANGED

CHANGED OPERATING DEFINITION

ERASE FAILURE - INCOMPLETE ERASE OPERATION DETECTED

OPERATOR REQUEST OR STATE CHANGE INPUT

OPERATOR MEDIUM REMOVAL REQUEST

OPERATOR SELECTED WRITE PROTECT

OPERATOR SELECTED WRITE PERMIT

COPY PROTECTION KEY EXCHANGE FAILURE . AUTHENTICATION FAILURE

COPY PROTECTION KEY EXCHANGE FAILURE . KEY NOT PRESENT

COPY PROTECTION KEY EXCHANGE FAILURE .KEY NOT ESTABLISHED

Sense: KEY=x,ASC=x, ASCQ=x

20021225000000

%c:%s

%s\%s.%s

%s\%s.bif

%s\wnaspi32.dll

GetASPI32SupportInfo

HardwareKey

addr:%d Read Error!

Sector: %d Read Error!

addr:%d Read Error, fill with all 0s data!

Sessions=%d

[Session %d]

PreGapMode=%d

Session=%d

ADR=0xx

Control=0xx

TrackNo=%d

AMin=%d

ASec=%d

AFrame=%d

ALBA=%d

Zero=%d

MODE=%d

%s.iso

GETDISK:%d, GETCD:%d, GETCAP:%d, READTOC:%d

GETDISK:%d, GETCAP:%d,READTOC:%d

GETCD:%d, GETCAP:%d, READTOC:%d

GETCAP:%d,READTOC:%d

uikey.ini

ultraiso.ini

%d bytes realloc failed

%d bytes calloc failed

%s, %8.3f seconds

txtUserNameKeyPress

(%c:)

(%c:)%s (%.2f MB

(%c:)%s (%.2f GB

%s\%s.ima

%s\%s.bsf

\\.\vwin32

Windows9x1$

WindowsNT2KXP1(

WindowsVista1,

Windows9x1Click

WindowsNT2KXP1Click

WindowsVista1Click

Trackd.wav

%s PADDING: Ûytes

\\.\ :

$q5c:mo7`9q ~%S

)14>&$':%

UltraISO.exe

.ashdisc

.VaporCD

Ver %d.%d

regsvr32 /s "%s\isoshl64.dll"

regsvr32 /s "%s\isoshell.dll"

regsvr32 /s /u "%s\isoshl64.dll"

regsvr32 /s /u "%s\isoshell.dll"

Nero.BurningROM.11.AutoPlay

Nero.Express.11.AutoPlay

nero.exe

NeroBurningROM.Files9.nrg

NeroExpress.Files9.nrg

%snero.exe

%s\nero.exe

%Program Files%\Nero\Nero 11\Nero Burning ROM\nero.exe

%Program Files% (x86)\Nero\Nero 11\Nero Burning ROM\nero.exe

%Program Files%\Roxio 2012\Roxio Central\RoxioCentralFx.exe

%Program Files% (x86)\Roxio 2012\Roxio Central\RoxioCentralFx.exe

giRCCopy.File

%scopytocd.exe

%s\CloneCD.exe

volname.isz,volname.i01,...

volname.part01.isz,volname.part02.isz,...

volname.part001.isz,volname.part002.isz,...

%s -get_letter scsi,%d

daemon.exe

dtlite.exe

AxCmd.exe

alcohol.exe

AxCmd.exe"

VCDMount.exe

VCDDaemon.exe

VCDMount.exe"

DTProAgent.exe

DTAgent.exe

dtpro.exe

DTProAgent.exe"

DTAgent.exe"

vdrive.exe

%s\Logical Unit Id 0

SYSTEM\CurrentControlSet\Services\%s

SCSI miniport

Scsi Bus 0\%s

%s\vdrive.ini

%s 1: /L

%s -get_count scsi

%s %d: /M:"%s"

%s -mount %d,"%s"

%s -mount scsi, %d,"%s"

%s /M:%d "%s"

%s /d=%d "%s"

%s %d: /U

%s -unmount %d

%s -unmount scsi, %d

%s /U:%d

%s /d=%d /u

%s\AxCmd.exe"

"%s\AxCmd.exe"

%s\VCDMount.exe

"%Program Files%\DAEMON Tools\daemon.exe"

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"%Program Files%\DAEMON Tools Lite\daemon.exe"

"%Program Files% (x86)\DAEMON Tools\daemon.exe"

"%Program Files% (x86)\DAEMON Tools Lite\daemon.exe"

"%Program Files%\DAEMON Tools Lite\dtlite.exe"

"%Program Files% (x86)\DAEMON Tools\dtlite.exe"

"%Program Files% (x86)\DAEMON Tools Lite\dtlite.exe"

"%Program Files%\DAEMON Tools Pro\DTAgent.exe"

"%Program Files% (x86)\DAEMON Tools Pro\DTAgent.exe"

"%Program Files%\DAEMON Tools Pro\DTProAgent.exe"

"%Program Files% (x86)\DAEMON Tools Pro\DTProAgent.exe"

"%Program Files%\DVDFab Virtual Drive\vdrive.exe"

"%Program Files% (x86)\DVDFab Virtual Drive\vdrive.exe"

gbPasswordP

chkISZPasswordT

cbISZPasswordX

btnISZPassword\

chkISZPasswordClick

btnISZPasswordClick

cbISZPasswordChange

txtVCDKeyDown

%s: %s %s

%s\Session%d

password

%d KB

1900-01-01 00:00:00

%d-d-d d:d:d

%d,d,d%s

%d,d%s

d:d.d

id

%s.md5

%s.sfv

%s.txt

# ISO checksum generated by UltraISO (hXXp://VVV.ezbsystems.com)

; ISO checksum generated by UltraISO (hXXp://VVV.ezbsystems.com)

# Generated %d-d-d d:d:d

; Generated %d-d-d d:d:d

File: %s

Size: 0x%xx Bytes

Size: %u Bytes

MD5: %s

%s *%s

CRC-32: %u (0xx)

%s x

CRC-16: %u (0xx)

CRC-CCITT: %u (0xx)

SYSTEM.CNF;1

CDTEXTFILE "%s"

INDEX 00 d:d:d

TRACK d MODE%d/2352

REM SESSION d

%sd0

Session %d

%d MB

Faild to seek VIDEO_TS.IFO

Faild to read VIDEO_TS.IFO

VTS_d_0.IFO

Faild to open %s

DVD file '%s' not found.

Cannot open file %s

Either VIDEO_TS.IFO or VIDEO_TS.VOB is not of correct size

VTS_i_0.IFO

VTS_i_0.IFO appears to be corrupted.

VTS_i_0.VOB

VTS_i_%i.VOB

VTS_i_0.BUP

unable to stat HFS boot file %s

unable to open HFS boot file %s

unable to read HFS boot file %s

%s is not a HFS boot file

unable to seek HFS boot file %s

unable to read HFS boot block %s

%s does not contain a valid boot block

Creating HFS Label %s %s

.finderinfo/

.resource/

.AppleDouble/

.rsrc/

FINDER.DAT

RESOURCE.FRK/

finder.dat

resource.frk/

.HSancillary

.HSResource/

warning: %s doesn't appear to be a %s file

%s doesn't appear to be a %s file

/.AppleDouble/.Parent

.finderinfo

.resource

.ADeskTop

.IDeskTop

.rootinfo

.Desktop

.DeskServer

.Label

.AppleDouble

.AppleDesktop

RESOURCE.FRK

FILEID.DAT

resource.frk

fileid.dat

.HSResource

Name: %s

File type: %s

HFS Name: %s

ISO Name: %s

CREATOR: %s

%s%*s%*1s%c%c%c%c%*1s%*1s%c%c%c%c%*1s

error scanning afpfile %s - continuing

%4s%4s

can't HFS format %s

can't HFS mount %s

HFS scanning %s

can't HFS create file %s

Using HFS name: %s for %s

can't HFS open %s

can't HFS set attributes %s

can't HFS close file %s

can't locate relocated directory %s

can't find directory location %s

can't HFS create folder %s

Blessing %s (%s)

unsupported b*-tree node size

Possible Catalog file overflow - please report error

String too long: %s

tImage Files (*.nrg)

NeroAPI %s %d.%d.%d.%d

Nero.txt

Nerojpn.txt

Nerokor.txt

Nerochs.txt

Nerocht.txt

Nerodeu.txt

Nerofra.txt

Neroesp.txt

Neroita.txt

Neroptg.txt

Neroptb.txt

Neronld.txt

Nerosve.txt

Neroplk.txt

Nerocsy.txt

Nerohun.txt

Nerorus.txt

Neroukr.txt

Nerotrk.txt

Neroell.txt

Nerodan.txt

Neronor.txt

Nerofin.txt

Nerorom.txt

Nerosky.txt

Neroslv.txt

%s\cdrdao.exe

%s\cdrecord.exe

%s\cdburn.exe

%dKB/s

Image.nrg

%dX (%d KB/s)

%d.%dX (%d KB/s)

Windows

Windows NT

Windows 95

Windows 98

Windows Me

Windows 2000

Windows XP

Windows 2003

Windows Vista

Windows 7

Windows 8

%s v%d.%d %s

%s v%d.%d

%s v%d.%d Build %d %s

%s v%d.%d Build %d

Burning feature requires at least Windows 98SE or Windows 2000

%s\cdrecord.exe blank=fast dev=SPTI:%d,%d,%d

%s\cdrecord.exe blank=fast dev=ASPI:%d,%d,%d

%s\cdrdao.exe blank --blank-mode minimal --device SPTI:%d,%d,%d

%s\cdrdao.exe blank --blank-mode minimal --device ASPI:%d,%d,%d

Supported modes

Check hXXp://

%s\dvdburn.exe %c: %s

-speed %d

%s\cdburn.exe %c: %s -sao %s

%s\cdburn.exe %c: %s %s

%s\cdrecord.exe dev=SPTI:%d,%d,%d -v -s -dao speed=%d %s

%s\cdrecord.exe dev=SPTI:%d,%d,%d -v -s -tao speed=%d %s

%s\cdrecord.exe dev=ASPI:%d,%d,%d -v -s -dao speed=%d %s

%s\cdrecord.exe dev=ASPI:%d,%d,%d -v -s -tao speed=%d %s

--speed %d

%s\cdrdao.exe write --device SPTI:%d,%d,%d %s --eject %s

%s\cdrdao.exe write --device ASPI:%d,%d,%d %s --eject %s

LBA: %d

Cache speed: %.1fX(%dKB/s), Read time: %dms

Coding error: unsupported media type %d

Device Buffer: %dKB

(Empty, Free=%d)

(Not Empty=%d, ReWritable)

(Not Empty=%d)

%d# %s

Unexpected sub-directory: '%s'

Unexpected directory length %d expected: %d '%s'

%s\prj_log.txt

Project: %s

%d files not found.

%d KB (

%d/%d

# MD5 checksums generated by UltraISO (hXXp://VVV.ezbsystems.com)

%s %s ('%c' - %s, '%c' - %s, '%c' - %s, '%c' - %s)

%c %s *%s

**[x]

Expected Tag ID of %d, found %d

Expected Tag location of x, read x

Expected Tag checksum of x, computed x

Expected Tag CRC of x, found x

%d sectors did not contain a volume descriptor matching %d

This program can handle %d partitions and the logical volume has %d

Tag CRC length limit is x, found x

NSR descriptor version should be %d, was %d

Expected Allocation Descriptors for %d bytes, found %d

%d Partitions found, Partition Reference Number %d out of range

%d blocks in Partition, Logical Block Number %d out of range

Adjacent Allocation Descriptors found (descriptor for %d)

Expected Serial number of %d, found %d. (disabling reporting)

Disc identification: %s

%s - %s.wav

%s.wav

?456789:;<=

!"#$%&'()* ,-./0123

<key>blkx</key>

<key>Name</key>

Unsupported DMG chunk type: 0x80000004.

1.2.7

inflate 1.2.7 Copyright 1995-2012 Mark Adler

btree_key_by_index: index out of range

btree_key_by_index: off_pos out of range

btree_key_by_index: offset out of range

Invalid key length in record_readkey

Invalid key length in record_writekey

Invalid key length in record_extent_readkey

Invalid key length in record_extent_writekey

Invalid key length in record_thread

Unsupported type for record_init_string()

record_find_key: unexpected error

record_find_key: unexpected empty node

record_init_key: unexpected error

Unexpected Buffer overflow in record_insert %d > %d

! " # $ % & ' ( )

%s:%s

Insert Systemdisk and press any key.

Home page: hXXp://VVV.ultraiso.com

Error loading operating system

Missing operating system

Replace the disk, and then press any key

Press any key to restart

Replace and press any key when ready

press any key to try again...

TCPAu$

TCPA

TCPAf

TCPAu2

Press any key to restart...

/ezboot/bootmenu.ezb

fREItñ

DEFAULT.EZB

Password:

Press any key to

%s.%s

Error allocating memory for FAT (%d bytes needed)

Error allocating memory for backup FAT (%d bytes needed)

Error allocating memory for root entries (%d needed).

Error allocating memory for backup root entries (%d needed).

File creation error: %s

ldlinux.sys

syslinux.cfg

/syslinux.cfg

io.sys

msdos.sys

command.com

ibmbio.com

ibmdos.com

kernel.sys

isolinux.bin

isolinux.cfg

%s/syslinux/

%c:\boot\syslinux\syslinux.cfg

%c:\syslinux\syslinux.cfg

NTDETECT.COM

SETUPLDR.BIN

TXTSETUP.SIF

EXPLORER.EXE

%s\ldlinux.sys

%c:\boot\syslinux

%c:\syslinux

%c:\boot\isolinux

%c:\isolinux

\ldlinux.sys

CONFIG.SYS

File error: %s

jo.sys

IO.SYS

MSDOS.SYS

COMMAND.COM

IBMBIO.COM

IBMDOS.COM

LDLINUX.SYS

KERNEL.SYS

Directory error: %s

%s\syslinux.cfg

All images (*.iso;*.isz;*.cue;*.mds;*.nrg;*.ccd;*.bwt;*.b5t;*.cdi;*.pdi)

*.iso;*.isz;*.cue;*.mds;*.nrg;*.ccd;*.bwt;*.b5t;*.cdi;*.pdi

Standard ISO images (*.iso)

Compressed ISO images (*.isz)

Cue sheets (*.cue)

*.cue

Media descriptor files (*.mds)

*.mds

Nero images (*.nrg)

CloneCD imahes (*.ccd)

*.ccd

Blindread images (*.bwt)

*.bwt

DiscJuggler images (*.cdi)

Instant CD/DVD images (*.pdi)

All files(*.*)

%s(%c:) - %s

%s(%d:) - %s

%s(%d:)

%c:\%s

%sautorun.inf

explorer.exe /e,/root,%c:\

Sorry, layer %d not supported

Joint-Stereo

MPEG %s, Layer: %s, Freq: %ld, mode: %s, modext: %d, BPF : %d

Channels: %d, copyright: %s, original: %s, CRC: %s, emphasis: %d.

Bitrate: %d Kbits/s, Extension value: %d

joint-stereo

MPEG %s layer %s, %d kbit/s, %ld Hz %s

invalid layer %d

mpg123: Bogus region length (%d)

mpg123: Can't rewind stream by %d bits!

%s\wmvcore.dll

%s\WmAudSDK.dll

WMAUDSDK.DLL not found!

%s\MACDll.dll

MACDLL.DLL not found!

Error opening APE file (error code: %d)

0000000000000000

XDVD Image Total Size: %d

deflate 1.2.7 Copyright 1995-2012 Jean-loup Gailly and Mark Adler

[%d: huff mtf

%d in block, %d after MTF & 1-2 coding, %d 2 syms in use

initial group %d, [%d .. %d], has %d syms (%4.1f%%)

pass %d: size is %d, grp uses are

bytes: mapping %d,

selectors %d,

code lengths %d,

codes %d

block %d: crc = 0xx, combined CRC = 0xx, size = %d

final combined CRC = 0xx

bzip2/libbzip2: internal error number %d.

This is a bug in bzip2/libbzip2, %s.

Please report it to me at: [email protected]. If this happened

component, you should also report this bug to the author(s)

of that program. Please make an effort to report this bug;

timely and accurate bug reports eventually lead to higher

(VVV.memtest86.com). At the time of writing it is free (GPLd).

{0xx, 0xx}

combined CRCs: stored = 0xx, computed = 0xx

1.0.6, 6-Sept-2010

depth m has

m unresolved strings

qsort [0x%x, 0x%x] done %d this %d

%d pointers, %d sorted, %d scanned

%d work, %d block, ratio %5.2f

.id

.partd.isz

.partd.isz

.part01.isz

.part001.isz

Ant#%d: Reset event failed.

Ant#%d: Set event failed.

!!!Ants#%d: BLOCK=%d

!!!Internal error >>>BUSY=%d/%d, READY=%d

;% 13I64d %d-d-d d:d:d %s

%s X

.dd

lbPassword

txtPassword

txtPasswordKeyPress

txtRetypeKeyPress

%s\iml_log.txt

IML file: %s

CMD ERROR: P1=%s,P2=%s

Error creating file: "%s".

Error opening file: %s.

Error reading file: %s.

Error writing file: %s.

FILE ERROR: LBA=%d,FILE='%s'

>>>%s

\Device\IsoCdRom%d

\\.\IsoCdRom

%c: Length=%d, Status=%d, Device=%d

Trying driver path: %s

%s\drivers\%s.sys

Driver path: %s

Try to load [%s]...

Service [%s] is started.

%s\Device%d

txtFilenameKeyPress

gbPassword,

chkISZPassword0

cbISZPassword4

btnISZPassword8

%s (%c:

%s\boot.ima

MsgWaitToReady

chkISZPassword

cbISZPassword

0xX

%d (0x%x)

%d (%d)

0xX

[DEV] Error reading device at position %d.

%s\PIPEd

You need Windows XP to access this device.

Error %s getting the device geometry.

ZIP mode does not support a partition table.

This program run only in Windows 2000/XP.

Error %s accessing this device.

Error %d restarting the device.

Error %s reading the device.

Retry#%d writing at %d (stat=%d)...

Retry#%d reading at %d (stat=%d)...

Error %d reading device at %d for verification.

Repair#%d at %d...

Error verifying device at %d

100.00%%

%s%s%s%s

%s%s%s %s

%c:\%s\NTDETECT.COM

%c:\NTDETECT.COM

%c:\%s\SETUPLDR.BIN

%c:\NTLDR

%c:\%s\EZLDR

%c:\EZLDR

%c:\syslinux.cfg

%c:\%s\syslinux.cfg

%c:%s\syslinux.cfg

>>>C/H/S=%d/%d/%d

C/H/S: %d/%d/%d

%c:\io.sys

%c:\msdos.sys

%c:\command.com

%c:\ibmbio.com

%c:\ibmdos.com

%c:\kernel.sys

%c:\isolinux.cfg

%c:\isolinux\isolinux.cfg

%c:\boot\isolinux\isolinux.cfg

%c:\bootmgr

%c:\PROGRAMS

%c:\*.*

%c:\%s\TXTSETUP.SIF

%c:\%s\EXPLORER.EXE

%c:\WXPE

%c:\WXPE\NTDETECT.COM

%c:\WXPE\SETUPLDR.BIN

%c:\I386

%c:\I386\NTDETECT.COM

%c:\I386\SETUPLDR.BIN

%c:\I386\TXTSETUP.SIF

%s\NTDETECT.COM

%s\SETUPLDR.BIN

%s\isolinux.cfg

%c:\MININT

Windows9x1p

WindowsNT2KXP1t

WindowsVista1x

%d:%d (%c:%s)

%d:%d (%c:)

%d:%d

\Device\Harddisk%d\Partition4

\NeroAPI.dll

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Nero.exe

\DVDR.DLL

NeroImportIsoTrackEx

NeroImportDataTrack

"$"#,##0_);\("$"#,##0\)

"$"#,##0.00_);\("$"#,##0.00\)

_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_)

_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)

_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)

_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_)

of %s

- %dGB free

- %dMB free

- %dKB free

- %dGB overload

- %dMB overload

- %dKB overload

xxtype.cpp

derv->tpClass.tpcFlags & CF_HAS_BASES

Inappropriate I/O control operation

Broken pipe

Operation not permitted

%H:%M:%S

%m/%d/%y

%A, %B %d, %Y

%s: %s error

d/d/d d:d:d.d

xx.cpp

varType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpClass.tpcDtorAddr

(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags

memType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR

dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR

IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)

elemType->tpClass.tpcFlags & CF_HAS_DTOR

_noParam.vt == VT_ERROR

VARIANT.CPP

%s @ %s/%d

%s failed - %s/%d

_empty.vt == VT_EMPTY

vt == rhs.vt

c:\bcb\emuvcl\utilcls.h

Inv(%d) %s, 0x%lX, retVT(0x%X), ErrArg(%d)

Parms.vt == (VT_ARRAY|VT_VARIANT)

ParmTypes.vt == (VT_ARRAY|VT_I4)

%Program Files% (x86)\UltraISO

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Ultra$ISO

Image Files(*.iso;*.isz;*.bin;*.cue;*.mds;*.mdf;*.nrg;*.ashdisc;*.b6t;*.b6i;*.b5t;*.b5i;*.bwt;*.bwi;*.lcd;*.ccd;*.img;*.dvd;*.000;*.daa;*.cdi;*.cif;*.xmf;*.xmd;*.pdi;*.dmg;*.timg;*.hfs;*.ncd;*.pxi;*.p2i;*.rif;*.rdf;*.gi;*.uif;*.vc4;*.fcd;*.vcd;*.ima;*.bif;*.flp;*.c2d;*.dao;*.tao;*.p01;*.md1;*.xa;*.VaporCD;*.gcd;*.ixa;*.vdi)

*.iso;*.isz;*.bin;*.cue;*.mds;*.mdf;*.nrg;*.ashdisc;*.b6t;*.b6i;*.b5t;*.b5i;*.bwt;*.bwi;*.lcd;*.ccd;*.img;*.dvd;*.000;*.daa;*.cdi;*.cif;*.xmf;*.xmd;*.pdi;*.dmg;*.timg;*.hfs;*.ncd;*.pxi;*.p2i;*.rif;*.rdf;*.gi;*.uif;*.vc4;*.fcd;*.vcd;*.ima;*.bif;*.flp;*.c2d;*.dao;*.tao;*.p01;*.md1;*.xa;*.VaporCD;*.gcd;*.ixa;*.vdi

CDRWin(*.bin;*.cue)

Alcohol 120%(*.mds;*.mdf)

Nero - Burning ROM(*.nrg)

Ashampoo(*.ashdisc)

BlindWrite(*.bwt;*.bwi)

CDSpace(*.lcd)

CloneCD(*.ccd;*.img)

CloneCD 5(*.dvd;*.000)

Direct Access Achive(*.daa)

DiscJuggler(*.cdi)

Easy CD/DVD Creator(*.cif)

GameJack(*.xmf;*.xmd)

InstantCopy(*.pdi)

Mac(*.dmg;*.timg;*.hfs)

NTI CD-Maker(*.ncd)

PlexTools(*.pxi)

PowerDirector(*.rif;*.rdf)

RecordNow(*.gi)

Universal Image Format(*.uif)

Virtual CD(*.vc4)

Virtual CD-ROM(*.fcd)

Virtual Drive(*.vcd)

WinImage(*.ima;*.bif;*.flp)

Duplicator(*.dao;*.tao)

Gear(*.p01;*.md1;*.xa)

Noum Vapor CDROM(*.VaporCD)

Prassi(*.gcd)

Ulead VideoStudio(*.ixa)

Virtuo CD Manager(*.vdi)

All Files(*.*)

%Program Files% (x86)

SETUPAPI.DLL

ADVAPI32.DLL

KERNEL32.DLL

MPR.DLL

VERSION.DLL

COMCTL32.DLL

COMDLG32.DLL

GDI32.DLL

SHELL32.DLL

WINMM.DLL

OLEAUT32.DLL

OLEDLG.DLL

RegCloseKey

RegCreateKeyA

RegCreateKeyExA

RegDeleteKeyA

RegEnumKeyExA

RegOpenKeyA

RegOpenKeyExA

RegQueryInfoKeyA

CreatePipe

GetCPInfo

GetProcessHeap

PeekNamedPipe

WinExec

SetViewportExtEx

SetViewportOrgEx

SHFileOperationA

ShellExecuteA

ShellExecuteExA

ActivateKeyboardLayout

EnumThreadWindows

EnumWindows

ExitWindowsEx

GetAsyncKeyState

GetKeyNameTextA

GetKeyState

GetKeyboardLayout

GetKeyboardLayoutList

GetKeyboardState

GetKeyboardType

LoadKeyboardLayoutA

MapVirtualKeyA

MsgWaitForMultipleObjects

SetKeyboardState

SetWindowsHookExA

UnhookWindowsHookEx

@$xp$18Taofrmts@TtaoInURL

@$xp$19Taofrmts@TtaoOutURL

@$xp$26Taocntrr@TtaoExecuteAction

@$xp$27Taofrmts@TtaoInURLNetscape4

@$xp$27Taofrmts@TtaoOutURLShortcut

@$xp$28Taofrmts@TtaoOutURLNetscape4

@$xp$31Taocntrr@TtaoExecuteActionEvent

@$xp$32Taofrmts@TtaoOutURLShortcutTitle

@@Ufrmpassword@Finalize

@@Ufrmpassword@Initialize

@TCCalendar@DrawCell$qqriirx11Types@TRect42System@%Set$t14Grids@Grids__3$iuc$0$iuc$2%

@Taocntrr@KeyStateToDropEffect$qqriri

@Taocntrr@TtaoController@AcceptableDataObject$qqrx39System@ÞlphiInterface$t11IDataObjectTaocntrr@TtaoKindoop23Taocntrr@TtaoFormatList

@Taocntrr@TtaoController@DataObject_EnumFormatEtc$qqrr42System@ÞlphiInterface$t14IEnumFORMATETCTaocntrr@TtaoKind

@Taocntrr@TtaoController@DoBeforeLeftButtonDown$qqr46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%ii

@Taocntrr@TtaoController@DropTarget_DragEnter$qqrx39System@ÞlphiInterface$t11IDataObject%irx12Types@TPointri

@Taocntrr@TtaoController@DropTarget_Drop$qqrx39System@ÞlphiInterface$t11IDataObject%irx12Types@TPointri

@Taocntrr@TtaoController@ExecutePasteSpecial$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taocntrr@TtaoController@LeftButtonDown$qqr46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%rx12Types@TPoint

@Taocntrr@TtaoController@Notification$qqrp18Classes@TComponent18Classes@TOperation

@Taocntrr@TtaoController@SetData$qqr17Taocntrr@TtaoKindx45System@ÞlphiInterface$t17System@IInterface%rx12Types@TPoint

@Taocntrr@TtaoController@SetOptions$qqrx58System@%Set$t29Taocntrr@TtaoControllerOption$iuc$0$iuc$18%

@Taocntrr@TtaoController@SetScrollDirections$qqrx56System@%Set$t28Taocntrr@TtaoScrollDirection$iuc$0$iuc$3%

@Taocntrr@TtaoFormat@SetMediums$qqrx53System@%Set$t25Taocntrr@TtaoTypeOfMedium$iuc$0$iuc$7%

@Taocntrr@TtaoInCustomFormat@SetData$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taocntrr@TtaoInCustomFormat@SetPasteSpecialFlags$qqrx57System@%Set$t29Taocntrr@TtaoPasteSpecialFlag$iuc$0$iuc$3%

@Taocntrr@TtaoInFormat@SetData$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taocntrr@TtaoOleUIDlg@Execute$qqrv

@Taocntrr@TtaoOutCustomFormat@GetData$qqrx45System@ÞlphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo

@Taocntrr@TtaoOutFormat@GetData$qqrx45System@ÞlphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo

@Taocntrr@TtaoPasteSpclDlg@$bctr$qqrp23Taocntrr@TtaoControllerx39System@ÞlphiInterface$t11IDataObject%

@Taocntrr@TtaoPasteSpclDlg@Execute$qqrv

@Taocntrr@TtaoWinControl@DoExecuteAction$qqr26Taocntrr@TtaoExecuteAction

@Taocntrr@TtaoWinControl@SetData$qqr17Taocntrr@TtaoKindx45System@ÞlphiInterface$t17System@IInterface%rx12Types@TPoint

@Taofrmts@QueryPrefferedEffect$qqrp27Taocntrr@TtaoInCustomFormatx39System@ÞlphiInterface$t11IDataObject%

@Taofrmts@SingleCell$qqrx46System@ÞlphiInterface$t18Taofrmts@ItaoCells%

@Taofrmts@TtaoInBiff@Parse$qqrx34System@ÞlphiInterface$t7IStream%

@Taofrmts@TtaoInBiff@SetData$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taofrmts@TtaoInCells@SetData$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taofrmts@TtaoInFileContents@CopyStream$qqrx34System@ÞlphiInterface$t7IStream%

@Taofrmts@TtaoInFileContents@SetData$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taofrmts@TtaoInHDrop@SetData$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taofrmts@TtaoInOEMessage@SetData$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taofrmts@TtaoInShellIDList@SetData$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taofrmts@TtaoInText@SetData$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taofrmts@TtaoInURL@

@Taofrmts@TtaoInURL@$bctr$qqrp18Classes@TComponent

@Taofrmts@TtaoInURL@SetData$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taofrmts@TtaoInURLNetscape4@

@Taofrmts@TtaoInURLNetscape4@$bctr$qqrp18Classes@TComponent

@Taofrmts@TtaoInURLNetscape4@SetData$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taofrmts@TtaoInUnicodeText@SetData$qqrx39System@ÞlphiInterface$t11IDataObject%

@Taofrmts@TtaoOutBiff8@GetData$qqrx45System@ÞlphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo

@Taofrmts@TtaoOutBiff8@SaveToStream$qqrp15Classes@TStreamx46System@ÞlphiInterface$t18Taofrmts@ItaoCells%

@Taofrmts@TtaoOutCells@GetData$qqrx45System@ÞlphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo

@Taofrmts@TtaoOutFileContents@GetData$qqrx45System@ÞlphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo

@Taofrmts@TtaoOutFileDescriptor@GetData$qqrx45System@ÞlphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo

@Taofrmts@TtaoOutFileNameMap@GetData$qqrx45System@ÞlphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo

@Taofrmts@TtaoOutHDrop@GetData$qqrx45System@ÞlphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo

@Taofrmts@TtaoOutPreferredEffect@GetData$qqrx45System@ÞlphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo

@Taofrmts@TtaoOutRtf@GetString$qqrx45System@ÞlphiInterface$t17System@IInterface%

@Taofrmts@TtaoOutShellIDList@GetData$qqrx45System@ÞlphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo

@Taofrmts@TtaoOutText@CopyDisplayFormats$qqrx45System@ÞlphiInterface$t17System@IInterface%

@Taofrmts@TtaoOutText@GetData$qqrx45System@ÞlphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo

@Taofrmts@TtaoOutText@GetString$qqrx45System@ÞlphiInterface$t17System@IInterface%

@Taofrmts@TtaoOutText@GetStringFromCells$qqrx46System@ÞlphiInterface$t18Taofrmts@ItaoCells%

@Taofrmts@TtaoOutURL@

@Taofrmts@TtaoOutURL@$bctr$qqrp18Classes@TComponent

@Taofrmts@TtaoOutURL@GetString$qqrx45System@ÞlphiInterface$t17System@IInterface%

@Taofrmts@TtaoOutURLNetscape4@

@Taofrmts@TtaoOutURLNetscape4@$bctr$qqrp18Classes@TComponent

@Taofrmts@TtaoOutURLNetscape4@GetData$qqrx45System@ÞlphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo

@Taofrmts@TtaoOutURLShortcut@

@Taofrmts@TtaoOutURLShortcut@$bctr$qqrp18Classes@TComponent

@Taofrmts@TtaoOutURLShortcut@BufferSize$qqrx17System@AnsiString

@Taofrmts@TtaoOutURLShortcut@GetString$qqrx45System@ÞlphiInterface$t17System@IInterface%

@Taofrmts@TtaoOutURLShortcut@StringToBuffer$qqrpvx17System@AnsiStringi

@Taofrmts@TtaoOutURLShortcutTitle@

@Taofrmts@TtaoOutURLShortcutTitle@$bctr$qqrp18Classes@TComponent

@Taofrmts@TtaoOutURLShortcutTitle@GetString$qqrx45System@ÞlphiInterface$t17System@IInterface%

@Taofrmts@TtaoOutURLShortcutTitle@StringToBuffer$qqrpvx17System@AnsiStringi

_frmPassword

/boot/syslinux/syslinux.cfg

this message in error, hold down the Ctrl key while

%$%a%b%V%U%c%Q%W%]%\%[%

%<%^%_%Z%T%i%f%`%P%l%g%h%d%e%Y%X%R%S%k%j%

Unknown keyword in configuration file:

Missing parameter in configuration file. Keyword:

Boot failed: please change disks and press a key to continue.

.cbt.bss.bs

.com.c32

message in error, hold down the Ctrl key whilebooting, and I

%XRFb

/tMR.vH

^W.YY

only support sH

xXFNBctx

llu (%u/

# Mapping file for AppleVolumes.system

.aif Raw 'SCPL' 'AIFF' "SoundApp - AIFF Sound (audio/x-aiff)"

.aifc Raw 'SCPL' 'AIFC' "SoundApp - AIFF Sound Compressed (audio/x-aiff)"

.aiff Raw 'SCPL' 'AIFF' "SoundApp - AIFF Sound (audio/x-aiff)"

.al Raw 'SCPL' 'ALAW' "SoundApp - ALAW Sound"

.ani Raw 'GKON' 'ANIi' "GraphicConverter - Animated NeoChrome"

.apd Ascii 'ALD3' 'TEXT' "Aldus PageMaker - Aldus Printer Description"

.arc Raw 'arc*' 'mArc' "ArcMac - PC ARChive"

.arj Raw 'DArj' 'BINA' "DeArj - ARJ Archive"

.arr Raw 'GKON' 'ARR ' "GraphicConverter - Amber ARR image"

.art Raw 'GKON' 'ART ' "GraphicConverter - First Publisher"

.asc Ascii 'ttxt' 'TEXT' "SimpleText - ASCII Text (text/plain)"

.ascii Ascii 'ttxt' 'TEXT' "SimpleText - ASCII Text (text/plain)"

.asm Ascii 'MPS ' 'TEXT' "MPW Shell - Assembly Source"

.au Raw 'SCPL' 'ULAW' "SoundApp - Sun Sound (audio/basic)"

.avi Raw 'AVIC' 'VfW ' "AVI to QT Utility - AVI Movie (video/avi)"

.backup Raw 'FASL' 'Fra5' "FrameMaker Backup file"

.bar Raw 'S691' 'BARF' "SunTar - Unix BAR Archive"

.bas Ascii 'TBB6' 'TEXT' "TexEdit - BASIC Source"

.bat Ascii 'ttxt' 'TEXT' "SimpleText - MS-DOS Batch File"

.bga Raw 'JVWR' 'BMPp' "JPEGView - OS/2 Bitmap"

.bib Ascii '*TEX' 'TEXT' "Textures - BibTex Bibliography"

.bin Raw 'MB2P' 'BINA' "MacBinary II  - MacBinary (application/macbinary)"

.binary Raw 'hDmp' 'BINA' "HexEdit - Untyped Binary Data (application/octet-stream)"

.bmp Raw 'JVWR' 'BMPp' "JPEGView - Windows Bitmap"

.bok Raw 'FBok' 'Fra5' "FrameMaker Book file"

.boo Ascii 'TBB6' 'TEXT' "TexEdit - BOO encoded"

.book Raw 'FBok' 'Fra5' "FrameMaker Book file"

.bst Ascii '*TEX' 'TEXT' "Textures - BibTex Style"

.bw Raw 'GKON' 'SGI ' "GraphicConverter - SGI Image"

.cgm Raw 'GKON' 'CGMm' "GraphicConverter - Computer Graphics Meta"

.class Raw 'CWIE' 'Clss' "CodeWarrior - Java Class File"

.clp Raw 'GKON' 'CLPp' "GraphicConverter - Windows Clipboard"

.cmd Ascii 'ttxt' 'TEXT' "SimpleText - OS/2 Batch File"

.com Raw 'SWIN' 'PCFA' "SoftWindows - MS-DOS Executable"

.cp Ascii 'CWIE' 'TEXT' "CodeWarrior - C   Source"

.cpp Ascii 'CWIE' 'TEXT' "CodeWarrior - C   Source"

.cpt Raw 'CPCT' 'PACT' "Compact Pro - Compact Pro Archive"

.csv Ascii 'XCEL' 'TEXT' "Excel - Comma Separated Vars"

.ct Raw 'GKON' '..CT' "GraphicConverter - Scitex-CT"

.cut Raw 'GKON' 'Halo' "GraphicConverter - Dr Halo Image"

.cvs Raw 'DAD2' 'drw2' "Canvas - Canvas Drawing"

.dbf Raw 'FOX ' 'COMP' "FoxBase  - DBase Document"

.dcx Raw 'GKON' 'DCXx' "GraphicConverter - Some PCX Images"

.dif Ascii 'XCEL' 'TEXT' "Excel - Data Interchange Format"

.diz Ascii 'TBB6' 'TEXT' "TexEdit - BBS Descriptive Text"

.dl Raw 'AnVw' 'DL ' "MacAnim Viewer - DL Animation"

.dll Raw 'SWIN' 'PCFL' "SoftWindows - Windows DLL"

.doc Raw 'MSWD' 'WDBN' "Microsoft Word - Word Document (application/msword)"

.dot Raw 'MSWD' 'sDBN' "Microsoft Word - Word for Windows Template"

.dvi Raw 'OTEX' 'ODVI' "OzTeX - TeX DVI Document (application/x-dvi)"

.dxf Ascii 'SWVL' 'TEXT' "Swivel Pro - AutoCAD 3D Data"

.eps Raw 'vgrd' 'EPSF' "LaserWriter 8 - Postscript (application/postscript)"

.epsf Raw 'vgrd' 'EPSF' "LaserWriter 8 - Postscript (application/postscript)"

.etx Ascii 'ezVu' 'TEXT' "Easy View - SEText (text/x-setext)"

.evy Raw 'ENVY' 'EVYD' "Envoy - Envoy Document"

.exe Raw 'SWIN' 'PCFA' "SoftWindows - MS-DOS Executable"

.faq Ascii 'TBB6' 'TEXT' "TexEdit - ASCII Text (text/x-usenet-faq)"

.fit Raw 'GKON' 'FITS' "GraphicConverter - Flexible Image Transport (image/x-fits)"

.flc Raw 'AnVw' 'FLI ' "MacAnim Viewer - FLIC Animation"

.fli Raw 'AnVw' 'FLI ' "MacAnim Viewer - FLI Animation"

.fm Raw 'FMPR' 'FMPR' "FileMaker Pro - FileMaker Pro Database"

.fm5 Raw 'FASL' 'Fra5' "FrameMaker Document"

.for Ascii 'MPS ' 'TEXT' "MPW Shell - Fortran Source"

.fts Raw 'GKON' 'FITS' "GraphicConverter - Flexible Image Transport"

.gem Raw 'GKON' 'GEM-' "GraphicConverter - GEM Metafile"

.gif Raw 'JVWR' 'GIFf' "JPEGView - GIF Picture (image/gif)"

.gl Raw 'AnVw' 'GL ' "MacAnim Viewer - GL Animation"

.grp Raw 'GKON' 'GRPp' "GraphicConverter - GRP Image"

.gz Raw 'Gzip' 'Gzip' "MacGzip - Gnu ZIP Archive (application/x-gzip)"

.hcom Raw 'SCPL' 'FSSD' "SoundApp - SoundEdit Sound ex SOX"

.hp Ascii 'CWIE' 'TEXT' "CodeWarrior - C Include File"

.hpgl Raw 'GKON' 'HPGL' "GraphicConverter - HP GL/2"

.hpp Ascii 'CWIE' 'TEXT' "CodeWarrior - C Include File"

.hqx Ascii 'TBB6' 'TEXT' "TexEdit - BinHex (application/mac-binhex40)"

.htm Ascii 'Um

.html Ascii 'Um

.i3 Ascii 'TBB6' 'TEXT' "TexEdit - Modula 3 Interface"

.ic1 Raw 'GKON' 'IMAG' "GraphicConverter - Atari Image"

.ic2 Raw 'GKON' 'IMAG' "GraphicConverter - Atari Image"

.ic3 Raw 'GKON' 'IMAG' "GraphicConverter - Atari Image"

.icn Raw 'GKON' 'ICO ' "GraphicConverter - Windows Icon"

.ico Raw 'GKON' 'ICO ' "GraphicConverter - Windows Icon"

.ief Raw 'GKON' 'IEF ' "GraphicConverter - IEF image (image/ief)"

.iff Raw 'GKON' 'ILBM' "GraphicConverter - Amiga IFF Image"

.ilbm Raw 'GKON' 'ILBM' "GraphicConverter - Amiga ILBM Image"

.image Raw 'dCpy' 'dImg' "DiskCopy - Apple DiskCopy Image"

.img Raw 'GKON' 'IMGg' "GraphicConverter - GEM bit image/XIMG"

.img Raw 'GKON' 'KONT' "GraphicConverter - KONTRON Image"

.ini Ascii 'ttxt' 'TEXT' "SimpleText - Windows INI File"

.java Ascii 'CWIE' 'TEXT' "CodeWarrior - Java Source File"

.jfif Raw 'JVWR' 'JFIF' "JPEGView - JFIF Image"

.jpe Raw 'JVWR' 'JPEG' "JPEGView - JPEG Picture (image/jpeg)"

.jpeg Raw 'JVWR' 'JPEG' "JPEGView - JPEG Picture (image/jpeg)"

.jpg Raw 'JVWR' 'JPEG' "JPEGView - JPEG Picture (image/jpeg)"

.latex Ascii 'OTEX' 'TEXT' "OzTex - Latex (application/x-latex)"

.lbm Raw 'GKON' 'ILBM' "GraphicConverter - Amiga IFF Image"

.lha Raw 'LARC' 'LHA ' "MacLHA - LHArc Archive"

.lis Ascii 'TEXT' 'SAS6' ""

.lst Ascii 'TEXT' 'SPSS' "SPSS"

.lha Raw 'LHA ' 'LARC' "LHArc Archive"

.log Ascii 'TEXT' 'SAS6' ""

.lzh Raw 'LARC' 'LHA ' "MacLHA - LHArc Archive"

.m2 Ascii 'TBB6' 'TEXT' "TexEdit - Modula 2 Source"

.m3 Ascii 'TBB6' 'TEXT' "TexEdit - Modula 3 Source"

.mac Raw 'ttxt' 'PICT' "SimpleText - PICT Picture (image/x-pict)"

.mak Ascii 'TBB6' 'TEXT' "TexEdit - Makefile"

.mcw Raw 'MSWD' 'WDBN' "Microsoft Word - Mac Word Document"

.me Ascii 'ttxt' 'TEXT' "SimpleText - Text Readme"

.med Raw 'SCPL' 'STrk' "SoundApp - Amiga MED Sound"

.mf Ascii '*MF*' 'TEXT' "Metafont - Metafont"

.mid Raw 'ttxt' 'Midi' "SimpleText - MIDI Music"

.midi Raw 'ttxt' 'Midi' "SimpleText - MIDI Music"

.mif Ascii 'Fram' 'TEXT' "FrameMaker - FrameMaker MIF (application/x-mif)"

.mime Ascii 'mPAK' 'TEXT' "Mpack - MIME Message (message/rfc822)"

.ml Ascii 'TBB6' 'TEXT' "TexEdit - ML Source"

.mod Raw 'SCPL' 'STrk' "SoundApp - MOD Music"

.mol Ascii 'RSML' 'TEXT' "RasMac - MDL Molfile"

.moov Raw 'ttxt' 'MooV' "SimpleText - QuickTime Movie (video/quicktime)"

.mov Raw 'ttxt' 'MooV' "SimpleText - QuickTime Movie (video/quicktime)"

.mp2 Raw 'KAU1' 'MPEG' "MPEG/CD - MPEG-1 audiostream (audio/x-mpeg)"

.mp3 Raw 'KAU1' 'MPEG' "MPEG/CD - MPEG-1 audiostream (audio/x-mpeg)"

.mpa Raw 'KAU1' 'MPEG' "MPEG/CD - MPEG-1 audiostream (audio/x-mpeg)"

.mpe Raw 'mMPG' 'MPEG' "Sparkle - MPEG Movie of some sort (video/mpeg)"

.mpeg Raw 'mMPG' 'MPEG' "Sparkle - MPEG Movie of some sort (video/mpeg)"

.mpg Raw 'mMPG' 'MPEG' "Sparkle - MPEG Movie of some sort (video/mpeg)"

.msp Raw 'GKON' 'MSPp' "GraphicConverter - Microsoft Paint"

.mswd Raw 'WDBN' 'MSWD' "Microsoft Word document"

.mtm Raw 'SNPL' 'MTM ' "PlayerPro - MultiMOD Music"

.mw Raw 'MWII' 'MW2D' "MacWrite II - MacWrite Document (application/macwriteii)"

.mwii Raw 'MWII' 'MW2D' "MacWrite II - MacWrite Document (application/macwriteii)"

.neo Raw 'GKON' 'NeoC' "GraphicConverter - Atari NeoChrome"

.nfo Ascii 'ttxt' 'TEXT' "SimpleText - Info Text (application/text)"

.nst Raw 'SCPL' 'STrk' "SoundApp - MOD Music"

.o Raw 'SWIN' 'PCFL' "SoftWindows - Object (DOS/Windows)"

.obj Raw 'SWIN' 'PCFL' "SoftWindows - Object (DOS/Windows)"

.oda Raw 'ODA ' 'ODIF' "MacODA XTND Translator - ODA Document (application/oda)"

.okt Raw 'SCPL' 'OKTA' "SoundApp - Oktalyser MOD Music"

.out Raw 'hDmp' 'BINA' "HexEdit - Output File"

.ovl Raw 'SWIN' 'PCFL' "SoftWindows - Overlay (DOS/Windows)"

.pac Raw 'GKON' 'STAD' "GraphicConverter - Atari STAD Image"

.pas Ascii 'CWIE' 'TEXT' "CodeWarrior - Pascal Source"

.pbm Raw 'GKON' 'PPGM' "GraphicConverter - Portable Bitmap (image/x-pbm)"

.pbm Raw 'GKON' 'PPGM' "GraphicConverter - Portable Bitmap (image/x-portable-bitmap)"

.pc1 Raw 'GKON' 'Dega' "GraphicConverter - Atari Degas Image"

.pc2 Raw 'GKON' 'Dega' "GraphicConverter - Atari Degas Image"

.pc3 Raw 'GKON' 'Dega' "GraphicConverter - Atari Degas Image"

.pcs Raw 'GKON' 'PICS' "GraphicConverter - Animated PICTs"

.pct Raw 'ttxt' 'PICT' "SimpleText - PICT Picture (image/x-pict)"

.pcx Raw 'GKON' 'PCXx' "GraphicConverter - PC PaintBrush"

.pdb Ascii 'RSML' 'TEXT' "RasMac - Brookhaven PDB file"

.pdf Raw 'CARO' 'PDF ' "Acrobat Reader - Portable Document Format (application/pdf)"

.pdx Ascii 'ALD5' 'TEXT' "PageMaker - Printer Description"

.pgm Raw 'GKON' 'PPGM' "GraphicConverter - Portable Graymap (image/x-pgm)"

.pgm Raw 'GKON' 'PPGM' "GraphicConverter - Portable Graymap (image/x-portable-graymap)"

.pi1 Raw 'GKON' 'Dega' "GraphicConverter - Atari Degas Image"

.pi2 Raw 'GKON' 'Dega' "GraphicConverter - Atari Degas Image"

.pi3 Raw 'GKON' 'Dega' "GraphicConverter - Atari Degas Image"

.pic Raw 'ttxt' 'PICT' "SimpleText - PICT Picture (image/x-pict)"

.pict Raw 'ttxt' 'PICT' "SimpleText - PICT Picture (image/x-macpict)"

.pit Raw 'SITx' 'PIT ' "StuffIt Expander - PackIt Archive"

.pkg Raw 'GEOL' 'HBSF' "AppleLink - AppleLink Package"

.pl Ascii 'McPL' 'TEXT' "MacPerl - Perl Source"

.plt Raw 'GKON' 'HPGL' "GraphicConverter - HP GL/2"

.pm Raw 'GKON' 'PMpm' "GraphicConverter - Bitmap from xv"

.pm3 Raw 'ALD3' 'ALB3' "PageMaker - PageMaker 3 Document"

.pm4 Raw 'ALD4' 'ALB4' "PageMaker - PageMaker 4 Document"

.pm5 Raw 'ALD5' 'ALB5' "PageMaker - PageMaker 5 Document"

.png Raw 'GKON' 'PNG ' "GraphicConverter - Portable Network Graphic"

.pntg Raw 'GKON' 'PNTG' "GraphicConverter - Macintosh Painting"

.por Raw 'SPOR' 'SPSS' ""

.ppd Ascii 'ALD5' 'TEXT' "PageMaker - Printer Description"

.ppm Raw 'GKON' 'PPGM' "GraphicConverter - Portable Pixmap (image/x-ppm)"

.ppm Raw 'GKON' 'PPGM' "GraphicConverter - Portable Pixmap (image/x-portable-pixmap)"

.prn Ascii 'TBB6' 'TEXT' "TexEdit - Printer Output File"

.ps Ascii 'vgrd' 'TEXT' "LaserWriter 8 - PostScript (application/postscript)"

.psd Raw '8BIM' '8BPS' "Photoshop - PhotoShop Document"

.pt4 Raw 'ALD4' 'ALT4' "PageMaker - PageMaker 4 Template"

.pt5 Raw 'ALD5' 'ALT5' "PageMaker - PageMaker 5 Template"

.pxr Raw '8BIM' 'PXR ' "Photoshop - Pixar Image"

.qdv Raw 'GKON' 'QDVf' "GraphicConverter - QDV image"

.qt Raw 'ttxt' 'MooV' "SimpleText - QuickTime Movie (video/quicktime)"

.qxd Raw 'XPR3' 'XDOC' "QuarkXpress - QuarkXpress Document"

.qxt Raw 'XPR3' 'XTMP' "QuarkXpress - QuarkXpress Template"

.ram Ascii '????' 'TEXT' "Unknown - Real Audio (audio/x-pn-realaudio)"

.raw Raw 'GKON' 'BINA' "GraphicConverter - Raw Image"

.readme Ascii 'TBB6' 'TEXT' "TexEdit - Text Readme (application/text)"

.rgb Raw 'GKON' 'SGI ' "GraphicConverter - SGI Image (image/x-rgb)"

.rgba Raw 'GKON' 'SGI ' "GraphicConverter - SGI Image (image/x-rgb)"

.rib Ascii 'RINI' 'TEXT' "Renderman - Renderman 3D Data"

.rif Raw 'GKON' 'RIFF' "GraphicConverter - RIFF Graphic"

.rle Raw 'GKON' 'RLE ' "GraphicConverter - RLE image"

.rme Ascii 'ttxt' 'TEXT' "SimpleText - Text Readme"

.rpl Raw 'REP!' 'FRL!' "Replica - Replica Document"

.rsc Raw 'RSED' 'rsrc' "ResEdit - Resource File"

.rsrc Raw 'RSED' 'rsrc' "ResEdit - Resource File"

.rtf Ascii 'MSWD' 'TEXT' "Microsoft Word - Rich Text Format (application/rtf)"

.rtx Ascii 'TBB6' 'TEXT' "TexEdit - Rich Text (text/richtext)"

.sas Ascii 'TEXT' 'SAS6' ""

.scc Raw 'GKON' 'MSX ' "GraphicConverter - MSX pitcure"

.scg Raw 'GKON' 'RIX3' "GraphicConverter - ColoRIX"

.sci Raw 'GKON' 'RIX3' "GraphicConverter - ColoRIX"

.scp Raw 'GKON' 'RIX3' "GraphicConverter - ColoRIX"

.scr Raw 'GKON' 'RIX3' "GraphicConverter - ColoRIX"

.sct Raw 'SCHT' 'SPSS' "SPSS"

.scu Raw 'GKON' 'RIX3' "GraphicConverter - ColoRIX"

.sea Raw '????' 'APPL' "Self Extracting Archive - Self-Extracting Archive"

.sf Raw 'SDHK' 'IRCM' "SoundHack - IRCAM Sound"

.sgi Raw 'GKON' 'SGI ' "GraphicConverter - SGI Image"

.sha Ascii 'UnSh' 'TEXT' "UnShar - Unix Shell Archive (application/x-shar)"

.shar Ascii 'UnSh' 'TEXT' "UnShar - Unix Shell Archive (application/x-shar)"

.shp Raw 'GKON' 'SHPp' "GraphicConverter - Printmaster Icon Library"

.sit Raw 'SIT!' 'SITD' "StuffIt - StuffIt Archive"

.sithqx Ascii 'TBB6' 'TEXT' "TexEdit - BinHexed StuffIt Archive (application/mac-binhex40)"

.six Raw 'GKON' 'SIXE' "GraphicConverter - SIXEL image"

.slk Ascii 'XCEL' 'TEXT' "Excel - SYLK Spreadsheet"

.snd Raw 'SCPL' 'BINA' "SoundApp - Sound of various types"

.spc Raw 'GKON' 'Spec' "GraphicConverter - Atari Spectrum 512"

.spo Raw 'SOUT' 'SPSS' "SPSS"

.sps Ascii 'TEXT' 'SPSS' "SPSS"

.sr Raw 'GKON' 'SUNn' "GraphicConverter - Sun Raster Image"

.sty Ascii '*TEX' 'TEXT' "Textures - TeX Style"

.sun Raw 'GKON' 'SUNn' "GraphicConverter - Sun Raster Image"

.sup Raw 'GKON' 'SCRN' "GraphicConverter - StartupScreen"

.svx Raw 'SCPL' '8SVX' "SoundApp - Amiga IFF Sound"

.syk Ascii 'XCEL' 'TEXT' "Excel - SYLK Spreadsheet"

.sylk Ascii 'XCEL' 'TEXT' "Excel - SYLK Spreadsheet"

.tar Raw 'S691' 'TARF' "SunTar - Unix Tape ARchive (application/x-tar)"

.targa Raw 'GKON' 'TPIC' "GraphicConverter - Truevision Image"

.taz Raw 'SITx' 'ZIVU' "StuffIt Expander - Compressed Tape ARchive (application/x-compress)"

.tex Ascii 'OTEX' 'TEXT' "OzTeX - TeX Document (application/x-tex)"

.texi Ascii 'OTEX' 'TEXT' "OzTeX - TeX Document"

.texinfo Ascii 'OTEX' 'TEXT' "OzTeX - TeX Document (application/x-texinfo)"

.text Ascii 'ttxt' 'TEXT' "SimpleText - ASCII Text (text/plain)"

.tga Raw 'GKON' 'TPIC' "GraphicConverter - Truevision Image"

.tgz Raw 'Gzip' 'Gzip' "MacGzip - Gnu ZIPed Tape ARchive (application/x-gzip)"

.tif Raw 'JVWR' 'TIFF' "JPEGView - TIFF Picture (image/tiff)"

.tiff Raw 'JVWR' 'TIFF' "JPEGView - TIFF Picture (image/tiff)"

.tny Raw 'GKON' 'TINY' "GraphicConverter - Atari TINY Bitmap"

.tsv Ascii 'XCEL' 'TEXT' "Excel - Tab Separated Values (text/tab-separated-values)"

.tx8 Ascii 'ttxt' 'TEXT' "SimpleText - 8-bit ASCII Text"

.txt Ascii 'ttxt' 'TEXT' "SimpleText - ASCII Text (text/plain)"

.ul Raw 'SCPL' 'ULAW' "SoundApp - Mu-Law Sound (audio/basic)"

.url Raw 'Arch' 'AURL' "Anarchie - URL Bookmark (message/external-body)"

.uu Ascii 'TBB6' 'TEXT' "TexEdit - UUEncode"

.uue Ascii 'TBB6' 'TEXT' "TexEdit - UUEncode"

.vff Raw 'GKON' 'VFFf' "GraphicConverter - DESR VFF Greyscale Image"

.vga Raw 'JVWR' 'BMPp' "JPEGView - OS/2 Bitmap"

.voc Raw 'SCPL' 'VOC ' "SoundApp - VOC Sound"

.w51 Raw 'WPC2' '.WP5' "WordPerfect - WordPerfect PC 5.1 Doc (application/wordperfect5.1)"

.wav Raw 'SCPL' 'WAVE' "SoundApp - Windows WAV Sound (audio/x-wav)"

.wk1 Raw 'XCEL' 'XLBN' "Excel - Lotus Spreadsheet r2.1"

.wks Raw 'XCEL' 'XLBN' "Excel - Lotus Spreadsheet r1.x"

.wmf Raw 'GKON' 'WMF ' "GraphicConverter - Windows Metafile"

.wp Raw 'WPC2' '.WP5' "WordPerfect - WordPerfect PC 5.1 Doc (application/wordperfect5.1)"

.wp4 Raw 'WPC2' '.WP4' "WordPerfect - WordPerfect PC 4.2 Doc"

.wp5 Raw 'WPC2' '.WP5' "WordPerfect - WordPerfect PC 5.x Doc (application/wordperfect5.1)"

.wp6 Raw 'WPC2' '.WP6' "WordPerfect - WordPerfect PC 6.x Doc"

.wpg Raw 'GKON' 'WPGf' "GraphicConverter - WordPerfect Graphic"

.wpm Raw 'WPC2' 'WPD1' "WordPerfect - WordPerfect Mac"

.wri Raw 'MSWD' 'WDBN' "Microsoft Word - MS Write/Windows"

.wve Raw 'SCPL' 'BINA' "SoundApp - PSION sound"

.x10 Raw 'GKON' 'XWDd' "GraphicConverter - X-Windows Dump (image/x-xwd)"

.x11 Raw 'GKON' 'XWDd' "GraphicConverter - X-Windows Dump (image/x-xwd)"

.xbm Raw 'GKON' 'XBM ' "GraphicConverter - X-Windows Bitmap (image/x-xbm)"

.xbm Raw 'GKON' 'XBM ' "GraphicConverter - X-Windows Bitmap (image/x-xbitmap)"

.xl Raw 'XCEL' 'XLS ' "Excel - Excel Spreadsheet"

.xlc Raw 'XCEL' 'XLC ' "Excel - Excel Chart"

.xlm Raw 'XCEL' 'XLM ' "Excel - Excel Macro"

.xls Raw 'XCEL' 'XLS ' "Excel - Excel Spreadsheet"

.xlw Raw 'XCEL' 'XLW ' "Excel - Excel Workspace"

.xm Raw 'SNPL' 'XM ' "PlayerPro - FastTracker MOD Music"

.xpm Raw 'GKON' 'XPM ' "GraphicConverter - X-Windows Pixmap (image/x-xpm)"

.xpm Raw 'GKON' 'XPM ' "GraphicConverter - X-Windows Pixmap (image/x-xpixmap)"

.xwd Raw 'GKON' 'XWDd' "GraphicConverter - X-Windows Dump (image/x-xwd)"

.zip Raw 'ZIP ' 'ZIP ' "PC ZIP Archive"

#* Raw 'WAPP' 'DATA' "Windows application data file"

0 00 11 AUDIO PLAY OPERATION IN PROGRESS

0 00 12 AUDIO PLAY OPERATION PAUSED

0 00 13 AUDIO PLAY OPERATION SUCCESSFULLY COMPLETED

0 00 14 AUDIO PLAY OPERATION STOPPED DUE TO ERROR

2 04 00 LOGICAL UNIT NOT READY, CAUSE NOT REPORTABLE

2 04 02 LOGICAL UNIT NOT READY, INITIALIZING CMD. REQUIRED

2 04 07 LOGICAL UNIT NOT READY, OPERATION IN PROGRESS

A 1D 00 MISCOMPARE DURING VERIFY OPERATION

5 20 00 INVALID COMMAND OPERATION CODE

5 25 00 LOGICAL UNIT NOT SUPPORTED

5 26 01 PARAMETER NOT SUPPORTED

5 26 03 THRESHOLD PARAMETERS NOT SUPPORTED

6 28 01 IMPORT OR EXPORT ELEMENT ACCESSED

5 2B 00 COPY CANNOT EXECUTE SINCE INITIATOR CANNOT DISCONNECT

6 2E 00 INSUFFICIENT TIME FOR OPERATION

2 30 11 CANNOT WRITE MEDIUM . UNSUPPORTED MEDIUM VERSION

F 35 01 UNSUPPORTED ENCLOSURE FUNCTION

5 39 00 SAVING PARAMETERS NOT SUPPORTED

6 3F 00 TARGET OPERATING CONDITIONS HAVE CHANGED

6 3F 02 CHANGED OPERATING DEFINITION

3 51 01 ERASE FAILURE - INCOMPLETE ERASE OPERATION DETECTED

6 5A 00 OPERATOR REQUEST OR STATE CHANGE INPUT

6 5A 01 OPERATOR MEDIUM REMOVAL REQUEST

6 5A 02 OPERATOR SELECTED WRITE PROTECT

6 5A 03 OPERATOR SELECTED WRITE PERMIT

5 6F 00 COPY PROTECTION KEY EXCHANGE FAILURE . AUTHENTICATION FAILURE

5 6F 01 COPY PROTECTION KEY EXCHANGE FAILURE . KEY NOT PRESENT

5 6F 02 COPY PROTECTION KEY EXCHANGE FAILURE .KEY NOT ESTABLISHED

333333333333333333

33333833

3333333333333338

:*"*"$3338

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

333330303030333333

323332929239323

)"")"")#3232

239329332323232

332323232

"#323232329

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

[email protected]

Version 7.2.3.882

Picture.Data

frmMain.ilstStatus

Items.Strings

Glyph.Data

Nero (.NRG)

CDRWin (.BIN/.CUE)

CloneCD (.IMG/.CCD/.SUB)

Alcohol (.MDF/.MDS)

)volname.part01.isz,volname.part02.isz,...

 volname.part001.isz,volname.part002.isz,...

gbPassword

Set password

btnISZPassword

c:\program files\UltraISO

Backup files on save (.uibak)

MD5 (.md5)

CRC-32 (.sfv)

CRC-16 (.txt)

c:\windows\system32\notepad.exe

?? (??) - ????

5"%Program Files%\Alcohol Soft\Alcohol 120\AxCmd.exe"

Set .ISZ as the default format

Enter password:

OnKeyPress

Change default password

Windows9x1

Windows 9x

WindowsNT2KXP1

Windows NT/2K/XP

WindowsVista1

Windows Vista/7/8

Icon.Data

Bitmap.Data

Import IML ...

mmExportOptions

Export Options...

Support Forum

Formats.Default

frmPassword

Windows/Unix(31)

&Get unlimited E-Mail technical support

user32.dll

The procedure entry point %s could not be located in the dynamic link library %s

The ordinal %u could not be located in the dynamic link library %s

setupapi.dll

advapi32.dll

mpr.dll

version.dll

comdlg32.dll

gdi32.dll

shell32.dll

winmm.dll

oledlg.dll

version="5.1.0.0"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<== :;<2;<=5<=>7=>>!=>>

204~98;*

-2] * #,##0.00; [$

-2] * -#,##0.00

#,##0.00 [$

DRM_KeySeed

DRM_KeyID

DRM_LicenseAcqURL

DRM_V1LicenseAcqURL

DRM_HeaderSignPrivKey

DRM_LASignaturePrivKey

DRM_LASignatureCert

DRM_LASignatureLicSrvCert

DRM_LASignatureRootCert

WM/PromotionURL

WM/AlbumCoverURL

BannerImageURL

CopyrightURL

WM/AuthorURL

WM/UserWebURL

WM/AudioFileURL

WM/AudioSourceURL

WM/InitialKey

_ISVBRSUPPORTED

_PASSESUSED

Print.redbook

Transfer.SDMI

Transfer.NONSDMI

BaseLAURL

ActionAllowed.Play

ActionAllowed.Print.redbook

ActionAllowed.Transfer.SDMI

ActionAllowed.Transfer.NONSDMI

ActionAllowed.Backup

LicenseStateData.Play

LicenseStateData.Print.redbook

LicenseStateData.Transfer.SDMI

LicenseStateData.Transfer.NONSDMI

DRMHeader.KID

DRMHeader.LAINFO

DRMHeader.CID

DRMHeader.SECURITYVERSION

DRMHeader.ContentDistributor

DRMHeader.SubscriptionContentID

54;:76%$

TFRMPASSWORD

!"#$%&'()* ,-./0123456789:

Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count

Value must be between %d and %d

Invalid clipboard format Clipboard does not support Icons

Text exceeds memo capacity/Menu '%s' is already being used by another form

Invalid input value7Invalid input value. Use escape key to abandon changes

 Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'

%s property out of range

Metafile is not valid!Cannot change the size of an icon Invalid operation on TOleGraphic

Unsupported clipboard format

Failed to set object at index %d<MultiLine must be True when TabPosition is tpLeft or tpRight

Invalid ownerE%d is an invalid PageIndex value. PageIndex must be between 0 and %d=This control requires version 4.70 or greater of COMCTL32.DLL

Date exceeds maximum of %s

Date is less than minimum of %s4You must be in ShowCheckbox mode to set to this date#Failed to set calendar date or timeúiled to set maximum selection range$Failed to set calendar min/max rangeúiled to set calendar selected range0Tab position incompatible with current tab style0Tab style incompatible with current tab position

Failed to clear tab control Failed to delete tab at index %d"Failed to retrieve tab at index %d Failed to get object at index %d"Failed to set tab "%s" at index %d

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

Invalid variant operation!Invalid variant operation ($%.8x)

Invalid NULL variant operation5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

External exception %x

Interface not supported

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

I/O error %d

Integer overflow Invalid floating point operation

Invalid pointer operation

%s expected Too many rows or columns deleted$%s not in a class registration group

Property %s does not exist

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time

Line too long List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

%s on line %d

Error reading %s%s%s: %s

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file %s1Fixed column count must be less than column count Fixed row count must be less than row count

Grid too large for operation

Invalid stream format$''%s'' is not a valid component name

<Invalid coordinate, Col=%d, Row=%d, ColCount=%d, RowCount=%d

Wrong BIFF version6BIFF record %d bytes in length exceeds buffer capacity

Property "%s" not found"Unable to find a Table of Contents

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Ancestor for '%s' not found

Cannot assign a %s to a %s

''%s'' expectedECheckSynchronize called from thread $%x, which is NOT the main thread

ultraiso.exe

IEXPLORE.EXE_312:

.text

`.data

.idata

.rsrc

@.reloc

u\j.Xf9

j.Xf9

USER32.dll

api-ms-win-downlevel-shell32-l1-1-0.dll

IEFRAME.dll

SHELL32.dll

iexplore.pdb

api-ms-win-downlevel-shlwapi-l1-1-0.dll

iertutil.dll

api-ms-win-downlevel-advapi32-l1-1-0.dll

KERNEL32.dll

msvcrt.dll

_wcmdln

_amsg_exit

RegOpenKeyExW

RegCloseKey

<!-- Note: This manifest needs to be kept in sync with iexplore.exe.manifest -->

<assemblyIdentity version="5.1.0.0"

name="Microsoft.InternetExplorer"

<windowsSettings>

<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

</windowsSettings>

<!--The ID below indicates application support for Windows 8 -->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

KEYW

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

imm32.dll

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

Kernel32.dll

"%s" %s

kernel32.dll

IEXPLORE.EXE

{00000000-0000-0000-0000-000000000000}

\\?\Volume

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Browseui_Tabs_Tearoff_BetweenWindows_TabProc

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute

IMTravelLogMVC_TravelURL

10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

Windows

10.00.9200.16521

IEXPLORE.EXE_1732:

.text

`.data

.idata

.rsrc

@.reloc

u\j.Xf9

j.Xf9

USER32.dll

api-ms-win-downlevel-shell32-l1-1-0.dll

IEFRAME.dll

SHELL32.dll

iexplore.pdb

api-ms-win-downlevel-shlwapi-l1-1-0.dll

iertutil.dll

api-ms-win-downlevel-advapi32-l1-1-0.dll

KERNEL32.dll

msvcrt.dll

_wcmdln

_amsg_exit

RegOpenKeyExW

RegCloseKey

<!-- Note: This manifest needs to be kept in sync with iexplore.exe.manifest -->

<assemblyIdentity version="5.1.0.0"

name="Microsoft.InternetExplorer"

<windowsSettings>

<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

</windowsSettings>

<!--The ID below indicates application support for Windows 8 -->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

KEYW

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

imm32.dll

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

Kernel32.dll

"%s" %s

kernel32.dll

IEXPLORE.EXE

{00000000-0000-0000-0000-000000000000}

\\?\Volume

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Browseui_Tabs_Tearoff_BetweenWindows_TabProc

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute

IMTravelLogMVC_TravelURL

10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

Windows

10.00.9200.16521

IEXPLORE.EXE_816:

.text

`.data

.idata

.rsrc

@.reloc

u\j.Xf9

j.Xf9

USER32.dll

api-ms-win-downlevel-shell32-l1-1-0.dll

IEFRAME.dll

SHELL32.dll

iexplore.pdb

api-ms-win-downlevel-shlwapi-l1-1-0.dll

iertutil.dll

api-ms-win-downlevel-advapi32-l1-1-0.dll

KERNEL32.dll

msvcrt.dll

_wcmdln

_amsg_exit

RegOpenKeyExW

RegCloseKey

<!-- Note: This manifest needs to be kept in sync with iexplore.exe.manifest -->

<assemblyIdentity version="5.1.0.0"

name="Microsoft.InternetExplorer"

<windowsSettings>

<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

</windowsSettings>

<!--The ID below indicates application support for Windows 8 -->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

KEYW

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

imm32.dll

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

Kernel32.dll

"%s" %s

kernel32.dll

IEXPLORE.EXE

{00000000-0000-0000-0000-000000000000}

\\?\Volume

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Browseui_Tabs_Tearoff_BetweenWindows_TabProc

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute

IMTravelLogMVC_TravelURL

10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

Windows

10.00.9200.16521

IEXPLORE.EXE_1520:

.text

`.data

.idata

.rsrc

@.reloc

u\j.Xf9

j.Xf9

USER32.dll

api-ms-win-downlevel-shell32-l1-1-0.dll

IEFRAME.dll

SHELL32.dll

iexplore.pdb

api-ms-win-downlevel-shlwapi-l1-1-0.dll

iertutil.dll

api-ms-win-downlevel-advapi32-l1-1-0.dll

KERNEL32.dll

msvcrt.dll

_wcmdln

_amsg_exit

RegOpenKeyExW

RegCloseKey

<!-- Note: This manifest needs to be kept in sync with iexplore.exe.manifest -->

<assemblyIdentity version="5.1.0.0"

name="Microsoft.InternetExplorer"

<windowsSettings>

<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

</windowsSettings>

<!--The ID below indicates application support for Windows 8 -->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

KEYW

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

imm32.dll

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

Kernel32.dll

"%s" %s

kernel32.dll

IEXPLORE.EXE

{00000000-0000-0000-0000-000000000000}

\\?\Volume

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Browseui_Tabs_Tearoff_BetweenWindows_TabProc

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute

IMTravelLogMVC_TravelURL

10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

Windows

10.00.9200.16521

IEXPLORE.EXE_2944:

.text

`.data

.idata

.rsrc

@.reloc

u\j.Xf9

j.Xf9

USER32.dll

api-ms-win-downlevel-shell32-l1-1-0.dll

IEFRAME.dll

SHELL32.dll

iexplore.pdb

api-ms-win-downlevel-shlwapi-l1-1-0.dll

iertutil.dll

api-ms-win-downlevel-advapi32-l1-1-0.dll

KERNEL32.dll

msvcrt.dll

_wcmdln

_amsg_exit

RegOpenKeyExW

RegCloseKey

<!-- Note: This manifest needs to be kept in sync with iexplore.exe.manifest -->

<assemblyIdentity version="5.1.0.0"

name="Microsoft.InternetExplorer"

<windowsSettings>

<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

</windowsSettings>

<!--The ID below indicates application support for Windows 8 -->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

KEYW

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

imm32.dll

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

Kernel32.dll

"%s" %s

kernel32.dll

IEXPLORE.EXE

{00000000-0000-0000-0000-000000000000}

\\?\Volume

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Browseui_Tabs_Tearoff_BetweenWindows_TabProc

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute

IMTravelLogMVC_TravelURL

10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

Windows

10.00.9200.16521

IEXPLORE.EXE_3204:

.text

`.data

.idata

.rsrc

@.reloc

u\j.Xf9

j.Xf9

USER32.dll

api-ms-win-downlevel-shell32-l1-1-0.dll

IEFRAME.dll

SHELL32.dll

iexplore.pdb

api-ms-win-downlevel-shlwapi-l1-1-0.dll

iertutil.dll

api-ms-win-downlevel-advapi32-l1-1-0.dll

KERNEL32.dll

msvcrt.dll

_wcmdln

_amsg_exit

RegOpenKeyExW

RegCloseKey

<!-- Note: This manifest needs to be kept in sync with iexplore.exe.manifest -->

<assemblyIdentity version="5.1.0.0"

name="Microsoft.InternetExplorer"

<windowsSettings>

<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

</windowsSettings>

<!--The ID below indicates application support for Windows 8 -->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

KEYW

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

imm32.dll

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

Kernel32.dll

"%s" %s

kernel32.dll

IEXPLORE.EXE

{00000000-0000-0000-0000-000000000000}

\\?\Volume

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Browseui_Tabs_Tearoff_BetweenWindows_TabProc

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute

IMTravelLogMVC_TravelURL

10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

Windows

10.00.9200.16521

IEXPLORE.EXE_4088:

.text

`.data

.idata

.rsrc

@.reloc

u\j.Xf9

j.Xf9

USER32.dll

api-ms-win-downlevel-shell32-l1-1-0.dll

IEFRAME.dll

SHELL32.dll

iexplore.pdb

api-ms-win-downlevel-shlwapi-l1-1-0.dll

iertutil.dll

api-ms-win-downlevel-advapi32-l1-1-0.dll

KERNEL32.dll

msvcrt.dll

_wcmdln

_amsg_exit

RegOpenKeyExW

RegCloseKey

<!-- Note: This manifest needs to be kept in sync with iexplore.exe.manifest -->

<assemblyIdentity version="5.1.0.0"

name="Microsoft.InternetExplorer"

<windowsSettings>

<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

</windowsSettings>

<!--The ID below indicates application support for Windows 8 -->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

KEYW

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

imm32.dll

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

Kernel32.dll

"%s" %s

kernel32.dll

IEXPLORE.EXE

{00000000-0000-0000-0000-000000000000}

\\?\Volume

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Browseui_Tabs_Tearoff_BetweenWindows_TabProc

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute

IMTravelLogMVC_TravelURL

10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

Windows

10.00.9200.16521

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

bdb3deffd640d14db8b390b6f3f0fe54.tmp:1372
regsvr32.exe:1112
%original file name%.exe:2636
isocmd.exe:2612
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Program Files% (x86)\UltraISO\lang\is-0KD9O.tmp (601 bytes)
%Program Files% (x86)\Common Files\EZB Systems\is-ICG0J.tmp (3073 bytes)
%Program Files% (x86)\UltraISO\lang\is-5K4CV.tmp (601 bytes)
%Program Files% (x86)\UltraISO\drivers\is-13898.tmp (25 bytes)
%Program Files% (x86)\UltraISO\lang\is-81IBG.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-DR4TF.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-4N0TN.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-6GCDG.tmp (601 bytes)
%Program Files% (x86)\UltraISO\is-6QD2P.tmp (2 bytes)
%Program Files% (x86)\UltraISO\lang\is-C1FL5.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-KL3D5.tmp\_isetup\_setup64.tmp (6 bytes)
%Program Files% (x86)\UltraISO\lang\is-GKUTC.tmp (601 bytes)
%Program Files% (x86)\UltraISO\is-TBKGT.tmp (673 bytes)
%Program Files% (x86)\UltraISO\is-2TVFT.tmp (27817 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Web Site.url (61 bytes)
%Program Files% (x86)\UltraISO\lang\is-M00I7.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-VBIB3.tmp (601 bytes)
%Program Files% (x86)\UltraISO\unins000.dat (3080 bytes)
%Program Files% (x86)\UltraISO\lang\is-F6GDR.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-09FG2.tmp (601 bytes)
%Program Files% (x86)\UltraISO\drivers\is-J8M0L.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-BEVKJ.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-DQ0J5.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-BOJ5A.tmp (601 bytes)
C:\Users\Public\Desktop\UltraISO.lnk (1 bytes)
%Program Files% (x86)\UltraISO\is-QIHV1.tmp (8281 bytes)
%Program Files% (x86)\UltraISO\lang\is-ROT28.tmp (601 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Online Order.url (70 bytes)
%Program Files% (x86)\UltraISO\is-4J1UJ.tmp (2321 bytes)
%Program Files% (x86)\UltraISO\lang\is-CK1AN.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-QE99L.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-3JL1U.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-KN7L0.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-UGIVV.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-2PQNV.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-2SRP7.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-UA6VG.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-CP9Q1.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-KL3D5.tmp\_isetup\_shfoldr.dll (47 bytes)
%Program Files% (x86)\UltraISO\lang\is-EMCBB.tmp (601 bytes)
%Program Files% (x86)\UltraISO\unins000.exe (786 bytes)
%Program Files% (x86)\UltraISO\lang\is-BSV2O.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-F8HON.tmp (601 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO.lnk (1 bytes)
%Program Files% (x86)\UltraISO\drivers\is-QMSQ5.tmp (33 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Revision History.lnk (1 bytes)
%Program Files% (x86)\UltraISO\drivers\is-QI89G.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-FJAS2.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-NVEF3.tmp (601 bytes)
%Program Files% (x86)\UltraISO\drivers\is-R7P1N.tmp (20 bytes)
%Program Files% (x86)\UltraISO\lang\is-DKETC.tmp (601 bytes)
%Program Files% (x86)\UltraISO\is-CPVBT.tmp (3 bytes)
%Program Files% (x86)\UltraISO\lang\is-N9EF3.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-3M093.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-66UCV.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-S3VTT.tmp (601 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\Uninstall UltraISO.lnk (1 bytes)
%Program Files% (x86)\UltraISO\drivers\IsoCmd.exe (24 bytes)
%Program Files% (x86)\UltraISO\lang\is-UR8NM.tmp (601 bytes)
%Program Files% (x86)\UltraISO\is-GDUQD.tmp (41 bytes)
%Program Files% (x86)\UltraISO\lang\is-JMBI0.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-BTJFU.tmp (601 bytes)
%Program Files% (x86)\UltraISO\drivers\is-FVL71.tmp (15 bytes)
%Program Files% (x86)\UltraISO\lang\is-P380R.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-EVEEO.tmp (601 bytes)
%Program Files% (x86)\UltraISO\lang\is-ATR5U.tmp (601 bytes)
%Program Files% (x86)\UltraISO\UltraISO.exe (49 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Help.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Readme.lnk (1 bytes)
%Program Files% (x86)\UltraISO\isoshl64.dll (143 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-76J9O.tmp\bdb3deffd640d14db8b390b6f3f0fe54.tmp (1547 bytes)
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.Win32.Bumat_bdb3deffd6

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.Win32.Bumat_bdb3deffd6

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet